CAS-003 · Question #448
CAS-003 Question #448: Real Exam Question with Answer & Explanation
The correct answer is C: Use regular expressions. Regular expressions provide a concise, pattern-based method to validate that input conforms to a specific format such as exactly ten numeric digits. They are both precise and computationally efficient, satisfying both the security and performance requirements.
Question
Exhibit
Options
- AReplace code with Java-based type checks
- BParse input into an array
- CUse regular expressions
- DCanonicalize input into string objects before validation
Explanation
Regular expressions provide a concise, pattern-based method to validate that input conforms to a specific format such as exactly ten numeric digits. They are both precise and computationally efficient, satisfying both the security and performance requirements.
Common mistakes.
- A. Java type checks validate data type such as integer versus string but do not enforce length or character constraints, leaving the format insufficiently validated.
- B. Parsing input into an array adds processing overhead and does not inherently validate the format or length of the account identifier.
- D. Canonicalization normalizes input encoding to a standard form as a preprocessing step before validation; it does not perform the actual format validation required for ten-digit identifiers.
Concept tested. Regular expressions for efficient and precise input validation
Reference. https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
Community Discussion
No community discussion yet for this question.