CISSP · Question #1220
A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?
The correct answer is B. Data validation. Preventing tampering on a database server requires controls that validate the integrity and correctness of data being input or modified. Data validation ensures that only properly structured and authorized data can enter the system, directly preventing malicious or accidental dat
Question
A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?
Options
- AService accounts removal
- BData validation
- CLogging and monitoring
- DData sanitization
How the community answered
(34 responses)- A15% (5)
- B71% (24)
- C9% (3)
- D6% (2)
Why each option
Preventing tampering on a database server requires controls that validate the integrity and correctness of data being input or modified. Data validation ensures that only properly structured and authorized data can enter the system, directly preventing malicious or accidental data tampering.
Service account removal reduces the attack surface by eliminating unnecessary privileged accounts, but it does not directly prevent tampering with data that legitimate accounts or application processes can still access and modify.
Data validation enforces rules on what data can be entered, modified, or processed by the database, directly preventing unauthorized or malformed data from corrupting or tampering with records. For a financial application, input validation controls such as type checking, range checks, and referential integrity constraints stop attackers from injecting malicious values or altering data in unauthorized ways. This is a proactive control that prevents tampering at the point of data entry rather than detecting it after the fact.
Logging and monitoring are detective controls that identify tampering after it has occurred, but they do not proactively prevent unauthorized data modification on the database server.
Data sanitization primarily addresses the removal of sensitive data (e.g., before decommissioning) or the neutralization of malicious input to prevent injection attacks, but it is not the best direct control against general data tampering in a production deployment context.
Concept tested: Data validation as a preventive integrity control
Source: https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
Topics
Community Discussion
No community discussion yet for this question.