nerdexam
(ISC)2

CISSP · Question #1220

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?

The correct answer is B. Data validation. Preventing tampering on a database server requires controls that validate the integrity and correctness of data being input or modified. Data validation ensures that only properly structured and authorized data can enter the system, directly preventing malicious or accidental dat

Submitted by noor.lb· Mar 5, 2026Asset Security

Question

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?

Options

  • AService accounts removal
  • BData validation
  • CLogging and monitoring
  • DData sanitization

How the community answered

(34 responses)
  • A
    15% (5)
  • B
    71% (24)
  • C
    9% (3)
  • D
    6% (2)

Why each option

Preventing tampering on a database server requires controls that validate the integrity and correctness of data being input or modified. Data validation ensures that only properly structured and authorized data can enter the system, directly preventing malicious or accidental data tampering.

AService accounts removal

Service account removal reduces the attack surface by eliminating unnecessary privileged accounts, but it does not directly prevent tampering with data that legitimate accounts or application processes can still access and modify.

BData validationCorrect

Data validation enforces rules on what data can be entered, modified, or processed by the database, directly preventing unauthorized or malformed data from corrupting or tampering with records. For a financial application, input validation controls such as type checking, range checks, and referential integrity constraints stop attackers from injecting malicious values or altering data in unauthorized ways. This is a proactive control that prevents tampering at the point of data entry rather than detecting it after the fact.

CLogging and monitoring

Logging and monitoring are detective controls that identify tampering after it has occurred, but they do not proactively prevent unauthorized data modification on the database server.

DData sanitization

Data sanitization primarily addresses the removal of sensitive data (e.g., before decommissioning) or the neutralization of malicious input to prevent injection attacks, but it is not the best direct control against general data tampering in a production deployment context.

Concept tested: Data validation as a preventive integrity control

Source: https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

Topics

#Data integrity#Data validation#Database security#Tampering prevention

Community Discussion

No community discussion yet for this question.

Full CISSP Practice