nerdexam
(ISC)2

CISSP · Question #434

Which of the following is the BEST way to protect against structured Query language (SQL) injection?

The correct answer is D. Use stored procedures.. The best way to protect against SQL injection is to use stored procedures. SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to inject malicious SQL commands into the input fields or parameters of the application. The att

Submitted by ngozi_ng· Mar 5, 2026Software Development Security

Question

Which of the following is the BEST way to protect against structured Query language (SQL) injection?

Options

  • AEnforce boundary checking.
  • BRestrict use of SELECT command.
  • CRestrict Hyper Text Markup Language (HTNL) source code access.
  • DUse stored procedures.

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    5% (1)
  • D
    90% (19)

Explanation

The best way to protect against SQL injection is to use stored procedures. SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to inject malicious SQL commands into the input fields or parameters of the application. The attacker can then execute the SQL commands on the underlying database and access, modify, or delete the data. Stored procedures are precompiled SQL statements that are stored on the database server and can be invoked by the application. Stored procedures can prevent SQL injection by separating the SQL logic from the user input, validating the input parameters, and escaping the special characters that can alter the SQL syntax.

Topics

#SQL injection#secure coding#stored procedures#input validation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice