nerdexam
(ISC)2

CISSP · Question #77

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

The correct answer is D. Data validation. Data validation is a method used to prevent Structured Query Language (SQL) injection attacks, which are a type of web application attack that exploit the input fields of a web form to inject malicious SQL commands into the underlying database. Data validation involves checking t

Submitted by haru.x· Mar 5, 2026Software Development Security

Question

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

Options

  • AData compression
  • BData classification
  • CData warehousing
  • DData validation

How the community answered

(29 responses)
  • A
    7% (2)
  • B
    3% (1)
  • D
    90% (26)

Explanation

Data validation is a method used to prevent Structured Query Language (SQL) injection attacks, which are a type of web application attack that exploit the input fields of a web form to inject malicious SQL commands into the underlying database. Data validation involves checking the input data for any illegal or unexpected characters, such as quotes, semicolons, or keywords, and rejecting or sanitizing them before passing them to the database.

Topics

#SQL injection#data validation#input sanitization#web application security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice