CSSLP · Question #291
CSSLP Question #291: Real Exam Question with Answer & Explanation
The correct answer is B: Use an encapsulated library for accessing databases.. To protect against SQL injection attacks, it is essential to use encapsulated database access libraries, create parameterized stored procedures, and implement parameterized queries with bound and typed parameters.
Question
You work as a Security Manager for Tech Perfect Inc. You want to save all the data from the SQL injection attack, which can read sensitive data from the database and modify database data using some commands, such as Insert, Update, and Delete. Which of the following tasks will you perform? Each correct answer represents a complete solution. Choose three.
Options
- AApply maximum number of database permissions.
- BUse an encapsulated library for accessing databases.
- CCreate parameterized stored procedures.
- DCreate parameterized queries by using bound and typed parameters.
Explanation
To protect against SQL injection attacks, it is essential to use encapsulated database access libraries, create parameterized stored procedures, and implement parameterized queries with bound and typed parameters.
Common mistakes.
- A. Applying maximum database permissions is counterproductive and increases the attack surface, allowing an attacker who successfully breaches the system to have greater access and cause more damage; the principle of least privilege should be followed.
Concept tested. Preventing SQL injection attacks
Reference. https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/sql/sql-injection
Topics
Community Discussion
No community discussion yet for this question.