nerdexam
CompTIA

SY0-301 · Question #876

Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?

The correct answer is D. It should be performed on the server side.. Server-side input validation is authoritative and cannot be bypassed by an attacker. Client-side validation (A) is easily circumvented - an attacker can intercept and modify requests before they reach the server using tools like Burp Suite, making client-only validation ineffecti

Security architecture

Question

Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?

Options

  • AIt should be enforced on the client side only.
  • BIt must be protected by SSL encryption.
  • CIt must rely on the user's knowledge of the application.
  • DIt should be performed on the server side.

How the community answered

(38 responses)
  • A
    13% (5)
  • B
    3% (1)
  • C
    5% (2)
  • D
    79% (30)

Explanation

Server-side input validation is authoritative and cannot be bypassed by an attacker. Client-side validation (A) is easily circumvented - an attacker can intercept and modify requests before they reach the server using tools like Burp Suite, making client-only validation ineffective for data integrity. SSL (B) protects data in transit but does nothing to validate the content of that data. Relying on the user's knowledge (C) is not a technical security control at all. When data integrity is critical, the server must always validate inputs independently of what the client reports.

Topics

#input validation#server-side validation#secure coding#data integrity

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice