A company uses 'Input Validation' on its web forms. Which attack does this primarily prevent?

Answer options:

Phishing

SQL Injection (SQLi) and Cross-Site Scripting (XSS)

DDoS

Man-in-the-Middle

How to approach this question

Input Validation = Checking what the user types. Injection = Typing bad code.

Full Answer

B.SQL Injection (SQLi) and Cross-Site Scripting (XSS)✓ Correct

Input validation ensures that data entered by users meets expected formats. This prevents attackers from injecting malicious code (like SQL commands or JavaScript) into the application.

Common mistakes

Thinking validation stops network attacks like DDoS.

Question 71 All questions Question 73

Practice the full CPA ISC Practice Exam 3

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...Medium Q02During a review of a client's cloud governance structure, an auditor notes that the client uses a...Medium Q03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...Hard Q04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...Hard Q05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium

View all 82 questions →