ExpertHard1 markMultiple Choice
CPA · Question 82 · Area II: Security
Which of the following is the MOST effective method to prevent 'SQL Injection' attacks in a web application?
Which of the following is the MOST effective method to prevent 'SQL Injection' attacks in a web application?
Answer options:
A.
Using a Web Application Firewall (WAF).
B.
Input validation on the client side (JavaScript).
C.
Encrypting the database.
D.
Using Parameterized Queries / Prepared Statements.
How to approach this question
SQL Injection Fix = Parameterized Queries. Memorize this pair.
Full Answer
D.Using Parameterized Queries / Prepared Statements.✓ Correct
D
Parameterized queries (or prepared statements) ensure that the database treats user input as data, never as executable commands. This neutralizes SQL injection attacks at the code level.
Common mistakes
Thinking WAF is the primary fix (it's a compensating control).
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard