Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 540

A security test performed on one of the applications shows that user input is not validated. Which security vulnerability is the application more susceptible to because of this lack of validation?

Answer options

• A. man-in-the-middle
• B. cross-site request forgery
• C. SQL injection
• D. denial-of-service

Correct answer: C

Explanation

The correct answer is SQL injection because when user input is not properly validated, attackers can manipulate SQL queries to gain unauthorized access or manipulate the database. The other options, while they represent different vulnerabilities, do not directly stem from the failure to validate user input in the same way that SQL injection does.