CompTIA SecurityX (CAS-005) — Question 4

A security architect discovers the following while reviewing code for a company's website: selection = "SELECT Item FROM Catalog WHERE ItemID = " & Request("ItemID")
Which of the following should the security architect recommend?

Answer options

• A. Client-side processing
• B. Query parameterization
• C. Data normalization
• D. Escape character blocking
• E. URL encoding

Correct answer: B

Explanation

The correct recommendation is B, Query parameterization, because it helps prevent SQL injection attacks by separating SQL code from data. The other options, such as A (Client-side processing) and C (Data normalization), do not address the security vulnerability present in the code snippet. D (Escape character blocking) and E (URL encoding) may mitigate some risks but are not as effective as parameterization in securing SQL queries.