CompTIA CySA+ (CS0-002) — Question 223
A development team is discussing the implementation of parameterized queries to address several software vulnerabilities. Which of the following is the most likely type of vulnerability the team is trying to remediate?
Answer options
- A. SQL injection
- B. CSRF
- C. On-path attack
- D. XSS
Correct answer: A
Explanation
The correct answer is A, SQL injection, as parameterized queries are specifically designed to prevent this type of attack by ensuring that user inputs are treated as data rather than executable code. Options B (CSRF), C (On-path attack), and D (XSS) represent different types of vulnerabilities that are not directly addressed by using parameterized queries.