CompTIA CySA+ (CS0-002) — Question 69

Portions of a legacy application are being refactored to discontinue the use of dynamic SQL. Which of the following would be BEST to implement in the legacy application?

Answer options

• A. Input validation
• B. SQL injection
• C. Parameterized queries
• D. Web-application firewall
• E. Multifactor authentication

Correct answer: C

Explanation

The best choice is C, as parameterized queries help prevent SQL injection attacks by separating SQL code from data. Input validation (A) is important, but it does not directly address the use of dynamic SQL. SQL injection (B) is a type of attack that parameterized queries aim to mitigate, while a web-application firewall (D) offers additional security but does not resolve the dynamic SQL issue. Multifactor authentication (E) enhances user security but is unrelated to SQL handling.