CompTIA CySA+ (CS0-003) — Question 292

A company has recently experienced a security breach via a public-facing service. Analysis of the event on the server was traced back to the following piece of code:

SELECT * From user_data WHERE Username = 0 and userid= 1 or 1=1;--

Which of the following controls would be best to implement?

Answer options

• A. Deploy a wireless application protocol.
• B. Remove the end-of-life component.
• C. Implement proper access control.
• D. Validate user input.

Correct answer: D

Explanation

The correct answer is D, as validating user input is crucial in preventing SQL injection attacks, which this code demonstrates. Options A and B do not address the specific vulnerability related to input handling, while C focuses on access control rather than input validation.