CompTIA PenTest+ (PT0-002) — Question 181

A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:

x’ OR role LIKE '%admin%

Which of the following should be recommended to remediate this vulnerability?

Answer options

• A. Multifactor authentication
• B. Encrypted communications
• C. Secure software development life cycle
• D. Parameterized queries

Correct answer: D

Explanation

The correct answer is D, Parameterized queries, as they prevent SQL injection attacks by ensuring that user input is treated as data rather than executable code. The other options, while important for overall security, do not specifically address the issue of SQL injection caused by improperly handled input.