CompTIA PenTest+ (PT0-002) — Question 69

A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.
Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

Answer options

• A. Closing open services
• B. Encryption users' passwords
• C. Randomizing users' credentials
• D. Users' input validation
• E. Parameterized queries
• F. Output encoding

Correct answer: D

Explanation

Validating user input is crucial as it helps ensure that only properly formatted data is processed, thus preventing SQL injection attacks. Parameterized queries also protect against SQL injection by separating SQL code from user input, making it a strong recommendation. The other options, while important for security, do not directly address the SQL injection vulnerabilities as effectively.