CompTIA Security+ (SY0-501) — Question 243

Upon entering an incorrect password, the logon screen displays a message informing the user that the password does not match the username provided and is not the required length of 12 characters.
Which of the following secure coding techniques should a security analyst address with the application developers to follow security best practices?

Answer options

• A. Input validation
• B. Error handling
• C. Obfuscation
• D. Data exposure

Correct answer: B

Explanation

The correct answer is B, Error handling, because it is crucial to ensure that error messages do not disclose specific details that could aid an attacker. Options A (Input validation), C (Obfuscation), and D (Data exposure) are important security practices, but they do not address the main issue of providing overly informative error messages to users.