CompTIA Security+ (SY0-501) — Question 67

A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability?

Answer options

• A. Application fuzzing
• B. Error handling
• C. Input validation
• D. Pointer dereference

Correct answer: C

Explanation

Input validation is essential as it ensures that only acceptable data is processed, thus preventing attackers from exploiting the application with harmful SQL commands. Application fuzzing and error handling are useful, but they do not directly prevent the exposure of database information. Pointer dereference is not relevant to this scenario.