Certified Ethical Hacker (CEH v12) — Question 20

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted.
What is the defensive technique employed by Bob in the above scenario?

Answer options

• A. Whitelist validation
• B. Output encoding
• C. Blacklist validation
• D. Enforce least privileges

Correct answer: A

Explanation

The correct answer is Whitelist validation because it involves accepting only pre-approved data types and values, thereby preventing unauthorized input. Output encoding and Blacklist validation do not specifically restrict input in the same way, and enforcing least privileges relates to access controls rather than input validation.