Certified Information Security Manager (CISM) — Question 1220

Which of the following is the BEST way to contain an SQL injection attack that has been detected by a web application firewall?

Answer options

• A. Force password changes on the SQL database.
• B. Reconfigure the web application firewall to block the attack.
• C. Update the detection patterns on the web application firewall.
• D. Block the IPs from where the attack originates.

Correct answer: B

Explanation

The correct answer is B, as reconfiguring the web application firewall to block the attack directly addresses the threat in real-time. Option A, forcing password changes, does not mitigate the SQL injection risk. Option C, updating detection patterns, would improve future detection, but does not stop the current attack. Option D could be useful but does not prevent the SQL injection from occurring on the application itself.