Certified Information Systems Security Professional (CISSP) — Question 59

In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?

Answer options

• A. Parameterised
• B. Controlled
• C. Dynamic
• D. Static

Correct answer: A

Explanation

The correct answer is A, Parameterised, as these queries use placeholders for parameters, making it difficult for attackers to manipulate the SQL statement. The other options, such as Controlled, Dynamic, and Static, do not provide the same level of security against SQL injection vulnerabilities.