During a web-application penetration test, you discover a critical SQL-injection flaw in the customer portal. Because the development team cannot immediately patch the code, you recommend creating a new rule on the organization's web-application firewall (WAF) to block malicious input that matches common SQL-injection patterns. According to standard information-security control functions, this WAF rule is best classified as which type of control?
Security controls are often grouped by their primary function: preventive, detective, corrective, deterrent, and compensating. A web-application firewall rule that inspects traffic and blocks malicious SQL-injection payloads acts before the attack can succeed, thereby stopping the exploitation from occurring. That is the hallmark of a preventive control.
A detective control (such as log monitoring) only identifies an attack after it happens; a corrective control (such as applying a patch or restoring from backup) attempts to fix damage that has already occurred; a compensating control provides an alternate safeguard when the preferred control is infeasible but does not necessarily prevent the action itself. Therefore, the most accurate classification for the proposed WAF rule is preventive.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a web-application firewall (WAF)?
Open an interactive chat with Bash
How does a preventive control differ from other types of controls?
Open an interactive chat with Bash
What is SQL-injection, and why is it a critical flaw?
Open an interactive chat with Bash
What is a SQL-injection flaw in web applications?
Open an interactive chat with Bash
How does a web-application firewall (WAF) protect against SQL-injection attacks?
Open an interactive chat with Bash
What is the difference between preventive, detective, and corrective controls?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Information Security and Ethical Hacking Overview
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .