ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a peer review of a new cloud-native microservice, you notice a function that builds a SQL statement by concatenating user-supplied JSON field values before passing it to a managed database service. The microservice is intended for a multi-tenant SaaS platform, and no additional database controls are in place. To avoid introducing a common cloud application vulnerability, which change to the code base provides the MOST effective remediation?
Enable transparent data encryption (TDE) on the managed database to protect the records at rest.
Replace the concatenated query with parameterized (prepared) SQL statements that bind user input as parameters.
Escape all single quotes in the user-supplied fields before concatenating them into the SQL string.
Apply JSON output encoding to the query results returned to the client.
Concatenating untrusted input directly into a SQL string exposes the microservice to SQL injection-one of the most critical issues highlighted in the OWASP Top-10. The most reliable way to eliminate this class of flaw is to use parameterized (prepared) statements, where the query structure is pre-compiled and user-supplied values are bound to placeholders, preventing those values from altering the SQL logic. Simply escaping single quotes is error-prone and can still be bypassed; Transparent Data Encryption only protects data at rest; and JSON output encoding mitigates client-side injection issues like XSS, not server-side SQL injection. Therefore, replacing the concatenated query with parameterized statements is the most effective remediation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is parameterized SQL preferred over concatenated SQL for user input?
Open an interactive chat with Bash
What is SQL Injection, and why is it a critical vulnerability?
Open an interactive chat with Bash
What is the OWASP Top-10, and how is it relevant to cloud security?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .