CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

In a penetration testing engagement, you discover that a client's web application is improperly using data received from form submissions, leading to a high-risk vulnerability. In the final report, you advise on a defense mechanism that separates the input content from the database command. Which recommendation most effectively mitigates the identified risk?

  • Rely on the inherent security of stored procedures to handle any direct interaction with the database.

  • Implement parameterized queries as this method prevents attacker-provided data from being treated as executable instructions.

  • Limit the number of characters in form text inputs to reduce the risk of hazardous commands being injected.

  • Enforce strict validation checks in the browser to ensure only clean data is submitted to the server.

  • Escape all special characters in the form submission data to neutralize any malicious payloads.

This question is for objective:
Reporting and Communication
Your Score:
Reporting and Communication
Information Gathering and Vulnerability Scanning
Attacks and Exploits
Tools and Code Analysis
Planning and Scoping