Free CompTIA PenTest+ PT0-002 Practice Question

In a penetration testing engagement, you discover that a client's web application is improperly using data received from form submissions, leading to a high-risk vulnerability. In the final report, you advise on a defense mechanism that separates the input content from the database command. Which recommendation most effectively mitigates the identified risk?

  • Enforce strict validation checks in the browser to ensure only clean data is submitted to the server.

  • Rely on the inherent security of stored procedures to handle any direct interaction with the database.

  • Implement parameterized queries as this method prevents attacker-provided data from being treated as executable instructions.

  • Escape all special characters in the form submission data to neutralize any malicious payloads.

  • Limit the number of characters in form text inputs to reduce the risk of hazardous commands being injected.

This question's topic:
CompTIA PenTest+ PT0-002 / 
Reporting and Communication
Your Score:

Check or uncheck an objective to set which questions you will receive.