A consultant is evaluating an application programming interface for an e-commerce platform that retrieves shipping addresses from a third-party service. Which measure best prevents malicious commands from being accepted by the interface?
Restrict inbound traffic based on a trusted network range
Validate user parameters before allowing the service to process them
Encrypt all data fields to hide sensitive parameters
Elevate permissions for the third-party service to streamline requests
Validating user parameters before internal processing helps limit the impact of injected commands. Encrypting traffic does not safeguard against malicious payloads, restricting connections by a network prefix does not stop harmful requests that originate from the same prefix, and granting administrative privileges expands available attack paths.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'validating user parameters' mean, and why is it crucial for security?
Open an interactive chat with Bash
Why doesn’t encrypting data fields protect against malicious payloads?
Open an interactive chat with Bash
What is the risk of granting elevated permissions to a third-party service?