Crucial Exams

CompTIA PenTest+ PT0-003 (V3) Practice Question

While reviewing a Java servlet, you find the following line that processes credentials submitted from a public login page:

String sql = "SELECT * FROM users WHERE name='" + request.getParameter("user") + "' AND pass='" + request.getParameter("pwd") + "';";

Which corrective action will best prevent an attacker from injecting additional SQL through the user field?

  • Rewrite the query to use a PreparedStatement with parameter placeholders

  • Store the credentials in an encrypted table and require TLS for the connection

  • Escape single quotes in user input with a replace() function before concatenating the query

  • Perform input validation by allowing only alphanumeric characters in the username

CompTIA PenTest+ PT0-003 (V3)
Attacks and Exploits
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
SAVE $51
CompTIA PenTest+ Voucher
v3 / PT0-003
$425.00 $374.00
SAVE $57
CompTIA PenTest+ Voucher with Retake
v3 / PT0-003
Includes Retake
$474.00 $417.00
Bash, the Crucial Exams Chat Bot
AI Bot