ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 219 - PT0-002 discussion

Report
Export

A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:

x' OR role LIKE '%admin%

Which of the following should be recommended to remediate this vulnerability?

A.
Multifactor authentication
Answers
A.
Multifactor authentication
B.
Encrypted communications
Answers
B.
Encrypted communications
C.
Secure software development life cycle
Answers
C.
Secure software development life cycle
D.
Parameterized queries
Answers
D.
Parameterized queries
Suggested answer: D

Explanation:

The best recommendation to remediate this vulnerability is to use parameterized queries in the web application. Parameterized queries are a way of preventing SQL injection attacks by separating the SQL statements from the user input. This way, the user input is treated as a literal value and not as part of the SQL statement. For example, instead of using x' OR role LIKE '%admin%, the user input would be passed as a parameter to a prepared statement that would check if it matches any value in the database.

asked 02/10/2024
David Brun
36 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first