04 Nov Practice Question: SQL Injection Controls
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Kevin runs a vulnerability scan on a system on his network and identifies a SQL injection vulnerability. Which one of the following security controls is likely not present on the network?
Correct Answer: C.
A web application firewall (WAF), if present, would likely block SQL injection attack attempts, making SQL injection vulnerabilities invisible to a vulnerability scanner. A data loss prevention system (DLP) does not protect against web application vulnerabilities, such as SQL injection. An intrusion detection system (IDS) might identify a SQL injection exploit attempt but it is not able to block the attack. Transport layer security (TLS) encrypts web content but encryption would not prevent an attacker from engaging in SQL injection attacks.
chukwuemeka EmeruwaPosted at 18:14h, 06 November
I do appreciate your help and thank you for posting this type of question.
Edward T BrownPosted at 07:38h, 08 November
Thanks. Good question! I had to think about for a minute or so but got it right.