Practice Question: SQL Injection Controls

Practice Question: SQL Injection Controls

Practice Question: SQL Injection Controls

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.

Kevin runs a vulnerability scan on a system on his network and identifies a SQL injection vulnerability. Which one of the following security controls is likely not present on the network?
A. DLP
B. TLS
C. WAF
D. IDS
Correct Answer: C.
A web application firewall (WAF), if present, would likely block SQL injection attack attempts, making SQL injection vulnerabilities invisible to a vulnerability scanner. A data loss prevention system (DLP) does not protect against web application vulnerabilities, such as SQL injection. An intrusion detection system (IDS) might identify a SQL injection exploit attempt but it is not able to block the attack. Transport layer security (TLS) encrypts web content but encryption would not prevent an attacker from engaging in SQL injection attacks.

2 Comments
  • chukwuemeka Emeruwa
    Posted at 18:14h, 06 November Reply

    I do appreciate your help and thank you for posting this type of question.

  • Edward T Brown
    Posted at 07:38h, 08 November Reply

    Mike,

    Thanks. Good question! I had to think about for a minute or so but got it right.

Post A Comment