23 Jun Practice Test Question- SQL Injection Vulnerability Protection
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Greg is operating a web application that processes credit cards and determines that it is subject to a SQL injection vulnerability. He is unable to fix the vulnerability immediately because developers must create a patch that will take several weeks. The application is business critical and must remain running in the meantime. Which one of the following would serve as the best compensating control?
A. Web Application Firewall
B. Data Loss Prevention System
C. Intrusion Detection System
D. Privileged Access Management System
Correct Answer: A
A web application firewall would be able to identify inbound traffic containing attempted injection attacks and stop that traffic from reaching the web server. It is the best compensating control in this situation. A data loss prevention system may notice exfiltration of sensitive data and block it, but this would only trigger after a successful attack, so this is not as good of an option as a web application firewall. An intrusion detection system would simply report the attack, not stop it, and a privileged access management system would not help in this situation.
Interested in more practice test questions?
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments