PT0-002 Exam QuestionsBrowse all questions from this exam

PT0-002 Exam - Question 218

A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.

Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

Closing open services

Encryption users' passwords

Randomizing users' credentials

Users' input validation

Parameterized queries

Output encoding

Show Answer

Correct Answer: DE

To mitigate SQL injection vulnerabilities, the best remediation techniques involve handling user input securely and managing how queries are constructed. Users' input validation ensures that any input provided by the user is thoroughly checked and sanitized before it is used in SQL queries, which helps prevent malicious input from causing harm. Parameterized queries involve separating the SQL query structure from the user input by using placeholders, which ensures that user input is treated only as data and cannot interfere with the query structure, effectively preventing SQL injection.

Discussion

15 comments

masso435Options: DE

Dec 1, 2022

D and E

2FishOptions: DE

Feb 6, 2023

D and E, "Choose Two"

zimuzOption: D

Feb 4, 2023

should be 2 answers so d and e

kloug

Feb 22, 2023

deeeeee

solutionzOption: D

Aug 8, 2023

To mitigate SQL injection vulnerabilities, the best remediation techniques generally involve handling user input securely and managing how queries are constructed. Therefore, the best recommendations from the given options would be: D. Users' input validation E. Parameterized queries

AhegiOption: E

Oct 12, 2023

D and E

[Removed]Option: D

Nov 30, 2023

D and E. Choose two

hamz1999Option: E

Dec 6, 2023

D and E

mehewas855Option: E

Dec 11, 2023

DE DE DE

Big_DreOption: D

Feb 21, 2024

obviously

r3vrndOptions: DE

Mar 8, 2024

hahaha says choose 2 then only provides 1 answer. FAIL Answer D and E

PMannOptions: DE

Mar 28, 2024

D && E

pepguaOptions: DE

Jun 7, 2024

The two BEST recommendations for mitigating SQL injection vulnerabilities are: D. Users' input validation: This technique involves thoroughly sanitizing all user input before it's used in SQL queries. This can be achieved by: Removing special characters that might be interpreted as SQL commands (e.g., apostrophes, semicolons, hyphens). Escaping any remaining special characters that are necessary for the input but could be misinterpreted in SQL (e.g., backslashes before apostrophes). Using whitelisting to restrict user input to a predefined set of allowed values. E. Parameterized queries: This approach separates the SQL query structure from the user input. Placeholder values are used in the query, and the user input is bound to these placeholders separately. This prevents malicious code from being injected into the actual SQL statement.

djash22Options: DE

Jul 10, 2024

best recommendations for immediate remediation of SQL injection vulnerabilities are D. Users' input validation and E. Parameterized queries. These directly prevent the exploitation of SQL code through user inputs, significantly reducing the risk of SQL injection. D&E

FasterN8Option: E

Jul 13, 2024

DE easy