A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?
Implementing input validation is the best remediation to prevent code injection vulnerabilities. Input validation involves validating and sanitizing user inputs before processing them within the application. By doing so, the application can detect and prevent malicious inputs, such as SQL injection or other code injection attempts.
Input validation helps ensure that data entered into web forms or other application inputs meets the expected format and criteria, thus mitigating the risk of code injection attacks. It is a fundamental security practice to protect against various types of injection attacks.
Utilizing a WAF is a valuable security measure for protecting against a variety of web application attacks, but it is not a replacement for proper input validation. Input validation should still be implemented to secure the application at its core.
the question is asking the remediation to prevent the vulnerability, shouldn't it be A-Implement input validations?
I'd choose WAF if it's asking how to prevent the attack.
C. Utilize a WAF
A web application firewall (WAF) is designed to filter and monitor HTTP traffic between a web application and the Internet. It can help protect against common web application vulnerabilities, including code injection. By implementing a WAF, it can analyze the incoming requests and block or mitigate any attempts at code injection.
While implementing input validations (A) is a good practice, it may not be sufficient to prevent code injection entirely. Additional layers of security, such as a WAF, are recommended.
Deploying multifactor authentication (MFA) (B) is not directly related to preventing code injection. MFA is used for user authentication, adding an extra layer of security to verify identities.
Configuring HIPS (D), or Host Intrusion Prevention System, may provide some additional security measures, but it is not specifically designed to prevent code injection. HIPS focuses on detecting and blocking attacks or unauthorized activities on a specific host system.
A WAF is not to prevent vulnerabilities, it is to prevent exploits/attacks. Input validation is the answer in order to prevent this vulnerability (keyword).
upvoted 11 times
...
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ApplebeesWaiter1122
Highly Voted 1 year, 9 months agonepeta277
1 year, 9 months agoGilSAtx
1 year, 8 months agoApplebeesWaiter1122
Highly Voted 1 year, 9 months ago[Removed]
Most Recent 1 year, 6 months agotdude2406
1 year, 9 months agoCopmp
1 year, 9 months agomtnews
1 year, 9 months agoccnaexam28
1 year, 9 months agoGamsje
1 year, 10 months agoking_Kev
1 year, 10 months agooatmealturkey
1 year, 10 months ago