The most appropriate recommendation for the security architect is:
B. Query parameterization. The code shown is vulnerable to SQL Injection because user input (Request("ItemID")) is being directly concatenated into the SQL query. This creates a potential security risk where an attacker could manipulate the ItemID input to inject malicious SQL code, leading to unauthorized data access, modification, or deletion.
Query parameterization (also known as prepared statements) is a secure way to handle user input in SQL queries. It ensures that user input is treated as data, not executable code, preventing SQL injection attacks. Instead of concatenating input into the query, parameterized queries bind user input to predefined placeholders, making it impossible for attackers to alter the query structure.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CAS-004 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Bright07
2 months ago