ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-486 All Questions

View all questions & answers for the 70-486 exam
Go to Exam

Exam 70-486 topic 1 question 40 discussion

Actual exam question from Microsoft's 70-486
Question #: 40
Topic #: 1
[All 70-486 Questions]

You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data.
Logs show there have been several malicious attacks against the servers.
You need to prevent all SQL injection attacks from malicious users against the application.
How should you secure the queries?

  • A. Check the input against patterns seen in the logs and other records.
  • B. Escape single quotes and apostrophes on all string-based input parameters.
  • C. Implement parameterization of all input strings.
  • D. Filter out prohibited words in the input submitted by the users.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries)
The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries forcethe developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.
Prepared statements ensure that anattacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
Reference: SQL Injection Prevention Cheat Sheet
by hungry_ape9000 at May 12, 2020, 4:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
arohh
4 years, 5 months ago
Answer is C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel