ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 20 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 20
Topic #: 1
[All 312-50v12 Questions]

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted.
What is the defensive technique employed by Bob in the above scenario?

  • A. Whitelist validation
  • B. Output encoding
  • C. Blacklist validation
  • D. Enforce least privileges
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by eli117 at April 4, 2023, 3:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tc5899
Highly Voted 1 year, 6 months ago
A. Whitelist validation In whitelist validation, only the inputs that have been explicitly allowed are accepted, and all other inputs are rejected. This technique involves specifying a list of entities such as the data type, range, size, and value, which have been approved for secure access. Any input that is not on the list is rejected, preventing attacks such as SQL injection, where an attacker attempts to inject malicious code into an application by exploiting vulnerabilities in user input fields.
upvoted 8 times
...
Mann098
Most Recent 3 months, 3 weeks ago
Selected Answer: A
Whitelist validation
upvoted 1 times
...
Nicknp
5 months, 2 weeks ago
Selected Answer: A
Option A whitelist validation
upvoted 1 times
...
I_Know_Everything_KY
8 months, 1 week ago
Selected Answer: A
He has created an explicit list of alllowable types: a whitelist.
upvoted 1 times
...
insaniunt
11 months ago
Selected Answer: A
A. Whitelist validation
upvoted 1 times
...
HeyacedoGomez
1 year, 6 months ago
Selected Answer: A
Whitelist is the correct answer but allowlist is more appropriate
upvoted 1 times
...
eli117
1 year, 6 months ago
Selected Answer: A
A. Whitelist validation In whitelist validation, only the inputs that have been explicitly allowed are accepted, and all other inputs are rejected. This technique involves specifying a list of entities such as the data type, range, size, and value, which have been approved for secure access. Any input that is not on the list is rejected, preventing attacks such as SQL injection, where an attacker attempts to inject malicious code into an application by exploiting vulnerabilities in user input fields.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago