Answer C) Service accounts removal
This is the only option that will actually prevent anything from happening. The following do not PREVENT anything.
A. Data sanitization: involves purposely, permanently deleting, or destroying data from a storage device, to ensure it cannot be recovered.
B. Data validation: is the process of checking the accuracy, integrity, and structure of data before it's used in a business operation.
D. Logging and monitoring
Scenario: You code is in Dev environment and about to be deployed to Prod. How to ensure your code isn't changed in any way in any way prior to deployment? It has to be some form of FIM tool which could periodically compare the hash and alert for any mismatch (suspected tampering).
I think we are trying to avoid tampering with the SERVER, consequently avoiding tampering with the DB. Nowhere in the question it states it will be taking input from a customer. This might be a transaction logging DB, not necesarily one connected to a web server. I think Logging and monitoring is the better answer, as it can help detect and respond to any unauthorized attempts, such as modifying or deleting existing data
Answer is Data validation: sql injection is possible becuase the data being input from a web form is not validated before it reaches the database by using regular expressions to check for special characters and limiting the number of characters the field (ultimately the parameter(variable)) that is passed to the database to be processed --- AND hopefully, the database is using stored procedures that have parameters to accept the data input instead of a method that is extremely vulnerable like the website using inline sql statements on the form
C. Remove service accounts. The question states that a DB server is being moved to prod, and they don't want someone to mess with it now that it's in production, so it needs to be locked down.
"Remove all access to your database (except for your own personal domain account). Literally, each and all accounts."
https://softwareengineering.stackexchange.com/questions/369645/preventing-in-database-record-tampering
C & D has nothing to do with tampering
A is about sanitization/ clearning
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
franbarpro
Highly Voted 2 years, 1 month agojackdryan
1 year, 6 months agoYesPlease
Highly Voted 11 months, 2 weeks agodeeden
Most Recent 3 months, 2 weeks agoElDirec
3 months, 4 weeks agoGuardianAngel
9 months, 2 weeks agoBach1968
1 year, 4 months agoHughJassole
1 year, 5 months agokptest12
2 years, 1 month agoRollizo
2 years, 1 month agodev46
2 years, 2 months ago