Valid 312-50v13 Dumps shared by EduDump.com for Helping Passing 312-50v13 Exam! EduDump.com now offer the newest 312-50v13 exam dumps, the EduDump.com 312-50v13 exam questions have been updated and answers have been corrected get the newest EduDump.com 312-50v13 dumps with Test Engine here:
CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario?
Correct Answer: C
Whitelist validation (also known as allowlist validation) is a robust defensive strategy where only pre- approved input formats are accepted. This includes: Restricting input to specific data types (e.g., integer, string) Limiting size, format, or allowed characters Accepting only expected values (e.g., country codes, age ranges) This practice is highly effective in mitigating SQL injection and other input-based attacks. Incorrect Options: A). Output encoding prevents XSS by encoding output but doesn't validate input. B). Enforcing least privilege is an access control principle. D). Blacklist validation is less secure and attempts to block known bad inputs, which may be bypassed. Reference - CEH v13 Official Courseware: Module 14: Hacking Web Applications Section: "Input Validation and SQL Injection Mitigation" Subsection: "Whitelist vs Blacklist Input Validation" =