Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

A.
Buffer overflow.

B.
Command injection.

C.
Spear phishing.

D.
SQL injection.

Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as
buffer overflows and fuzzing. Input validation checks every user input submitted to the application before
processing that input. The check could be a length, a character type, a language type, or a domain.
Incorrect Answers:
A: Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed
more input data than it is programmed to handle. This may cause the application to terminate or to write
data beyond the end of the allocated space in memory. The termination of the application may cause the
system to send the data with temporary access to privileged levels in the system, while overwriting can
cause important data to be lost. Proper error and exception handling and input validation will help
prevent Buffer overflow exploits.
B: Command injection is often used to gain access to restricted directories on a web server. Proper input
validation will help prevent command injection attacks.
D: SQL injection attacks use unexpected input to a web application to gain access to the database used by
web application. You can protect a web application against SQL injection by implementing input validation
and by limiting database account privileges for the account used by the web server and the web
application.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 257, 337, 338
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 195-196, 197,
319