PrepAway - Latest Free Exam Questions & Answers

Which of the following is the below pseudo-code an example of?

Which of the following is the below pseudo-code an example of?
IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

PrepAway - Latest Free Exam Questions & Answers

A.
Buffer overflow prevention

B.
Input validation

C.
CSRF prevention

D.
Cross-site scripting prevention

Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as
buffer overflows and fuzzing. Input validation checks every user input submitted to the application before
processing that input. The check could be a length, a character type, a language type, or a domain.
Incorrect Answers:
A: Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed
more input data than it is programmed to handle. This may cause the application to terminate or to write
data beyond the end of the allocated space in memory. The termination of the application may cause the
system to send the data with temporary access to privileged levels in the system, while overwriting can
cause important data to be lost. Proper error and exception handling and input validation will help
prevent Buffer overflow exploits.
C: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web
application’s trust of a user who known or is supposed to have been authenticated. This is often
accomplished without the user’s knowledge.XSRF can be prevented by adding a randomization string (called a nonce) to each URL request and session
establishment and checking the client HTTP request header referrer for spoofing.
D: Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an
attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing
patch management on the web server, using firewalls, and auditing for suspicious activity.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 257, 338
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 192, 197, 319,
320


Leave a Reply