CompTIA Security Plus Mock Test Q743

Input validation is an important security defense because it:

A. rejects bad or malformed data.
B. enables verbose error reporting.
C. protects mis-configured web servers.
D. prevents denial of service attacks.

Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input
submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

Incorrect Answers:
B: Error reporting is implemented through proper error and exception handling. It is not accomplished by input validation.
C: Input validation is not a defence against a mis-configured system.
D: Denial of Service (DoS) attacks web-based attacks that exploit flaws in the operating system, applications, services, or protocols. These attacks can be mitigated by means of
firewalls, routers, and intrusion detection systems (IDSs) that detect DoS traffic, disabling echo replies on external systems, disabling broadcast features on border systems, blocking
spoofed packets on the network, and proper patch management.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 257, 343
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 170-172, 230, 319