New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCIH Exam - Topic 5 Question 7 Discussion

Actual exam question for GIAC's GCIH exam
Question #: 7
Topic #: 5
[All GCIH Questions]

Which of the following can be used as a countermeasure against the SQL injection attack?

Each correct answer represents a complete solution. Choose two.

Show Suggested Answer Hide Answer
Suggested Answer: C

by Raymon at Nov 21, 2023, 07:11 PM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lenora
3 months ago
I disagree, I think session_regenerate_id() might help too.
upvoted 0 times
...
Gianna
3 months ago
Wait, is mysql_real_escape_string() really still relevant?
upvoted 0 times
...
Nydia
3 months ago
A and D are the way to go! No doubt about it.
upvoted 0 times
...
Alayna
4 months ago
I thought C was a good option too, but I guess not?
upvoted 0 times
...
Carry
4 months ago
Definitely A and D! Those are solid choices.
upvoted 0 times
...
Fanny
4 months ago
I'm leaning towards prepared statements too, but I wonder if session_regenerate_id() could somehow be relevant in a broader security context.
upvoted 0 times
...
Michell
4 months ago
I feel like mysql_escape_string() was mentioned in a similar question, but I can't recall if it's still recommended.
upvoted 0 times
...
Erasmo
4 months ago
I remember practicing with prepared statements in class; they seem like a solid choice for preventing SQL injection.
upvoted 0 times
...
Pearline
5 months ago
I think mysql_real_escape_string() is definitely one of the options, but I'm not sure about the other one.
upvoted 0 times
...
Dean
5 months ago
Ugh, I'm not sure about this one. I know SQL injection is a big security risk, but I'm not totally confident in my knowledge of the countermeasures. I'll have to review my notes and try to eliminate the wrong answers.
upvoted 0 times
...
Winfred
5 months ago
Easy peasy! The answer is definitely A and D - mysql_real_escape_string() and Prepared statements. Those are the classic ways to protect against SQL injection. I've got this one in the bag.
upvoted 0 times
...
Royal
5 months ago
Okay, let me think about this... I know prepared statements are a good way to avoid SQL injection, but I'm not sure about the other options. I'll have to think this through carefully.
upvoted 0 times
...
Tuyet
5 months ago
Hmm, this looks like a tricky one. I think I'll go with option A and D - mysql_real_escape_string() and Prepared statements. Those seem like the most reliable ways to prevent SQL injection attacks.
upvoted 0 times
...
Denae
5 months ago
I'm feeling confident about this one. Based on my understanding, the auditee, or the organization being audited, is responsible for preparing the corrective action plan to address any nonconformities or areas for improvement identified during the audit process.
upvoted 0 times
...
Brunilda
5 months ago
Okay, I've got it. B and E are the correct answers since they allow the team to self-manage and organize in a way that supports the scrum values.
upvoted 0 times
...
Tawny
9 months ago
I'm feeling a bit 'session_regenerate_id()' after that question. But in all seriousness, D is the way to go. Prepared statements are the real deal when it comes to SQL injection. The other options might help, but they're like trying to stop a freight train with a toothpick.
upvoted 0 times
Selma
8 months ago
Yeah, they're like the ultimate defense against SQL injection attacks.
upvoted 0 times
...
Talia
8 months ago
Prepared statements are definitely the way to go.
upvoted 0 times
...
Cassandra
8 months ago
D) Prepared statement
upvoted 0 times
...
Broderick
8 months ago
A) mysql_real_escape_string()
upvoted 0 times
...
...
Herminia
10 months ago
I'm just going to go ahead and choose options A and C. Why? Because I'm feeling a little 'mysql_real_escape_string()' today, if you know what I mean. But seriously, D is the way to go - it's the 'Prepared statement' of all countermeasures.
upvoted 0 times
Lorenza
8 months ago
User 3: Don't forget about option D, the 'Prepared statement' is a strong countermeasure as well.
upvoted 0 times
...
Aliza
8 months ago
User 2: I agree, 'mysql_real_escape_string()' and 'mysql_escape_string()' can help prevent SQL injection attacks.
upvoted 0 times
...
Carmen
9 months ago
User 1: I think options A and C are good choices.
upvoted 0 times
...
...
Annabelle
10 months ago
Well, look at that! My grandma could have told you that prepared statements are the way to go. Anything else is just putting a band-aid on a bullet wound. Although I do like the sound of 'session_regenerate_id()' - maybe it can make my password look extra secure.
upvoted 0 times
...
Rory
10 months ago
Hmm, I'm torn between options A and D. Escaping strings is important, but prepared statements are the real powerhouse against SQL injection. Gotta cover all our bases, right?
upvoted 0 times
Sherron
8 months ago
It's always better to be safe than sorry, so using both options A and D would be a good idea.
upvoted 0 times
...
Rusty
8 months ago
I think both options A and D are important to use as countermeasures.
upvoted 0 times
...
Nohemi
9 months ago
I agree, using prepared statements is crucial to prevent SQL injection attacks.
upvoted 0 times
...
...
Ernie
10 months ago
I'm pretty sure option D is the way to go - Prepared statements are the gold standard for preventing SQL injection. The other options might help in other ways, but they don't directly address the injection vulnerability.
upvoted 0 times
Nichelle
9 months ago
Session_regenerate_id() is not a direct solution for SQL injection, so I would go with prepared statements.
upvoted 0 times
...
Rikki
10 months ago
I'm not sure about mysql_escape_string(), but I know it's important to use prepared statements.
upvoted 0 times
...
Geoffrey
10 months ago
I think mysql_real_escape_string() can also be used as a countermeasure.
upvoted 0 times
...
Martina
10 months ago
I agree, prepared statements are definitely the best defense against SQL injection.
upvoted 0 times
...
...
Becky
11 months ago
I'm not sure about C) mysql_escape_string(). I think it's not as secure as the other options mentioned.
upvoted 0 times
...
Grover
11 months ago
I agree with Anika. Those two options are commonly recommended to prevent SQL injection attacks.
upvoted 0 times
...
Anika
11 months ago
I think A) mysql_real_escape_string() and D) Prepared statement can be used as countermeasures.
upvoted 0 times
...

Save Cancel