A developer wants to reduce the risk of SQL injection in a new customer search form. Which two changes are the best mitigations? Select two.

Store the database password in the page source so the app can connect faster.

Putting credentials in source code exposes secrets to anyone who can view the application files or web content.

Disable TLS so the application can inspect requests more easily.

Disabling TLS weakens transport security and does nothing to prevent SQL injection in the application logic.

Allow the application to build SQL statements by concatenating raw user input.

Concatenating raw input is the classic cause of SQL injection and directly increases the vulnerability.

What does this SY0-701 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: Use parameterized queries or prepared statements for all database access. — The best mitigations are parameterized queries and input validation. Parameterized queries are the strongest defense because they prevent user-controlled data from being interpreted as SQL code. Input validation is also valuable because it limits unexpected characters, lengths, and formats before data reaches the database. Together, these measures reduce the likelihood that an attacker can alter the meaning of a query through crafted input. Why others are wrong: Storing credentials in source code creates a separate secret-handling problem and does not address injection. Disabling TLS weakens confidentiality in transit, but SQL injection happens at the application layer. Concatenating raw input into SQL directly creates the vulnerability rather than preventing it. Those choices either increase risk or fail to mitigate the issue the developer is trying to solve.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.