WAF blocks SQLi on a public form; app team says 'WAF handles it.' Your concern?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
Relying solely on WAF leaves gaps when rules fail or traffic is internal.
Correct answer(s): b. Defense in depth—fix input validation and parameterized queries at source
Exam domain: Vulnerable applications (25% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.