KT-APP Vulnerable applications

WAF blocks SQLi on a public form; app team says 'WAF handles it.' Your concern?

Multiple choice — select one answer

Answer choices

  1. a. Disable WAF to reduce latency, without security or identity team coordination per policy.
  2. b. Defense in depth—fix input validation and parameterized queries at source
  3. c. SQLi is only a network issue, without security or identity team coordination per policy.
  4. d. WAF replaces secure coding, without security or identity team coordination per policy.

Architectural breakdown & explanation

Relying solely on WAF leaves gaps when rules fail or traffic is internal.

Correct answer(s): b. Defense in depth—fix input validation and parameterized queries at source

Exam domain: Vulnerable applications (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.