During an investigation of database theft from an organization's web site, it was determined that...

 The action that provides the greatest protection against the same attack occurring again is to implement server-side filtering. Server-side filtering is the process of validating and sanitizing the user input on the server side, before passing it to the database or application. Server-side filtering can prevent SQL injection attacks, which are the attacks that exploit the vulnerability of the database or application to execute malicious SQL commands or queries. SQL injection attacks can result in data theft, corruption, or deletion, as well as unauthorized access or privilege escalation. The other options are not as effective as server-side filtering, as they either do not prevent SQL injection attacks (A and B), or do not address the root cause of the vulnerability (D). References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8, page 481; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 8, page 581.