The correct answer isDbecauseallowed valuesis the best control to mitigate the risk of users entering incorrect data into a system. Allowed values are an input validation control that restricts entries to predefined acceptable data, preventing invalid or improper inputs at the point of entry.
The other options are less effective:
A. Sequence checkis useful for detecting missing or duplicate sequence items, but not for general incorrect input values.
B. Tool tipsmay guide users, but they do not enforce correct input.
C. User traininghelps reduce errors, but it is weaker than an automated preventive input control.
Exact Extracts supporting the answer:
“In reviewing transaction data for fraudulent activity the concept of data validation that is MOST likely to be of value to enterprises is reasonableness.”
“To validate data integrity during processing in multiple applications the BEST assurance for maintaining data integrity is provided by range checking.”
“The vulnerability that makes a web application MOST susceptible to a SQL injection attack is inadequate validation of input.”
“The attack that occurs PRIMARILY because user input is not properly validated is cross-site scripting.”
These extracts support that the strongest mitigation for incorrect user input isinput validation, and among the choices,allowed valuesis the best preventive control.
===========
