A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check?
A. NX/XN
B. ASLR
C. strcpy
D. ECC
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Initially, I did disagree but I pulled up my CASP+ all-in-one book by Nicholas Lane to finally put an end to this dilemma. Page 704, and I quote, “NX bit use refers to CPU reserving certain areas of memory for containing code that cannot be executed. Akin to malware sandboxing, malware can be quarantined to this memory space so that it is restricted from execution.” This question is asking, “confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks.”
While both ASLR and NX do prevent buffer overflows (currently outdated, look up SSP), the question specifically hints at malware execution that would lead to buffer overflow. I agree with Coronaa, and would go with A.
A. NX bit
A. NX bit
Source: https://enacademic.com/dic.nsf/enwiki/1753000