312-50V10 · Question #234
Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?
The correct answer is A. Malicious code is attempting to execute instruction a non-executable memory region.. DEP (Data Execution Prevention) is a Windows security feature that marks memory regions such as the stack and heap as non-executable, triggering an error when code attempts to run from those regions. This is most commonly caused by buffer overflow exploits attempting to execute s
Question
Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?
Options
- AMalicious code is attempting to execute instruction a non-executable memory region.
- BA page fault is occuring, which forces the operating system to write data from the hard drive.
- CA race condition is being exploited, and the operating system is containing the malicious process.
- DMalware is executing in either ROM or a cache memory area.
How the community answered
(28 responses)- A93% (26)
- B4% (1)
- D4% (1)
Why each option
DEP (Data Execution Prevention) is a Windows security feature that marks memory regions such as the stack and heap as non-executable, triggering an error when code attempts to run from those regions. This is most commonly caused by buffer overflow exploits attempting to execute shellcode in protected memory.
DEP enforces a hardware or software policy that designates certain memory pages as NX (No Execute), so when malicious code - such as a buffer overflow payload - attempts to execute instructions from a non-executable memory region like the stack or heap, the CPU raises a DEP violation and terminates the process. This is DEP's core design purpose: to detect and block code execution from data memory regions.
A page fault is a memory management event triggered when a process accesses a virtual memory address not currently mapped to physical RAM, requiring retrieval from disk - this is unrelated to DEP.
A race condition is a timing-based vulnerability where two processes compete to access a shared resource; DEP does not detect or respond to race conditions.
DEP operates on virtual memory pages managed by the OS in RAM; ROM is firmware memory outside OS control, and CPU cache is hardware-managed - neither is within DEP's enforcement scope.
Concept tested: Windows Data Execution Prevention memory protection mechanism
Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
Topics
Community Discussion
No community discussion yet for this question.