nerdexam
EC-Council

312-50V10 · Question #234

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

The correct answer is A. Malicious code is attempting to execute instruction a non-executable memory region.. DEP (Data Execution Prevention) is a Windows security feature that marks memory regions such as the stack and heap as non-executable, triggering an error when code attempts to run from those regions. This is most commonly caused by buffer overflow exploits attempting to execute s

System Hacking

Question

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

Options

  • AMalicious code is attempting to execute instruction a non-executable memory region.
  • BA page fault is occuring, which forces the operating system to write data from the hard drive.
  • CA race condition is being exploited, and the operating system is containing the malicious process.
  • DMalware is executing in either ROM or a cache memory area.

How the community answered

(28 responses)
  • A
    93% (26)
  • B
    4% (1)
  • D
    4% (1)

Why each option

DEP (Data Execution Prevention) is a Windows security feature that marks memory regions such as the stack and heap as non-executable, triggering an error when code attempts to run from those regions. This is most commonly caused by buffer overflow exploits attempting to execute shellcode in protected memory.

AMalicious code is attempting to execute instruction a non-executable memory region.Correct

DEP enforces a hardware or software policy that designates certain memory pages as NX (No Execute), so when malicious code - such as a buffer overflow payload - attempts to execute instructions from a non-executable memory region like the stack or heap, the CPU raises a DEP violation and terminates the process. This is DEP's core design purpose: to detect and block code execution from data memory regions.

BA page fault is occuring, which forces the operating system to write data from the hard drive.

A page fault is a memory management event triggered when a process accesses a virtual memory address not currently mapped to physical RAM, requiring retrieval from disk - this is unrelated to DEP.

CA race condition is being exploited, and the operating system is containing the malicious process.

A race condition is a timing-based vulnerability where two processes compete to access a shared resource; DEP does not detect or respond to race conditions.

DMalware is executing in either ROM or a cache memory area.

DEP operates on virtual memory pages managed by the OS in RAM; ROM is firmware memory outside OS control, and CPU cache is hardware-managed - neither is within DEP's enforcement scope.

Concept tested: Windows Data Execution Prevention memory protection mechanism

Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Topics

#DEP#non-executable memory#exploit prevention#memory protection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice