nerdexam
EC-Council

312-50V11 · Question #234

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

The correct answer is A. Malicious code is attempting to execute instruction a non-executable memory region.. DEP errors occur when code attempts to execute in a memory region marked as non-executable, which is a common indicator of buffer overflow exploitation or malicious code injection.

System Hacking

Question

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

Options

  • AMalicious code is attempting to execute instruction a non-executable memory region.
  • BA page fault is occuring, which forces the operating system to write data from the hard drive.
  • CA race condition is being exploited, and the operating system is containing the malicious process.
  • DMalware is executing in either ROM or a cache memory area.

How the community answered

(35 responses)
  • A
    91% (32)
  • B
    6% (2)
  • D
    3% (1)

Why each option

DEP errors occur when code attempts to execute in a memory region marked as non-executable, which is a common indicator of buffer overflow exploitation or malicious code injection.

AMalicious code is attempting to execute instruction a non-executable memory region.Correct

Data Execution Prevention is a hardware and software security feature that marks memory regions such as the stack and heap as non-executable. When malicious code attempts to run instructions within these protected regions, the CPU raises a DEP violation - precisely the error Rebecca is seeing, indicating an attempted exploit of non-executable memory.

BA page fault is occuring, which forces the operating system to write data from the hard drive.

A page fault occurs when the OS must load data from disk into RAM due to a virtual memory miss, which is a normal memory management event unrelated to DEP enforcement.

CA race condition is being exploited, and the operating system is containing the malicious process.

A race condition involves concurrent processes competing for shared resources and is a separate class of vulnerability; DEP errors are not generated as a response to race condition exploitation.

DMalware is executing in either ROM or a cache memory area.

DEP protects non-executable regions of RAM such as the stack and heap, not ROM or CPU cache, which are architecturally distinct memory areas not governed by DEP policy.

Concept tested: Data Execution Prevention memory protection mechanism

Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Topics

#DEP#non-executable memory#memory protection#exploit prevention

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice