312-50V11 · Question #234
Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?
The correct answer is A. Malicious code is attempting to execute instruction a non-executable memory region.. DEP errors occur when code attempts to execute in a memory region marked as non-executable, which is a common indicator of buffer overflow exploitation or malicious code injection.
Question
Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?
Options
- AMalicious code is attempting to execute instruction a non-executable memory region.
- BA page fault is occuring, which forces the operating system to write data from the hard drive.
- CA race condition is being exploited, and the operating system is containing the malicious process.
- DMalware is executing in either ROM or a cache memory area.
How the community answered
(35 responses)- A91% (32)
- B6% (2)
- D3% (1)
Why each option
DEP errors occur when code attempts to execute in a memory region marked as non-executable, which is a common indicator of buffer overflow exploitation or malicious code injection.
Data Execution Prevention is a hardware and software security feature that marks memory regions such as the stack and heap as non-executable. When malicious code attempts to run instructions within these protected regions, the CPU raises a DEP violation - precisely the error Rebecca is seeing, indicating an attempted exploit of non-executable memory.
A page fault occurs when the OS must load data from disk into RAM due to a virtual memory miss, which is a normal memory management event unrelated to DEP enforcement.
A race condition involves concurrent processes competing for shared resources and is a separate class of vulnerability; DEP errors are not generated as a response to race condition exploitation.
DEP protects non-executable regions of RAM such as the stack and heap, not ROM or CPU cache, which are architecturally distinct memory areas not governed by DEP policy.
Concept tested: Data Execution Prevention memory protection mechanism
Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
Topics
Community Discussion
No community discussion yet for this question.