nerdexam
Exams312-50V9Questions#279
EC-Council

312-50V9 · Question #279

312-50V9 Question #279: Real Exam Question with Answer & Explanation

The correct answer is D: Malicious code is attempting to execute instruction in a non-executable memory region.. DEP errors indicate that code attempted to run in a memory region marked as non-executable, which is a common sign of a buffer overflow or code injection attack being blocked by the OS.

Question

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

Options

  • AA race condition is being exploited, and the operating system is containing the malicious process.
  • BA page fault is occurring, which forces the operating system to write data from the hard drive.
  • CMalware is executing in either ROM or a cache memory area.
  • DMalicious code is attempting to execute instruction in a non-executable memory region.

Explanation

DEP errors indicate that code attempted to run in a memory region marked as non-executable, which is a common sign of a buffer overflow or code injection attack being blocked by the OS.

Common mistakes.

  • A. Race conditions involve timing conflicts between concurrent processes and are unrelated to the DEP mechanism, which specifically monitors memory execution permissions.
  • B. A page fault occurs when the OS must retrieve memory-mapped data from disk, which is a normal memory management event entirely separate from DEP enforcement.
  • C. DEP does not monitor ROM or CPU cache; it enforces execute permissions on virtual memory pages allocated in RAM.

Concept tested. Data Execution Prevention memory protection

Reference. https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice