nerdexam
ExamsCAS-001Questions#15
CompTIA

CAS-001 · Question #15

CAS-001 Question #15: Real Exam Question with Answer & Explanation

The correct answer is B: Problem: Buffer overflow. The description precisely matches a buffer overflow vulnerability: when a specific format is selected, more data than expected is loaded into memory. This overwrites adjacent memory regions (such as the return address on the stack), allowing an attacker to redirect execution flow

Question

A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?

Options

  • AProblem: Cross-site scripting
  • BProblem: Buffer overflow
  • CProblem: SQL injection
  • DProblem: Buffer overflow

Explanation

The description precisely matches a buffer overflow vulnerability: when a specific format is selected, more data than expected is loaded into memory. This overwrites adjacent memory regions (such as the return address on the stack), allowing an attacker to redirect execution flow and run unintentional (arbitrary) instructions. This is the classic definition and mechanism of a buffer overflow exploit. Cross-site scripting (Option A) involves injecting malicious scripts into web pages viewed by other users-it does not cause memory overflows. SQL injection (Option C) involves inserting malicious SQL syntax into database queries, not memory manipulation. Buffer overflow (Options B and D both name it correctly; B is the primary correct answer here) is a well-known security concern because it can lead to full code execution, privilege escalation, and system compromise. The mitigation is bounds checking and input validation.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice