nerdexam
ExamsCAS-001Questions#325
CompTIA

CAS-001 · Question #325

CAS-001 Question #325: Real Exam Question with Answer & Explanation

The correct answer is B: C#. Buffer overflows and format string vulnerabilities are characteristic of unmanaged languages where the developer is responsible for memory allocation and bounds checking. Managed code languages delegate memory management to a runtime environment that automatically enforces bounds

Question

A security code reviewer has been engaged to manually review a legacy application. A number of systemic issues have been uncovered relating to buffer overflows and format string vulnerabilities. The reviewer has advised that future software projects utilize managed code platforms if at all possible. Which of the following languages would suit this recommendation? (Select TWO).

Options

  • AC
  • BC#
  • CC++
  • DPerl
  • EJava

Explanation

Buffer overflows and format string vulnerabilities are characteristic of unmanaged languages where the developer is responsible for memory allocation and bounds checking. Managed code languages delegate memory management to a runtime environment that automatically enforces bounds, preventing these vulnerability classes. C# runs on the .NET Common Language Runtime (CLR), which manages memory automatically. Java runs on the Java Virtual Machine (JVM), which similarly handles memory management and array bounds checking at runtime. C and C++ are unmanaged languages - the developer controls memory directly, making them highly susceptible to the exact vulnerabilities described. Perl, while interpreted, does not provide the same level of memory safety guarantees as true managed code platforms.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice