nerdexam
CompTIA

CAS-002 · Question #2

Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?

The correct answer is B. Standard libraries. Unsafe standard library functions (such as strcpy or gets in C/C++) lack bounds checking, making them a direct enabler of buffer overflow vulnerabilities when used in application development.

Enterprise Security

Question

Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?

Options

  • ASecure cookie storage
  • BStandard libraries
  • CState management
  • DInput validation

How the community answered

(63 responses)
  • A
    10% (6)
  • B
    86% (54)
  • C
    2% (1)
  • D
    3% (2)

Why each option

Unsafe standard library functions (such as strcpy or gets in C/C++) lack bounds checking, making them a direct enabler of buffer overflow vulnerabilities when used in application development.

ASecure cookie storage

Secure cookie storage is a mechanism for protecting session tokens and does not relate to memory buffer management or overflow vulnerabilities.

BStandard librariesCorrect

Many functions in standard C/C++ libraries - such as strcpy(), gets(), and sprintf() - do not perform boundary checks on destination buffers. When developers use these functions without additional validation, they allow input data to exceed allocated memory regions, which is the core mechanism of a buffer overflow attack. Modern secure replacements like strncpy() or fgets() exist precisely to mitigate this risk.

CState management

State management governs application workflow and session data consistency but has no direct bearing on memory allocation boundaries that buffer overflows exploit.

DInput validation

Input validation is a defensive control that prevents buffer overflows by rejecting or sanitizing oversized input before it reaches vulnerable functions.

Concept tested: Unsafe standard library functions enabling buffer overflows

Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow

Topics

#buffer overflow#standard libraries#secure coding#application security

Community Discussion

No community discussion yet for this question.

Full CAS-002 Practice