nerdexam
ExamsCAS-002Questions#24
CompTIA

CAS-002 · Question #24

CAS-002 Question #24: Real Exam Question with Answer & Explanation

The correct answer is B: Problem: Buffer overflow Mitigation Technique: Secure coding standards. The scenario describes a buffer overflow: extra data is loaded into memory beyond its allocated boundary, eventually allowing the attacker to execute unintended (arbitrary) instructions. This is the hallmark of a buffer overflow vulnerability. The correct mitigation is secure cod

Question

A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?

Options

  • AProblem: Cross-site scripting Mitigation Technique.
  • BProblem: Buffer overflow Mitigation Technique: Secure coding standards
  • CProblem: SQL injection Mitigation Technique: Secure coding standards
  • DProblem: Buffer overflow Mitigation Technique: Output validation

Explanation

The scenario describes a buffer overflow: extra data is loaded into memory beyond its allocated boundary, eventually allowing the attacker to execute unintended (arbitrary) instructions. This is the hallmark of a buffer overflow vulnerability. The correct mitigation is secure coding standards, which enforce practices such as bounds checking, input length validation, and safe memory handling functions that prevent data from overflowing allocated buffers. Cross-site scripting (A) involves injecting client-side scripts into web pages-no memory overflow is involved. SQL injection (C) targets database query manipulation. Output validation (D) is a relevant technique but is a specific practice, not a comprehensive standard; 'secure coding standards' encompasses output validation along with many other protections and is the more complete and correct answer.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice