CompTIA
CAS-002 · Question #693
CAS-002 Question #693: Real Exam Question with Answer & Explanation
The correct answer is C: #include. A buffer overflow attack is represented by C language code because C allows direct memory manipulation using unsafe functions that do not perform bounds checking.
Question
Which of the following displays an example of a buffer overflow attack? A. <SCRIPT> </SCRIPT> B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb
Options
- C#include
- D<form action="/cgi-bin/login" method=post>
Explanation
A buffer overflow attack is represented by C language code because C allows direct memory manipulation using unsafe functions that do not perform bounds checking.
Common mistakes.
- A. The script tags represent a cross-site scripting (XSS) attack, which injects client-side scripts into web pages viewed by other users - not a buffer overflow.
- B. The checksum block is package integrity verification data used in software distribution manifests and is not an attack of any kind.
- D. The HTML form tag is a standard web form element used for submitting data via POST and is not indicative of any attack technique.
Concept tested. Identifying buffer overflow attacks in source code
Reference. https://owasp.org/www-community/attacks/Buffer_overflow_attack
Community Discussion
No community discussion yet for this question.