CAS-003 Question #962: Real Exam Question with Answer & Explanation

The correct answer is D: strcpy. strcpy() is a C standard library function that copies a string from a source buffer to a destination buffer without performing any bounds checking. This makes it inherently vulnerable to buffer overflow attacks - if the source string is longer than the destination buffer, adjacen

Question

A major OS vendor implements an IDE-integrated tool that alerts developers on the use of insecure and deprecated C code functions. Using which of the following functions would yield an alert to the developer?

Options

A. char
Berrno_t
Cstream_s
Dstrcpy

Explanation

strcpy() is a C standard library function that copies a string from a source buffer to a destination buffer without performing any bounds checking. This makes it inherently vulnerable to buffer overflow attacks - if the source string is longer than the destination buffer, adjacent memory is overwritten, potentially allowing arbitrary code execution. strcpy() appears on Microsoft's SDL banned functions list and is flagged by security-aware IDEs and static analysis tools. Developers are directed to use safer alternatives like strcpy_s() or strlcpy(). Option A is wrong because 'char' is a data type, not a function. Option B (errno_t) is actually used in the safer C11 bounds-checking function signatures. Option C (stream_s) is a safe structure type. strcpy is the classic example of a deprecated, insecure C function that triggers security tool alerts.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice