CISSP · Question #1222
What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?
The correct answer is D. Helps prevent certain exploits that store code in buffers. This question tests knowledge of Data Execution Prevention (DEP), an OS security feature that marks memory regions as non-executable to block code injection attacks. The correct answer identifies how DEP specifically mitigates buffer overflow and similar memory-based exploits.
Question
What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?
Options
- AIdentifies which security patches still need to be installed on the system
- BStops memory resident viruses from propagating their payload
- CReduces the risk of polymorphic viruses from encrypting their payload
- DHelps prevent certain exploits that store code in buffers
How the community answered
(46 responses)- B2% (1)
- C4% (2)
- D93% (43)
Why each option
This question tests knowledge of Data Execution Prevention (DEP), an OS security feature that marks memory regions as non-executable to block code injection attacks. The correct answer identifies how DEP specifically mitigates buffer overflow and similar memory-based exploits.
Identifying missing security patches is the function of a vulnerability scanner or patch management tool, not a memory execution protection feature like DEP.
Memory-resident viruses propagate through different mechanisms such as infecting files or hooking system calls; DEP does not specifically target their propagation, and many such viruses reside in executable memory regions anyway.
Polymorphic viruses use encryption and code mutation to evade signature detection, which is countered by heuristic or behavioral antivirus engines, not by non-executable memory region enforcement.
Data Execution Prevention (DEP) works by marking memory regions such as the stack and heap as non-executable, so even if an attacker successfully injects shellcode into a buffer, the CPU will refuse to execute it. This directly mitigates buffer overflow exploits and heap spray attacks where malicious code is stored in data buffers and then triggered. DEP is a hardware- and software-enforced protection that specifically targets this class of memory corruption vulnerability.
Concept tested: Data Execution Prevention (DEP) and buffer overflow mitigation
Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
Topics
Community Discussion
No community discussion yet for this question.