CISSP Question #1222: Real Exam Question with Answer & Explanation

Question

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?

Options

• AIdentifies which security patches still need to be installed on the system
• BStops memory resident viruses from propagating their payload
• CReduces the risk of polymorphic viruses from encrypting their payload
• DHelps prevent certain exploits that store code in buffers

Explanation

This question tests knowledge of Data Execution Prevention (DEP), an OS security feature that marks memory regions as non-executable to block code injection attacks. The correct answer identifies how DEP specifically mitigates buffer overflow and similar memory-based exploits.

Common mistakes.

• A. Identifying missing security patches is the function of a vulnerability scanner or patch management tool, not a memory execution protection feature like DEP.
• B. Memory-resident viruses propagate through different mechanisms such as infecting files or hooking system calls; DEP does not specifically target their propagation, and many such viruses reside in executable memory regions anyway.
• C. Polymorphic viruses use encryption and code mutation to evade signature detection, which is countered by heuristic or behavioral antivirus engines, not by non-executable memory region enforcement.

Concept tested. Data Execution Prevention (DEP) and buffer overflow mitigation

Reference. https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

No community discussion yet for this question.