nerdexam
(ISC)2

CISSP · Question #1222

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?

The correct answer is D. Helps prevent certain exploits that store code in buffers. This question tests knowledge of Data Execution Prevention (DEP), an OS security feature that marks memory regions as non-executable to block code injection attacks. The correct answer identifies how DEP specifically mitigates buffer overflow and similar memory-based exploits.

Submitted by kwame.gh· Mar 5, 2026Security Architecture and Engineering

Question

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?

Options

  • AIdentifies which security patches still need to be installed on the system
  • BStops memory resident viruses from propagating their payload
  • CReduces the risk of polymorphic viruses from encrypting their payload
  • DHelps prevent certain exploits that store code in buffers

How the community answered

(46 responses)
  • B
    2% (1)
  • C
    4% (2)
  • D
    93% (43)

Why each option

This question tests knowledge of Data Execution Prevention (DEP), an OS security feature that marks memory regions as non-executable to block code injection attacks. The correct answer identifies how DEP specifically mitigates buffer overflow and similar memory-based exploits.

AIdentifies which security patches still need to be installed on the system

Identifying missing security patches is the function of a vulnerability scanner or patch management tool, not a memory execution protection feature like DEP.

BStops memory resident viruses from propagating their payload

Memory-resident viruses propagate through different mechanisms such as infecting files or hooking system calls; DEP does not specifically target their propagation, and many such viruses reside in executable memory regions anyway.

CReduces the risk of polymorphic viruses from encrypting their payload

Polymorphic viruses use encryption and code mutation to evade signature detection, which is countered by heuristic or behavioral antivirus engines, not by non-executable memory region enforcement.

DHelps prevent certain exploits that store code in buffersCorrect

Data Execution Prevention (DEP) works by marking memory regions such as the stack and heap as non-executable, so even if an attacker successfully injects shellcode into a buffer, the CPU will refuse to execute it. This directly mitigates buffer overflow exploits and heap spray attacks where malicious code is stored in data buffers and then triggered. DEP is a hardware- and software-enforced protection that specifically targets this class of memory corruption vulnerability.

Concept tested: Data Execution Prevention (DEP) and buffer overflow mitigation

Source: https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

Topics

#Memory protection#Buffer overflow#Exploit prevention#Operating system security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice