nerdexam
(ISC)2

CISSP · Question #1381

Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?

The correct answer is D. Heap overflow. ASLR is a memory-protection technique that randomizes the base addresses of loaded executables, libraries, heap, and stack in memory, making it harder for attackers to reliably exploit memory-corruption vulnerabilities like heap overflows.

Submitted by marco_it· Mar 5, 2026Security Architecture and Engineering

Question

Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?

Options

  • ASQL injection (SQLi)
  • BMan-in-the-middle (MITM)
  • CCross-Site Scripting (XSS)
  • DHeap overflow

How the community answered

(25 responses)
  • B
    4% (1)
  • C
    8% (2)
  • D
    88% (22)

Why each option

ASLR is a memory-protection technique that randomizes the base addresses of loaded executables, libraries, heap, and stack in memory, making it harder for attackers to reliably exploit memory-corruption vulnerabilities like heap overflows.

ASQL injection (SQLi)

SQL injection is an input-validation attack targeting database query logic, which operates at the application/database layer and is completely unrelated to process memory address layout.

BMan-in-the-middle (MITM)

Man-in-the-middle attacks involve intercepting network communications between two parties, a network-layer threat that ASLR's memory-randomization mechanism has no bearing on.

CCross-Site Scripting (XSS)

Cross-Site Scripting is a web application vulnerability involving injection of malicious scripts into web pages viewed by other users, which is a client-side code injection issue unaffected by memory address randomization.

DHeap overflowCorrect

Heap overflow attacks rely on the attacker knowing or predicting the memory addresses of target data structures or executable code so they can redirect execution flow. ASLR randomizes the memory layout each time a process runs, meaning the attacker cannot reliably predict heap addresses, effectively mitigating exploitation of heap overflow vulnerabilities by invalidating hardcoded or guessed address payloads.

Concept tested: ASLR memory protection against memory corruption exploits

Source: https://learn.microsoft.com/en-us/windows/win32/memory/address-space-layout-randomization

Topics

#ASLR#Memory protection#Heap overflow#Exploit mitigation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice