CISSP Question #432: Real Exam Question with Answer & Explanation

The correct answer is A: Modify a function's return address.. Buffer overflow attacks exploit memory corruption to overwrite a function's saved return address on the stack, redirecting execution to attacker-controlled code. This is the foundational mechanism behind stack-based buffer overflow exploits.

Submitted by carlos_mx· Mar 5, 2026Software Development Security

Question

How can an attacker exploit overflow to execute arbitrary code?

Options

AModify a function's return address.
BAlter the address of the stack.
CSubstitute elements in the stack.
DMove the stack pointer.

Explanation

Buffer overflow attacks exploit memory corruption to overwrite a function's saved return address on the stack, redirecting execution to attacker-controlled code. This is the foundational mechanism behind stack-based buffer overflow exploits.

Common mistakes.

B. Altering the base address of the entire stack is not a practical or direct exploitation technique; attackers target specific saved values within the stack frame, not the stack's memory region address itself.
C. 'Substituting elements in the stack' is too vague and does not describe a recognized exploit primitive - simply swapping generic stack elements does not reliably redirect execution flow to attacker-controlled code.
D. Moving the stack pointer (ESP/RSP) adjusts where the stack top is perceived to be, but by itself does not redirect execution; without also controlling the return address, arbitrary code execution cannot be achieved.

Concept tested. Stack-based buffer overflow return address hijacking

Reference. https://learn.microsoft.com/en-us/windows/win32/secbp/protecting-against-stack-overwrites

Topics

#buffer overflow#exploit development#arbitrary code execution#memory management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions