Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Go to Exam

Question 434

A security architect examines a section of code and discovers the following:

char username[20]

char password[20]

gets(username)

checkUserExists(username)

Which of the following changes should the security architect require before approving the code for release?

Allow only alphanumeric characters for the username.

Make the password variable longer to support more secure passwords.

Prevent more than 20 characters from being entered.

Add a password parameter to the checkUserExists function.

Correct Answer: C

The code snippet is vulnerable to a buffer overflow attack due to the use of the gets function, which does not limit the input size. This can lead to memory corruption and potential security vulnerabilities. By ensuring that no more than 20 characters are entered, the code can prevent buffer overflow attacks, thus mitigating a significant security risk.

Discussion

ChopSNapOption: C

The best change the security architect should require before approving the code for release is C. Prevent more than 20 characters from being entered. his is essential because gets() does not perform bounds checking, leading to a buffer overflow risk. It’s crucial to ensure that input does not exceed the allocated buffer size.

isaphiltrickOption: C

The code snippet provided is vulnerable to a buffer overflow attack due to the use of the gets function, which does not limit the input size. This can lead to memory corruption and potential security vulnerabilities. By ensuring that no more than 20 characters are entered, the code can prevent buffer overflow attacks, thus mitigating a significant security risk.