GSEC Exam QuestionsBrowse all questions from this exam

GSEC Exam - Question 30


You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?

Show Answer
Correct Answer: B

The presence of a long series of 'no operation' (NOP) commands, followed by a malicious payload, strongly indicates a buffer overflow attack. Buffer overflow attacks often use NOP sleds to create a safe landing area for the payload. The most appropriate preventative measure for this type of attack is to implement boundary checks on program inputs to ensure that input data does not exceed the allocated buffer limit, thereby preventing the overflow and subsequent execution of malicious code.

Discussion

1 comment
Sign in to comment
xzibOption: B
Jun 14, 2024

answer is B. Boundary checks on program inputs . It is buffer owerflow