2. 计算机
  3. The following scenario applies to questions 26 and 27. Charlie is a new security manager at a textile company that develops its

The following scenario applies to questions 26 and 27. Charlie is a new security manager at a textile company that develops its

admin2013-12-19  27
问题 The following scenario applies to questions 26 and 27.
Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities.
Which of the following is Charlie most likely concerned with in this situation?
选项 A、Injection attacks
B、Memory block
C、Buffer overflows
D、Browsing attacks
答案C
解析 C正确。C编程语言很容易受到缓冲区溢出攻击,因为它的某些命令可以直接进行指针操作。特定的命令可以在不执行边界检查的情况下,直接访问低级别的内存地址。
A不正确。因为C编程语言不比其他语言更容易受到注入攻击。注入攻击通常不是发生在代码级别,而是由于接口接受了没有合理过滤和验证的数据而发生。
B不正确。因为这是一个干扰项。并不存在叫做“内存块”的官方编程语言漏洞。
D不正确。因为当某人审核敏感数据的各种资产时,就会发生浏览攻击。这个与编程语言无关,而是与访问控制的实施方式有关。
转载请注明原文地址:https://www.kaotiyun.com/show/FyhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)