Which of the following is not available to most businesses or individuals as a defense against buffer overflow or software exploitation attacks?
A. Patching
B. Input validation coding
C. Monitoring with an IDS
D. Updating anti-malware scanners
The correct answer is B.
Domain: 4.1. Input validation coding is the additional defensive programming code written to check and sanitize input before allowing it to be stored in memory or otherwise processed. Checking input against length and content restrictions would significantly reduce vulnerabilities in software. Unfortunately, if input validation coding is not provided by the original programmers or vendor, especially in closed-source products, it cannot be added later by end users.
Related Courses
Security+ Certification Boot Camp (SYO-301)
Security+ Prep Course (SYO-301)
CompTIA Advanced Security Practitioner (CASP) Prep Course