GAQM Exam CPEH-001 Topic 5 Question 84 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 84
Topic #: 5

StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks.

ACanary

BHex editing

CFormat checking

DNon-executing stack

Show Suggested Answer

Suggested Answer: A

Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system.

by Kayleigh at Apr 12, 2024, 10:55 PM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Margo

6 months ago

I see your point, Rikki, but I still think Canary is the best defense.

upvoted 0 times

...

Rikki

6 months ago

I'm not so sure, I think it could also be D) Non-executing stack.

upvoted 0 times

...

Hui

6 months ago

I agree with Margo, Canary is a common defense against buffer overflow attacks.

upvoted 0 times

...

Margo

6 months ago

I think the answer is A) Canary.

upvoted 0 times

...

Eleonore

7 months ago

I've seen ssp/ProPolice in action before, and it definitely helps protect against buffer overflows.

upvoted 0 times

...

Margart

7 months ago

I don't think format checking alone is as effective as using a canary value in defense against buffer overflows.

upvoted 0 times

...

Marvel

7 months ago

But what about option C) Format checking? Couldn't that also help prevent buffer overflow attacks?

upvoted 0 times

...

Carlee

7 months ago

I agree, using a canary value can help detect buffer overflow attacks.

upvoted 0 times

...

Miesha

7 months ago

I think the answer is A) Canary.

upvoted 0 times

...

Solange

8 months ago

Hold up, I think I've got it. What if it's a trick question, and the real answer is D? I mean, the non-executing stack is a pretty fundamental defense against buffer overflows, right? Hmm, this is getting tricky.

upvoted 0 times

...

Joseph

8 months ago

Alright, let's think this through. StackGuard, ProPolice, and /GS – they all use the same underlying defense, and that's the canary. I mean, it's right there in the question. A all the way, no need to overthink it.

upvoted 0 times

...

Kimbery

8 months ago

You know, I'm kind of torn on this one. The canary seems like the obvious answer, but I've heard about those non-executable stacks too. Maybe that's the trick they're going for here? Guess I'll have to weigh the options carefully.

upvoted 0 times

...

Pearlene

8 months ago

Hah! Hex editing? Really? As if anyone would try to defend against buffer overflows with that. No, this is clearly a question about modern, sophisticated techniques. Gotta be the canary, no doubt about it.

upvoted 0 times

...

Carline

8 months ago

Hmm, I'm not so sure. Canary sounds like the right answer, but I can't help but wonder if there's a trick here. What if they're trying to throw us off with something like format checking? Gotta keep my wits about me for this one.

upvoted 0 times

...

Yaeko

8 months ago

Ah, the age-old buffer overflow attack. This question is really testing our knowledge of defensive techniques against this menace. I'm guessing the answer is A, Canary. Those little sentinels are the backbone of these anti-buffer overflow measures.

upvoted 0 times

Jules

7 months ago

Absolutely, the Canary approach is crucial in defending against buffer overflow attacks.

upvoted 0 times

...

Eun

7 months ago

A) Canary

upvoted 0 times

...