Security+ Question of the Week: Unavailable Defense

SecurityQOW03Which of the following is not available to most businesses or individuals as a defense against buffer overflow or software exploitation attacks?

A. Patching
B. Input validation coding
C. Monitoring with an IDS
D. Updating anti-malware scanners


The correct answer is B.

Domain: 4.1. Input validation coding is the additional defensive programming code written to check and sanitize input before allowing it to be stored in memory or otherwise processed. Checking input against length and content restrictions would significantly reduce vulnerabilities in software. Unfortunately, if input validation coding is not provided by the original programmers or vendor, especially in closed-source products, it cannot be added later by end users.

Related Courses
Security+ Prep Course (SY0-401)
Security+ Certification Boot Camp (SY0-401)

In this article

Join the Conversation