CompTIA CASP+ (CAS-004) — Question 364

A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?

Answer options

• A. TPM
• B. Secure boot
• C. NX bit
• D. HSM

Correct answer: C

Explanation

Enabling the NX bit helps prevent the execution of code in non-executable memory regions, which can mitigate exploitation attempts that rely on executing arbitrary code. The other options, while they provide security benefits, do not specifically enhance the application's ability to leverage the mprotect() system call for memory protection against future attacks.