CompTIA CASP+ (CAS-004) — Question 515

A quality review of source code revealed that developers extensively use С programming language functions to manipulate strings such as gets and strcpy. Which of the following best describes the security concern represented in the developers' technique?

Answer options

• A. The attack surface is expanded due to the application's complexity.
• B. The application's availability is impacted due to erratic results returned by the functions.
• C. The likelihood of buffer overflows caused by inadequate input manipulation is increased.
• D. The application's data integrity could be compromised due to improper data processing.

Correct answer: C

Explanation

Using functions like gets and strcpy can lead to buffer overflow vulnerabilities because they do not perform bounds checking on input data. This increases the risk of memory corruption and potential exploitation by attackers. The other options do not directly relate to the specific vulnerabilities introduced by these functions.