CompTIA SecurityX (CAS-005) — Question 36

A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?

Answer options

• A. TPM
• B. Secure boot
• C. NX bit
• D. HSM

Correct answer: C

Explanation

Enabling the NX bit (No eXecute bit) helps prevent execution of code in certain memory regions, thus providing protection against buffer overflow attacks that could exploit vulnerabilities. The other options, while useful for different security aspects, do not directly provide the same level of protection against code execution attacks as the NX bit does.