CompTIA CySA+ (CS0-002) — Question 297

An internally developed file-monitoring system identified the following excerpt as causing a program to crash often: char filedata[100]; fp = fopen(`access.log`, `r`); srtcopy (filedata, fp); printf (`%s\n`, filedata);
Which of the following should a security analyst recommend to fix the issue?

Answer options

• A. Open the access.log file in read/write mode.
• B. Replace the strcpy function.
• C. Perform input sanitization.
• D. Increase the size of the file data butter.

Correct answer: B

Explanation

The correct answer is B because using strcpy without ensuring the size of the source data can lead to buffer overflow, which is likely causing the crashes. Options A and D do not address the root cause of the issue, while C, though important for security, does not fix the immediate problem related to buffer overflow in this context.