CompTIA CySA+ (CS0-003) — Question 340

While performing a dynamic analysis of a malicious file, a security analyst notices the memory address changes every time the process runs. Which of the following controls is most likely preventing the analyst from finding the proper memory address of the piece of malicious code?

Answer options

• A. Address space layout randomization
• B. Data execution prevention
• C. Stack canary
• D. Code obfuscation

Correct answer: A

Explanation

Address space layout randomization (ASLR) is designed to randomize memory addresses to prevent exploitation of memory corruption vulnerabilities. This makes it difficult for an analyst to predict where the malicious code resides. The other options, while providing additional security, do not specifically randomize memory locations in the same way ASLR does.