CompTIA Security+ (SY0-501) — Question 446

An application developer has neglected to include input validation checks in the design of the company's new web application. An employee discovers that repeatedly submitting large amounts of data, including custom code, to an application will allow the execution of the custom code at the administrator level. Which of the following BEST identifies this application attack?

Answer options

• A. Cross-site scripting
• B. Clickjacking
• C. Buffer overflow
• D. Replay

Correct answer: C

Explanation

The correct answer is C, Buffer overflow, as this attack occurs when an application does not properly validate input and allows excess data to overwrite memory. Cross-site scripting and Clickjacking (options A and B) are related to client-side vulnerabilities and do not involve executing code at the administrator level. Replay attacks (option D) involve intercepting valid data transmissions but do not pertain to input data causing code execution.