CompTIA Security+ (SY0-601) — Question 124

A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?

Answer options

• A. Race-condition
• B. Pass-the-hash
• C. Buffer overflow
• D. XSS

Correct answer: C

Explanation

The correct answer is C, Buffer overflow, as this type of attack involves manipulating the stack to overwrite the EIP, leading to potential code execution. The other options, such as Race-condition, Pass-the-hash, and XSS, do not specifically target the stack's EIP in the same manner as a buffer overflow attack.