Certified Information Systems Security Professional (CISSP) — Question 354
The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus' variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. It is determined this virus is of no threat to the organization because they had the foresight to enable what feature on all endpoints?
Answer options
- A. Address Space Layout Randomization (ASLR)
- B. Trusted Platform Module (TPM)
- C. Virtualization
- D. Process isolation
Correct answer: A
Explanation
The correct answer is A, Address Space Layout Randomization (ASLR), because it randomizes memory addresses to prevent the virus from successfully writing to the specific memory location. Options B (TPM), C (Virtualization), and D (Process isolation) do not directly address the issue of memory address manipulation by the virus, making them less effective in this scenario.