True or False: Buffer overflows and privilege escalation are not controls to prevent computer fraud.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Coach CFE Exam. Study using flashcards and multiple-choice questions, each with hints and explanations. Get ready for your assessment!

Multiple Choice

True or False: Buffer overflows and privilege escalation are not controls to prevent computer fraud.

Explanation:
The key idea is that preventive controls are protective measures, while buffer overflows and privilege escalation describe vulnerabilities and attacker techniques, not safeguards. A buffer overflow happens when a program writes beyond the memory it should use, which can lead to corruption or control being gained by an attacker. Privilege escalation is the method an attacker uses to obtain higher permissions than allowed. On their own, they are not controls. Defenses aimed at preventing these issues include secure coding practices that avoid writing outside memory bounds, input validation, and bounds checking; using memory-safe languages; and employing compiler/runtime protections such as stack canaries, DEP/NX, and ASLR. Additional controls involve patch management, enforcing least privilege, access controls, and ongoing vulnerability management and testing. These measures reduce or eliminate the opportunities for exploitation, thus preventing fraud. So the statement is false because these items are vulnerabilities and attack techniques, not protective controls.

The key idea is that preventive controls are protective measures, while buffer overflows and privilege escalation describe vulnerabilities and attacker techniques, not safeguards. A buffer overflow happens when a program writes beyond the memory it should use, which can lead to corruption or control being gained by an attacker. Privilege escalation is the method an attacker uses to obtain higher permissions than allowed. On their own, they are not controls.

Defenses aimed at preventing these issues include secure coding practices that avoid writing outside memory bounds, input validation, and bounds checking; using memory-safe languages; and employing compiler/runtime protections such as stack canaries, DEP/NX, and ASLR. Additional controls involve patch management, enforcing least privilege, access controls, and ongoing vulnerability management and testing. These measures reduce or eliminate the opportunities for exploitation, thus preventing fraud.

So the statement is false because these items are vulnerabilities and attack techniques, not protective controls.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy