ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 435 discussion

Actual exam question from CompTIA's CAS-004
Question #: 435
Topic #: 1
[All CAS-004 Questions]

A security architect examines a section of code and discovers the following:

char username[20]
char password[20]
gets(username)
checkUserExists(username)

Which of the following changes should the security architect require before approving the code for release?

  • A. Allow only alphanumeric characters for the username.
  • B. Make the password variable longer to support more secure passwords.
  • C. Prevent more than 20 characters from being entered.
  • D. Add a password parameter to the checkUserExists function.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by isaphiltrick at July 6, 2024, 4:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Orean
7 months, 2 weeks ago
Selected Answer: C
gets() does not check the maximum amount of characters entered. An fgets(username, sizeof(username), stdin) statement would accomplish this.
upvoted 1 times
...
ChopSNap
9 months, 4 weeks ago
Selected Answer: C
The best change the security architect should require before approving the code for release is C. Prevent more than 20 characters from being entered. his is essential because gets() does not perform bounds checking, leading to a buffer overflow risk. It’s crucial to ensure that input does not exceed the allocated buffer size.
upvoted 1 times
...
isaphiltrick
10 months, 1 week ago
Selected Answer: C
The code snippet provided is vulnerable to a buffer overflow attack due to the use of the gets function, which does not limit the input size. This can lead to memory corruption and potential security vulnerabilities. By ensuring that no more than 20 characters are entered, the code can prevent buffer overflow attacks, thus mitigating a significant security risk.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago