Exam SY0-501 topic 1 question 559 discussion

It was a typo. its TPM. A Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. ... The term TPM is sometimes used in reference to the set of specifications applicable to TPM chips

Answer is B. Privilege escalation via unchecked TPM reset. This vulnerability is caused by a hardware design problem specific to a small faction of device models resulting in the main CPU being able to trigger a reset of the TPM while the main CPU doesn't reset.

Buffer overflows typically have a high severity ranking because they can lead to unauthorized code execution in cases where attackers can control the overwritten memory space outside the targeted buffer and can redirect a function pointer to their malicious code

CompTIA source: An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code. ___ This bug can lead to system errors on its own, but a deliberate attack can result in the loss of important data, system downtime, or the execution of malicious code. taken from: https://www.n-able.com/blog/buffer-overflow-vulnerabilities-protection _____ Based on these statements, answer should be A

Buffer overflows can affect all types of software. They typically result from malformed inputs or failure to allocate enough space for the buffer. If the transaction overwrites executable code, it can cause the program to behave unpredictably and generate incorrect results, memory access errors, or crashes. .Answer is A

I'd go with A. stack over-flow attack, seems to fit this definition of buffer-overflow. To exploit a buffer overflow vulnerability, the attacker passes data that deliberately overfills the buffer (an area of memory) that the application reserves to store the expected data. There are three principal exploits: Stack overflow—the stack is an area of memory used by a program subroutine. It includes a return address, which is the location of the program that called the subroutine. An attacker could use a buffer overflow to change the return address, allowing the attacker to run arbitrary code on the system. Two examples of this are the Code Red worm, which targeted Microsoft's IIS web server (version 5) and the SQLSlammer worm, which targeted Microsoft SQL Server® 2000. References: COM501B - The Official CompTIA Study Guide https://www.sans.org/reading-room/whitepapers/threats/paper/481 https://www.csoonline.com/article/3513477/what-is-a-buffer-overflow-and-how-hackers-exploit-these-vulnerabilities.html https://en.wikipedia.org/wiki/Arbitrary_code_execution

Buffers are sequential memory partitions set aside for storage or moving data within a program. However, they can only store an allotted amount of data, and programs without bounds checking run the risk of writing data that exceeds the storage capacity of a given buffer into that space. This bug can lead to system errors on its own, but a deliberate attack can result in the loss of important data, system downtime, or the execution of malicious code.

A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory (a buffer), than the buffer is allocated to hold. By sending carefully crafted input to an application, an attacker can cause the application to execute arbitrary code, possibly taking over the machine. Seems like it is A based off this definition

I will go with A. It is more accurate and the keywords fit better.

ALL I know is A) DO NOT TRUST MelvinJohn, and B) a primary concern of, mayhaps the main concern of, Buffer Overflows is that it busts open memory spots in which hackers can run their own injected code, scripts or commands!!

I go with A, I know lot of you are stating a about TMP but if you see the question shows as TPN not TPM. knowing Compantia they will mess you up

I dont know about the TPM. But I know for sure A is possible :) https://www.coursehero.com/file/p62c096/the-buffer-overflow-attack-is-if-the-memory-contains-a-pointer-in-the/ https://www.youtube.com/watch?v=GFacPoWOcw0

B. You can overwrite to the adjacent memory location to the ESP located in the lower address. ESP is a local return variable where it will execute and return the output. Malicious code can be executed there and gain further privilege.

I found this on another site: https://www.coursehero.com/file/p6d8c1gr/QUESTION-24-A-buffer-overflow-can-result-in-A-loss-of-data-caused-by/ Although it says "loss of data caused by unauthorized command execution" as the correct answer i don't think so. I just gave the link to show the typo error for TPM. The answer can not be A since a buffer overflow do not cause loss of data. At least, i didn't come across such a result in my researches or in the course books i read. Instead, all of them states that a buffer overflow overwrites memory. A TPM has a memory (https://en.wikipedia.org/wiki/Trusted_Platform_Module) that can be overwritten by a buffer overflow which may lead privilege escalation (https://www.csoonline.com/article/3513477/what-is-a-buffer-overflow-and-how-hackers-exploit-these-vulnerabilities.html).

B is correct - Buffers are widespread in operating systems (OS) code, so it is possible to make attacks that perform privilege escalation and gain unlimited access to the computer's resources.

i think A is the correct Answare .

I'm going with B. Option A sounds like a command injection or SQL injection attack, definitely not buffer overflow.