Exam CISSP topic 1 question 145 discussion

The keyword is "feature" A. Address Space Layout Randomization (ASLR) - feature B. Trusted Platform Module (TPM) - it's a chip in motherboard, not a feture C. Virtualization - not a feature D. Process isolation - not a feature

The correct answer is A (ASLR). Process isolation is a security technique that separates individual processes on a system to prevent them from interfering with each other. It is a useful technique for preventing malware or other malicious processes from accessing or modifying data in other processes. However, process isolation alone would not be sufficient to protect against the specific threat posed by the virus variants in this scenario. The virus variants were coded to write to a specific memory location, which means that they could still potentially write to memory locations within their own isolated process. Therefore, process isolation would not prevent the virus from functioning as intended and carrying out its malicious activities.

The feature that would have enabled the organization to determine that the virus is of no threat is Address Space Layout Randomization (ASLR). ASLR is a security technique that randomizes the memory addresses used by a program during its execution. It prevents the predictable allocation of memory addresses, making it harder for attackers to exploit memory-based vulnerabilities or execute code in known memory locations. By enabling ASLR on all endpoints, the organization ensures that the virus variants, which are coded to write to a specific memory location, will not be able to successfully carry out their malicious actions.

Vote A, “All variants are coded to write”

Answer is A

A is correct, the key words are "a specific memory location".