Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
A security architect examines a section of code and discovers the following: Which of the following changes should the security architect require before approving the code for release?
Correct Answer: C
The code snippet presents a buffer size risk where the user input (username) is accepted without limiting the number of characters, potentially leading to buffer overflow vulnerabilities. The best solution is to implement input validation that limits the input to a maximum of 20 characters, matching the buffer size defined in the code. This prevents overflow attacks by ensuring that user input does not exceed the allocated memory space. Other options, like adding more parameters or allowing alphanumeric characters, do not directly address the root cause of buffer overflow vulnerabilities. CASP+ stresses the importance of proper input validation and bounds checking as critical security measures. References: * CASP+ CAS-004 Exam Objectives: Domain 2.0 - Enterprise Security Operations (Input Validation and Buffer Overflow Prevention) * CompTIA CASP+ Study Guide: Secure Coding Practices and Input Validation Techniques