ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During an operational security test, you restart a server several times and notice that the base address of a custom Windows service executable is identical on every launch despite the system GPO enforcing ASLR. Which build setting most likely undermines ASLR for this binary?
The executable was compiled without stack-canary (/GS) protection.
The executable was linked with a fixed image base and had its relocation information removed.
The executable was built with support for high-entropy 64-bit address space.
The executable is missing an Authenticode code-signing certificate.
ASLR relies on the loader being able to relocate an image to a random base address at run-time. If the binary is linked with a fixed image base (for example, by using the /FIXED switch) or if relocation information is stripped, the loader has no alternative addresses to choose and must load the image at the hard-coded base each time. Code signing, stack canaries, and high-entropy 64-bit address support do not disable ASLR; in fact, the high-entropy flag enhances it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ASLR and why is it important for security?
Open an interactive chat with Bash
What is the significance of a fixed image base in the context of ASLR?
Open an interactive chat with Bash
What is relocation information, and how does it affect ASLR?
Open an interactive chat with Bash
What is ASLR and how does it enhance security?
Open an interactive chat with Bash
What does linking with a fixed image base mean?
Open an interactive chat with Bash
What is relocation information in an executable?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)