ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your team maintains a C++ microservice compiled with GCC using the command g++ -O2 -static. To strengthen security during the build process and make the program automatically abort if a stack buffer overflow overwrites the return address, which additional compiler switch should be mandated?

-s
-fomit-frame-pointer
-fno-exceptions
-fstack-protector-strong

Report Issue

Answer Description

The -fstack-protector-strong switch tells GCC to insert stack canaries before a function returns. When a buffer overflow overwrites the canary value, the runtime check fails and the process is terminated, preventing the attacker from gaining control of execution.

-fomit-frame-pointer only omits the frame pointer to optimize performance and does not provide memory-safety checks.
-s strips symbol tables and debugging information from the output binary; it reduces size but offers no runtime protection.
-fno-exceptions disables C++ exception handling and likewise offers no protection against memory corruption. Therefore, only -fstack-protector-strong directly mitigates stack-based buffer overflows at compile time.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What is a stack buffer overflow?

Open an interactive chat with Bash

How does `-fstack-protector-strong` differ from `-fstack-protector`?

Open an interactive chat with Bash

Why doesn't `-s` or `-fomit-frame-pointer` provide security against stack buffer overflows?

Open an interactive chat with Bash

What is a stack canary in the context of security?

Open an interactive chat with Bash

How does the `-fstack-protector-strong` option differ from `-fstack-protector`?

Open an interactive chat with Bash

Why don't the other compiler switches like `-fomit-frame-pointer`, `-s`, or `-fno-exceptions` enhance security?

Open an interactive chat with Bash

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)

Secure Software Implementation

Your Score:

Settings & Objectives

Secure Software Concepts

Secure Software Lifecycle Management

Secure Software Requirements

Secure Software Architecture and Design

Secure Software Implementation

Secure Software Testing

Secure Software Deployment, Operations, Maintenance

Secure Software Supply Chain

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot