The most effective defense against a buffer overflow attack is

A.
disallow dynamic construction of queries

B.
bounds checking

C.
encode the output

D.
forced garbage collection

Explanation:
B: Buffer overflows can result when a program fills up the assigned buffer of memory with more data than its buffer can hold. When the program begins to write beyond the end of the buff er, the programs execution path can be changed, or data can be written into areas used by the operating system itself. A buffer overflow is caused by improper (or lacking) bounds checking on input to a program. By checking for the bounds (boundaries) of allowable input size, buffer overflow can be mitigated. Disallowing dynamic construction of queries is a defense against injection attacks and encoding the output mitigates scripting attacks. The collection of dangling objects in memory (garbage) can be requested but not necessarily forced and proper memory management can help mitigate buffer overflow attacks, but the most effective defenses against buffer overflow is bounds checking and proper error checking. Pages 174175.