Which term describes the processor setting that creates separate memory areas and prevents code execution in those areas?

• A. Secure Enclave
• B. ASLR
• C. NX Bit
• D. Local Drive Encryption

Answer: (C)

The concept being tested is a processor feature that marks certain memory pages as non-executable while allowing code to run from executable regions. This is achieved by the NX bit (No-Execute bit), which the CPU uses to implement Data Execution Prevention. By setting the NX bit on data pages (like the stack or heap), the system prevents any attempt to run code from those regions, forcing code to execute only from designated executable areas. This helps stop code-injection attacks and buffer overflows by ensuring that data cannot be executed as instructions.

Other terms don’t fit this function as directly. A Secure Enclave refers to a hardware-isolated environment for secrets, not memory execution controls. ASLR (Address Space Layout Randomization) makes it harder to predict memory addresses but doesn’t prevent execution from data areas. Local Drive Encryption protects data at rest on storage devices, not memory execution protections. So the NX bit is the correct description.