Pls don’t dive into the technical details too much. CISSP is a management test with a solid conceptual understanding of technical stuff. Just focus on:
- what is a buffer, and overflow?
- what is a heap, and stack?
- watch or experience how attackers inject the machine code into the input values.