Pls don’t dive into the technical details too much. CISSP is a management test with a solid conceptual understanding of technical stuff. Just focus on:

• what is a buffer, and overflow?
• what is a heap, and stack?
• watch or experience how attackers inject the machine code into the input values.

Sources

• Hacker Course Buffer Overflow – A Practical Example (with Exploit)
• Buffer Overflow Attack with Example