A security administrator wants to enable a feature that distinguishes between executable and non-executable areas of memory for protection. What feature should be enabled?

Enabling Data Execution Protection (DEP) allows the operating system to distinguish between executable and non-executable areas of memory, thus providing a significant layer of protection against certain types of attacks, such as buffer overflows. DEP marks sections of memory either as executable or non-executable, blocking execution of code from non-executable areas. This capability helps to prevent malicious code from running, thereby reducing the risk of exploitation and enhancing the overall security posture of the system.

For this reason, DEP is particularly valuable in defending against threats where attackers attempt to inject malicious code into non-executable memory regions. By enforcing these protections at the hardware or software level, DEP can prevent unauthorized execution attempts and strengthen the system against various exploits.