Disclaimer for ReGyan
If you require any more information or you have any problem regarding Copyright or have any questions about our site’s disclaimer, please feel free to contact us by email at hello@regyan.com.
Disclaimers for ReGyan
All the information on this website is published in good faith and for general information and educational purpose only. ReGyan does not make any warranties about the completeness, reliability, and accuracy of this information. Any action you take upon the information you find on this website (regyan.com), is strictly at your own risk. will not be liable for any losses and/or damages in connection with the use of our website.
Computer System Security 3rd Week Solution is given below.
Also See:- Computer System Security 4rd Week Solution
[1] The below function is part of a program that is running on a 32-bit x86 system; the compiler does not change the order of variables on the stack.
void function(char *input) {
int i = 1;
char buffer[8];
int j = 2;
strcpy(buffer,input);
printf(“%x %x %s\n”,i,j,buffer);
}
What is the minimum length of a string passed to the function through the input parameter that can crash the application?
- (a) 10
- (b) 11
- (c) 12
- (d) 13
Answer:(c) 12
[2] Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.
- (a) C, Ruby
- (b) C, C++
- (c) Python, Ruby
- (d) C, Python
Answer(b) C, C++
[3] _____________ buffer overflows, which are more common among attackers.
- (a) Memory-based
- (b) Queue-based
- (c) Stack-based
- (d) Heap-based
Must See:- Google Recruitment 2020 Apply for Software and Other
Answer(C) Stack-based
[4] Malicious code can be pushed into the _________ during ______________ attack.
- (a) stack, buffer-overflow
- (b) queue, buffer-overflow
- (c) memory-card, buffer-overflow
- (d) external drive, buffer-overflow
Answer( a) stack, buffer-overflow
[5] Which of the following string library functions is unsafe for buffer?
- (a) gets (char * str)
- (b) strcat (char * destination, const char * source)
- (c) strcpy (char * destination, const char * source)
- (d) All of the above
Answer(d) All of the above
[6] Which of the following statements is correct with respect to integer overflow?
- (a) It is a result of an attempt to store a value greater than the maximum value an integer can store
- (b) Integer overflow can compromise a program’s reliability and security
- (c) Both A and B
- (d) None of the above
Answer(C) Both A and B
[7] If an integer data type allows integers up to two bytes or 16 bits in length (or an unsigned number up to decimal 65,535), and two integers are to be added together that will exceed the value of 65,535, the result will be:
- (a) Buffer Overflow
- (b) Integer Overflow
- (c) Stack Overflow
- (d) Heap Overflow
Answer(b) Integer Overflow
[8] Integer overflow bugs in programs are difficult to track down and may lead to fatal errors or exploitable vulnerabilities.
- (a) True
- (b) False
Answer(a) True
Also See:- Youtube Channel Like and Subscribe
[9] One way of detecting integer overflows is by using a modified compiler to insert runtime checks.
- (a) True
- (b) False
Answer(a) True
[10] A format string is a ____ string that contains ___ and ____ parameters.
- (a) Format, text, ASCII
- (b) Text, ASCII, format
- (c) ASCII, text, format
- (d) None of the above
Answer(c) ASCII, text, format
[11] Which of the following is not a format function in C?
- (a) fprintf()
- (b) vsfprint()
- (c) vfprintf()
- (d) vsprintf()
Answer(b) vsfprint()
[12] What is the purpose of format functions?
- (a) They are used to convert simple C data types to a string representation
- (b) They allow to specify the format of the representation
- (c) They process the resulting string (output to stderr, stdout, syslog, …)
- (d) All of the above
Answer(d) All of the above
[13] The behaviour of the _______ is controlled by the ________
- (a) format function, format string
- (b) format string, format function
- (c) Both A and B
- (d) None of the above
Answer(a) format function, format string
[14] Identify whether the following code has format string vulnerability or not. char tmpbuf[512]; snprintf (tmpbuf, sizeof (tmpbuf), “foo: %s”, user); tmpbuf[sizeof (tmpbuf) – 1] = ’\0’; syslog (LOG_NOTICE, tmpbuf);
- (a) No
- (b) Yes
Answer(b) Yes
So that is the solution of Computer System Security 3rd Week Solution and all the answers are correct.