Computer System Security 3rd Week Solution

0
1570
Computer System Security 3nd Week Solution
Computer System Security 3nd Week Solution

Disclaimer for ReGyan

If you require any more information or you have any problem regarding Copyright or have any questions about our site’s disclaimer, please feel free to contact us by email at [email protected].

 


Disclaimers for ReGyan

All the information on this website is published in good faith and for general information and educational purpose only. ReGyan does not make any warranties about the completeness, reliability, and accuracy of this information. Any action you take upon the information you find on this website (regyan.com), is strictly at your own risk. will not be liable for any losses and/or damages in connection with the use of our website.

 


Computer System Security 3rd Week Solution is given below.

Also See:- Computer System Security 4rd Week Solution

[1] The below function is part of a program that is running on a 32-bit x86 system; the compiler does not change the order of variables on the stack.

void function(char *input) {

  int i = 1;

  char buffer[8];

  int j = 2;

     strcpy(buffer,input);

     printf(“%x %x %s\n”,i,j,buffer);

}

What is the minimum length of a string passed to the function through the input parameter that can crash the application?

  • (a) 10
  • (b) 11
  • (c) 12
  • (d) 13

Answer:(c) 12

[2] Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.

  • (a) C, Ruby
  • (b) C, C++
  • (c)  Python, Ruby
  • (d) C, Python

Answer(b) C, C++

[3] _____________ buffer overflows, which are more common among attackers.

  • (a) Memory-based
  • (b) Queue-based
  • (c) Stack-based
  • (d) Heap-based

Must See:- Google Recruitment 2020 Apply for Software and Other

Answer(C) Stack-based

[4] Malicious code can be pushed into the _________ during ______________ attack.

  • (a) stack, buffer-overflow
  • (b) queue, buffer-overflow
  • (c) memory-card, buffer-overflow
  • (d) external drive, buffer-overflow




Answer( a) stack, buffer-overflow

[5] Which of the following string library functions is unsafe for buffer?

  • (a) gets (char * str)
  • (b) strcat (char * destination, const char * source)
  • (c) strcpy (char * destination, const char * source)
  • (d) All of the above

Answer(d) All of the above

[6] Which of the following statements is correct with respect to integer overflow?

  • (a) It is a result of an attempt to store a value greater than the maximum value an integer can store
  • (b) Integer overflow can compromise a program’s reliability and security
  • (c) Both A and B
  • (d) None of the above

Answer(C) Both A and B

[7] If an integer data type allows integers up to two bytes or 16 bits in length (or an unsigned number up to decimal 65,535), and two integers are to be added together that will exceed the value of 65,535, the result will be:

  • (a) Buffer Overflow
  • (b) Integer Overflow
  • (c) Stack Overflow
  • (d) Heap Overflow

Answer(b)  Integer Overflow

[8] Integer overflow bugs in programs are difficult to track down and may lead to fatal errors or exploitable vulnerabilities.

  • (a) True
  • (b) False




Answer(a) True

Also See:- Youtube Channel Like and Subscribe

[9] One way of detecting integer overflows is by using a modified compiler to insert runtime checks.

  • (a) True
  • (b) False

Answer(a) True

[10] A format string is a ____ string that contains ___ and ____ parameters.

  • (a) Format, text, ASCII
  • (b) Text, ASCII, format
  • (c) ASCII, text, format
  • (d) None of the above

Answer(c) ASCII, text, format

[11] Which of the following is not a format function in C?

  • (a) fprintf()
  • (b) vsfprint()
  • (c) vfprintf()
  • (d) vsprintf()

Answer(b) vsfprint()

[12] What is the purpose of format functions?

  • (a) They are used to convert simple C data types to a string representation
  • (b) They allow to specify the format of the representation
  • (c) They process the resulting string (output to stderr, stdout, syslog, …)
  • (d) All of the above

Answer(d) All of the above

[13] The behaviour of the _______ is controlled by the ________

  • (a) format function, format string
  • (b) format string, format function
  • (c) Both A and B
  • (d) None of the above




Answer(a) format function, format string

[14] Identify whether the following code has format string vulnerability or not. char tmpbuf[512]; snprintf (tmpbuf, sizeof (tmpbuf), “foo: %s”, user); tmpbuf[sizeof (tmpbuf) – 1] = ’\0’; syslog (LOG_NOTICE, tmpbuf);

  • (a) No
  • (b) Yes

Answer(b) Yes

So that is the solution of Computer System Security 3rd Week Solution and all the answers are correct.

LEAVE A REPLY

Please enter your comment!
Please enter your name here