Computer System Security Week 3 quiz Solution [Cyber Security course on Prutor.ai]

John Rakon September 09, 2020

Here you will get all the assignment and quiz solutions of Computer System Security Course by prutor.ai under the category Cyber Security. Prutor is an online smart tutoring platform which provides various MOOC courses for student and organised by by IIT Kharagpur. At the end of each course student gets a certificate for sucessfull completion of each course but throughout the course students have to pass all the weekly assignments and quizes.

[1] The below function is part of a program that is running on a 32-bit x86 system; the compiler does not change the order of variables on the stack.

void function(char *input) {

int i = 1;

char buffer[8];

int j = 2;

strcpy(buffer,input);

printf(“%x %x %s\n”,i,j,buffer);

}

What is the minimum length of a string passed to the function through the input parameter that can crash the application?

(a) 10
(b) 11
(c) 12
(d) 13

Answer:(c) 12

[2] Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.

(a) C, Ruby
(b) C, C++
(c) Python, Ruby
(d) C, Python

Answer(b) C, C++

[3] _____________ buffer overflows, which are more common among attackers.

(a) Memory-based
(b) Queue-based
(c) Stack-based
(d) Heap-based

Answer(C) Stack-based

[4] Malicious code can be pushed into the _________ during ______________ attack.

(a) stack, buffer-overflow
(b) queue, buffer-overflow
(c) memory-card, buffer-overflow
(d) external drive, buffer-overflow

Answer( a) stack, buffer-overflow

[5] Which of the following string library functions is unsafe for buffer?

(a) gets (char * str)
(b) strcat (char * destination, const char * source)
(c) strcpy (char * destination, const char * source)
(d) All of the above

Answer(d) All of the above

[6] Which of the following statements is correct with respect to integer overflow?

(a) It is a result of an attempt to store a value greater than the maximum value an integer can store
(b) Integer overflow can compromise a program’s reliability and security
(c) Both A and B
(d) None of the above

Answer(C) Both A and B

[7] If an integer data type allows integers up to two bytes or 16 bits in length (or an unsigned number up to decimal 65,535), and two integers are to be added together that will exceed the value of 65,535, the result will be:

(a) Buffer Overflow
(b) Integer Overflow
(c) Stack Overflow
(d) Heap Overflow

Answer(b) Integer Overflow

[8] Integer overflow bugs in programs are difficult to track down and may lead to fatal errors or exploitable vulnerabilities.

(a) True
(b) False

Answer(a) True

[9] One way of detecting integer overflows is by using a modified compiler to insert runtime checks.

(a) True
(b) False

Answer(a) True

[10] A format string is a ____ string that contains ___ and ____ parameters.

(a) Format, text, ASCII
(b) Text, ASCII, format
(c) ASCII, text, format
(d) None of the above

Answer(c) ASCII, text, format

[11] Which of the following is not a format function in C?

(a) fprintf()
(b) vsfprint()
(c) vfprintf()
(d) vsprintf()

Answer(b) vsfprint()

[12] What is the purpose of format functions?

(a) They are used to convert simple C data types to a string representation
(b) They allow to specify the format of the representation
(c) They process the resulting string (output to stderr, stdout, syslog, …)
(d) All of the above

Answer(d) All of the above

[13] The behaviour of the _______ is controlled by the ________

(a) format function, format string
(b) format string, format function
(c) Both A and B
(d) None of the above

Answer(a) format function, format string

[14] Identify whether the following code has format string vulnerability or not. char tmpbuf[512]; snprintf (tmpbuf, sizeof (tmpbuf), “foo: %s”, user); tmpbuf[sizeof (tmpbuf) – 1] = ’\0’; syslog (LOG_NOTICE, tmpbuf);