Midterm Prep

Question 1

Which Type of control is based on the identity of the requestor and the access rules state what a requestor can or cannot do?

Answer 1

Discretionary access control (DAC).

This policy is termed discretionary because an entity might have access rights that permit the entity, by its own volition, to enable another entity to access some resource.
Source: Book Chapter 4.2 Page 131

Question 2

What data structure is typically used to implement DAC?

Answer 2

A 2-dimensional matrix.

Source: Book Chapter 4.3 Page 111

Question 3

Access Control Lists make it easy to look up who all the users are that can access a resource, and the type of access they have for that resource.

True or False?

Answer 3

True

Source: Book Chapter 4.3 Page 111

Question 4

What does each entry of an access matrix indicate?

Answer 4

Access rights of a particular subject for a particular object.

Source: Book pg. 111

Question 5

(True/False) DAC is a concept that evolved out of requirements for military information security.

Answer 5

False, DAC is the traditional method for implementing access control, MAC was created out of military necessity.

Source: Book, Ch 4, Pg. 109

Question 6

(True/False) One problem with DAC is that it is not possible to control information flow.

Answer 6

True

Source: Mandatory Access Control Lecture

Question 7

(True/False) DAC is popular with corporations because it reflects how they treat their data.

Answer 7

False. Employers mandate explicit policies on who can share what.

Source: Mandatory Access Control Lecture

Question 8

Put the following statements, regarding the sequence of calls made made by a function call to the stack, in the correct order:

A. Allocate space for local variables by moving the stack pointer down to leave sufficient room for them.
B. Push the parameters for the called function onto the stack.
C. Run the body of the called function.
D. Execute the return function which pops the saved address off the stack and returns control to the calling function.
E. Push the current frame pointer value (which points to the calling routine’s stack frame) onto the stack.
F. Executes the call instruction to call the target function, which pushes the return address onto the stack.
G. Pops the old frame pointer value (restoring the link to the calling routine’s stack frame).
H. Sets the frame pointer to be the current stack pointer value, which now identifies the new stack frame location for the called function.
I. Set the stack pointer back to the value of the frame pointer.

Answer 8

B, F, E, H, A, C, I, G, D

From text pg 327.

Question 9

An access control mechanism mediates between a user (or a process executing on behalf of a user) and system resources, such as:

a) firewalls
b) routers
c) applications
d) a & b only
f) All of the above

Answer 9

f) All of the above

Textbook, Chapter 4, pg. 108

Question 10

Which of the following is granting permission to a system entity to access a system resource?

A) Authentication
B) Authorization
C) Audit
D) Allowance
E) None of the Above

Answer 10

B, Authorization determines who is trusted for a given purpose Source: Book

Chapter 4.1 Page 130

Question 11

Access control implements a security policy that verifies the credentials of a user. True or false?

Answer 11

False. Access control implements a security policy that specifies who or what may have access to each specific system resource, and the type of access that is permitted in each instance.

Source: Book pg. 107

Question 12

Under Mandatory Access Control(MAC), what two properties provide confidentiality:

Answer 12

1. No read up: A subject can only read an object of less or equal security level 2. No write down: A subject can only write into an object of greater or equal security level.

Source: Book Chapter 27 Page 27-4

Question 13

A subject is said to have a security clearance of a given level and an object is said to have a security classification of a given level. True or False?

Answer 13

True

Source: Book Chapter 27 Page 27-4

Question 14

For the Bell-Lapadula Model (BLP), the properties needed for the confidentiality form of MAC are:

1. ds-property and *-property
2. ss-property and *-property
3. ss-property and ds-property
4. None of the above

Answer 14

(Chapter 27.1)
ss-property (simple security property: no read up *-property (star property): no write down

The ds-property is a provision made by BLP for DAC but must be consistent with MAC rules.

Question 15

Other MAC models such as Bell and La Padua (BLP Model) is focused on Integrity, and BIBA model is focused on Confidentiality. True or false?

Answer 15

False. BLP focuses on Confidentiality and BIBA focuses on Integrity.

Source: P1:L6 MAC slides | Other MAC models

Question 16

Examples of BLP model classfications are High, Medium, and Low. True or false?

Answer 16

False. Examples are Top Secret, Secret, Confidential.

Source: P1:L6 MAC slides | Other MAC models

Question 17

MAC cannot be employed with other access control policies, such as DAC, RBAC, and ABAC. True or false?

Answer 17

False. All four access policies (DAC, MAC, RBAC, and ABAC) are not mutually exclusive.

Source: Book, Ch. 4, Pg. 109

Question 18

In the context of Role-Based Access Control Models, What does RBAC2 provide?

Answer 18

Constraints, mutually exclusive roles, Cardinality

Source: Book Pages 147-148

Question 19

__ is based on the roles that users assume in a system rather than a user’s identity.

A. DAC
B. MAC
C. RBAC
D. ABAC

Answer 19

C

Source: Book pg. 120

Question 20

What kind of relationship is a role to a user in RBAC?

A) 1 to 1
B) 1 to Many
C) Many to 1
D) Many to Many

Answer 20

D, a role can have many users. a user can have many roles.

Source: Book Chapter 4.5 Page 146

Question 21

What aspect of an established RBAC system is likely to change infrequently?

A) The set of resources and the specific access rights associated with a particular role.
B) The set of roles in the system.
C) The set of users.
D) A & B
E) None of the above.

Answer 21

D

Source: Book. Ch 4, Pg 120

Question 22

The RBAC prerequisite role can be used for the following:

A) A way to increase the difficulty of collusion among individuals of different skills or divergent job functions to thwart security policies.
B) For structuring the implementation of the least privilege concept.
C) As a risk mitigation technique for a sensitive or powerful permission.
D) None of the above

Answer 22

B.

Source: Book, Ch 4, Pg 125

Question 23

Question: What are the 3 attributes of ABAC model?

Answer 23

a) Subject - active entity: user, application, process, device
b) Object - passive entity: file, record, network, domain
c) Environment: date/time, virus activity, network’s security level
Source: book p. 127 https://www.proprofs.com/quiz-school/story.php?title=mr-f-quiz-network

Question 24

Question: How does ABAC model controls access?

Answer 24

ABAC evaluates attributes of subject/object and access control rule defining allowable operation in a given environment

Source: book p. 127

Question 25

In the Attribute-Based Access Control (ABAC) model: current date and time, the current virus/hacker activities, and the network’s security level are known as ____

A) Object attributes
B) Subjects attributes
C) Environment attributes
D) Access Right
E) None of the Above

Answer 25

C. environments describe the operational, technical, and even situational environment or context in which the information access occurs

Source: Book Chapter 4.6 Page 149

Question 26

In a(n) _ model, authorizations can be defined that express conditions on properties of both the resource and the subject.

A. DAC
B. MAC
C. RBAC
D. ABAC

Answer 26

D

Source: Book pg. 126

Question 27

The strength of the ABAC approach is its ____ and ____.

A. strictness, performance
B. flexibility, expressive power
C. extensibility, ease of use
D. None of the above

Answer 27

B

Source: Book pg. 126

Question 28

_is the process of performing authorized queries and deducing unauthorized information from the legitimate response received.

Answer 28

Inference

Source: book p.166

Question 29

Question: What are the approaches to deal with inference attack?

Answer 29

a) Inference detection during DB design: removing data dependencies, using more fine-grained access control roles in RBAC scheme
b) Inference detection at query time: if inference channel is detected, the query is denied.

Source: book p.167

Question 30

A ___ can provide restricted access to a relational database so a user or application only has access to certain rows or columns.

A. primary key
B. view
C. relation
D. tuple

Answer 30

B

Source: Book pg. 153

Question 31

\_\_\_ is an attack that exploits a security vulnerability occurring in the database layer of an application (such as queries).
A. Trojan horse
B. Logic bomb
C. SQLi
D. Buffer overflow

Answer 31

C

Source: Book pg. 156

Question 32

Improper handling of user input can result in a SQL injection. True or false?

Answer 32

True. The attack is viable when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements OR user input is not strongly typed.

Source: Book pg. 156

Question 33

SQLi attacks can be grouped into three main categories: ___, ____, and __.

A. parameterized, user input, blind injection
B. second-order injection, out-of-band, parameterized
C. inferential, blind injection, inband
D. inband, inferential, out-of-band

Answer 33

D

Source: Book pg 158

Question 34

What are the main avenues of attack for SQL injection?

A. Cookies
B. Server variables
C. User input
D. Second-order injection
E. Physical user input
F. All of the above
G. None of the above

Answer 34

F

Source: Book pg. 158

Question 35

Defensive coding is an effective way to dramatically reduce the threat from SQLi. True or false?

Answer 35

True

Source: Book pg. 160

Question 36

The Trusted Computing Base or TCB has 3 main requirements which of the following is not a requirement.

A.) Complete mediation between the OS and the hardware resources and applications. In addition the OS must make sure the application has the necessary authorizations.
B.) The OS must be tamperproof.
C.) The OS must must be able to go from user to kernel mode without errors
D.)The OS must be correct­­ the protected resources are used properly

Answer 36

C

Lectures 2 OS and Security

Question 37

_attack occurs when user input is incorrectly filtered for string escape characters or user input is not strongly typed.

Answer 37

SQLi

Source: book p.156

Question 38

Illegal/logically incorrect queries return often overly descriptive errors from the application server and allow an attacker to gather important information about the server. This is part of what type of attack?

Answer 38

inferential attack

Source: book p.159

Question 39

Which of the following are proper measures to defend against SQLi attacks?

a) user input validation
b) parameterized query insertion
c) SQL DOM
d) a and b
e) All of the above

Answer 39

e)

Source: book p.160

Question 40

Which of the following Detection methods to prevent SQLi attacks define a training phase to learn normal behavior?

A) Anomaly-based
B) Signature-based
C) Code analysis
D) None of the above

Answer 40

A. Anamoly based attempts to define normal behavior then detect behavior patterns outside the normal range.

Source: Book Chapter 5.4 Page 182

Question 41

There are _ generations of antivirus software.

Answer 41

C

From: https://www.proprofs.com/quiz-school/story.php?title=mr-f-quiz-network

Question 42

A __ virus is a virus that mutates with every infection, making detection by the “signature” of the virus impossible.

A. Metamorphic
B. Encrypted
C. Polymorphic
D. Stealth

Answer 42

C

From: https://www.proprofs.com/quiz-school/story.php?title=mr-f-quiz-network

Question 43

Which of the following viruses are classified by concealment?

A) Macro Virus
B) Encrypted Virus
C) Polymorphic Virus
D) Metamorphic Virus
E) B, C, D
F) All of the above

Answer 43

E. viruses in B,C,D fit this description. Macro viruses are classified by Target rather than concealment

Source: Book Chapter 6.3 Page 215

Question 44

Which phase does a virus place a copy of itself into other programs?

A) Dormant Phase
B) Propagation Phase
C) Triggering Phase
D) Execution Phase

Answer 44

B

Source: Book Chapter 6.3 Page 211

Question 45

Which type of document is not known to carry macro viruses?

A. Microsoft Word Document
B. Plain Text File
C. Adobe PDF File
D. Microsoft Excel File

Answer 45

B

Source: page 212 Chapter 6.3

Question 46

Macro Viruses will manipulate, call functions on the host document’s content only.

True/False?

Answer 46

False

Source: page 213 Chapter 6.3. Their ability to interact with other parts of the system is demonstrated by the “Melissa” macro virus, which uses a Windows system registry to keep track of infection status.

Question 47

Metamorphic Viruses are harder to detect than Polymorphic Viruses.

True/False?

Answer 47

True

Source: page 215 Chapter 6.3. Also https://searchsecurity.techtarget.com/definition/Metamorphic-virus

Question 48

Access Control Lists may have default entry that should always follow the rule of least privilege. True/False?

Answer 48

True

Source: book p.111

Question 49

The columns of an Access Control Matrix are Access Control Lists. True or false?

Answer 49

True. The matrix may be decomposed by columns, yielding access control lists (ACLs) (see Figure 4.2b). Decomposition by rows yields capability lists (see Figure 4.2c).

Source: Book chapter 4.3 page 133

Question 50

Most of the operating systems use _. In addition to this ____ is more efficient for finding access rights

A.) ACLs & C-List
B.) TCB & Chmod
C.) Revocation & ACL
D.) C-List & ACLs

Answer 50

A

Lecture 5 notes

Question 51

The _ contains the base address of data stored within the stack for the current procedure.

Answer 51

EBP Register

Question 52

Which of the following functions can lead to a buffer overflow vulnerability:

A.) gets() & fgets()
B.) gets() & strcpy()
C.) main() & gets()
D.) strncpy() & gets()

Answer 52

B

Question 53

What data structure is implemented in heap memory?

A. Chunk
B. Pointer
C. Frame
D. Buffer

Answer 53

A

Question 54

An attacker exploits a program and launches a shell. With which privilege level are the instructions executed?

A. User
B. Root
C. System
D. Host Program

Answer 54

D. The attacker’s shellcode is run with the privileges of the exploited program. Source: L2 “Shellcode Privileges”

Question 55

Which of the following does not get stored in a stack?

A) return address
B) local variables
C) arguments
D) global Variables
E) Meta Data
F) base pointer
G) D,E
H) E,F
I) D,E,F

Answer 55

G. Global Variables are stored in the data segment in memory. Meta Data is stored with allocated chunks of a heap.

Question 56

What are the 3 main types of subject/principals in unix?

Answer 56

user, group, world/other

Question 57

What are the “classic” 3 permissions afforded to the subjects in unix-like?

Read (r), Write(w), Execute(x)

A user (U) can run with the permission of the file creator (C) under what condition(s)?

a) U has execute privileges
b) C has read, write, and execute permissions
c) Set User ID
d) Set Group ID
e) a nd c
f) all of the above

Answer 57

E

Question 58

What contents exist inside of a file’s inode?

Answer 58

Owner ID, Group ID and 12 protection bits

Question 59

What is an inode (index node)?

A.) An inode is part of a linked list design for memory storage
B.) An inode is a special directory only to bee seen by root
C.)An inode is a control structure that contains information needed by the OS for a file.
D.) An inode is a user permission for a given user group.

Answer 59

C

Page 117

Question 60

True or False: An inode contains all information about a file?

Answer 60

False

inode’s don’t contain the file name and actual data

Question 61

Question: The concept of inheritance enables one role to implicitly include access rights associated with a subordinate role. What role-based access control makes use of this concept?

Answer 61

Role hierarchy

Source: book p.124

Question 62

__interconnects IoT devices with higher-level networks, translates protocols, and may perform basic data aggregation function.

Answer 62

Gateway

Source: book p.446

Question 63

Typically gateways implement secure functions what are the two common security mechanisms:

A.) IPsec and Firewalls
B.) TLS and IPsec
C.) Checksums and CRC Mechanisms
D.) Canary Values and ASLR mechanisms

Answer 63

B

Page 448

Question 64

Which of the following is NOT key component in IOT enabled devices

A)Actuator
B)Sensor
C)Microcontroller
D)Transceiver
E)Back Bone network
F)Radio-frequency Identification (RFID)

Answer 64

E. backbone network connects geographically dispersed fog networks as well as provides access to other networks that are not part of the enterprise network.

Source: Book Chapter 13.4 Page 466-467

Question 65

Which of the following are NOT a typical use case for botnets?

A) Spamming
B) DDos attacks
C) Spear phishing
D) Sniffing traffic

Answer 65

C. Spear phishing is a targeted attack whereas botnets are typically used as a swarm to work in concert to perform their attacks.

Source: Book P207

Question 66

Which Malware was the first of a new generation that included aspects of virus, worm and trojan in one package.

a) Morris worm
b) Melissa e-mail worm
c) Cod Red worm
d) WannaCry ransomware

Answer 66

b

Question 67

What type of Malware is Easter egg?

a) Virus
b) Worm
c) Trojan
d) Trapdoor

Answer 67

d

Question 68

What is software the collects information form a computer and transmits it to another system monitoring keystrokes, network traffic and other screen data?

A.) Spammer Programs
B.) Keylogger
C.) Spyware
D.) Trojan Horse

Answer 68

C.)

Page 185

Question 69

Which type of malware is a program installed on an infected machine that is activated to launch attacks on other machines?

A) Virus
B) Trojan
C) Worm
D) Bot
E) Root Kit

Answer 69

D

Source: Book Chapter 6.1 Page 207

Question 70

Which of the following properties are not commonly found in both Viruses and Worms?

A. Dormant, Propagation, Triggering, and Execution phases
B. May attempt to determine if a system has been previously infected
C. Requires a host program to run
D. Can be polymorphic to evade detection

Answer 70

C

Source Page 222 Chapter 6.4

Question 71

Communication links, bridges, and routers are considered as assets to protect. True or False?

Answer 71

True

Question 72

Passive network attacks are difficult to detect but can be prevented ; Active network attacks are difficult to prevent altogether but can be detected.

a) True
b) False

Answer 72

True

Question 73

According to RFC 4949 there are four kinds of threats which threat consequence is not part of RFC 4949?

A.) Unauthorized Disclosure
B.) Deception
C.) Usurpation
D.) Corruption

Answer 73

D. corruption is a type of disruption where disruption is a threat consequence and and corruption is the threat attack.

Question 74

If a hospital worker changes a patient’s file without the patient’s knowledge. Then they have broken ____

A) Confidentiality
B) Integrity
C) Availability
D) Accountability

Answer 74

B, Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.

Source: Book Page 25

Question 75

____, a design principle for secure systems, states that security measures can not be bypassed.

A) Least Privilege
B) Fail-Safe Defaults
C) Economy of Mechanism
D) Open Design
E) Complete Mediation
F) Psychological Acceptability

Answer 75

E) Complete Mediation - no one should be able to bypass security measures. “Every access to every object is checked” (Schneider).
Source: Lecture 1 “How Do We Address Cyber Security?”

Question 76

Question: ____is not part of cloud service model (according to NIST SP 800-145).

a) Software-as-a-Service
b) Platform-as-a-Service
c) Code-as-a-Service
d) Infrastructure-as-a-Service

Answer 76

c) Code-as-a-Service

Question 77

In which cloud service model cloud service user has control over OS, deployed applications, and possibly limited control of select networking components?

Answer 77

Infrastructure-as-a-Service

Question 78

A cloud broker can offer three areas of support. Which of the following is not an area of support?

A.) Service Intermediation
B.) Service aggregation
C.) Service arbitrage
D.) Service Auditor

Answer 78

D. A service auditor is incorrect you might be thinking of cloud auditor if you picked this (a cloud auditor evaluates the services by the cloud service provider in terms of security controls, privacy impact and such)

Question 79

The typical cloud deployment models include which of the following?

A) Public, Private, Hybrid, Community
B) Public, Private, PaaS, SaaS
C) PaaS, SaaS, Hybrid, Community
D) IaaS, On-prem, Saas, PaaS

Answer 79

A, IaaS, PaaS, SaaS are cloud service models, not deployment models

Question 80

What is the initial requirement for performing user authentication?

A.) User must be registered within the system.
B.) A token must be verified
C.) A digital signature needs to e authenticated
D.) A multi factor system has to be in place

Answer 80

A

Question 81

Question: Which of the following is NOT a vulnerability of passwords?

A. Offline dictionary attack
B. Specific account attack
C. Workstation hijacking
D. Electronic monitoring
E. None of the above

Answer 81

E. Additionally there is popular password attack, password guessing against single user, exploiting user mistakes, and exploiting multiple password use.

Question 82

When an applicant applies to a registration authority (RA) to become a subscriber of a credential service provider (CSP), the RA is responsible for issuing an electronic credential. True or false?

Answer 82

False. The CSP issues the electronic credential to the subscriber.

Question 83

Question: What is the purpose of a nonce used in a challenge-response password protocol?

A. Prevent the hash of the password from being transmitted directly.
B. Eliminate need for host to store user's password.
C. Defend against a replay attack.
D. All of the above
E. A & B
F. B & C
G. A & C
H. None of the above.

Answer 83

G. The nonce is used in generating a hash which the client sends to the server. The nonce is also randomly generated at the start of the session, so if an attacker tried a replay attack, they have a different nonce and thus would fail.

Question 84

Question: Which of the following statements is false?

A. Client attacks are when an adversary attempts to masquerade as a legitimate user.
B. Host attacks are directed at the user file on the host where passwords, tokens, etc are stored.
C. One form of eavesdropping refers to attempting to learn the password by observing the user.
D. Reply attacks are when an attacker repeat a previously captured user response.
E. A trojan horse attack is when an attacker when malicious hardware / software is used to log a user’s keystrokes.
F. A denial of service attack is when an attack disables user authentication service by flooding it with numerous authentication attempts.

Answer 84

E. In a trojan horse attack, an app or device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, etc. Example: rogue bank machine used to capture user’s card / PIN.

Question 85

____ is defined as the degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued.

a) Authorization
b) Audit
c) Authentication
d) Assurance

Answer 85

d

Question 86

In the areas of Risk assurance levels are classified on a system of numbers 1 through 4. Pick the appropriate option which describes these risks accordingly:

A.) Assurance Level of 1 tells us that users level is appropriate to access restricted services of very high value, Level 2 let’s users access documents and services which are of a high a value but no the highest, Level 3 is where the secure authentication protocol is needed so we know who is accessing what, Level 4 there is little to no authentication at this level there is o confidence in the asserted identity’s validity.
B.) Assurance Level 1-4 are all the same they all have some confidence in the asserted identity’s validity. The main thing is that each level is based on the user’s username for their organization.
C.) Level 1 typical authentication is a user supplied ID and there isn’t much confidence in the users identity. Level 2 there is some confidence this is typically the level where an authentication protocol is devised for users, Level 3 is a high confidence but not the highest level at this level we have access to some sensitive documents and programs and at Level 4 you have the highest confidence and the highest access.
D.) None of the above

Answer 86

C

Question 87

A ____ is a set of programs installed on a system to maintain covert access to that system with administrator or root privileges, while hiding evidence of its presence to the greatest extent possible

Answer 87

rootkit

Question 88

A rootkit can be classified into which of the following characteristics:

A.) Persistent
B.) Memory Based
C.) User Mode
D.)Kernel Mode
E.) Virtual Machine based
F.) External Mode
G.) All of the above
H.) Detection

Answer 88

G (H is not part of the answer)

Question 89

A rootkit can be classified into ___ this is when the rootkit intercepts calls to APIs and modifies the returned results.

Answer 89

B) User Mode

Question 90

What type of rootkit can not survive a reboot and why not?

A.) Kernel Mode and because there is no user intervention
B.)Persistent and because the firewall flushes the rootkit out
C.) Memory based and there is no persistent code
D.) External Mode and because it is located in the BIOS

Answer 90

C Page 212: The book says “Memory based rootkits have no persistent code and therefore can not survive a reboot”

Question 91

What is ASLR? How does it affect the stack?

Answer 91

ASLR is a security measure that randomizes the locations of the code, stack, and heap within the virtual address space (Arpaci-Dusseau & Arpaci-Dusseau, 2018). By randomizing the location of the stack, buffer overflow attacks become more difficult for the attacker, since they cannot easily predict where certain addresses are located.

Question 92

How can ASLR be bypassed without turning it off?

Answer 92

If the attacker is able to perform a large number of attacks on the system, they could bypass ASLR by simply guessing different locations for the buffer across those attacks (Stallings & Brown, 2018).

Question 93

What is a Stack Canary? How does it affect the stack?

Answer 93

A Stack Canary is an unpredictable value that is inserted into the stack below the old frame pointer, which is checked for alteration before the function exits (Stallings & Brown, 2018). If the Stack Canary is altered, e.g. in the case of a classic buffer overflow, the system will abort.

Question 94

Are Stack Canaries vulnerable and if so, how?

Answer 94

Stack Canaries are still vulnerable in certain cases. Overflows need not aim to rewrite return addresses, but instead, could rewrite function pointers in the heap (Cowan et al., 1998). By doing so, the attacker may point to malicious code located in another buffer on the heap.

Question 95

What is EBP?

Answer 95

EBP points to where the saved frame pointer is on the current stack frame. It is used to locate all of the information stored on current stack frame relative to itself

Question 96

What is ESP?

Answer 96

ESP is a pointer to the address of the top of the stack

Question 97

Word-alignment how many bytes allocated for char[5] and char[8]?

Answer 97

8 and 8

Question 98

For C program, when is memory allocated on the stack?
A) During runtime
B) At compile time
C) When function exited
D) When function entered

Answer 98

D)

Question 99

For a C program, when is memory de-allocated from the stack?

A) During run time
B) When a function is entered
C) At compile time
D) When a function is exited

Answer 99

D)

Question 100

In what order are the following data pushed on the stack?
A) Frame pointer
B) Return address
C) Local variables
D) Function arguments

Answer 100

1) Function arguments
2) Return address
3) Frame pointer
4) Local variables

Question 101

Order the following operations involved with control flow with the stack:
A) Pop return address
B) Jump to calling function
C) Set ESP to point to EBP
D) Function return line reached in code

Answer 101

1) Function return line reached in code
2) Set ESP to point to EBP
3) Pop return address
4) Jump to calling function

Question 102

For a C program, when is memory allocated on the heap? When is it deallocated?

Answer 102

Runtime

Question 103

It is possible to buffer overflow the heap. True or False?

Answer 103

True

Question 104

How do you invoke GDB?

Answer 104

> gdb

Question 105

How do you view the processor registers in GDB?

Answer 105

> info registers

Question 106

How do you set a break point in code with GDB?

Answer 106

> break

Question 107

How do you find the address of an OS function in GDB?

Answer 107

> p system

Question 108

How do you inspect a memory location in GDB?

Answer 108

> x