Project 1 Concepts

Question 1

T/F: Both the stack and the heap grow up in memory address space.

Answer 1

False. Stack grows down and heap grows up.

Question 2

If a hospital worker changes a patient’s file without patients’ knowledge, what type of security principle have they broken?

a. Confidentiality
b. Integrity
c. Availability
d. Accountability

Answer 2

b. Integrity (page 25 in book)

Question 3

Which of the following is not a vulnerability of passwords?

a. Offline dictionary attacks
b. Specific account attack
c. Workstation hijacking
d. Electronic monitoring
e. None of the above

Answer 3

e. None of the above (page 71 in book)

Question 4

A root kit can be classified into [….] this is when the rootkit intercepts calls to API’s and modifies the returned results

a. memory based
b. user mode
c. kernel mode
d. external mode

Answer 4

b. user mode (page 212 book and rootkit lecture)

Question 5

What type of rootkit cannot survive a reboot and why not?

a. Kernel mode because there is no user intervention
b. Persistent rootkits because the firewall flushes the rootkit out
c. Memory based because there is no persistent code
d. External mode because it is located in the files

Answer 5

c. Memory based because there is no persistent code

Question 6

Put the following statements, regarding the sequence of calls made made by a function call to the stack, in the correct order:

A. Allocate space for local variables by moving the stack pointer down to leave sufficient room for them.

B. Push the parameters for the called function onto the stack.

C. Run the body of the called function.

D. Execute the return function which pops the saved address off the stack and returns control to the calling function.

E. Push the current frame pointer value (which points to the calling routine’s stack frame) onto the stack.

F. Executes the call instruction to call the target function, which pushes the return address onto the stack.

G. Pops the old frame pointer value (restoring the link to the calling routine’s stack frame).

H. Sets the frame pointer to be the current stack pointer value, which now identifies the new stack frame location for the called function.

I. Set the stack pointer back to the value of the frame pointer.

Answer 6

B. Push the parameters for the called function onto the stack.

F. Executes the call instruction to call the target function, which pushes the return address onto the stack.

E. Push the current frame pointer value (which points to the calling routine’s stack frame) onto the stack.

H. Sets the frame pointer to be the current stack pointer value, which now identifies the new stack frame location for the called function.

A. Allocate space for local variables by moving the stack pointer down to leave sufficient room for them.

C. Run the body of the called function.

I. Set the stack pointer back to the value of the frame pointer.

G. Pops the old frame pointer value (restoring the link to the calling routine’s stack frame).

D. Execute the return function which pops the saved address off the stack and returns control to the calling function.

p. 327 of text

Question 7

The _________ contains the base address of data stored within the stack for the current procedure.

Answer 7

Answer EBP Register

Question 8

Which of the following functions can lead to a buffer overflow vulnerability:

A.) gets() & fgets()
B.) gets() & strcpy()
C.) main() & gets()
D.) strncpy() & gets()

Answer 8

Answer B

Question 9

T/F: Communication links, bridges, and routers are considered as assets to protect.

Answer 9

True

Source: book p.7

Question 10

T/F: Passive network attacks are difficult to detect but can be prevented ; Active network attacks are difficult to prevent altogether but can be detected.

Answer 10

True

book p. 15

Question 11

According to RFC 4949 there are four kinds of threats which threat consequence is not part of RFC 4949?

A.) Unauthorized Disclosure
B.) Deception
C.) Usurpation
D.) Corruption
E.) Disruption

Answer 11

Answer D

Corruption is a type of disruption where disruption is a threat consequence and and corruption is the threat attack.

Page 9

Question 12

____________, a design principle for secure systems, states that security measures can not be bypassed.

A) Least Privilege
B) Fail-Safe Defaults
C) Economy of Mechanism
D) Open Design
E) Complete Mediation
F) Psychological Acceptability

Answer 12

Answer E)

Complete Mediation - no one should be able to bypass security measures. “Every access to every object is checked” (Schneider)

Source: Lecture 1 “How Do We Address Cyber Security?” Schneider, Fred.

Question 13

Which of the following statements is false?

A. Client attacks are when an adversary attempts to masquerade as a legitimate user.
B. Host attacks are directed at the user file on the host where passwords, tokens, etc are stored.
C. One form of eavesdropping refers to attempting to learn the password by observing the user.
D. Reply attacks are when an attacker repeat a previously captured user response.
E. A trojan horse attack is when an attacker when malicious hardware / software is used to log a user’s keystrokes.
F. A denial of service attack is when an attack disables user authentication service by flooding it with numerous authentication attempts.

Answer 13

Answer E

In a trojan horse attack, an app or device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, etc. Example: rogue bank machine used to capture user’s card / PIN.

Source: Book pg. 97

Question 14

For a C program, when is a stack frame allocated on the stack?

a. At compile time
b. When any function is entered
c. When any function is exited
d. At run time

Answer 14

Correct Answer: B

Question 15

For a C program, when is a stack frame de-allocated from the stack?

a. When any function is entered
b. At run time
c. When any function is exited
d. At compile time

Answer 15

Correct Answer: C

Question 16

For most systems, such as the one described in Ch. 10 of the textbook, which of the following describes the growth of the stack?

a. The stack grows from lower memory addresses upwards towards higher memory addresses
b. The stack grows from higher memory addresses downward towards lower memory addresses

Answer 16

Correct Answer: B

Question 17

T/F: The stack can contain multiple stack frames

Answer 17

True

Question 18

Data is pushed onto the stack and organized in a specific order. Order the data below such that the first response represents the first value pushed onto the stack and the last response represents the last value pushed onto the stack (which is also the top of the stack)

a. Function Arguments
b. Frame Pointer
c. Local Variables
d. Return Address

Answer 18

Correct Answers:

a. Function Arguments
d. Return Address
b. Frame Pointer
c. Local Variables

Question 19

The following are operations involved with control flow, utilizing the stack, when exiting a function and returning to call function. Order the operations below such that the first response represents the first step and last response represents the last step.

a. ESP set to point to EBP
b. Function return statement is reached in function’s code
c. Execution jumps to calling function
d. Return address popped off the stack

Answer 19

Correct Answers:

b. Function return statement is reached in function’s code
a. ESP set to point to EBP
d. Return address popped off the stack
c. Execution jumps to calling function

Question 20

For a C program, when is memory allocated on the heap?

a. At compile time
b. When any function is exited
c. During run time
d. When any function is entered

Answer 20

Correct Answer: C

Question 21

For a C program, when is memory de-allocated from the heap?

a. During run time
b. When any function is exited
c. At compile time
d. When any function is entered

Answer 21

Correct Answer: A

Question 22

For most systems, such as the one described in Ch. 10 of the textbook, which of the following describes the growth of the heap?

a. The heap grows from higher memory addresses downwards towards lower memory addresses
b. The heap grows from lower memory addresses upwards towards higher memory addresses

Answer 22

Correct Answer: B

Question 23

T/F: The stack and heap grow towards each other

Answer 23

True

Question 24

T/F: It is possible to perform a buffer overflow attack on the heap

Answer 24

True