Quiz 1 Flashcards
True or False: A Data breach is one that ex-filtrates large amounts of data that was sensitive and stored on some server?
True
True or False: Overflowing a global variable is considered a stack overflow.
False
True or False: A good example of a strongly typed language would be C.
False
True or False: In regards to overflow exploits, you only need to worry about “ints” not “strings”.
False
True or False: A “Canary Value” is used is used in the stack frame to keep track of overflow detection.
True
True or False: A compiler can determine and stop programs from run time buffer overflows before they occur.
False
True or False: Buffer overflow exploits have been known since the SSL Heartbleed that occurred in 1971.
False
True or False: A programmer can tell the operating system to not allow programs to overflow memory.
False
True or False: Declaring variables as global stops all chances of being able to overflow buffers.
False
True or False: In order to stop buffer overflow exploits, you can use a simple data validation technique?
True
When using shell code or instructions that make up shell-code, who’s privileges will you be using?:
a) Privileges of the host program
b) Privileges of the host system
c) Privileges of the admin
d) Privileges of the shell code
e) None of the above
a) Privileges of the host program
Choose the list which contains the strongly typed languages:
a) Languages: C, C++, Java
b) Languages: C++, Java, Python
c) Languages: Python, Java, C
d) None of the above
e) All of the above
b) Languages: C++, Java, Python
What moves addresses of stack, heap, and lib-c to make buffer overflow more difficult?
a) The Kernel
b) Malloc()
c) Address Space Layout Randomization
d) Random Number Generator
e) None of the above
c) Address Space Layout Randomization
Stacks are used for which of the following?
a) Allocating memory for Local Variables, Global Variables, and Kernel information
b) Allocating memory for Local Variables, Parameters, and Control information
c) Allocating memory for Global Variables, All functions, and File size
d) Allocating memory on the heap for other functions to utilize
b) Allocating memory for Local Variables, Parameters, and Control information
The definition of shell code is:
a) Binary values corresponding to the desired machine instructions
b) Code that put on the outside of the main code to create a “shell”
c) The address of the parameters when you call a function
d) All of the above
e) None of the above
b) Code that put on the outside of the main code to create a “shell”
What is a NOP sled?
a) Read-only Instructions that execute the “Return-to-Lib-C” exploit
b) Address space that is in the Kernel to stop Overflow exploits
c) Instructions located in the system() function which executes shell code
d) A sequence of instructions that do nothing to control program flow
d) A sequence of instructions that do nothing to control program flow
Best way to stop buffer/heap exploits?
a) Use pointers
b) Tell the user how much data needs to be input
c) Enforce boundary checking on all input
d) A and C
e) A, B, and C
c) Enforce boundary checking on all input
The main reason of a buffer overflow exploit is: (Choose the BEST answer)
a) To corrupt data
b) To overwrite the function return address
c) To take control of the program
d) B and C
e) A, B, and C
e) A, B, and C
________ is when a system is performing its intended functions without being degraded or impaired by changes or disruptions in its internal or external environments?
a) Availability
b) Privacy
c) System Integrity
d) Data Integrity
e) C and D
f) B and C
c) System Integrity
Which of the following are the main threat sources of cyber assets?
a) Nation-States
b) Cybercriminals
c) Hacktivists
d) All of the Above
e) Russia
d) All of the Above
