Quiz 1 Material Flashcards
Security mechanisms typically do not involve more than one particular algorithm or protocol? T/F
False
The first step in devising security services and mechanisms is to develop a security policy. T/F
True
To exploit any type of buffer overflow the attacker needs to identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker’s control. T/F
True
Shellcode is not specific to a particular processor architecture T/F
False
An attacker can generally determine in advance exactly where the target buffer will be located in the stack frame of the function in which it is defined. T/F
False
It is possible to write a compiler tool to check any C program and identify all possible buffer overflow bugs. T/F
False
The OpenSSL heartbleed vulnerability would have been prevented if OpenSSL had been implemented in Java (and the Java runtime env works properly). T/F
True
ASLR (if implemented correctly) can prevent return-to-libc attacks. T/F
True
____ Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Privacy
_____ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
System Integrity
A loss of _____ is the unauthorized disclosure of information.
Confidentiality
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) _____.
Vulnerability
An assault on system security that derives from an intelligent act that is a deliberate attack to evade security services and violate the security policy of a system is a(n) ____.
attack
A(n) ____ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause , or by discovering and reporting it so that correct action can be taken.
Countermeasure
An example of ___ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
Masquerade
The assurance that data received are exactly as sent by an authorized entity is ____.
Data Integrity
A consequence of buffer overflow error is ____.
- Corruption of data used by the program
- Unexpected transfer of control in the program.
- Possible memory access violation
The function of _____ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program
Shell code
Forms of buffer overflow attacks
- Heap overflows
- Return to system call
- Replacement stack frame
A buffer can be located where?
- In the heap
- On the stack
- In the data section of the process.
Data breaches violate which of the following security requirements?
a. Integrity
b. Availability
C. Confidentiality
C. Confidentiality
Any attempt to pass data of incompatible type is caught at compile time or generates an error at runtime. Weak or strongly typed?
Strongly
An array index operation b[k] may be allowed even though k is outside the range of the array. strongly or weakly typed?
weakly
It is impossible to do “pointer arithmetic” to access arbitrary area of memory. Strongly or weakly?
strongly.
