Software Security Week 1 Qualifying Quiz Answer
In this article i am gone to share Coursera Course Software Security Week 1 Qualifying Quiz Answer with you.
Software Security Week 1 Qualifying Quiz Answer
Also visit this link:ย Software Security Week 5 Project 3 Quiz Answer
Qualifying Quiz Answers
Question 1)
This test is meant to test your knowledge of C programming and some basic computer science-related skills you will need to do well in this class. The outcome of the test is for your use only; it will not affect whether you can register for the class, and it will not apply to your grade if you do register. As such, we recommend that you do not research the answers on the Internet, but answer the questions to your best recollection.
ย
Consider the following variable declaration for bar in the function foo
ย
void foo() {
ย char bar[128];
ย …
}
ย
Which of the following are true?
- *Holds 128 elements
- bar[1] contains the first element
- All elements are initialized to 0
ย
Question 2)
Consider the following code fragment: sizeof(int*) == sizeof(int). Which one of the following is true about it?
- This fragment will not compile
- This fragment will always crash
- This fragment always evaluates to 0 (assuming it doesn’t crash)
- This fragment always evaluates to 1 (assuming it doesn’t crash)
- This fragment’s result depends on the compiler and architecture
Question 3)
Suppose you are compiling for a 32-bit platform and sizeof(int) == 4. Which one of the following is equivalent to c[b] if c is of type int* and b is of type int?
- *c+b
- c[b][0]
- -1 * b[c]
- *(c+b)
- none of the above
Question 4)
Consider the following program.
ย
#include <string.h>
int foo(void) {
ย char bar[128];
ย char *baz = &bar[0];
ย baz[127] = 0;
ย return strlen(baz);
}
ย
What are possible outcomes from running this function? Check all that apply (note that the outcomes shown are not exhaustive):
- crash
- returns -1
- returns 127
- returns 128
- returns 0
ย
Question 5)
Consider the following code fragment.
ย
char blah[] = “fizzbuzz”;
printf(“%sn”, blah+4);
ย
What happens if we try to compile and run this code?
- The program outputs “buzz”
- The program outputs “fizz”
- The program outputs a blank line depending on the size of pointers
- The program is illegal C and may not compile
Question 6)
Which of the following are true of memory returned via the malloc function? Check all that apply.
- It is write-only
- The memory is zero-initialized
- It must be manually released by the programmer
- It is automatically released by the operating system when the pointer to which the memory is assigned goes out of scope
Question 7)
Consider the following code
ย
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[]) {
ย unsigned int i;
ย unsigned int k = atoi(argv[1]);
ย char *buf = malloc(k); /* 1 */
ย if(buf == 0) {
ย ย return -1;
ย }
ย for(i = 0; i < k; i++) {
ย ย buf[i] = argv[2][i]; /* 2 */
ย }
ย printf(“%sn”, buf); /* 3 */
ย return -1;
}
ย
- This program could crash at position 3
- This program could crash at 2 and 3
- This program could crash at 1 and 2
- This program could crash at position 2
- This program could crash at position 1
- This program could crash at all 3 positions
Question 8)
Which of the following are true statements about the program stack?
- The stack is managed by code emitted by the compiler
- It is used to store global variables while executing a function (-)
- It is used as the source of memory returned by malloc() (-)
- It is used to store local variables while executing a function
- Management of the stack is handled automatically by the architecture (-)
Question 9)
Which of the following are true of the X86 call instruction?
- Branches to a specified address
- Pushes the instruction pointer value onto the stack
- Pushes flag registers onto the stack
- Its target address may be specified in a general-purpose register
ย
Question 10)
Consider the following program
ย
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
ย int **blah2 = malloc(sizeof(int*)*N);
ย int *special = NULL;
ย int i, j;
ย for(i = 0; i < N; i++) {
ย ย int *tmp = (int *)malloc(sizeof(int)*M);
ย ย memset((void *)tmp, 0, sizeof(int)*M);
ย ย if(i > N) {
ย ย ย special = &tmp[3];
ย ย }
ย ย blah2[i] = tmp;
ย }
ย if(special != NULL) {
ย ย *special = 7;
ย }
ย for(i = 0; i < N; i++) {
ย ย for(j = 0; j < M; j++) {
ย ย ย printf(“%d “, blah2[i][j]);
ย ย }
ย ย printf(“n”);
ย }
ย return 0;
}
ย
Assuming we #define N and M to be positive integers, and the calls to malloc() succeed (the arguments do not overflow, and do not return NULL), then which of the following is true?
ย
- This program crashesย
- This program outputs a random NxM matrix
- This is not a valid C program
- This program outputs a zero NxM matrixย
- This program outputs a matrix with at least one element being 7
Question 11)
What is TCP?
- It is connectionless
- It ensures data confidentiality
- It is a protocol often implemented on top of HTTP
- It is a protocol that supports reliable data transfer on the Internet
Question 12)
What is PHP? Pick one.
- A network protocol
- The acronym for a coding standard
- A programming language often used to implement network switches
- A programming language often used to implement web sites
Question 13)
Which of the following statements about HTML are true?
- HTML is a kind of URL
- Web browsers render HTML content served by web sites
- HTML documents have tags that identify different sorts of data
- HTML is a text-based format (as opposed to a binary format)
Question 14)
What is gcc?
- A compiler
- All of the above
- An interpreter
- A virtual machine
Questionย 15)
The shell command cd; ls *.xml
- Will list the file *.xml in the current directory
- Will list all files ending in the xml suffix in user’s home directory
- Will list all of the files listed in the given XML file
- Will list all files ending in the xml suffix in the previous working directory
ย