All Coursera Quiz Answers

Software Security Week 1 Quiz Answer

by Niyander
In this article i am gone to share Coursera Courseย Software Security Week 1 Quiz Answer with you..

Software Security Week 1 Quiz Answer

Also visit this link:ย  Software Security Week 6 Quiz Answer

 

Week 1 Quiz Answer

Question 1)
Three of the following are classic security properties; which one is not?
  • Availabilityย 
  • Integrity
  • Confidentiality
  • Correctness
ย 
Question 2)
What was the first buffer overflow attack?
  • Love Bug
  • Code Red
  • SQL Slammer
  • Morris Worm
ย 
Question 3)
The stack is memory for storing
  • Program code
  • Local variables
  • Dynamically linked libraries
  • Global variables
ย 
Question 4)
Why is it that the compiler does not know the absolute address of a local variable?
  • Compiler writers are not very good at that sort of thing
  • Programs are not allowed to reference memory using absolute addresses
  • The size of the address depends on the architecture the program will run on
  • As a stack-allocated variable, it could have different addresses depending on when its containing function is called
ย 
Question 5)
When does a buffer overflow occur, generally speaking?
  • when writing to a pointer that has been freed
  • when copying a buffer from the stack to the heap
  • when a pointer is used to access memory not allocated to itย 
  • when the program notices a buffer has filled up, and so starts to reject requests
ย 
Question 6)
How does a buffer overflow on the stack facilitate running attacker-injected code?
  • By writing directly to %eax the address of the code
  • By changing the name of the running executable, stored on the stack
  • By overwriting the return address to point to the location of that code
  • By writing directly to the instruction pointer register the address of the code
ย 
Question 7)
What is a nop sled?
  • It is an anonymous version of a mop sled
  • It is a method of removing zero bytes from shellcode
  • It is another name for a branch instruction at the end of sequence of nops
  • It is a sequence of nops preceding injected shellcode, useful when the return address is unknown
ย 
Question 8)
The following program is vulnerable to a buffer overflow (assuming the absence of automated defenses like ASLR, DEP, etc., which we introduce in the next unit). What is the name of the buffer that can be overflowed?
ย 
#include <stdio.h>
#include <string.h>
ย 
#define S 100
#define N 1000
ย 
int main(int argc, char *argv[]) {
ย  char out[S];
ย  char buf[N];
ย  char msg[] = “Welcome to the argument echoing programn”;
ย  int len = 0;
ย  buf[0] = ‘๏ฟฝ’;
ย  printf(msg);
ย  while (argc) {
ย  ย  sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย  ย  argc–;
ย  ย  strncat(buf,out,sizeof(buf)-len-1);
ย  ย  len = strlen(buf);
ย  }
ย  printf(“%s”,buf);
ย  return 0;
}
ย 
  • out
  • len
  • buf
  • msg
ย 
Question 9)
Here is the same program as the previous question. What line of code can overflow the vulnerable buffer?
ย 
#include <stdio.h>
#include <string.h>
ย 
#define S 100
#define N 1000
ย 
int main(int argc, char *argv[]) {
ย  char out[S];
ย  char buf[N];
ย  char msg[] = “Welcome to the argument echoing programn”;
ย  int len = 0;
ย  buf[0] = ‘๏ฟฝ’;
ย  printf(msg);
ย  while (argc) {
ย  ย  sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย  ย  argc–;
ย  ย  strncat(buf,out,sizeof(buf)-len-1);
ย  ย  len = strlen(buf);
ย  }
ย  printf(“%s”,buf);
ย  return 0;
}
ย 
  • sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
  • printf(msg)
  • len = strlen(buf);
  • strncat(buf,out,sizeof(buf)-len-1);
  • printf(“%s”,buf);
ย 
Question 10)
Recall the vulnerable overflow from the previous two questions. We can change one line of code and make the buffer overrun go away. Which of the following one-line changes, on its own, will eliminate the vulnerability?
ย 
#include <stdio.h>
#include <string.h>
ย 
#define S 100
#define N 1000
ย 
int main(int argc,char *argv[]) {
ย  char out[S];
ย  char buf[N];
ย  char msg[] = “Welcome to the argument echoing programn”;
ย  int len = 0;
ย  buf[0] = ‘๏ฟฝ’;
ย  printf(msg);
ย  while (argc) {
ย  ย  sprintf(out,”argument %d is %sn”,argc-1,argv[argc-1]);
ย  ย  argc–;
ย  ย  strncat(buf,out,sizeof(buf)-len-1);
ย  ย  len = strlen(buf);
ย  }
ย  printf(“%s”,buf);
ย  return 0;
}
ย 
  • change printf(“%s”,buf) to printf(buf);
  • change printf(msg) to printf(“%s”,msg);
  • change sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1])
  • to snprintf(out, S, “argument %d is %sn”, argc-1, argv[argc-1])
  • change char msg[] = “Welcome to the argument echoing programn” to char msg[42] = “Welcome to the argument echoing programn”
ย 
Question 11)
Recall the vulnerable program from the previous few questions. Which of the following attacks do you think the program is susceptible to?
ย 
#include <stdio.h>
#include <string.h>
ย 
#define S 100
#define N 1000
ย 
int main(int argc, char *argv[]) {
ย  char out[S];
ย  char buf[N];
ย  char msg[] = “Welcome to the argument echoing programn”;
ย  int len = 0;
ย  buf[0] = ‘๏ฟฝ’;
ย  printf(msg);
ย  while (argc) {
ย  ย  sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย  ย  argc–;
ย  ย  strncat(buf,out,sizeof(buf)-len-1);
ย  ย  len = strlen(buf);
ย  }
ย  printf(“%s”,buf);
ย  return 0;
}
ย 
  • code injection
  • data corruption
  • reading arbitrary addresses in memory
  • all of the above
ย 
Question 12)
Recall the program again.
ย 
#include <stdio.h>
#include <string.h>
ย 
#define S 100
#define N 1000
ย 
int main(int argc, char *argv[]) {
ย  char out[S];
ย  char buf[N];
ย  char msg[] = “Welcome to the argument echoing programn”;
ย  int len = 0;
ย  buf[0] = ‘๏ฟฝ’;
ย  printf(msg);
ย  while (argc) {
ย  ย  sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย  ย  argc–;
ย  ย  strncat(buf,out,sizeof(buf)-len-1);
ย  ย  len = strlen(buf);
ย  }
ย  printf(“%s”,buf);
ย  return 0;
}
ย 
If we changed printf(“%s”,buf) to printf(buf) then the program would be vulnerable to what sort of attack?
  • heap overflow
  • use-after-free attack
  • format string attack
  • all of the above
ย 
Question 13)
Exploitation of the Heartbleed bug permits
  • a kind of code injection
  • a format string attack
  • a read outside bounds of a buffer
  • overwriting cryptographic keys in memory
ย 
Question 14)
Why is it that anti-virus scanners would not have found an exploitation of Heartbleed?
  • It’s a vacuous question: Heartbleed only reads outside a buffer, soย there is no possible exploit
  • Anti-virus scanners tend to look for viruses and other malicious
  • code, but Heartbleed exploits steal secrets without injecting any code
  • Heartbleed exploits are easily mutated so the files they leaveย behind do not appear unusual
  • Heartbleed attacks the anti-virus scanner itself
ย 
Question 15)
An integer overflow occurs when
  • an integer is used as if it was a pointer
  • an integer is used to access a buffer outside of the buffer’s bounds
  • there is no more space to hold integers in the programย 
  • an integer expression’s result “wraps around”; instead of creating a very large number, a very small (or negative) number ends up getting created

 

 

ย