Coursera Answers

Software Security Week 6 Quiz Answer

Software Security Week 6 Quiz Answer


Software Security Week 6 Quiz Answer


In this article i am gone to share Coursera Course Software Security Week 6 Quiz Answer with you..


Week 6 quiz


Question 1)
What is penetration testing?
  • Whole-system testing for security flaws and bugs
  • A security-minded form of unit testing that applies early in the development process
  • A procedure for testing libraries or other program components for vulnerabilities
  • All of the above


Question 2)
Which of the following are benefits of penetration testing?
  • You can prove a positive: Penetration testing will establish your system is secure
  • Compositionality of security properties means tested components are secure even if others change
  • They specifically consider adversarial thinking, which is not usually necessary for normal tests
  • Results are often reproducible


Question 3)
What does it mean to “be stealthy” during a penetration test?
  • Performing the tests from an undisclosed location
  • Performing penetration testing without the target organization knowing
  • Using encryption during tests to make the source of attacks impossible to determine
  • Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services


Question 4)
What is a web proxy?
  • A simulator for the web, for use when off-line
  • A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server
  • An agent that makes decisions on the client’s behalf when interacting with web applications
  • A piece of software that makes a web application look like a standalone application, making it easier to test


Question 5)
What is Nmap?
  • It is a map of the Internet
  • It is a network fuzz testing tool
  • It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response
  • It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses



Question 6)
What is ethical hacking?
  • “Hacking” ethics so they justify unintended selfish behavior
  • Hacking into systems run by those whose ethics you disagree with
  • A slang term for rapid software development, e.g., as part of hackathons
  • Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited


Question 7)
Which of the following statements describe fuzz testing (aka fuzzing)?
  • It is always black-box, in being indifferent to the software’s functionality
  • It has been used to find security vulnerabilities in many commodity programs
  • It is concerned with finding known-bad behaviors, like crashes and hangs
  • It focuses on simple testing patterns and does not employ sophisticated analysis techniques


Question 8)
Which of the following are true of whitebox fuzzing?
  • Radamsa is (at least in part) a whitebox fuzzer
  • SAGE is (at least in part) a whitebox fuzzer
  • It takes into account the program’s internals in some manner when deciding which inputs to choose
  • It makes no sense to combine it with grammar-based fuzzing since the latter is just another way to consider the program’s semantics


Question 9)
Which of the following is true of mutation-based fuzzing?
  • Each input is mutation that follows a given grammar
  • It only makes sense for file-based fuzzing, not network-based fuzzing
  • It works by making small mutations to the target program to induce faults
  • It generates each different input by modifying a prior input


Question 10)
Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?
  • Blackbox
  • Whitebox
  • Mutation-based
  • Generational


Question 11)
Which of the following are functions of a network-based fuzzer?
  • Acting as a server
  • Scanning a network address range
  • Acting as a “man in the middle”


Question 12)
Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?
  • Fuzzing doesn’t find memory errors, it finds crashes and hangs
  • Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce
  • Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find
  • You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors