Software Security Week 6 Quiz Answer
In this article i am gone to share Coursera Course Software Security Week 6 Quiz Answer with you..
Software Security Week 6 Quiz Answer
Also visit this link:ย Software Security Week 5 Quiz Answer
Week 6 Quiz Answer
Question 1)
What is penetration testing?
- Whole-system testing for security flaws and bugs
- A security-minded form of unit testing that applies early in the development process
- A procedure for testing libraries or other program components for vulnerabilities
- All of the above
ย
Question 2)
Which of the following are benefits of penetration testing?
- You can prove a positive: Penetration testing will establish your system is secure
- Compositionality of security properties means tested components are secure even if others change
- They specifically consider adversarial thinking, which is not usually necessary for normal tests
- Results are often reproducible
Question 3)
What does it mean to “be stealthy” during a penetration test?
- Performing the tests from an undisclosed location
- Performing penetration testing without the target organization knowing
- Using encryption during tests to make the source of attacks impossible to determine
- Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services
ย
Question 4)
What is a web proxy?
- A simulator for the web, for use when off-line
- A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server
- An agent that makes decisions on the client’s behalf when interacting with web applications
- A piece of software that makes a web application look like a standalone application, making it easier to test
ย
Question 5)
What is Nmap?
- It is a map of the Internet
- It is a network fuzz testing tool
- It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response
- It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses
Question 6)
What is ethical hacking?
- “Hacking” ethics so they justify unintended selfish behavior
- Hacking into systems run by those whose ethics you disagree with
- A slang term for rapid software development, e.g., as part of hackathons
- Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited
ย
ย
Question 7)
Which of the following statements describe fuzz testing (aka fuzzing)?
- It is always black-box, in being indifferent to the software’s functionality
- It has been used to find security vulnerabilities in many commodity programs
- It is concerned with finding known-bad behaviors, like crashes and hangs
- It focuses on simple testing patterns and does not employ sophisticated analysis techniques
ย
Question 8)
Which of the following are true of whitebox fuzzing?
- Radamsa is (at least in part) a whitebox fuzzer
- SAGE is (at least in part) a whitebox fuzzer
- It takes into account the program’s internals in some manner when deciding which inputs to choose
- It makes no sense to combine it with grammar-based fuzzing since the latter is just another way to consider the program’s semantics
ย
Question 9)
Which of the following is true of mutation-based fuzzing?
- Each input is mutation that follows a given grammar
- It only makes sense for file-based fuzzing, not network-based fuzzing
- It works by making small mutations to the target program to induce faults
- It generates each different input by modifying a prior input
ย
Question 10)
Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?
- Blackbox
- Whitebox
- Mutation-based
- Generational
ย
Question 11)
Which of the following are functions of a network-based fuzzer?
- Acting as a server
- Scanning a network address range
- Acting as a “man in the middle”
ย
Question 12)
Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?
- Fuzzing doesn’t find memory errors, it finds crashes and hangs
- Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce
- Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find
- You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors
ย