0

security Online Quiz - 9

Description: security Online Quiz - 9
Number of Questions: 20
Created by:
Tags: security
Attempted 0/20 Correct 0 Score 0

Which of the following are countermeasures for XSS

  1. Releasing Resources after use
  2. Input Validation
  3. Running with least privilege
  4. URL based access control
  5. Output Encoding
  1. 1 and 4

  2. 2 and 4

  3. 2 and 5

  4. 3 and 5


Correct Option: C

The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here.

int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);
  1. Since the file name is hard coded, fopen() will fail if the file already exists.

  2. 0600 is not a secure option. The parameter 0600 should be changed to 0666

  3. Attackers can exploit by creating a symboling link /tmp/cache_data that points to a system file.

  4. Attackers can exploit the application's cache by writing directly to /tmp/cache_data


Correct Option: C

Is writing to an already freed memory a vulnerability?

x = malloc(200); /* do something with x */ 
free (x); /* do something else */  
strcpy(x, “somedata”);  
  1. Overwriting freed memory is a security vulnerability

  2. Depends on the application and how important “somedata” is

  3. This will result in a buffer overflow since the freed memory location cannot handle 8 characters of data “somedata”

  4. strcpy() will fail as it cannot write to already freed memory, and the application will crash.


Correct Option: A

AI Explanation

To answer this question, let's go through each option:

Option A) Overwriting freed memory is a security vulnerability - This option is correct. Writing to an already freed memory is a security vulnerability. When memory is freed using the free() function, the operating system marks that memory as available for other allocations. If you try to write to that memory after it has been freed, it can lead to undefined behavior, including potential security vulnerabilities such as buffer overflows or information disclosure.

Option B) Depends on the application and how important "somedata" is - This option is not the correct answer. While the importance of "somedata" may impact the severity of the vulnerability, the act of writing to already freed memory itself is a security vulnerability.

Option C) This will result in a buffer overflow since the freed memory location cannot handle 8 characters of data "somedata" - This option is incorrect. A buffer overflow occurs when more data is written to a buffer than it can handle, exceeding its allocated size. In this case, the issue is not specifically a buffer overflow, but rather writing to already freed memory.

Option D) strcpy() will fail as it cannot write to already freed memory, and the application will crash - This option is incorrect. The behavior of writing to already freed memory is undefined. It might crash the application, or it might not. It is not guaranteed to fail or crash in all cases.

The correct answer is A) Overwriting freed memory is a security vulnerability. This option is correct because writing to already freed memory can lead to security vulnerabilities and should be avoided.

In the following code, which is the location of vulnerability?

1  bIsAdmin = true; 
2  try  
3  { 
4  function (); 
5   bIsAdmin = isAdminUser(userName); 
6  } 
7  catch (Exception ex)  
8  { 
9   log.write(ex.toString()); 
10 }
  1. Line 9

  2. Line 5

  3. Line 7

  4. Line 1


Correct Option: D

In the following code, which is the location of vulnerability?

1 String username = req.getParameter("loginID"); 
2 String password = req.getParameter("loginPassword"); 
3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?"; 
4 pstmt = con.prepareStatement(sql); 
5 pstmt.setString(1,username); 
6 pstmt.setString(2,password); 
7 pstmt.execute(); 
8 user = pstmt.getResultSet(); 
9 if(user!=null)  
10 { 
11  while (user.next()) 
12  { 
13   userInfo.add(user.getString(1)); 
14  }  
15 } 
16 else 
17 { 
18  log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password); 
19 }
  1. Line 5

  2. Line 4

  3. Line 18

  4. Line 11


Correct Option: C

Are there any memory issues in the following code? Please assume that variable inputsize has the correct size.

int add_num_array(int inputsize, int num) {
    int *newnum = malloc (inputsize * sizeof(int));  /* 1 */
    int i;   
    for (i=0; i
  1. No vulnerabilities are present

  2. Line 1 should only use malloc(inputsize);

  3. Line 2 should be for (i=0; i<=n, i++)

  4. Line 1 should use calloc() instead of malloc()


Correct Option: D

What is the vulnerability in this code?

    char output[20];  
    /*   Assume data is a character array with value %200d asdf   */  
    sprintf(output, data);
  1. Buffer overflow

  2. Off by one error

  3. Format string vulnerability

  4. No vulnerabilities are present in this code


Correct Option: C
  1. Buffer overflow

  2. Off by one error

  3. Format string vulnerability

  4. No vulnerabilities are present in this code


Correct Option: C
  1. /GS on Visual C++ and -fmudflap -fmudflapth -fmudflapir on GCC

  2. /O in Vc++ and -O2 in GCC

  3. /S in Vc++ and -fcrossjumping in GCC

  4. /S in VC++ and -fno-function-cse in GCC


Correct Option: A

What can go wrong in following code?

#include   
int main(int argc, char *argv[]) {

if(argc != 3) {
        printf("usage: %s [source] [dest]\n", argv[0]);
        exit(1);

    }

    char x;
    FILE *file[2];
    file[0] = fopen(argv[1],"r+");
    file[1] = fopen(argv[2],"w+");
    for(x = 0; x &lt; 2; x++) { 
        if(file[x] == NULL) {
            printf("error opening file.\n");
            exit(1);
        }
    }

    do {
        x = fgetc(file[0]);
        fputc(x,file[1]);
    } while(x != EOF);

     for(x = 0; x &lt; 2; x++)
        fclose(file[x]);
     return 0; 
}
  1. SQL Injection

  2. Arc Injection

  3. Buffer Overflow

  4. both 2 and 3


Correct Option: C

Which compilation switch should be enabled for stack protection? Choose the best and most secure option.

  1. fstack-protector

  2. fstack-protector-all

  3. fdelete-null-pointer-checks

  4. Both a and b


Correct Option: B

Which statement creates a buffer over flow? (Line numbers are marked using comments /* */)

#include   
#include   
#include   
int main (int argc, char *argv[])  {   
    int i=0,j=1;   
    char ipstring[80];   
    for (;i&lt;=3;i++){    
        cout&lt;
  1. 1

  2. 2

  3. Both

  4. None


Correct Option: B
  1. Content Spoofing

  2. HTTP Response Splitting

  3. Directory Listing

  4. a & b


Correct Option: D
- Hide questions