Which is/are not a trait in static malware analysis

Control malware execution to collect the malware’s runtime behavior such as API calls, data flow, network traffic, etc

Monitoring malware behaviour is VMs

Check features such as file name, hashes (e.g.,MD5 checksums), file type, file size

Analyze its source code or binary code to understand its behaviors

Which of the following statements are FALSE about countermeasures for software vulnerabilities?

Putting code/data in unmodifiable/non-executable memory regions can be an effective way to prevent Worms

Good programming practices such as the use of safe APIs or proper input validation are good countermeasures against software vulnerabilities

Whitelist and blacklist are measures used in input validation

Memory address randomization is a common measure used to reduce the effectiveness of buffer overflow

Week 10 - Software security

Quiz

•

Arts

•

1st - 5th Grade

•

Practice Problem

•

Hard

Tze Tok

Used 5+ times

FREE Resource

13 questions

Show all answers

1.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Which of the following(s) describes Command Injection

Exploiting the vulnerability of accepting unexpected user input

inserting new malicious code into a vulnerable application, which executes

Executing arbitrary commands in a system shell or other parts of the environment

To override original command, gain access to a system, obtain sensitive data

Answer explanation

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

2.

FILL IN THE BLANK QUESTION

2 mins • 1 pt

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

3.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Which of the followings are techniques used in Good Programming practices to prevent command injection?

Secure programming - nothing is assumed

Use safe APIs instead of unsafe APIs

Proper input validation (black/whitelist)

Enable CORs to prevent malicious codes accessing unauthorized memory

4.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the char length is equal or smaller than num

It ensures that the char length is equal to num

It ensures that the char length is larger than num

It ensures that the address is num

Answer explanation

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

5.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Immutable code and inexecutable data in the memory

Use memory safe languages

Address randomization when program is launched

Control flow integrity enforcements

6.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Immutable code and inexecutable data in the memory

Address randomization when a program is launched

Control flow integrity enforcement

Discretionary Access Control

7.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

C#

C++

C

Rust

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

Bitmap v Vector Images

Quiz

•

KG - University

10 questions

Wandavision episode 1 quiz

Quiz

•

KG - Professional Dev...

11 questions

Prior knowledge/ provocations

Quiz

•

3rd Grade

15 questions

THE BEATLES

Quiz

•

3rd Grade

10 questions

Origami and craft material

Quiz

•

1st Grade

16 questions

Color Theory 2

Quiz

•

5th Grade

15 questions

Reading and reading Music

Quiz

•

3rd Grade

10 questions

Elements of Design

Quiz

•

5th - 6th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Arts

19 questions

Movies Disney

Quiz

•

5th Grade

12 questions

Cartoon Characters

Quiz

•

5th - 8th Grade

14 questions

Prefijos y Sufijos

Quiz

•

4th Grade

10 questions

Adjectives

Quiz

•

3rd - 4th Grade

Week 10 - Software security

13 questions

Which of the following(s) describes Command Injection

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

Which of the followings are techniques used in Good Programming practices to prevent command injection?

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

Which type of malware(s) have the following properties:
Non-replicating
Parasitic

Which type of malware(s) have the following properties:
Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:
- Encrypt itself
- Change its code
- Core behavior remains the same

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Arts

Week 10 - Software security

13 questions

Which of the following(s) describes Command Injection

Wrong option: Refers to code injection, not command injectionCode injection focuses on injecting code into a vulnerable application, not system

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

Which of the followings are techniques used in Good Programming practices to prevent command injection?

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

Buffer overflow Counter measure: System supportsWhich of the following are system support techniques

Which system supports does this:The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

Which type of malware(s) have the following properties:Non-replicatingParasitic

Which type of malware(s) have the following properties:Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:- Encrypt itself- Change its code- Core behavior remains the same

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Arts

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Which type of malware(s) have the following properties:
Non-replicating
Parasitic

Which type of malware(s) have the following properties:
Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:
- Encrypt itself
- Change its code
- Core behavior remains the same