Which is/are not a trait in static malware analysis

Control malware execution to collect the malware’s runtime behavior such as API calls, data flow, network traffic, etc

Monitoring malware behaviour is VMs

Check features such as file name, hashes (e.g.,MD5 checksums), file type, file size

Analyze its source code or binary code to understand its behaviors

Which of the following statements are FALSE about countermeasures for software vulnerabilities?

Putting code/data in unmodifiable/non-executable memory regions can be an effective way to prevent Worms

Good programming practices such as the use of safe APIs or proper input validation are good countermeasures against software vulnerabilities

Whitelist and blacklist are measures used in input validation

Memory address randomization is a common measure used to reduce the effectiveness of buffer overflow

Week 10 - Software security

Authored by Tze Tok

Arts

1st - 5th Grade

Used 5+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

13 questions

Show all answers

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Which of the following(s) describes Command Injection

Exploiting the vulnerability of accepting unexpected user input

inserting new malicious code into a vulnerable application, which executes

Executing arbitrary commands in a system shell or other parts of the environment

To override original command, gain access to a system, obtain sensitive data

Answer explanation

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

FILL IN THE BLANK QUESTION

2 mins • 1 pt

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

(a)

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Which of the followings are techniques used in Good Programming practices to prevent command injection?

Secure programming - nothing is assumed

Use safe APIs instead of unsafe APIs

Proper input validation (black/whitelist)

Enable CORs to prevent malicious codes accessing unauthorized memory

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the char length is equal or smaller than num

It ensures that the char length is equal to num

It ensures that the char length is larger than num

It ensures that the address is num

Answer explanation

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Immutable code and inexecutable data in the memory

Use memory safe languages

Address randomization when program is launched

Control flow integrity enforcements

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Immutable code and inexecutable data in the memory

Address randomization when a program is launched

Control flow integrity enforcement

Discretionary Access Control

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

C++

Rust

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

PJ TAHUN 3

Quiz

•

3rd Grade

13 questions

Music Genres BGE

Quiz

•

5th - 11th Grade

10 questions

3rd Grade Art Review

Quiz

•

3rd Grade

10 questions

Families of instruments

Quiz

•

2nd Grade

12 questions

Intro to Music Staff

Quiz

•

4th - 5th Grade

8 questions

MUSIC VOCABULARY

Quiz

•

4th - 6th Grade

16 questions

Notes, Rests, & Duration

Quiz

•

4th - 8th Grade

10 questions

Note Reading c to c treble clef

Quiz

•

1st - 2nd Grade

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Arts

19 questions

Movies Disney

Quiz

•

5th Grade

10 questions

Punctuation

Quiz

•

5th Grade

Week 10 - Software security

Which of the following(s) describes Command Injection

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

(a)

Which of the followings are techniques used in Good Programming practices to prevent command injection?

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

Which type of malware(s) have the following properties:
Non-replicating
Parasitic

Which type of malware(s) have the following properties:
Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:
- Encrypt itself
- Change its code
- Core behavior remains the same

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Arts

Week 10 - Software security

Which of the following(s) describes Command Injection

Wrong option: Refers to code injection, not command injectionCode injection focuses on injecting code into a vulnerable application, not system

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ? (a)

Which of the followings are techniques used in Good Programming practices to prevent command injection?

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

Buffer overflow Counter measure: System supportsWhich of the following are system support techniques

Which system supports does this:The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

Which type of malware(s) have the following properties:Non-replicatingParasitic

Which type of malware(s) have the following properties:Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:- Encrypt itself- Change its code- Core behavior remains the same

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Arts

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

(a)

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Which type of malware(s) have the following properties:
Non-replicating
Parasitic

Which type of malware(s) have the following properties:
Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:
- Encrypt itself
- Change its code
- Core behavior remains the same