Which is/are not a trait in static malware analysis

Control malware execution to collect the malware’s runtime behavior such as API calls, data flow, network traffic, etc

Monitoring malware behaviour is VMs

Check features such as file name, hashes (e.g.,MD5 checksums), file type, file size

Analyze its source code or binary code to understand its behaviors

Which of the following statements are FALSE about countermeasures for software vulnerabilities?

Putting code/data in unmodifiable/non-executable memory regions can be an effective way to prevent Worms

Good programming practices such as the use of safe APIs or proper input validation are good countermeasures against software vulnerabilities

Whitelist and blacklist are measures used in input validation

Memory address randomization is a common measure used to reduce the effectiveness of buffer overflow

Week 10 - Software security

Quiz

•

Arts

•

1st - 5th Grade

•

Practice Problem

•

Hard

Tze Tok

Used 5+ times

FREE Resource

13 questions

Show all answers

1.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Which of the following(s) describes Command Injection

Exploiting the vulnerability of accepting unexpected user input

inserting new malicious code into a vulnerable application, which executes

Executing arbitrary commands in a system shell or other parts of the environment

To override original command, gain access to a system, obtain sensitive data

Answer explanation

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

2.

FILL IN THE BLANK QUESTION

2 mins • 1 pt

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

3.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Which of the followings are techniques used in Good Programming practices to prevent command injection?

Secure programming - nothing is assumed

Use safe APIs instead of unsafe APIs

Proper input validation (black/whitelist)

Enable CORs to prevent malicious codes accessing unauthorized memory

4.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the char length is equal or smaller than num

It ensures that the char length is equal to num

It ensures that the char length is larger than num

It ensures that the address is num

Answer explanation

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

5.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Immutable code and inexecutable data in the memory

Use memory safe languages

Address randomization when program is launched

Control flow integrity enforcements

6.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Immutable code and inexecutable data in the memory

Address randomization when a program is launched

Control flow integrity enforcement

Discretionary Access Control

7.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

C#

C++

C

Rust

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

Photography project

Quiz

•

3rd - 6th Grade

10 questions

Puppets

Quiz

•

3rd Grade

9 questions

Teachers

Quiz

•

5th - 6th Grade

10 questions

19 November 2012 ~ Batik Techniques Quiz

Quiz

•

4th - 5th Grade

11 questions

The Jungle Book

Quiz

•

4th - 5th Grade

16 questions

Indiana Jones

Quiz

•

1st Grade

10 questions

Woodwind and Brass Family

Quiz

•

1st - 2nd Grade

10 questions

Recycle art craft

Quiz

•

1st Grade

Popular Resources on Wayground

10 questions

Honoring the Significance of Veterans Day

Interactive video

•

6th - 10th Grade

9 questions

FOREST Community of Caring

Lesson

•

1st - 5th Grade

10 questions

Exploring Veterans Day: Facts and Celebrations for Kids

Interactive video

•

6th - 10th Grade

19 questions

Veterans Day

Quiz

•

5th Grade

14 questions

General Technology Use Quiz

Quiz

•

8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

Circuits, Light Energy, and Forces

Quiz

•

5th Grade

19 questions

Thanksgiving Trivia

Quiz

•

6th Grade

Discover more resources for Arts

10 questions

Context Clues

Quiz

•

3rd Grade

19 questions

Movies Disney

Quiz

•

5th Grade

Week 10 - Software security

13 questions

Which of the following(s) describes Command Injection

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

Which of the followings are techniques used in Good Programming practices to prevent command injection?

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

Which type of malware(s) have the following properties:
Non-replicating
Parasitic

Which type of malware(s) have the following properties:
Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:
- Encrypt itself
- Change its code
- Core behavior remains the same

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Arts

Week 10 - Software security

13 questions

Which of the following(s) describes Command Injection

Wrong option: Refers to code injection, not command injectionCode injection focuses on injecting code into a vulnerable application, not system

Buffer overflow: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. This holding area for the buffer is known as a ... ?

Which of the followings are techniques used in Good Programming practices to prevent command injection?

strcpy(dest, src) is considered unsafe compared to its counterpart strncpy(dest, src, num). What does the parameter 'num' do?

It ensures that the input does not overflow, thus making sure the char is equal or smaller than num

Buffer overflow Counter measure: System supportsWhich of the following are system support techniques

Which system supports does this:The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Memory safe languages have bult-in defense against memory errors because they have inbuilt interpreters. Which languages are NOT memory safe

Which type of malware(s) have the following properties:Non-replicatingParasitic

Which type of malware(s) have the following properties:Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:- Encrypt itself- Change its code- Core behavior remains the same

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Arts

Wrong option: Refers to code injection, not command injection
Code injection focuses on injecting code into a vulnerable application, not system

Buffer overflow Counter measure: System supports
Which of the following are system support techniques

Which system supports does this:
The OS has an ACL-like approach to specify whether bytes in a memory region can be read, written or executed

Which type of malware(s) have the following properties:
Non-replicating
Parasitic

Which type of malware(s) have the following properties:
Self-contained

Malware have many ways to conceal themself. Which of the following malware that has these traits:
- Encrypt itself
- Change its code
- Core behavior remains the same