网络安全代考 | FIT3173 SOFTWARE SECURITY

本次澳洲代考主要为网络安全相关的限时测试

TRUE/FALSE questions

1. Initialized global variables are stored in stack.

a) True
b) False

2. Address Randomization is a mitigation for buffer overflow in stack.

a) True
b) False
3. In a 32 bits operating system, the range of an unsigned integer number is 0 – 232
-1

a) True
b) False

4. Getting random seed directly from time of microseconds is considered secure.

a) True
b) False

5. In AES, ECB mode is more robust than CBC mode when data loss happens during transmission.

a) True
b) False

6. Web application server is the target of SQL injection attacks.

a) True
b) False

7. SQL injection can compromise both data confidentiality and data integrity.

a) True
b) False

8. The malicious script in XSS attacks are executed in the victim server.

a) True
b) False

9. CSRF attacks can cause malicious actions to the victim server without being captured by users.

a) True
b) False

10. Threat modelling cannot help address vulnerabilities before software implementation.

a) True
b) False

PART B (10 marks) (Sample)

Please answer Part B on the Multiple Answer Sheet provided.
Note: the Final Assessment question difficulty may vary from the sample

Single answer questions.

11. Which of the following statements is correct about the return address in a function call?
a) It is a pointer that points to the instruction for a return statement inside a function.
b) The return address is for transferring control between function calls.
c) The return address is saved in the stack frame and cannot be modified during runtime.

12. Which of the following statements is correct about race condition vulnerability?
a) It stems from concurrent data access.
b) Repeating check and use can eliminate this threat.
c) Using atomic operations for file open and use is not useful to mitigate this vulnerability.

13. Which following line number possibly causes buffer overflow?

1. void askQuestion(){
2. char user_answer[2];
3. char *s; int n, i;
4. printf(“Is this code secure? Please answer yes, no, or no idea:”);
5. gets(user_answer);
6. n = sizeof(user_answer)/sizeof(char);
7. s = (char*) malloc(n* sizeof(char));
8. for (i=0; i<=n; i++)
9. s[i] = ‘A’ + (random() % 26);
10. }

a) Lines 3 and 5
b) Lines 6 and 8
c) Lines 6 and 9
d) Lines 5 and 8