软件安全代写 | FIT3173 SOFTWARE SECURITY Examination

本次澳洲代写是网络安全的限时测试

PART A TRUE/FALSE questions

1. Initialized global variables are stored in stack.
a) True
b) False

2. Address Randomization is a mitigation for buffer overflow in stack.
a) True
b) False

3. In a 32 bits operating system, the range of an unsigned integer number is 0 – 232
-1
a) True
b) False

4. Getting random seed directly from time of microseconds is considered secure.
a) True
b) False

5. In AES, ECB mode is more robust than CBC mode when data loss happens during transmission.
a) True
b) False

6. Web application server is the target of SQL injection attacks.
a) True
b) False

7. SQL injection can compromise both data confidentiality and data integrity.
a) True
b) False

8. The malicious script in XSS attacks are executed in the victim server.
a) True
b) False

9. CSRF attacks can cause malicious actions to the victim server without being captured by users.
a) True
b) False

10. Threat modelling cannot help address vulnerabilities before software implementation.
a) True
b) False

PART B Single answer questions. 

11. Which of the following statements is correct about the return address in a function call?
a) It is a pointer that points to the instruction for a return statement inside a function.
b) The return address is for transferring control between function calls.
c) The return address is saved in the stack frame and cannot be modified during runtime.

12. Which of the following statements is correct about race condition vulnerability?
a) It stems from concurrent data access.
b) Repeating check and use can eliminate this threat.
c) Using atomic operations for file open and use is not useful to mitigate this vulnerability.

13. Which following line number possibly causes buffer overflow?

1. void askQuestion(){
2. char user_answer[2];
3. char *s; int n, i;
4. printf(“Is this code secure? Please answer yes, no, or no idea:”);
5. gets(user_answer);
6. n = sizeof(user_answer)/sizeof(char);
7. s = (char*) malloc(n* sizeof(char));
8. for (i=0; i<=n; i++)
9. s[i] = ‘A’ + (random() % 26);
10. }

a) Lines 3 and 5
b) Lines 6 and 8
c) Lines 6 and 9
d) Lines 5 and 8

d) Lines 5 and 8

14. What does a “NOP sled” (opcode = 0x90) instruction do?
a) Terminate the program
b) Does nothing, asking the program to move on
c) Ask the program to move back to previous instruction

15. Which of the following statement is not true regarding the XSS attacks?
a) The attacker can run arbitrary JavaScript code on the victim’s machine
b) The attack can happen if the user performs certain actions, i.e., clink links or access
malicious contents
c) The attack cannot persistently infect the target server