FUNDEMENTALS OF INFORMATION EXAM II Name: MULITPLE CHOICE 1. Which of these can prevent a buffer overflow before the software is released? A. Testing B. StackGuard C. Code Inspection D. Anti-virus software 2. Which of these will anti-virus software prevent? A. Known attacks on known vulnerabilities B. Unknown attacks on known vulnerabilities C. Attacks on unknown vulnerabilities D. Careless software engineering practices 3. Which of these statements are true? A. Languages like Java and Ada are less susceptible to buffer overflows B. Programmers who use Java or Ada don’t ever have to think about buffer overflows C. Java has better performance in terms of speed than C D. There are String libraries available for C/C++ that are safer than the standard libraries 4. Which of these tools would be appropriate during testing? A. A static analysis tool B. A dynamic analysis tool C. StackGuard D. A sledge hammer 5. Which of these buffer overflow preventions has a negligible performance overhead? A. StackGuard B. C compilers with automatic bounds checking C. An operating system patch that disables execution of code outside of the code space D. A C++ library for “limitless” buffers 6. Which of these are a security problem? A. Stack smashing B. Heap-based attacks C. Data corruption D. Program crashes E. Core dumps 7. Which of these statements is true? A. It’s always the size of the input and not the input itself that causes a buffer overflow B. Many buffer overflows are caused by blatantly careless programmer errors C. Even very careful and very skilled programmers can produce software with buffer overflows D. All of the subroutines included in the Standard C Library will do bounds checking for you 8. Which of these statements is true about a 50 byte buffer in C? A. It will hold 50 ASCII characters (other than the NULL at the end) B. It will hold 100 UNICODE characters C. The last ASCII character (other than NULL) is indexed with the number 98 D. The last ASCII character (other than NULL) is indexed with the number 99 E. The last ASCII character (other than NULL) is indexed with the number 100 9. If you declare an array as A[100] in C and you try to write data to A[555], what will happen? A. Nothing B. The C compiler will give you an error and won’t compile C. There will always be a runtime error D. Whatever is at A[555] will be overwritten 10. Which kinds of operations are most likely to lead to buffer overflows in C? A. Floating point addition B. Indexing of arrays C. Dereferencing a pointer D. Pointer arithmetic 11. Where can an attacker who is trying to “smash the stack” put their attack code if the buffer to be overflowed is on the stack? A. On the stack before the return pointer B. On the stack after the return pointer C. In the stack frame of another function D. On the heap E. In a global variable 12. What is likely to happen if you find a buffer overflow during testing by entering a random, long string for a C program? A. The program gives you a “Buffer overflow at line X” error B. Data is corrupted C. The program crashes D. The C fairy sprinkles magic memory dust on the memory that was overwritten and makes everything okay again. 13. Which of these kinds of inputs can cause a buffer overflow? A. An environment variable B. String input from the user C. A single integer D. A floating point number E. File input 14. What can be overwritten by a buffer overflow that causes a security problem? A. Security-sensitive data B. A return pointer C. Any kind of pointer D. Anything that will make the program crash 15. Which of these processes is likely to catch a buffer overflow? A. Compilation B. Code inspection C. Testing by a software developer D. Testing (or using) by a customer E. Testing (or probing) by an attacker 16. Which of these library functions are safe as long as you tell it the correct buffer size? A. sprintf() B. strcpy() C. fscanf() D. gets() E. memcpy() 17. Which of these is the best tool for finding unsafe library function calls? A. The warning messages of the C compiler B. Taping a hard-copy of the code to the wall and throwing darts at it C. A debugger D. A static analyzer such as ITS4 18. Which of these kinds of buffer overflows can be a security threat? A. Stack smashing B. Unsafe library function calls C. Off-by-on errors where only one byte is overwritten D. Buffer overflows in buffers that store internal data and not user input 19. If you want to use scanf() to read into a 64-byte buffer called MyBuff, which of these are correct? A. scanf(“%s”, MyBuff); B. scanf(“%s”, &MyBuff); C. scanf(“%63s”, MyBuff); D. scanf(“%64s”, MyBuff); E. scanf(“%65s”, MyBuff); 20. Which of these attack techniques is most appropriate for a UNICODE buffer overflow? A. Stack smashing B. Heap imploding C. Buffer doubling D. The Venetian exploit 21. Which of these assumptions is always okay to make about old code used in a new project? A. If it was already black-box tested then it doesn’t need to be tested again B. If it was already white-box tested then it doesn’t need to be tested again C. If the old code was already inspected then it doesn’t need to be inspected again D. If it limits the number of characters passed to it for every input then there will be no buffer overflows E. None of the above 22. Which of these software engineering techniques can catch buffer overflow errors that the others might not catch? A. Testing B. Code inspection C. Static analysis tools D. Multi-platform testing 23. What can happen if a buffer overflow causes a program to crash? A. A core dump gives the attacker access to security-sensitive data B. A denial-of-service attack where other users on the network can no longer access that service C. The computer can catch on fire D. Nothing bad can happen unless the attacker is able to hijack the machine or overwrite security-sensitive data 24. Which of these statements about the buffer overflow problem are correct? A. The buffer overflow problem is partly caused by the way the C language handles memory management B. The buffer overflow problem is partly caused by C programmers not handling their own memory management properly by checking boundaries of buffers C. All buffer overflows are simple programmer errors that are easily spotted D. Because of the complexity of the problem, buffer overflows may be overlooked by the most seasoned programmers 25. What can make a buffer overflow a security problem? A. Only when the attacker is able to hijack the execution of the program B. Only when the buffer overflow is between two computers on a network C. When security-sensitive data is overwritten D. When data that is critical to the execution of the program is overwritten causing the program to crash 26. What can be stored using a single byte? A. Integers from 0 to 255 B. ASCII Characters C. Integers from 0 to 4294967296 D. Boolean variables (i.e. 1 = Okay to access the file and 0 = Not okay to access the file) 27. What can be stored in a computer’s memory? A. Data such as integers and ASCII characters B. Instructions for a program that the computer is running C. A pointer to the address of some other data in memory D. A pointer to the address of some more instructions in memory 28. What typically happens when a buffer is overflowed? A. The memory space that comes after the buffer holds the extra data as well as keeping the data that it contained before B. Whatever is in the memory space that comes after the buffer is overwritten C. The memory chip in the computer gets too big and explodes D. Electrons fall out of the memory chip and start a fire 29. What does it mean for a program to jump? A. The whole program gets moved from one place in memory to another B. The program starts executing instructions at a different location in memory instead of moving on to the next one C. The program jumps outside the bounds of a buffer to store data D. Jump is only used to refer to when a program starts executing instructions somewhere where it’s not supposed to 30. Which of these is a good example of subroutines? A. A stack of trays in the cafeteria B. Pouring five gallons of water into a four-gallon bucket C. An IRS form which has boxes where you write things like adjusted income, exemptions, wages, tips, etc. D. A program for brushing your teeth is broken up into subroutines: getting out your toothbrush and toothpaste, putting toothpaste on the toothbrush, brushing your molars on the right, brushing your molars on the left, … 31. What does a typical C program usually use stacks for? A. Temporary storage of variables B. For storing the computer-level instructions of a subroutine while the subroutine is being executed C. Keeping track of where it was within subroutines that called other subroutines so it knows where to resume D. For preventing buffer overflows 32. What prevents a typical computer from jumping and starting to execute data instead of instructions? A. Nothing B. Buffers are used to separate instructions and data C. The computer can always tell the difference based on what is in the memory space D. Data and instructions are stored in separate memory spaces on most modern computers 33. What operations are permissible on a stack? A. Inserting things in the middle B. Taking things out of the middle C. Taking things off the bottom D. Putting things on the bottom E. Putting things on the top F. Taking things off the top ESSAY Argue on the possibility/impossibility of determining whether a program has a buffer overflow vulnerability (600 words MINIMUM).