Tag: security

Questions Related to security

unsigned char j,k; j=getchar(); k=getchar(); unsigned char result = j + k; What vulnerability is present in this code:
technology security

  1. Heap Overflow

  2. Integer overflow

  3. Buffer overflow

  4. No Vulnerability

Show answer
Correct Option: B

Which statement creates a buffer over flow? (Line numbers are marked using comments /* */)

#include   
#include   
#include   
int main (int argc, char *argv[])  {   
    int i=0,j=1;   
    char ipstring[80];   
    for (;i<=3;i++){    
        cout<
technology security

  1. 1

  2. 2

  3. Both

  4. None

Show answer
Correct Option: B

What is the vulnerability ?

int main (int argc, char *argv[]) { 
     char k[3]; 
     int i=0,j=1; 
     char buffer[50]; 
     strncpy(buffer, argv[1], sizeof(buffer) - 1); 
     buffer[49]='/0'; 
     unsigned char ch='a'; 
     k[0]=1; 
     do{   
        i++;   
        k[i]=ch+i; 
    } while(i<3); 

    return 0; 
}
technology security

  1. Heap overflow

  2. Integer overflow

  3. Off by one error

  4. None of the above

Show answer
Correct Option: C

Which attack(s) are possible in the below code:
technology security

  1. Content Spoofing

  2. HTTP Response Splitting

  3. Directory Listing

  4. a & b

Show answer
Correct Option: D

Identify the name of the vulnerability exist in the below code: 

1 ...   
2 public class ShowUserDetailsAction extends HttpServlet   
3 {   
4 private String currentUser;     
5 public void doPost(HttpServletRequest req, HttpServletResponse res)   
6 {   
7 try   
8 {   
9  currentUser = req.getParameter("userID");  
10  RequestDispatcher rd = getServletContext().getRequestDispatcher ("/ShowDetails.jsp");  
11  if (!"".equals(currentUser))  
12  {  
13     
14   ArrayList userInfo = new ArrayList();  
15   LoginDAO objLoginDAO = new LoginDAO();  
16   userInfo = objLoginDAO.getUserInfo(currentUser);  
17     
18   if (userInfo!=null && (userInfo.size()!= 0))  
19   {  
20    req.setAttribute("UserInfo", userInfo);  
21   }  
22   else  
23   {  
24    req.setAttribute("NoUser", "true");  
25   }  
26  }  
27  rd.forward(req,res);  
28 } catch (Exception e)  
29 {  
30  log.debug(“Error Occurred:”+ e);  
31 }  
32 }  
33 }   
34 ...
technology security

  1. URL Tampering

  2. Brute Forcing

  3. Race Condition

  4. HTML Injection

Show answer
Correct Option: C

Identify the weakness in the below JSP file: 

1  ...   
2     
3    
4     
8     
9    
11    
12   
13    
14  function doBack()  
15  {  
16   history.go(-1);  
17  }  
18  function doDelete()  
19  {  
20   document.forms[0].action="/DeleteUsersAction";  
21   document.forms[0].submit();  
22  }  
23    
24  ...
technology security

  1. SQL Injection

  2. Cross Site Scripting

  3. Broken Access Control

  4. Improper Resource Initialization

Show answer
Correct Option: C

Identify the weakness in the below JSP file:

1    
2  ...   
3  Dear User,   
4    
5  If you liked our services, then you would like to refer it to your friends.   
6    
7  Click on the below link:    
8    
9  <a href="/CWE/ReferAFriendAction?pageRedirect=">"&gt;  "Refer a Friend"!</a>  10  ...  
11
technology security

  1. Information Disclosure

  2. Cross Site Scripting

  3. Usage of Risky Encryption

  4. All of the above

Show answer
Correct Option: C

Identify the Vulnerable Line # in the below code:

1 ...   
2 public static Connection getConnection()    
3 {   
4  Connection con = null;   
5  try   
6  {   
7   Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");   
8   con = DriverManager.getConnection("jdbc:odbc:Lookup","admin","admin");   
9    
10  }catch (ClassNotFoundException e)   
11  {   
12   if(con!=null)  
13    close(con);  
14   log.debug(“Error Occurred:” + e);   
15    
16  } catch(SQLException ex)  
17  {   
18    
19   if(con!=null)  
20    close(con);  
21   log.debug(“Error Occurred:” + ex);  
22  }  
23  return con;   
24 }  
25 ...
technology security

  1. Line # 4

  2. Line # 13 & 20

  3. Line # 7 & 8

  4. None of the above

Show answer
Correct Option: C

Which of the following is a security advantage of managed code over unmanaged code?

technology security

  1. Size of the attack surface

  2. Number of roles

  3. Number of lines of code

  4. Size of the chroot jail

Show answer
Correct Option: A

AI Explanation

To answer this question, you need to understand the concept of managed code and unmanaged code.

Managed code refers to code that is executed and managed by a runtime environment, such as the Common Language Runtime (CLR) in the .NET Framework. This code is compiled into an intermediate language (IL) and is executed by the runtime, which provides various services such as memory management, type safety, and security.

Unmanaged code, on the other hand, refers to code that is directly executed by the operating system without the assistance of a runtime environment. This code is typically written in programming languages like C or C++ and can directly access hardware and memory resources.

Now let's go through each option to understand why it is correct or incorrect:

Option A) Size of the attack surface - This option is correct. Managed code has a smaller attack surface compared to unmanaged code. The runtime environment provides various security features such as code verification, memory management, and type safety, which help prevent common security vulnerabilities like buffer overflows and pointer manipulation. This reduces the potential entry points for attackers to exploit.

Option B) Number of roles - This option is incorrect. The number of roles does not directly relate to the security advantage of managed code over unmanaged code. The number of roles is typically associated with access control and authorization mechanisms, which can be implemented in both managed and unmanaged code.

Option C) Number of lines of code - This option is incorrect. The number of lines of code does not directly relate to the security advantage of managed code over unmanaged code. Both managed and unmanaged code can have varying numbers of lines of code, and the security advantage of managed code lies in the runtime environment's security features, not the code size.

Option D) Size of the chroot jail - This option is incorrect. The size of the chroot jail is not a relevant factor in comparing the security advantage of managed code and unmanaged code. A chroot jail is a mechanism that restricts the file system access of a process, and it can be used in both managed and unmanaged code scenarios.

The correct answer is A) Size of the attack surface. This option is correct because managed code has a smaller attack surface compared to unmanaged code, thanks to the security features provided by the runtime environment.

Who is ultimately responsible for notifying authorities of a data or system theft?

technology security

  1. Users

  2. Security administrators

  3. System administrator

  4. Management

Show answer
Correct Option: D