Tag: security

Questions Related to security

Will following program execute successfully ? int main(int argc,char* argv[]){ int *ptr=new int; if(ptr==NULL) exit(1); char *j; for(int i=1;i<=4;i++) { j=argv[i]; int k=atoi(j); if (k!=0){ *ptr=k; delete ptr; } } }
technology security

  1. Program works when there is only 1 argument with program

  2. Program works when there are 3 arguments with program

  3. Program works when there are 4 arguments with program

  4. Program never executes successfully

Show answer
Correct Option: D

With the size of unsigned integers being 4 bytes, What happens when a negative number is entered? unsigned int i; scanf("%u",&i);
technology security

  1. A run-time error is encountered and the program aborts

  2. unsigned int variables cannot store the sign (+ or -) of the number. The sign is discarded and only the number is stored in i

  3. A large positive number will be stored in i

  4. Unsigned int variables cannot store signed numbers. Hence in this program i will contain garbage values.

Show answer
Correct Option: C

What is the value of j (size of integer is 4 bytes)? int i=987987987; int j= i*10;
technology security

  1. 1289945278

  2. garbage. Integer j cannot hold such large values

  3. 9879879870

  4. Program is aborted

Show answer
Correct Option: A

The application is receiving input from an external source. Which of the following external sources can be considered safe?
technology security

  1. Shell environment variables

  2. Data received via encrypted network channels

  3. argv[0] can only have either null or program name

  4. no external input must be trusted

Show answer
Correct Option: D

In the following code snippet, how to handle pointer? int main (int argc, char argv[]) { char j; j=argv[1]; int k=atoi(j); /delete here/ return 0; }
technology security

  1. delete j;

  2. realloc j;

  3. free j;

  4. It need not be deleted

Show answer
Correct Option: D

Code is vulnerable to buffer overflow attack and
technology security

  1. DNS Spoofing

  2. Command Injection

  3. Path Traversal

  4. Command Injection AND Path Traversal

Show answer
Correct Option: D

What can go wrong in following code? #include int main(int argc, char *argv[]){ if(argc != 3){ printf("usage: %s [source] [dest]\n", argv[0]); exit(1); } char buffer1[5]; strcpy(buffer1, argv[1]); char buffer2[5]; strcpy(buffer1, argv[1]); char x; FILE *file[2]; file[0] = fopen(buffer1,"r+"); file[1] = fopen(buffer2,"w+"); for(x = 0; x < 2; x++){ if(file[x] == NULL){ printf("error opening file.\n"); exit(1); } } do { x = fgetc(file[0]); fputc(x,file[1]); } while(x != EOF); for(x = 0; x < 2; x++) fclose(file[x]); return 0; }
technology security

  1. XSS

  2. Arc Injection

  3. Buffer Overflow

  4. Arc Injection AND Buffer Overflow

Show answer
Correct Option: D

In the following code snippet, how should a pointer be deleted int main (int argc, char argv[]) { char j=new char[100]; j=argv[1]; int k=atoi(j); /delete here/ return 0; }
technology security

  1. delete j

  2. free j

  3. it is not supposed to be deleted

  4. delete [] j

Show answer
Correct Option: D

A program wants to do some activities with root privileges when it starts up and shuts down. Other activities it does can be done as a lesser privileged user. Which of the options given below is most secure?

technology security

  1. The program should be started with root privileges. Then it should use setuid(UID) to change privileges between root and another account.

  2. The program should be started with root privileges. Then it should use seteuid(UID) to change privileges between root and another account.

  3. Starting the program as root is a security risk. The program should run with least privileges and obtain root using seteuid(UID) whenever necessary.

  4. The program has to run with root privileges entirely. Once root privileges are dropped they cannot be regained.

Show answer
Correct Option: B

What value is stored in *leaf in the program given below? int *myfunc(int tree) { int *node; int i=rand(); if(0==tree/pow(2,i)) node=&tree; else node=&i; return node; } int main(int argc, char * argv[]) { int *leaf; leaf=myfunc(7); }
technology security

  1. value of tree

  2. value of node

  3. value of i

  4. garbage-- its a dangling pointer

Show answer
Correct Option: D