This set of Cyber Security test focuses on “Buffer Overflow – 2”.
1. Buffer-overflow attack can take place if a machine can execute a code that resides in the data/stack segment.
a) True
b) False
View Answer
Explanation: Buffer-overflow attack can take place either the programmer lack boundary testing or if a machine can execute a code that resides in the data/stack segment.
2. Among the two types ____________buffer-overflow is complex to execute and the least common attack that may take place.
a) memory-based
b) queue-based
c) stack-based
d) heap-based
View Answer
Explanation: Among the two types of buffer-overflow, heap-based buffer-overflow attacks are hard to execute and the least common of the 2 types. It attacks the application by flooding the space of memory that is reserved for a program.
3. _____________ buffer overflows, which are more common among attackers.
a) Memory-based
b) Queue-based
c) Stack-based
d) Heap-based
View Answer
Explanation: In the case of stack-based buffer overflows, which is very common among the two types of buffer-overflow; it exploits applications by flooding the stack: memory-space where users externally input the data.
4. With the lack of boundary check, the program ends abnormally and leads to ___________ error.
a) logical
b) segmentation
c) compile-time
d) syntax
View Answer
Explanation: In buffer-overflow, with the lack of boundary check, the program ends abnormally and leads to segmentation error or bus error. Sometimes the application on which the attack was done get stuck or hang and suddenly the app closes.
5. In an application that uses heap, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the beginning of the program
View Answer
Explanation: In an application that uses the heap, memory utilized by the application is allocated dynamically at runtime. Access to such memories is comparatively slower than memories that use the stack.
6. In an application that uses stack, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the end of the program
View Answer
Explanation: In application that uses heap, memory utilized by the application is allocated at the beginning of the function call and the memory get released at the end of a program. Accessing of values in the stack is very fast.
7. Malicious code can be pushed into the _________ during ______________ attack.
a) stack, buffer-overflow
b) queue, buffer-overflow
c) memory-card, buffer-overflow
d) external drive, buffer-overflow
View Answer
Explanation: Malicious code can be pushed into the stack during the buffer-overflow attack. The overflow can be used to overwrite the return pointer so that the control-flow switches to the malicious code.
8. Variables that gets created dynamically when a function (such as malloc()) is called is created in the form of _______ data-structure.
a) array
b) queue
c) stack
d) heap
View Answer
Explanation: Variables that gets created dynamically when a function (such as malloc()) is called is created in the form of heap data-structure. In heap-based overflow, the buffer is placed on the lower part of the heap, overwriting all dynamically generated variables.
9. How many primary ways are there for detecting buffer-overflow?
a) 6
b) 3
c) 2
d) 5
View Answer
Explanation: There are two ways to detect buffer-overflow in an application. One way is to look into the code and check whether the boundary check has been properly incorporated or not. The other way is to make the executable build of the product, feed the application with a huge amount of data and check for abnormal behaviour.
10. Testing for buffer-overflow in a system can be done manually and has two possible ways.
a) True
b) False
View Answer
Explanation: Testing for buffer-overflow in a system can be done manually, and has two possible ways. One way is to look into the code and check whether the boundary check has been properly incorporated or not. The other way is to make the executable build of the product, feed the application with a huge amount of data and check for abnormal behaviour.
Sanfoundry Global Education & Learning Series – Cyber Security.
To practice all areas of Cyber Security for tests, here is complete set of 1000+ Multiple Choice Questions and Answers.
If you find a mistake in question / option / answer, kindly take a screenshot and email to [email protected]
- Check Programming Books
- Apply for Computer Science Internship
- Practice Programming MCQs
- Check Computer Science Books
- Practice Cryptography & Network Security MCQ
