1) Function pointers cannot be overwritten to transfer control to attacker-supplied shellcode.

True

False

2) The memorydatasegment contains all initialized global variables and constants.

True

False

3) A buffer overflow can be used to overwrite a function only when which of the following conditions are true (select all that apply):

The buffer must be adequately bounded

The buffer must be allocated in the same segment as the target function or object pointer.

The buffer must not be adequately bounded

For a loop limited by upper bound, a loop limited by Hi, or a loop limited by null terminator, the buffer must be at a lower memory address than the target function.

For a loop limited by lower bound or a loop limited by Lo, the buffer must be at a lower memory address than the target function.

The buffer must not be in the same segment as a target function.

4) The memory BSS segment contains all initialized global variables.

True

False

5) What memory segment is the static function pointer in the code below stored in?

void good_function(const char *str) { } int main(int argc, char *argv[]) {  static char buff[BUFFSIZE];  static void (*funcPtr)(const char *str);  funcPtr = &good_function;  strncpy(buff, argv[1], strlen(argv[1]));  (void)(*funcPtr)(argv[2]); } 

Data

Heap

BSS

Text

6) Moving variables from the stack to the data segment or heap is a valid mitigation for buffer overflows.

True

False

7) In the string "hello", theboundwould be which of the following.

5

7

6

NULL

8) In the following code, when could a buffer overflow occur?

void good_function(const char *str) { } int main(int argc, char *argv[]) {  static char buff[BUFFSIZE];  static void (*funcPtr)(const char *str);  funcPtr = &good_function;  strncpy(buff, argv[1], strlen(argv[1]));  (void)(*funcPtr)(argv[2]); } 

length of argv[1] exceeds BUFFSIZE

call to good_function()

initialization of buff[]

computation of argv[1] length

9) Strings are a nativetypein C and C++.

True

False

10) In the string "hello", thelengthwould be which of the following.

5

7

6

NULL

11) In C, the type of a string literal is which of the following

char

string[ ]

int[ ]

char[ ]

12) What is the difference between the following code snippets in the context of string literals and bounds:

const char s[3] = "abc"; const char s[] = "abc"; 

s[3] is tightly bound to the string literal

s[3] will omit the null terminator

s[ ] is an illegal declaration in C

s[ ] will not accomdate the size of the literal

13) Often, a compiled executable with static linking will be faster in startup time than the same executable with dynamic linking.

True

False

14) Instead ofgets(), we can usefgets(). Why is the latter preferred (select all that apply)?

we can specify the number of char to read

the function sanitizes input automatically

we can specify indicate specific input stream

we can specify illegal characters in a blacklist

Question 15

If a string lacks a null terminator, the program can be tricked into reading or writing data outside the bounds of the array.

True

False

Question 16

Which of the following are reasons for C being susceptible to buffer overflows (select all that apply):

Strings defined as null terminated

Explicit separation between data and bss memory segments

Lack of implicit bounds checking

String is not a native type

17) Why is the native functiongets()problematic in the context of C string considerations?

18) True/False .

Thestrcpy()andstrcat()functions are potential security flaws because the functions allow the caller to specify the size of the destination array.

19) True/False.

Often, a compiled executable with static linking will be larger in size than thesame executable with dynamic linking.