Tag: security

Questions Related to security

Will following program execute successfully ? int main(int argc,char* argv[]){ int *ptr=new int; if(ptr==NULL) exit(1); char *j; for(int i=1;i<=4;i++) { j=argv[i]; int k=atoi(j); if (k!=0){ *ptr=k; delete ptr; } } }
technology security

  1. Program works when there is only 1 argument with program

  2. Program works when there are 3 arguments with program

  3. Program works when there are 4 arguments with program

  4. Program never executes successfully

Show answer
Correct Option: D

With the size of unsigned integers being 4 bytes, What happens when a negative number is entered? unsigned int i; scanf("%u",&i);
technology security

  1. A run-time error is encountered and the program aborts

  2. unsigned int variables cannot store the sign (+ or -) of the number. The sign is discarded and only the number is stored in i

  3. A large positive number will be stored in i

  4. Unsigned int variables cannot store signed numbers. Hence in this program i will contain garbage values.

Show answer
Correct Option: C

What is the value of j (size of integer is 4 bytes)? int i=987987987; int j= i*10;
technology security

  1. 1289945278

  2. garbage. Integer j cannot hold such large values

  3. 9879879870

  4. Program is aborted

Show answer
Correct Option: A

The application is receiving input from an external source. Which of the following external sources can be considered safe?
technology security

  1. Shell environment variables

  2. Data received via encrypted network channels

  3. argv[0] can only have either null or program name

  4. no external input must be trusted

Show answer
Correct Option: D

In the following code snippet, how to handle pointer? int main (int argc, char argv[]) { char j; j=argv[1]; int k=atoi(j); /delete here/ return 0; }
technology security

  1. delete j;

  2. realloc j;

  3. free j;

  4. It need not be deleted

Show answer
Correct Option: D

Code is vulnerable to buffer overflow attack and
technology security

  1. DNS Spoofing

  2. Command Injection

  3. Path Traversal

  4. Command Injection AND Path Traversal

Show answer
Correct Option: D

What can go wrong in following code? #include int main(int argc, char *argv[]){ if(argc != 3){ printf("usage: %s [source] [dest]\n", argv[0]); exit(1); } char buffer1[5]; strcpy(buffer1, argv[1]); char buffer2[5]; strcpy(buffer1, argv[1]); char x; FILE *file[2]; file[0] = fopen(buffer1,"r+"); file[1] = fopen(buffer2,"w+"); for(x = 0; x < 2; x++){ if(file[x] == NULL){ printf("error opening file.\n"); exit(1); } } do { x = fgetc(file[0]); fputc(x,file[1]); } while(x != EOF); for(x = 0; x < 2; x++) fclose(file[x]); return 0; }
technology security

  1. XSS

  2. Arc Injection

  3. Buffer Overflow

  4. Arc Injection AND Buffer Overflow

Show answer
Correct Option: D

In the following code snippet, how should a pointer be deleted int main (int argc, char argv[]) { char j=new char[100]; j=argv[1]; int k=atoi(j); /delete here/ return 0; }

technology security

  1. delete j

  2. free j

  3. it is not supposed to be deleted

  4. delete [] j

Show answer
Correct Option: D

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) delete j - This option is incorrect because the pointer j was assigned a new value from argv[1] using the assignment operator. Thus, delete j would only delete the memory allocated for the new value of j, not the previously allocated memory.

Option B) free j - This option is incorrect because the free function is used to deallocate memory allocated using the malloc function in C. In this code snippet, the memory was allocated using the new operator in C++, so free should not be used.

Option C) it is not supposed to be deleted - This option is incorrect. Memory allocated dynamically using the new operator should be deallocated using the delete operator to prevent memory leaks.

Option D) delete [] j - This option is correct. The new operator with [] was used to allocate an array of characters, so the delete[] operator should be used to deallocate the memory. This will ensure that the entire array is deallocated properly.

The correct answer is Option D. This option is correct because it uses the appropriate delete[] operator to deallocate the dynamically allocated array of characters.

A program wants to do some activities with root privileges when it starts up and shuts down. Other activities it does can be done as a lesser privileged user. Which of the options given below is most secure?
technology security

  1. The program should be started with root privileges. Then it should use setuid(UID) to change privileges between root and another account.

  2. The program should be started with root privileges. Then it should use seteuid(UID) to change privileges between root and another account.

  3. Starting the program as root is a security risk. The program should run with least privileges and obtain root using seteuid(UID) whenever necessary.

  4. The program has to run with root privileges entirely. Once root privileges are dropped they cannot be regained.

Show answer
Correct Option: B

What value is stored in *leaf in the program given below? int *myfunc(int tree) { int *node; int i=rand(); if(0==tree/pow(2,i)) node=&tree; else node=&i; return node; } int main(int argc, char * argv[]) { int *leaf; leaf=myfunc(7); }
technology security

  1. value of tree

  2. value of node

  3. value of i

  4. garbage-- its a dangling pointer

Show answer
Correct Option: D