exam2 practice quiz

1. Question 1 Which name is almost never used for sections in ELF files that are generated by common C compilers under Linux? 1 point .exec .text .rodata .bss 1. Question 1 Which name is rarely used for sections in ELF files? 0 / 1 point .data .rodata .text .code 2. Question 2 In general, which type of program can be compiled into an executable form that contains machine code prior to execution? 1 point C programs Java programs Python programs Bash scripts 3. Question 3 Which name is a valid register name in x86-64 CPUs? 1 point a0 rsp

eay r0 3. Question 3 Which name is a valid register name in x86-64 CPUs? 1 / 1 point eax a0 r2 rdk 4. Question 4 Which x86-64 instruction clears the destination register (i.e., zeroing the destination register), regardless of the register's value? 1 point mov rdx, 1 set rcx=0 nop xor rdx, rdx 5. Question 5 What is the little-endian byte representation of a 32-bit integer 0xc0debabe (3235822270 in decimal)? 1 point c0 de ba be eb ab ed 0c 70 22 82 35 32 be ba de c0 6. Question 6

1 2 3 4 5 6 char path[ 1024 ] = { 0 }; strcpy(path, “/home/myspace/”); path = strncat(path, user_file); file = open(path, O_RDWR); Codeblock: Code Snippet Review Codeblock: Code Snippet . Suppose that there is no filtering or sanitization applied on variable user_file before calling strncat() , and the total length of path when calling open() is less than 1024. What vulnerability does this code snippet have? 1 point Format string vulnerability There is no vulnerability in this code snippet. File access vulnerability File handler reuse vulnerability 10. Question 10 On x86-64 Linux, each process has an isolated memory space called stack region. How does the stack region grow? 1 point Either from low addresses to high addresses, or from high addresses to low addresses, as determined by the operating system From high addresses to low addresses From low addresses to high addresses

Either from low addresses to high addresses, or from high addresses to low addresses, as determined by each process 11. Question 11 In x86-64 assembly, leave is an instruction that is commonly seen in function epilogues. leave can be represented by a few more instructions. What are these other representations? 1 point mov rsp, rbp; pop rbp push rbp; mov rbp, rsp mov rsp, rbp; pop rbp; ret pop rbp; mov rsp, rbp 11. Question 11 In x86-64 assembly, what is the mov rsp, rbp; pop rbp instruction equivalent to? 0 / 1 point xor rsp, rbp; mov rbp, rsp; xor rsp, rbp; mov rsp, rbp; hlt leave; ret push rbp; mov rbp, rsp leave 12. Question 12 Codeblock: Shellcode 1 2 3 4 5 6 7 8 9 10 11 12

6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 4 df4: 41 57 push r15 4 df6: 41 56 push r14 4 df8: 41 55 push r13 4 dfa: 41 54 push r12 4 dfc: 41 89 fc mov r12d,edi 4 dff: 55 push rbp 4 e00: 48 89 f5 mov rbp,rsi 4 e03: 53 push rbx 4 e04: 48 83 ec 48 sub rsp, 0x48 4 e08: 48 8 b 3 e mov rdi,QWORD PTR [rsi] 4 e0b: 64 48 8 b 04 25 28 00 mov rax,QWORD PTR fs: 0x28 4 e12: 00 00 4 e14: 48 89 44 24 38 mov QWORD PTR [rsp+ 0x38 ],rax 4 e19: 31 c0 xor eax,eax 4 e1b: e8 b0 e4 00 00 call 132 d0 4 e20: 48 8 d 35 d7 49 01 00 lea rsi,[rip+ 0x149d7 ] 4 e27: bf 06 00 00 00 mov edi, 0x6 4 e2c: e8 cf fd ff ff call 4 c00 Codeblock: Shellcode Review Codeblock: Shellcode . Which instruction has at least one null byte inside? 1 / 1 point

xor eax, eax mov rdi,QWORD PTR [rsi] sub rsp, 0x48 mov edi, 0x6 13. Question 13 Codeblock: C Code 1 2 3 4 int var_0 = 0 , var_1 = 0 ; printf( "CSE543ROCKS%80x%1$n\n" , &var_0, &var_1); Codeblock: C Code Review Codeblock: C Code . What vulnerability does this piece of code have? 1 point There is no vulnerability in this piece of code. TOCTTOU vulnerability Buffer overflow vulnerability Format string vulnerability 13. Question 13 Codeblock: C Code 1 2

mailto:user@example.com ftp://ftp.ietf.org/rfc/rfc1808.txt https://www.google.com/ncr ../../../../etc/passwd 15. Question 15 URI stands for Uniform Resource Identifier. A URI requires a series of specific items in a specific order. Which URI is valid ? 0 / 1 point user https:// /etc/shadow mailto:user@example.com 16. Question 16 Codeblock: Output Message 1 2 3 Connection to www.google.com 80 port [tcp/http] succeeded! Codeblock: Output Message Review Codeblock: Output Message . Which program or command may generate this output message? 1 point ls netcat

tcpdump curl 17. Question 17 Codeblock: Python Statement 1 2 3 q = "SELECT * FROM homework_assignments WHERE user=" + username + " AND k ey=" + password Codeblock: Python Statement Review Codeblock: Python Statement . This Python statement builds on an SQL query for authentication, where username and password are two variables derived from user input. Which combination of username and password values will lead to a bypass of the authentication? 1 point ' ' or 1=1;-- ; " " (an empty string) aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ; " " (an empty string) <script>alert(1) ; </script> root ; password 18. Question 18 Sometimes web applications will embed some encrypted secret data as hidden input fields on a web page. The secret data will be sent back to the server upon future requests. A major application for the secret data in these hidden input fields is to prevent cross-site scripting attacks. JavaScript code has access to these hidden input fields and the values inside. Which statement most accurately describes how secure this secret data is? 1 point

C programs must be compiled before running. What is an example of a commonly used C compiler under Linux? 1 point CPython GCC Bash file 20. Question 20 C programs must be compiled before running. What is an example of a commonly used C compiler under Linux? 1 / 1 point Python Sh ld Clang