exam

Question 1

In bash what is the function of the following commands and symbols:
sed

Answer 1

SED command in UNIX stands for stream editor and it can perform lots of functions on file like searching, find and replace, insertion or deletion. Though most common use of SED command in UNIX is for substitution or for find and replace. By using SED you can edit files even without opening them, which is much quicker way to find and replace something in file, than first opening that file in VI Editor and then changing it.

SED is a powerful text stream editor. Can do insertion, deletion, search and replace(substitution).
SED command in unix supports regular expression which allows it perform complex pattern matching.

Question 2

In bash what is the function of the following commands and symbols:
»

Answer 2

> > is used to append to a file

Question 3

In bash what is the function of the following commands and symbols:
|

Answer 3

Pipe is used to combine two or more commands, and in this, the output of one command acts as input to another command, and this command’s output may act as input to the next command and so on. It can also be visualized as a temporary connection between two or more commands/ programs/ processes

Question 4

grep

Answer 4

The grep command searches for the pattern specified by the Pattern parameter and writes each matching line to standard output. The patterns are limited regular expressions in the style of the ed or egrep command. The grep command uses a compact non-deterministic algorithm.

Question 5

$2

Answer 5

./script.sh Hello World

$0 = ./script.sh
$1 = Hello
$2 = World

Question 6

echo

Answer 6

In computing, echo is a command that outputs the strings that are passed to it as arguments. It is a command available in various operating system shells and typically used in shell scripts and batch files to output status text to the screen or a computer file, or as a source part of a pipeline.

Question 7

#

Answer 7

comment

Question 8

$@

Answer 8

$@ refers to all of a shell script’s command-line arguments. $1 , $2 , etc., refer to the first command-line argument, the second command-line argument, etc. Place variables in quotes if the values might have spaces in them

Question 9

ls

Answer 9

In computing, ls is a command to list computer files and directories in Unix and Unix-like operating systems.

Question 10

cat

Answer 10

Cat(concatenate) command is very frequently used in Linux. It reads data from the file and gives their content as output. It helps us to create, view, concatenate files
cat is a standard Unix utility that reads files sequentially, writing them to standard output. The name is derived from its function to catenate files. It has been ported to a number of operating systems.

Question 11

cd

Answer 11

The cd command, also known as chdir, is a command-line shell command used to change the current working directory in various operating systems. It can be used in shell scripts and batch files

Question 12

list all text files in a directory

Answer 12

find . -name ‘*.txt’

Question 13

list the contents of a user’s home directory

Answer 13

ls ~

Question 14

print the last 10 lines of a file called animals.txt

Answer 14

tail -10 foo.txt

Question 15

perform a case-sensitive search of a file called products.txt for all lines
starting with the letter P

Answer 15

grep “^p” foo.txt

Question 16

perform a case-insensitive search of a file called products.txt for all lines
ending with the letter p

Answer 16

grep -i “p$” foo.txt

Question 17

list the contents of a parent directory and save the output into a file called
parent.txt

Answer 17

ls ..&raquo_space; bar.txt

Question 18

print out the contents of a file called names.txt with line numbers

Answer 18

cat -n bar.txt

Question 19

list the contents of a folder and save it to a file called list.txt

Answer 19

ls ../exam_prep&raquo_space; bar.txt

Question 20

List 5 responsibilities of an operating system

Answer 20

Process management.
Inter-process communication (IPC) and networking.
I/O and file systems.
Memory management.
Thread-support.
Security, i.e. safeguarding stability and system access.

Question 21

An operating system provides two interfaces, what are these interfaces and describe
in your own words their differences

Answer 21

OSes have two primary interfaces, the hardware interface and the software interface.
Applications talk to the operating system by invoking the system services it provides.
This is called system interface programming i.e. writing code that makes system calls using the software interface.
The hardware interface is where the operating system meets the hardware and carries out input and output (I/O) for the user.

Question 22

What is the role of the system service interface and how is it accessed?

Answer 22

System Calls
A system call, or syscall, is a request made to the kernel for access to a resource.
Compilers translate high-level language I/O requests into read and write system calls.
System services are what we can ask of the operating system and sometimes referred to as the software instruction set.
Assembly instructions define interaction with the CPU.
There are six categories of system call.
System Call Categories
Process control.
File management.
Device management.
Information maintenance.
Communication.
Protection.

kernel

Question 23

Briefly describe the role of interrupt driven I/O within the context of operating
systems and describe how it functions.

Answer 23

The three types of interrupt are:

Software, generated by system calls, discussed above.
Hardware, generated by external devices.
Exceptions, generated by the CPU when errors happen.

Interrupts allow the OS to maintain control.
CPU processes instructions one at a time. The OS must be able to retake control from another process.
Interrupts alert the OS to a process requiring attention.

Interrupt-Driven I/O
In this case, when a device needs attention:

It alerts the CPU with an interrupt.
The CPU finishes executing the current instruction.
The CPU saves its current context.
The CPU asks the interrupting device to identify itself and acknowledges the interrupt so that the device can stop interrupting.
The CPU runs the interrupt service routine of the corresponding device.
The saved context is restored and the CPU continues from where it left off before being interrupted.
Interrupt line to CPU from device
|
–>CPU Main Memory
| | |
| ——————
| |
| Data Bus
| |
| Status / Data
| |
—- Device (e.g. Disk)

Question 24

What is a process? Describe what it is in plain language, with some detail. From a Linux/Unix perspective, how is a process created and what is its lifecycle?

Answer 24

A process is a running program and all the things it needs to run. There could be many copies of the same program running, i.e. multiple processes.

A program is a static thing - a list of written instructions.
When a program is launched the operating system sets up the environment in which that program will run i.e. it provides the address space in which the program will execute.
Once an address space is set up program execution can begin.
You can think of the process address space as a box in memory to which the process is confined during its lifetime.
A process is the combination of the address space and the activity (or thread) of execution.

Process Life Cycle States
A process can be in one of five life-cycle states.

New: the process is being created but not yet runnable/ready.
Runnable / Ready: the process has all it needs to run, waiting for time on the CPU.
Running: the CPU is running the process program right now.
Waiting / blocked: the program is waiting for some resource, e.g. on data, for a time period to elapse, for a child process to return.
Exit: the process has finished.
Other state models exist.

Question 25

Explain the difference between CPU kernel mode and CPU user mode. What operating system processes run in kernel mode, and why?

Answer 25

User and Kernel
The CPU operates in two modes:

User mode: subset of instructions available.
Kernel mode: all instructions available. Also known as system or monitor mode.
In user mode, the CPU can execute only a subset of its instruction set; the dangerous instructions that might crash the machine are disallowed for security reasons.

In kernel mode no such restriction applies; the full instruction set, including dangerous instructions, is available to the CPU.

Kernel Mode
When the interrupt occurs the kernel takes over and the CPU switches to kernel mode.
The kernel looks up how to handle interrupt number 0x80 in its Interrupt Descriptor Table (IDT).
This leads the kernel to the associated system call handling code.
The kernel then looks up how to handle this particular system call, i.e. read, in its System Call Table (SCT).
The kernel executes the code that handles this system call before returning to continue with the rest of the program.

Privileged Instructions possess the following characteristics :

(i) If any attempt is made to execute a Privileged Instruction in User Mode, then it will not be executed and treated as an illegal instruction. The Hardware traps it in the Operating System.

(ii) Before transferring the control to any User Program, it is the responsibility of the Operating System to ensure that the Timer is set to interrupt. Thus, if the timer interrupts then the Operating System regains the control.
Thus, any instruction which can modify the contents of the Timer is Privileged Instruction.

(iii) Privileged Instructions are used by the Operating System in order to achieve correct operation.

(iv) Various examples of Privileged Instructions include:

I/O instructions and Halt instructions
Turn off all Interrupts
Set the Timer
Context Switching
Clear the Memory or Remove a process from the Memory
Modify entries in the Device-status table

Question 26

Why is programmed I/O an inefficient approach to managing input and output? What is the better solution and why?

Answer 26

Programmed I/O
The simplest approach to performing I/O is known as programmed I/O; this is where the CPU does all the I/O work. For example, reading 1 MB of data from the disk using programmed I/O happens like this:

CPU issues a READ command to the device.
CPU reads the status register
if status != READY then goto 2.
CPU reads byte from data register.
CPU stores byte in main memory.
if not done goto 1.
Problems with Programmed I/O
The repeated polling of device status register is inefficient and wastes CPU cycles.
The device has no way of attracting the CPU’s attention; this means that the CPU must poll all devices to check if they have something interesting to say, e.g. to check if the network card has received any new packets.
A more sophisticated approach to I/O is required that allows devices to alert the CPU when they require attention.
The way a device alerts the CPU is by generating an interrupt; this more efficient approach is called interrupt-driven I/O.
Decoupling of I/O and computation was a major advance for operating systems.

Interrupt-Driven I/O
In this case, when a device needs attention:

It alerts the CPU with an interrupt.
The CPU finishes executing the current instruction.
The CPU saves its current context.
The CPU asks the interrupting device to identify itself and acknowledges the interrupt so that the device can stop interrupting.
The CPU runs the interrupt service routine of the corresponding device.
The saved context is restored and the CPU continues from where it left off before being interrupted.

Question 27

Linux is written mostly using C and Assembly languages. Why was C used? Why was Linux not built entirely using Assembly?

Answer 27

Assembly is not portable to different CPU architectures.

Linux is.

Therefore, the kernel contains the minimum possible assembly code, usually wrapped in C so it looks like ordinary C at the use site.

Question 28

Describe and show how you can start a new process with C. What does the exec system call do? What is the difference between execs with a p and without a p, e.g. execl and execlp?

Answer 28

There is no exec system call – this is usually used to refer to all the execXX calls as a group. They all do essentially the same thing: loading a new program into the current process, and provide it with arguments and environment variables. The differences are in how the program is found, how the arguments are specified, and where the environment comes from.

The calls with v in the name take an array parameter to specify the argv[] array of the new program. The end of the arguments is indicated by an array element containing NULL.

The calls with l in the name take the arguments of the new program as a variable-length argument list to the function itself. The end of the arguments is indicated by a (char *)NULL argument. You should always include the type cast, because NULL is allowed to be an integer constant, and default argument conversions when calling a variadic function won’t convert that to a pointer.

The calls with e in the name take an extra argument (or arguments in the l case) to provide the environment of the new program; otherwise, the program inherits the current process’s environment. This is provided in the same way as the argv array: an array for execve(), separate arguments for execle().

The calls with p in the name search the PATH environment variable to find the program if it doesn’t have a directory in it (i.e. it doesn’t contain a / character). Otherwise, the program name is always treated as a path to the executable.

FreeBSD 5.2 added another variant: execvP (with uppercase P). This is like execvp(), but instead of getting the search path from the PATH environment variable, it’s an explicit parameter to the function:

Question 29

What is the difference between the fork and exec system calls?

Answer 29

fork starts a new process which is a copy of the one that calls it, while exec replaces the current process image with another (different) one.
Both parent and child processes are executed simultaneously in case of fork() while Control never returns to the original program unless there is an exec() error.

Question 30

In terms of socket programming what is the purpose of the following functions
 bind
 listen
 accept
 read
 write

Question 31

A fork bomb

Answer 31

fork() {
fork | fork &
}
fork

Question 32

Discuss in some detail how you might build a full-stack JavaScript-based web app; what are the essential tools that you might need? What technologies are involved? What are the basic security requirements?

Question 33

We discussed three key principals that are important to secure any system. For each
principal, list two examples that should be considered to ensure that an “Internet
Banking” application is secure

Answer 33

Data confidentiality (C), integrity (I) and availability (A)

Question 34

Explain when a
SQL injection could happen and why the aforementioned security mechanisms
cannot prevent it

Answer 34

To make an SQL Injection attack, an attacker must first find vulnerable user inputs within the web page or web application. A web page or web application that has an SQL Injection vulnerability uses such user input directly in an SQL query. The attacker can create input content. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database.

Treat all user input as untrusted. Any user input that is used in an SQL query introduces a risk of an SQL Injection. Treat input from authenticated and/or internal users the same way that you treat public input.

Question 35

How can program analysis help us to detect a SQL injection vulnerability? Discuss
your answer from both static and dynamic program analysis perspectives

Answer 35

Static analysis analyzes the SQL query sentences of web applications to detect and prevent SQL injection attacks. It also requires rewriting of web applications. The focus of the static analysis method is to validate the user input type in order to reduce the chances of SQL injection attacks rather than detect them

In the case of dynamic analysis, the tool does not need access to the source code at all. A DAST tool simulates an end-user and has access to exactly the same resources as the end-user. It analyzes runtime web application security using HTTP requests, links, forms, etc. This means that a DAST tool is completely independent of the programming languages that your applications use and only needs to support client-side technologies. However, it can only analyze parts that are accessible to the user.

For example, when you scan a web application for SQL Injections using dynamic analysis, the tool behaves like an automated penetration tester. It enters data in web forms and creates malformed requests to try to exploit your application. When it succeeds, it shows you how it was done. The downside is that it cannot show you the exact line of code which caused the security vulnerability, so a developer may need more time to find the error. If a dynamic analysis tool is not built using efficient technologies, it may take quite some time to work because it needs to analyze multiple execution paths. It will also not help you in any way with coding standards and code quality in general.

Question 36

In software, is it possible for a running process to access any memory location?

Question 37

When a process starts, what steps do you think modern operating systems take to maintain security?

Answer 37

System Integrity
Build production systems from a known and repeatable process to ensure the system integrity.
Check systems periodically against snapshots of the original system.
Use available third-party auditing software to check the system integrity.
Back up the system resources on a regular basis.

Question 38

What is a process address space? In your explanation detail the role of each of the
following:
* stack
* heap
* data
* text

Answer 38

Process Address Space
Isolating each process in its address space - a region in primary memory - is useful because:

One process cannot access the memory used by another process.
If a process goes haywire it can only crash itself.
From the process’ point of view, it has complete control of the (virtual) machine.
Process in Memory
A process inhabits a space in memory with these components:

    	Stack
        -----
    	Heap
    	-----
    	Data
    	-----
    	Text
    	-----

Components of a Process in Memory
A process inhabits a space in memory with these components:

Text contains the code.
Data is global static data to be used by the process.
The heap supports dynamic memory requirements, i.e. variables assigned values on the fly during execution.
The stack is used by the process to store return addresses, temporarily saved registers, local variables and similar things.

Question 39

Explain what is the role of the compiler in C programming?

Answer 39

Compilers analyze and convert source code written in languages such as Java, C++, C# or Swift. They’re commonly used to generate machine code or bytecode that can be executed by the target host system.