Mod 5

Question 1

What component translates source code to object code?

Answer 1

compiler

Question 2

What component creates the executable bundle?

Answer 2

linker

Question 3

What component loads the executable bundle into memory at runtime?

Answer 3

loader

Question 4

List 4 loader responsiblities

Answer 4

Load program into memory,
Resolve dynamic libraries,
Set up the execution environment,
Transfer control to the program

Question 5

Define intermediate representation (IR)

Answer 5

an abstract machine language used by compilers to translate source code to a machine independent code

Question 6

Define bytecode

Answer 6

a form of intermediate representation designed for efficient execution by a vm or software interpreter

Question 7

Define kernel

Answer 7

the core component of the OS, that handles the management of low-level hardware resources like: memory, processors, and I/O devices

Question 8

How do applications communicate with low-level hardware?

Answer 8

Indirectly, by delegating taks to the kernel via system calls.

Question 9

Define process

Answer 9

instance of a program that is currently running

Question 10

What component is responsible for setting up the runtime environment for all processes executing on the system?

Answer 10

operating system

Question 11

Name the three areas of memory layout

Answer 11

Program code section,
Program data section,
Program stack section

Question 12

Which area of memory layout stores executable program instructions for execution by the CPU?

Answer 12

Program code section

Question 13

Which area of memory layout stores program variables that aren’t local to functions, such as global and static variables?

Answer 13

Program data section

Question 14

Which area of memory layout contains the heap?

Answer 14

Program data section

Question 15

Define heap

Answer 15

a dynamic memory region for storing dynamically allocated variables

Question 16

Which area of memory layout stores currently executing functions and keeps track of the chain of function calls?

Answer 16

Program stack section

Question 17

What causes exception?

Answer 17

Internal errors in java virtual machine

Question 18

Java methods must advertise exceptions they throw. How do they do this?

Answer 18

Requires the caller to either handle the exception with a try block, or state their method can throw the same exception

Question 19

What are the 7 best practices for handling exceptions?

Answer 19

1. Use exceptions for exceptional circumstances
2. Use finally to clean up resource usage
3. Resolve problem as close as possible to where problem occurs
4. Don’t Bury (Swallow) Exceptions
5. Do overzealous exception handling!
6. Don’t do overzealous try blocks!
7. Provide meaningful messages

Question 20

How can we monitor our OS?

Answer 20

1. Check your logs frequently
2. Scan your processes frequently
3. Scan your filesystem frequently

Question 21

What’s one of the most common methods used to uniquely identify malware?

Answer 21

Hashing / Checksumming

Question 22

Define dynamic analysis

Answer 22

monitored execution of a program

Question 23

Does dynamic analysis cover the entire code?

Answer 23

No, not all paths are explored

Question 24

List dynamic analysis techniques

Answer 24

advanced tools,
debuggers,
run-time analyzers,
string analyzers,
trace programs

Question 25

Define debugger

Answer 25

hardware/software used to test or examine the execution of another program

Question 26

What two formats are used to store strings?

Answer 26

ASCII and Unicode

Question 27

Define process injection attacks

Answer 27

when a program spawns a process (another program) via a system call

Question 28

How can you defend against injection attacks?

Answer 28

Sanitize input data

Question 29

What is the most common type of injection attack?

Answer 29

SQL injection

Question 30

What is the most common, most successful type of attack?

Answer 30

Injection attacks

Question 31

''='' will always return...

Answer 31

true. you use it like: 'password' OR ''=''

Question 32

If the developer fails to include checks to whether an input stirng fits into a buffer array, or not, this can lead to which type of attack?

Answer 32

Buffer Overflow attack

Question 33

List 5 ways to mitigate buffer overflow

Answer 33

Stack canaries, Non-executable memory, Compiler-based techniques, Address Space Layout Randomization (ASLR), Secure programming practices

Question 34

Define canaries

Answer 34

Used for stack-based overflows ONLY. Sacrificial node placed in the stack prior to the return address, so that any attempt to overwrite the return address overwrites the node instead. There are 3 types: - Terminator - Random - Random XOR

Question 35

Define non-executable memory

Answer 35

Non-executable stack protection introduces an NX bit that is 'never executed'

Question 36

What compiler-based techniques are used to mitigate buffer overflow?

Answer 36

Bounds checking and Stack cookies

Question 37

Define bounds checking

Answer 37

compiler-based technique that adds run-time bounds information for each allocated block of memory

Question 38

Define stack cookies

Answer 38

protection code that is automatically inserted at compilation, that reorders local variables to place buffers after pointers, copy pointers in function arguments to an area preceding local variable buffers, and omit instrumentation code from functions

Question 39

Define Address Space Layout Randomization (ASLR)

Answer 39

prevents an attacker from reliably jumping to a particular exploited function in memory

Question 40

List the discussed "better programming strategies" for mitigating buffer overflow

Answer 40

Use strongly typed & managed emmory languages. Handle strings carefully.

Question 41

What dynamic analysis technique allows line by line inspection, but can only go through a specific path in code?

Answer 41

Debuggers

Question 42

What dynamic analysis technique allows you to track system calls and resource usage but requires detailed knowlege of assembly and operating environment?

Answer 42

Runtime analyzers and trace programs

Question 43

What dynamic analysis technique can help determine if malware has packed or obfuscated embedded malicious code?

Answer 43

String analyzer

Question 44

What dynamic analysis technique can determine hotspots in code and computational footprints?

Answer 44

Call graphs and profilers

Question 45

Define java security manager

Answer 45

A pessimistic mechanism in Java that requires the deployer to whitelist allowable operations for scoped code on specific data

Question 46

Define sanitization

Answer 46

The process of cleaning input data to prevent injection attacks

Question 47

(T/F) Larger try blocks with many stacked catch blocks of different types is best practice as it surrounds the entire method in safety and is more readable.

Answer 47

False

Question 48

Define checked exception

Answer 48

A typed exception in Java that has to be caught or thrown to the caller (declared in the method signature)