PLP Final

Question 1

What does dynamic linking mean?

Answer 1

Dynamic linking means that there is no link phase at compile time. Classes that refer to each other are resolved at runtime

Question 2

What are the 5 features of java?

Answer 2

Object-oriented
Multi-threaded
Strongly typed
Exception handling
Garbage handling(objects no longer in use are automatically removed)

Question 3

What is a native method?

Answer 3

A java method whose implementation is also written in another programming language

Question 4

What is the primordial class loader?

Answer 4

Loads trusted classes(systems classes which are on the boot class path) into the JVM

Question 5

What are native methods needed for?

Answer 5

Methods needed to access some of the underlying OS functions. Once loaded, they are stored in the native method area

Question 6

What is the execution engine

Answer 6

A virtual processor that executes bytecode. Performs memory management

Question 7

What is the JIT - Just in time compiler

Answer 7

Translates bytecode into native code as needed. This happens after the class has been loaded and verified. Has performance overhead

Question 8

What is the sandbox?

Answer 8

The java security model in which java programs can run safely without risk to the system or other users. Restricted what downloaded code could do.

Question 9

What did the JDK 1.0 sandbox allow

Answer 9

Trusted code could run without any restrictions. Untrusted code could not access files, and only socket connections to the applets origin server were allowed

Question 10

What verifies a signed applet

Answer 10

Certificate authority servers

Question 11

What is a policy file?

Answer 11

A configuration file used by the JRE to determine permissions for each program

Question 12

What is fine grained access control?

Answer 12

Allows every code access to system resources based on the definition in the policy file

Question 13

What are the three pillars of java security?

Answer 13

1. The security manager - Ensures permissions in policy file are not overridden
2. Class loaders - Establish the protection domain/set of permissions for a loaded class
3. The bytecode verifier - Checks code to ensure that rules arent violated, stack isnt overflowed, no illegal operations, etc.

Question 14

What do cookies add to the http protocol?

Answer 14

State

Question 15

Where does a XSS attack run?

Answer 15

An xss attack runs in client-side code that is executed by a browser

Question 16

What tags does an XSS attack most commonly run in?

Answer 16

Script or Body

Question 17

What is a reflected XSS attack?

Answer 17

An XSS attack in which the malicious script comes from the current HTTP request. Malicious JS is sent as part of the victims request

Question 18

What is a stored XSS attack

Answer 18

An XSS attack in which the malicious script comes from the websites database. When an application receives data from an untrusted source but still includes that data in later HTTP responses

Question 19

What is a DOM-based XSS attack?

Answer 19

An XSS attack where the vulnerability exists in client-side and not server-side code

Question 20

What is same origin policy?

Answer 20

A policy used by a browser to separate mutually untrusted scripts. Created from domain name + protocol + port

Question 21

How to prevent XSS?

Answer 21

Secure input handling - Either encoding or validation.

Question 22

What are encoding and validation?

Answer 22

Encoding escapes user input so the browser interprets it only as data, not code.

Validation filters user input so that any malicious parts are removed

Question 23

What is functional programming?

Answer 23

Functional programming is programming that teats computation as the evaluation of mathematical functions

Question 24

Write a function to check if 1 + 1 = 2 in racket

Answer 24

(=2 (+ 1 1))

Question 25

Equal vs eqv vs eq

Answer 25

Equal works with the most comparisons(like lists), then eqv, then eq.

Question 26

What is read-line vs read?

Answer 26

Read line reads strings. Read can take an input value of any type

Question 27

How are expressions represented in Racket

Answer 27

Expressions are represented as lists

Question 28

What is the first element of every list in racket?

Answer 28

A function. A ‘ mark leading the expressions will tell racket to not treat the leading element as a function

Question 29

What does flatten do in racket

Answer 29

Flatten will compact nested lists into one list

Question 30

What does map do in racket?

Answer 30

Map applies a function to every element in a list and returns a new list with the new values

Question 31

What does filter do in racket?

Answer 31

Filter will create a new list based on a predicate function(such as filter even? number)

Question 32

What does foldl do in racket?

Answer 32

(define numbers ‘(1 2 3 4))
Foldl will apply a binary function to the elements of a list cumulatively. Define product(foldl *1 numbers) = 24

Question 33

What does cons to in racket?

Answer 33

Takes an element and a list and adds the element to the front of the list

Question 34

What does car do in racket

Answer 34

Car retrieves the first element of a list

Question 35

What does cdr do in racket?

Answer 35

cdr retrieves every element except the first from a list

Question 36

What is DEP?

Answer 36

Data execution prevention marks areas of the stack of non-executable, enforced by the NX hardware bit

Question 37

How is DEP circumvented?

Answer 37

DEP is circumvented by using pieces of already existing code to create a sequence of operations to be carried out

Question 38

What does stackguard do?

Answer 38

Stackguard places a canary word before each return address in each stack frame

Question 39

What is a type safe language?

Answer 39

A language that automatically performs array bound checking, such as java

Question 40

What is code randomization in the context of preventing buffer overflows?

Answer 40

Encrypting code and decrypting it before it is run

Question 41

What does control flow integrity do?

Answer 41

It prevents a wide variety of malware attacks from redirecting the flow of execution.
It enforces the integrity of a programs execution flow path.

Question 42

What are the steps of a CFI?

Answer 42

1. Build a CFG at compile time
2. Rewrite the binary with IDs and ID checks at install time
3. Perform ID checks at run time

Question 43

What is the In-line reference monitor

Answer 43

A rewriting of the program by inserting instructions to check if Control Flow Integrity is maintained

Question 44

What is simplest labeling in CFI?

Answer 44

Simplest labeling uses the same label for every function. This prevents calls to functions outside of scope, however a function can return to an unintended function in the scope