CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 334
1. Which of the following measures can effectively minimize the possibility of buffer overflows?
A) Sufficient bounds checking
B) Sufficient memory
C) Sufficient processing capability
D) Sufficient code injection
E) None of the choices
2. Which of the following types of attack makes use of unfiltered user input as the format string parameter in the print () function of the C language?
A) buffer overflows
B) format string vulnerabilities
C) integer overflow
D) code injection
E) command injection
F) None of the choices.
3. Which of the following kinds of function are particularly vulnerable to format string attacks?
A) C functions that perform output formatting
B) C functions that perform integer computation
C) C functions that perform real number subtraction
D) VB functions that perform integer conversion
E) SQL functions that perform string conversion
F) SQL functions that perform text conversion
4. Integer overflow occurs primarily with:
A) string formatting
B) debug operations
C) output formatting
D) input verifications
E) arithmetic operations
F) None of the choices.
5. Which of the following types of attack works by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs?
A) format string vulnerabilities
B) integer overflow
C) code injection
D) command injection
E) None of the choices.
A) Sufficient bounds checking
B) Sufficient memory
C) Sufficient processing capability
D) Sufficient code injection
E) None of the choices
2. Which of the following types of attack makes use of unfiltered user input as the format string parameter in the print () function of the C language?
A) buffer overflows
B) format string vulnerabilities
C) integer overflow
D) code injection
E) command injection
F) None of the choices.
3. Which of the following kinds of function are particularly vulnerable to format string attacks?
A) C functions that perform output formatting
B) C functions that perform integer computation
C) C functions that perform real number subtraction
D) VB functions that perform integer conversion
E) SQL functions that perform string conversion
F) SQL functions that perform text conversion
4. Integer overflow occurs primarily with:
A) string formatting
B) debug operations
C) output formatting
D) input verifications
E) arithmetic operations
F) None of the choices.
5. Which of the following types of attack works by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs?
A) format string vulnerabilities
B) integer overflow
C) code injection
D) command injection
E) None of the choices.
1. Right Answer: A
Explanation: Buffer overflows may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows.
2. Right Answer: B
Explanation: Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as print (). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.
3. Right Answer: A
Explanation: Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as print (). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.
4. Right Answer: E
Explanation: An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. On some processors the result saturates - once the maximum value is reached attempts to make it larger simply return the maximum result.
5. Right Answer: C
Explanation: Code injection is a technique to introduce code into a computer program or system by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs.
Explanation: Buffer overflows may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows.
2. Right Answer: B
Explanation: Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as print (). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.
3. Right Answer: A
Explanation: Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as print (). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.
4. Right Answer: E
Explanation: An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. On some processors the result saturates - once the maximum value is reached attempts to make it larger simply return the maximum result.
5. Right Answer: C
Explanation: Code injection is a technique to introduce code into a computer program or system by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment