CS 6262 Exam Questions with Correct Answers Latest Update 2025-2026
A bug is different from a vulnerability in that a bug can be exploited and a vulnerability cannot -
Answers False
Which of the following are memory corruption vulnerabilities? - Answers Stack Overflow
Use after Free
What is the difference between a vulnerability and a control flow hijack - Answers The hijack is a
way you can exploit a vulnerability
A __________ attack is a type of ____________. The ROP is used because the code many not
contain many useful gadgets - Answers 1. ROP
2. Return to Libc
What method do you use to protect from a return to libc attack - Answers ASLR
Stack canaries must be a random value every time so that they are not easily guessed or found -
Answers True
What cant CFI protect against - Answers Format string attack
Select two methods for software fault isolation - Answers Sandboxing
Segment matching
A memory violation involves only a pointer that points out of bounds - Answers False
Select the analysis method that can be sound in some cases - Answers Static Analysis
A sound but incomplete analysis will create the following conditions - Answers Reports all
errors
Reports some false positives
Comparing patterns in the code against a databsae is called ____________. This can detect errors
such as __________ or _____________ - Answers Syntactic Analysis
Typos
Poor use of APIs
If some variable y does not rely on some variable x and variable x is defined by user input, then y
is not tainted - Answers False
The difference between regression testing and fuzzing is - Answers Regression tests use
normal inputs while fuzzing tests with abnormal inputs
, The advantages of mutation-based fuzzing include being really easy to set up and complete -
Answers True
What are the steps for fuzzing - Answers 1. Input generation
2. Input injection
3. Bug detection
The perturbing technique that relies on injecting boundary values such as -1 or o is called -
Answers Interest
Number the setps in the malware analysis pipeline starting from when you receive the malware -
Answers 1. Malware received
2. Core analysis engine
3. Information extractor engine
4. Execution in lab environment
5. Automatic Defense Modeling
What are some techniques malware authors use to prevent their malware from being analyzed -
Answers Debug flag detection
VM detection
Code packing
What API do we assign the most weight to when looking for basic blocks that are dispatchers
during static analysis - Answers Network related
We use hybrid analysis because we want to - Answers Find the correct command to trigger the
malware
How can you prevent malware from communicating with the C&C server during execution -
Answers Set up a virtual DNS
The mixed analysis engine find all the paths in the program by creating formulae based on path
conditions - Answers False
Please order the following steps in the cyber kill chain model - Answers Recon
Weaponization
Delivery
Exploitation
A bug is different from a vulnerability in that a bug can be exploited and a vulnerability cannot -
Answers False
Which of the following are memory corruption vulnerabilities? - Answers Stack Overflow
Use after Free
What is the difference between a vulnerability and a control flow hijack - Answers The hijack is a
way you can exploit a vulnerability
A __________ attack is a type of ____________. The ROP is used because the code many not
contain many useful gadgets - Answers 1. ROP
2. Return to Libc
What method do you use to protect from a return to libc attack - Answers ASLR
Stack canaries must be a random value every time so that they are not easily guessed or found -
Answers True
What cant CFI protect against - Answers Format string attack
Select two methods for software fault isolation - Answers Sandboxing
Segment matching
A memory violation involves only a pointer that points out of bounds - Answers False
Select the analysis method that can be sound in some cases - Answers Static Analysis
A sound but incomplete analysis will create the following conditions - Answers Reports all
errors
Reports some false positives
Comparing patterns in the code against a databsae is called ____________. This can detect errors
such as __________ or _____________ - Answers Syntactic Analysis
Typos
Poor use of APIs
If some variable y does not rely on some variable x and variable x is defined by user input, then y
is not tainted - Answers False
The difference between regression testing and fuzzing is - Answers Regression tests use
normal inputs while fuzzing tests with abnormal inputs
, The advantages of mutation-based fuzzing include being really easy to set up and complete -
Answers True
What are the steps for fuzzing - Answers 1. Input generation
2. Input injection
3. Bug detection
The perturbing technique that relies on injecting boundary values such as -1 or o is called -
Answers Interest
Number the setps in the malware analysis pipeline starting from when you receive the malware -
Answers 1. Malware received
2. Core analysis engine
3. Information extractor engine
4. Execution in lab environment
5. Automatic Defense Modeling
What are some techniques malware authors use to prevent their malware from being analyzed -
Answers Debug flag detection
VM detection
Code packing
What API do we assign the most weight to when looking for basic blocks that are dispatchers
during static analysis - Answers Network related
We use hybrid analysis because we want to - Answers Find the correct command to trigger the
malware
How can you prevent malware from communicating with the C&C server during execution -
Answers Set up a virtual DNS
The mixed analysis engine find all the paths in the program by creating formulae based on path
conditions - Answers False
Please order the following steps in the cyber kill chain model - Answers Recon
Weaponization
Delivery
Exploitation
