CS6262 Questions and Answers
A bug is different from a vulnerability in that a bug can be exploited and a vulnerability
cannot - Correct Answers -False
Which of the following are memory corruption vulnerabilities? - Correct Answers -Stack
Overflow
Use after Free
What is the difference between a vulnerability and a control flow hijack - Correct
Answers -The hijack is a way you can exploit a vulnerability
A __________ attack is a type of ____________. The ROP is used because the code
many not contain many useful gadgets - Correct Answers -1. ROP
2. Return to Libc
What method do you use to protect from a return to libc attack - Correct Answers -ASLR
Stack canaries must be a random value every time so that they are not easily guessed
or found - Correct Answers –True
The constructed model can inform decisions on how to find ________ is based on
extracted features - Correct Answers -More features
A _______ is useful for sentence completion, while a ________ is more useful for
image recognition - Correct Answers -RNN
CNN
Why is it hard to detect that a deep learning model was fooled - Correct Answers --
Complicated math is involved with how outputs are mapped to inputs
- The generated model is rarely human readable
Adding malicious inputs into the training data can help the deep learning model learn to
disregard malicious inputs of the same type - Correct Answers -True
Why does compressing the image into a JPEG help remove perturbations - Correct
Answers -Perturbations are usually high frequency data that gets filtered out during
compression
What cant CFI protect against - Correct Answers -Format string attack
Select two methods for software fault isolation - Correct Answers -Sandboxing
, Segment matching
A memory violation involves only a pointer that points out of bounds - Correct Answers -
False
Select the analysis method that can be sound in some cases - Correct Answers -Static
Analysis
A sound but incomplete analysis will create the following conditions - Correct Answers -
Reports all errors
Reports some false positives
Comparing patterns in the code against a databsae is called ____________. This can
detect errors such as __________ or _____________ - Correct Answers -Syntactic
Analysis
Typos
Poor use of APIs
If some variable y does not rely on some variable x and variable x is defined by user
input, then y is not tainted - Correct Answers -False
The difference between regression testing and fuzzing is - Correct Answers -Regression
tests use normal inputs while fuzzing tests with abnormal inputs
The advantages of mutation-based fuzzing include being really easy to set up and
complete - Correct Answers -True
What are the steps for fuzzing - Correct Answers -1. Input generation
2. Input injection
3. Bug detection
The perturbing technique that relies on injecting boundary values such as -1 or o is
called - Correct Answers -Interest
Number the setps in the malware analysis pipeline starting from when you receive the
malware - Correct Answers -1. Malware received
2. Core analysis engine
3. Information extractor engine
4. Execution in lab environment
5. Automatic Defense Modeling
What are some techniques malware authors use to prevent their malware from being
analyzed - Correct Answers -Debug flag detection
VM detection
Code packing
A bug is different from a vulnerability in that a bug can be exploited and a vulnerability
cannot - Correct Answers -False
Which of the following are memory corruption vulnerabilities? - Correct Answers -Stack
Overflow
Use after Free
What is the difference between a vulnerability and a control flow hijack - Correct
Answers -The hijack is a way you can exploit a vulnerability
A __________ attack is a type of ____________. The ROP is used because the code
many not contain many useful gadgets - Correct Answers -1. ROP
2. Return to Libc
What method do you use to protect from a return to libc attack - Correct Answers -ASLR
Stack canaries must be a random value every time so that they are not easily guessed
or found - Correct Answers –True
The constructed model can inform decisions on how to find ________ is based on
extracted features - Correct Answers -More features
A _______ is useful for sentence completion, while a ________ is more useful for
image recognition - Correct Answers -RNN
CNN
Why is it hard to detect that a deep learning model was fooled - Correct Answers --
Complicated math is involved with how outputs are mapped to inputs
- The generated model is rarely human readable
Adding malicious inputs into the training data can help the deep learning model learn to
disregard malicious inputs of the same type - Correct Answers -True
Why does compressing the image into a JPEG help remove perturbations - Correct
Answers -Perturbations are usually high frequency data that gets filtered out during
compression
What cant CFI protect against - Correct Answers -Format string attack
Select two methods for software fault isolation - Correct Answers -Sandboxing
, Segment matching
A memory violation involves only a pointer that points out of bounds - Correct Answers -
False
Select the analysis method that can be sound in some cases - Correct Answers -Static
Analysis
A sound but incomplete analysis will create the following conditions - Correct Answers -
Reports all errors
Reports some false positives
Comparing patterns in the code against a databsae is called ____________. This can
detect errors such as __________ or _____________ - Correct Answers -Syntactic
Analysis
Typos
Poor use of APIs
If some variable y does not rely on some variable x and variable x is defined by user
input, then y is not tainted - Correct Answers -False
The difference between regression testing and fuzzing is - Correct Answers -Regression
tests use normal inputs while fuzzing tests with abnormal inputs
The advantages of mutation-based fuzzing include being really easy to set up and
complete - Correct Answers -True
What are the steps for fuzzing - Correct Answers -1. Input generation
2. Input injection
3. Bug detection
The perturbing technique that relies on injecting boundary values such as -1 or o is
called - Correct Answers -Interest
Number the setps in the malware analysis pipeline starting from when you receive the
malware - Correct Answers -1. Malware received
2. Core analysis engine
3. Information extractor engine
4. Execution in lab environment
5. Automatic Defense Modeling
What are some techniques malware authors use to prevent their malware from being
analyzed - Correct Answers -Debug flag detection
VM detection
Code packing
