FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 11: Software Security

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 21

Short Answer

Review LaterAdd Note

Review Later

If privileges are greater than those already available to the attacker the result is a _________.

Correct Answer

verified

privilege ...

View Answer

Show Answer

Question 22

Short Answer

Review LaterAdd Note

Review Later

The process of transforming input data that involves replacing alternate, equivalent encodings by one common value is called _________.

Correct Answer

verified

Show Answer

Question 23

Short Answer

Review LaterAdd Note

Two key areas of concern for any input are the _______ of the input and the meaning and interpretation of the input.

UNIX related systems provide the chroot system function to limit a program's view of the file system to just one carefully configured section that is known as a ________.

"Improper Access Control (Authorization) " is in the _________ software errorcategory.

A ________ is a pattern composed of a sequence of characters that describe allowable input variants.

To prevent XSS attacks any user supplied input should be examinedand any dangerous code removed or escaped to block its execution.

_________ attacks are most commonly seen in scripted Web applications.

Key issues from a software security perspective are whether theimplemented algorithm correctly solves the specified problem, whether the machine instructions executed correctly represent the high level algorithm specification, and whether the manipulation of data values in variables is valid and meaningful.

A stead reduction in memory available on the heap to the point where it is completely exhausted is known as a ________.

Program input data may be broadly classified as textual or ______.

_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file, ensuring that each process has appropriate access in turn.

"Incorrect Calculation of Buffer Size" is in the __________ software error category.

A number of widely used standard C _________ compound the problem of buffer overflow by not providing any means of limiting the amount of data transferred to the space available in the buffer.

An ASCII character can be encoded as a 1 to 4 byte sequence usingthe UTF-8 encoding.

A _______ attack is where the input includes code that is then executed by the attacked system.

The principle of ________ strongly suggests that programs should execute with the least amount of privileges needed to complete their function.

Defensive programming is sometimes referred to as _________.

Incorrect handling of program _______ is one of the most common failings insoftware security.