Secure coding practices week 4 practice

Order Description

Question 1

Which of the following is NOT a question to ask about what you are assuming about each library function's actions?

  • What assumptions does the library function make?
  • What information does the library function obtain from the environment and servers?
  • Who wrote the library function?
  • Does the library function do what the manual says?


Question 2

Assuming p is a pointer variable, why is the statement "p = malloc(-128);" poor programming?

  • This will allocate a very large amount of space.
  • Allocating a negative amount of space frees that many bytes, so "free(p);" should be used instead
  • It is invalid and will give a compile-time error
  • You can't allocate negative amounts of space.


Question 3

Which of the following is NOT a question about what users or remote servers will be supplying that is relevant to secure programming?

  • What certifications does the user or remote server have?
  • What am I assuming about the environment?
  • What happens if what the user or server supplies is bogus?
  • How can I check what the user or server is supplying for validity?


Question 4

Which of the following should you AVOID whenever possible?


Passing pointers through a parameter list

Passing signed integers through a parameter list

Checking arguments passed through an interface are valid

Passing unsigned integers through a parameter list


Question 5

Which of the following is NOT a language used to state specifications for formal methods?

  • HOL
  • C
  • Z


Question 6

Which principle of secure design does stepwise refinement follow?

  • Principle of least common mechanism, because the modules do not share information
  • Principle of fail-safe defaults, because if one module fails, the rest can compensate for the failure.
  • Principle of economy of mechanism, as each module performs one task
  • Principle of open design, as you can publish the details of the refinement


Question 7

When you write a secure program, the goals must be __________.

  • stated clearly and unambiguously
  • written in clear English
  • attainable regardless of the system on which the program is written
  • specified in a mathematical or logical language