Secure coding practices week 4 practice

Question 1

Which of the following is NOT a question to ask about what you are assuming about each library function's actions?

What assumptions does the library function make?
What information does the library function obtain from the environment and servers?
Who wrote the library function?
Does the library function do what the manual says?

Question 2

Assuming p is a pointer variable, why is the statement "p = malloc(-128);" poor programming?

This will allocate a very large amount of space.
Allocating a negative amount of space frees that many bytes, so "free(p);" should be used instead
It is invalid and will give a compile-time error
You can't allocate negative amounts of space.

Question 3

Which of the following is NOT a question about what users or remote servers will be supplying that is relevant to secure programming?

Question 4

Which of the following should you AVOID whenever possible?

Passing pointers through a parameter list

Passing signed integers through a parameter list

Checking arguments passed through an interface are valid

Passing unsigned integers through a parameter list

Question 5

Which of the following is NOT a language used to state specifications for formal methods?

Question 6

Which principle of secure design does stepwise refinement follow?

Principle of least common mechanism, because the modules do not share information
Principle of fail-safe defaults, because if one module fails, the rest can compensate for the failure.
Principle of economy of mechanism, as each module performs one task
Principle of open design, as you can publish the details of the refinement

Question 7

When you write a secure program, the goals must be __________.