1. What is a buffer overflow?
A) A situation where data overwrites adjacent memory due to insufficient bounds checking
B) A method to optimize memory allocation
C) A technique to prevent memory corruption
D) A way to improve CPU performance
β Answer: A) A situation where data overwrites adjacent memory due to insufficient bounds checking
π‘ Explanation: A buffer overflow occurs when more data is written to a buffer than it can hold, leading to memory corruption, potential crashes, and security vulnerabilities. Proper bounds checking is necessary to prevent such issues.
2. Which of the following functions is considered unsafe due to buffer overflow risks?
A) strncpy()
B) strcpy()
C) fgets()
D) memmove()
β Answer: B) strcpy()
π‘ Explanation: strcpy() does not check buffer limits, which can lead to buffer overflows if the source string is larger than the destination buffer. fgets() and strncpy() include mechanisms to prevent overflows.
3. What is a stack canary?
A) A security measure that detects buffer overflows by placing a known value before return addresses
B) A memory optimization technique
C) A compiler optimization to reduce function call overhead
D) A way to speed up program execution
β Answer: A) A security measure that detects buffer overflows by placing a known value before return addresses
π‘ Explanation: Stack canaries are special values placed in memory before return addresses. If an overflow occurs, the canary value is altered, allowing detection and mitigation of attacks.
4. Which of the following memory-safe languages can help prevent buffer overflows?
A) C
B) Rust
C) Assembly
D) COBOL
β Answer: B) Rust
π‘ Explanation: Rust provides strict memory safety guarantees through its ownership model, preventing buffer overflows at compile time. C and Assembly do not offer such protections.
5. What compiler flag in GCC enables stack protection against buffer overflows?
A) -O2
B) -fstack-protector
C) -Wall
D) -ffast-math
β Answer: B) -fstack-protector
π‘ Explanation: The -fstack-protector flag enables stack protection mechanisms such as stack canaries, helping detect and mitigate buffer overflow attacks.
6. Which of the following is an effective way to prevent buffer overflows in C?
A) Using dynamic memory allocation without checking boundaries
B) Using strncpy() instead of strcpy()
C) Using gets() for input handling
D) Avoiding input validation
β Answer: B) Using strncpy() instead of strcpy()
π‘ Explanation: strncpy() allows specifying a maximum number of characters to copy, reducing overflow risks. Avoiding functions like gets() and ensuring input validation are also key practices.
7. What is Address Space Layout Randomization (ASLR)?
A) A technique to randomize memory addresses to make exploitation harder
B) A method to optimize stack usage
C) A debugging tool to detect segmentation faults
D) A compiler setting that speeds up execution
β Answer: A) A technique to randomize memory addresses to make exploitation harder
π‘ Explanation: ASLR randomizes memory addresses of stack, heap, and libraries, making it difficult for attackers to predict addresses for buffer overflow exploits.
8. What does DEP (Data Execution Prevention) do?
A) Prevents execution of code in non-executable memory regions
B) Allows execution of shellcode on the stack
C) Optimizes memory allocation
D) Increases CPU speed
β Answer: A) Prevents execution of code in non-executable memory regions
π‘ Explanation: DEP ensures that memory regions intended for data storage (e.g., stack and heap) cannot be executed, blocking many buffer overflow exploits.
9. Which of the following functions is considered unsafe and should be avoided?
A) fgets()
B) snprintf()
C) gets()
D) strncpy()
β Answer: C) gets()
π‘ Explanation: gets() reads user input without bounds checking, making it extremely vulnerable to buffer overflows. It has been removed from newer versions of C.
10. Which mechanism helps enforce safe memory operations in Rust?
A) Pointer arithmetic
B) Ownership and borrowing system
C) Manual memory management
D) Unchecked array access
β Answer: B) Ownership and borrowing system
π‘ Explanation: Rust enforces strict memory safety through its ownership system, preventing buffer overflows and other memory-related vulnerabilities.
11. What does the -Wstack-protector flag do in GCC?
A) Enables stack canary protection
B) Disables stack protection
C) Increases execution speed
D) Disables compiler warnings
β Answer: A) Enables stack canary protection
π‘ Explanation: This flag enables stack protection against buffer overflows by inserting canary values.
12. What is the purpose of Stack Smashing Protection (SSP)?
A) Prevents stack-based buffer overflows
B) Optimizes CPU cycles
C) Disables ASLR
D) Enables faster memory allocation
β Answer: A) Prevents stack-based buffer overflows
π‘ Explanation: SSP (Stack Smashing Protection) adds security checks to prevent buffer overflows from modifying return addresses.
13. What is a common indicator of a buffer overflow attack?
A) Unexpected crashes or segmentation faults
B) Faster execution times
C) Reduced memory consumption
D) Increased CPU performance
β Answer: A) Unexpected crashes or segmentation faults
π‘ Explanation: Buffer overflows often corrupt memory, leading to segmentation faults or crashes.
14. What is the safest way to handle user input in C?
A) Using gets()
B) Using scanf() without length specifiers
C) Using fgets() with buffer size limits
D) Using strcpy()
β Answer: C) Using fgets() with buffer size limits
π‘ Explanation: fgets() allows specifying a maximum buffer size, preventing overflows.
15. Which OS security feature helps prevent stack overflow exploits?
A) DEP
B) Multithreading
C) Faster memory allocation
D) Page swapping
β Answer: A) DEP
π‘ Explanation: DEP prevents execution of injected shellcode in non-executable memory.
16. What happens if an attacker successfully exploits a buffer overflow?
A) They may gain unauthorized code execution
B) The program runs faster
C) Memory usage decreases
D) The system improves efficiency
β Answer: A) They may gain unauthorized code execution
π‘ Explanation: Exploiting buffer overflows can lead to arbitrary code execution, privilege escalation, or system compromise.
17. Which language is least prone to buffer overflows?
A) C
B) Python
C) Assembly
D) C++
β Answer: B) Python
π‘ Explanation: Python handles memory management automatically, reducing overflow risks.
18. Which memory-safe function should be used to copy strings securely?
A) strcpy()
B) gets()
C) snprintf()
D) strcat()
β Answer: C) snprintf()
π‘ Explanation: snprintf() allows specifying a maximum buffer size, preventing overflows.
19. What is the best defense against buffer overflows?
A) Using secure coding practices
B) Disabling ASLR
C) Using gets() for input
D) Ignoring compiler warnings
β Answer: A) Using secure coding practices
π‘ Explanation: Writing memory-safe code, enabling compiler security flags, and avoiding unsafe functions help prevent buffer overflows.
20. Which tool can detect buffer overflow vulnerabilities in code?
A) Valgrind
B) GCC
C) Makefile
D) Git
β Answer: A) Valgrind
π‘ Explanation: Valgrind helps detect memory-related issues, including buffer overflows.
21. What is Return-Oriented Programming (ROP)?
A) A memory optimization technique
B) An exploit that bypasses non-executable memory protections
C) A method to speed up function calls
D) A debugging tool
β Answer: B) An exploit that bypasses non-executable memory protections
π‘ Explanation: ROP is an advanced exploitation technique that chains small snippets of existing executable code (called “gadgets”) to perform arbitrary operations without injecting new code.
22. Which memory area is most commonly affected by a stack-based buffer overflow?
A) Heap
B) Stack
C) Code segment
D) Data segment
β Answer: B) Stack
π‘ Explanation: Stack-based buffer overflows occur when data written beyond a buffer in stack memory overwrites return addresses, function pointers, or local variables.
23. What type of vulnerability occurs when unvalidated input is written beyond a bufferβs boundaries?
A) Integer overflow
B) Buffer overflow
C) SQL injection
D) Cross-site scripting
β Answer: B) Buffer overflow
π‘ Explanation: Buffer overflows occur when user input exceeds allocated memory, potentially leading to system crashes or exploitation.
24. Which of the following techniques does NOT help in mitigating buffer overflows?
A) ASLR
B) DEP
C) Stack canaries
D) Using gets()
β Answer: D) Using gets()
π‘ Explanation: The gets() function is inherently unsafe as it does not perform bounds checking, making it vulnerable to buffer overflow attacks.
25. What happens when a buffer overflow overwrites the return address of a function?
A) The program terminates safely
B) The function executes normally
C) Control flow can be hijacked by an attacker
D) The CPU automatically corrects the address
β Answer: C) Control flow can be hijacked by an attacker
π‘ Explanation: If an attacker can overwrite the return address, they can redirect execution to malicious code, leading to arbitrary code execution.
26. Which modern C function helps prevent buffer overflows?
A) strcpy_s()
B) gets()
C) strcat()
D) memcpy()
β Answer: A) strcpy_s()
π‘ Explanation: strcpy_s() is a safer alternative to strcpy() as it requires a buffer size parameter, preventing overflows.
27. What is the purpose of SafeSEH in Windows systems?
A) Prevents buffer overflows in kernel mode
B) Protects Structured Exception Handlers (SEH) from being overwritten by attackers
C) Increases system performance
D) Detects integer overflows
β Answer: B) Protects Structured Exception Handlers (SEH) from being overwritten by attackers
π‘ Explanation: SafeSEH ensures that only valid exception handlers can be executed, mitigating buffer overflow exploits targeting SEH.
28. Which buffer overflow attack technique uses heap memory instead of stack memory?
A) Stack smashing
B) Heap overflow
C) Return-oriented programming
D) Integer overflow
β Answer: B) Heap overflow
π‘ Explanation: Heap overflows exploit dynamically allocated memory regions (heap) by overwriting metadata or function pointers, leading to memory corruption.
29. What is the purpose of the βNXβ (No-Execute) bit in modern CPUs?
A) Prevents execution of code in writable memory regions
B) Increases CPU clock speed
C) Optimizes stack memory usage
D) Reduces memory fragmentation
β Answer: A) Prevents execution of code in writable memory regions
π‘ Explanation: The NX bit (also called DEP) marks memory pages as non-executable, blocking buffer overflow exploits that try to execute injected shellcode.
30. What kind of bug can lead to a buffer overflow vulnerability?
A) Dereferencing NULL pointers
B) Writing outside an allocated bufferβs bounds
C) Uninitialized variable access
D) Infinite loops
β Answer: B) Writing outside an allocated bufferβs bounds
π‘ Explanation: Buffer overflows occur when a program writes data beyond an allocated bufferβs boundaries, corrupting adjacent memory.
31. Which Linux security feature helps prevent return-to-libc attacks?
A) Kernel panics
B) ASLR
C) Rootkit protection
D) File system encryption
β Answer: B) ASLR
π‘ Explanation: Address Space Layout Randomization (ASLR) makes it difficult for attackers to predict the location of system libraries, reducing the effectiveness of return-to-libc exploits.
32. What tool is commonly used to detect buffer overflows in compiled programs?
A) GDB
B) Wireshark
C) Nmap
D) Metasploit
β Answer: A) GDB
π‘ Explanation: The GNU Debugger (GDB) can be used to analyze memory corruption, inspect registers, and detect buffer overflows during program execution.
33. Which operating system protection makes it harder to exploit stack buffer overflows?
A) Address Space Layout Randomization (ASLR)
B) Single-threaded execution
C) Memory-mapped I/O
D) Direct kernel execution
β Answer: A) Address Space Layout Randomization (ASLR)
π‘ Explanation: ASLR randomizes memory addresses of key structures, making it harder for attackers to predict memory locations for exploitation.
34. How can integer overflows lead to buffer overflows?
A) They cause the CPU to enter an infinite loop
B) They can bypass buffer size checks and lead to memory corruption
C) They increase the execution speed of a program
D) They prevent segmentation faults
β Answer: B) They can bypass buffer size checks and lead to memory corruption
π‘ Explanation: Integer overflows can result in incorrect buffer size calculations, allowing attackers to overwrite memory regions.
35. What does ProPolice do?
A) Encrypts executable files
B) Implements stack canaries for buffer overflow protection
C) Optimizes CPU usage
D) Compresses memory allocations
β Answer: B) Implements stack canaries for buffer overflow protection
π‘ Explanation: ProPolice is a GCC security feature that places stack canaries to detect buffer overflow attacks.
36. Which programming practice can help prevent buffer overflows?
A) Avoiding memory allocation
B) Using safe string handling functions
C) Ignoring compiler warnings
D) Using global variables for buffers
β Answer: B) Using safe string handling functions
π‘ Explanation: Functions like snprintf() and strncpy() limit the amount of data copied to buffers, reducing overflow risks.
37. What is a common sign of a buffer overflow exploit attempt?
A) Unexpected application crashes
B) Increased system performance
C) Lower memory usage
D) Reduced network activity
β Answer: A) Unexpected application crashes
π‘ Explanation: Buffer overflow exploits often lead to segmentation faults or crashes due to memory corruption.
38. What is a “NOP sled” in the context of buffer overflow exploits?
A) A sequence of NOP instructions used to increase exploit reliability
B) A memory allocation technique
C) A compiler optimization flag
D) A method for process scheduling
β Answer: A) A sequence of NOP instructions used to increase exploit reliability
π‘ Explanation: A NOP sled consists of NOP instructions leading to the payload, increasing the chances of successful code execution.
39. What role does fuzz testing play in buffer overflow detection?
A) Helps identify memory corruption issues by providing unexpected input
B) Improves program execution speed
C) Compresses binary files
D) Encrypts memory allocations
β Answer: A) Helps identify memory corruption issues by providing unexpected input
π‘ Explanation: Fuzz testing (fuzzing) feeds unexpected data into a program to find security vulnerabilities like buffer overflows.
40. What is the primary purpose of a stack frame?
A) Stores function parameters and return addresses
B) Encrypts stack memory
C) Increases CPU speed
D) Prevents buffer overflows
β Answer: A) Stores function parameters and return addresses
π‘ Explanation: The stack frame stores local variables, function parameters, and the return address, making it a critical target for buffer overflow exploits.
41. What is a key characteristic of a stack-based buffer overflow?
A) It occurs in dynamically allocated memory
B) It corrupts the return address of a function
C) It improves program efficiency
D) It requires an infinite loop to execute
β Answer: B) It corrupts the return address of a function
π‘ Explanation: Stack-based buffer overflows occur when data overwrites local variables and the return address, potentially leading to arbitrary code execution.
42. What type of attack involves overwriting a function pointer stored in the heap?
A) Stack-based buffer overflow
B) Heap-based buffer overflow
C) Integer underflow attack
D) Format string attack
β Answer: B) Heap-based buffer overflow
π‘ Explanation: Heap-based buffer overflows occur when dynamically allocated memory is overwritten, allowing attackers to manipulate function pointers or metadata.
43. Which type of memory does a format string vulnerability usually exploit?
A) Stack
B) Heap
C) ROM
D) CPU cache
β Answer: A) Stack
π‘ Explanation: Format string vulnerabilities often occur on the stack, where user-supplied input is incorrectly interpreted as a format string, leading to memory corruption.
44. What is the main security risk of using memcpy() in C?
A) It executes code in kernel mode
B) It does not check buffer sizes, leading to overflows
C) It automatically randomizes memory addresses
D) It encrypts the copied data
β Answer: B) It does not check buffer sizes, leading to overflows
π‘ Explanation: memcpy() blindly copies memory from one location to another, which can cause buffer overflows if the source size exceeds the destination buffer.
45. What does a βUse After Freeβ vulnerability refer to?
A) Using a memory buffer after it has been deallocated
B) Allocating memory before checking buffer size
C) Freeing memory multiple times
D) Using uninitialized memory
β Answer: A) Using a memory buffer after it has been deallocated
π‘ Explanation: A “Use After Free” (UAF) occurs when a program accesses memory after it has been freed, leading to crashes or arbitrary code execution.
46. What is a “double free” vulnerability?
A) Freeing memory twice, leading to corruption
B) Allocating memory twice before freeing it
C) Using memory after freeing it
D) Avoiding memory allocation
β Answer: A) Freeing memory twice, leading to corruption
π‘ Explanation: Double free vulnerabilities can corrupt memory management structures, leading to crashes or exploitation.
**47. Which of the following best describes Return-to-Libc attacks?
A) A technique that uses existing shared libraries to execute malicious code
B) A method for bypassing heap protection
C) A compiler optimization technique
D) A mechanism for increasing execution speed
β Answer: A) A technique that uses existing shared libraries to execute malicious code
π‘ Explanation: Return-to-Libc attacks redirect execution to standard library functions (like system()) to bypass protections such as DEP.
48. Which function is safer than sprintf() to prevent buffer overflows?
A) snprintf()
B) strcpy()
C) gets()
D) strcat()
β Answer: A) snprintf()
π‘ Explanation: snprintf() allows specifying the maximum number of characters to write, preventing buffer overflows.
49. What is “stack pivoting” in the context of buffer overflow exploits?
A) Redirecting execution to a controlled memory region
B) Clearing stack memory
C) Randomizing buffer sizes
D) Encrypting return addresses
β Answer: A) Redirecting execution to a controlled memory region
π‘ Explanation: Stack pivoting allows attackers to redirect execution to controlled memory, facilitating advanced exploits such as ROP chains.
50. Which of the following techniques cannot prevent buffer overflows?
A) Using uninitialized memory
B) Implementing ASLR
C) Using stack canaries
D) Enabling DEP
β Answer: A) Using uninitialized memory
π‘ Explanation: Uninitialized memory access can lead to unpredictable behavior, potentially making programs more vulnerable to exploitation.
51. What does RELRO (Relocation Read-Only) do?
A) Protects ELF binaries from GOT overwrites
B) Randomizes the memory layout
C) Encrypts stack memory
D) Prevents CPU register modifications
β Answer: A) Protects ELF binaries from GOT overwrites
π‘ Explanation: RELRO hardens ELF binaries by making certain sections read-only, preventing exploitation techniques like GOT overwrites.
52. What is “Partial RELRO”?
A) A security mechanism that only partially enables read-only relocation protection
B) A method for bypassing ASLR
C) A technique for optimizing function calls
D) A stack-based buffer overflow protection mechanism
β Answer: A) A security mechanism that only partially enables read-only relocation protection
π‘ Explanation: Partial RELRO protects some relocation sections, but does not fully enforce read-only attributes on critical function pointers.
53. How does “Full RELRO” improve security over “Partial RELRO”?
A) It makes the Global Offset Table (GOT) fully read-only
B) It disables ASLR
C) It allows execution of shellcode in the stack
D) It enables unrestricted memory access
β Answer: A) It makes the Global Offset Table (GOT) fully read-only
π‘ Explanation: Full RELRO prevents attackers from modifying GOT entries, reducing the effectiveness of return-to-libc exploits.
54. What is the main goal of stack smashing protection?
A) Prevent overwriting of return addresses
B) Optimize memory usage
C) Increase CPU performance
D) Enhance program speed
β Answer: A) Prevent overwriting of return addresses
π‘ Explanation: Stack smashing protection (SSP) prevents attackers from altering return addresses, mitigating buffer overflow attacks.
55. Why should malloc() return values always be checked?
A) To prevent dereferencing NULL pointers in case of allocation failure
B) To increase program speed
C) To reduce memory fragmentation
D) To randomize memory allocations
β Answer: A) To prevent dereferencing NULL pointers in case of allocation failure
π‘ Explanation: If malloc() fails, it returns NULL, and accessing it can lead to crashes or security vulnerabilities.
56. What is the purpose of the “Shadow Stack” security feature?
A) Stores a protected copy of return addresses
B) Encrypts stack memory
C) Makes stack execution faster
D) Reduces function call overhead
β Answer: A) Stores a protected copy of return addresses
π‘ Explanation: The shadow stack maintains a separate, protected copy of return addresses, preventing corruption due to buffer overflows.
57. How does fortify_source improve buffer security in C?
A) Detects buffer overflows at runtime
B) Encrypts stack memory
C) Prevents function calls from returning
D) Increases program execution speed
β Answer: A) Detects buffer overflows at runtime
π‘ Explanation: The fortify_source feature checks buffer sizes at runtime to prevent overflows.
58. What is the best way to prevent integer overflows in buffer size calculations?
A) Use proper boundary checks and integer-safe functions
B) Ignore compiler warnings
C) Use uninitialized variables
D) Allocate memory without checking
β Answer: A) Use proper boundary checks and integer-safe functions
π‘ Explanation: Proper input validation and integer-safe functions can prevent incorrect buffer size calculations leading to overflows.
59. Which mitigation technique helps prevent function pointer overwrites?
A) DEP
B) Control Flow Integrity (CFI)
C) ASLR
D) Heap spraying
β Answer: B) Control Flow Integrity (CFI)
π‘ Explanation: CFI enforces strict control flow rules, preventing attackers from redirecting execution to arbitrary function pointers.
60. What does “Stack Cookies” refer to in buffer overflow prevention?
A) Random values placed before return addresses
B) A method for increasing execution speed
C) A way to optimize memory allocation
D) A compiler optimization flag
β Answer: A) Random values placed before return addresses
π‘ Explanation: Stack cookies (canaries) detect buffer overflows by checking if a known value has been altered before function return.
61. What does “Control Flow Guard (CFG)” do in modern operating systems?
A) Prevents buffer overflows by enforcing execution flow integrity
B) Increases memory allocation efficiency
C) Disables stack canaries
D) Randomizes heap memory allocation
β Answer: A) Prevents buffer overflows by enforcing execution flow integrity
π‘ Explanation: CFG ensures that indirect function calls only target valid code locations, preventing attackers from redirecting execution to malicious code.
**62. What is the main weakness of W^X (Write XOR Execute) memory protection?
A) It does not protect against return-oriented programming (ROP) attacks
B) It allows execution of arbitrary code on the stack
C) It increases CPU workload significantly
D) It prevents function pointers from being used
β Answer: A) It does not protect against return-oriented programming (ROP) attacks
π‘ Explanation: W^X enforces non-executable data regions, but attackers can still exploit existing code using ROP techniques.
63. Which data structure is most susceptible to buffer overflow attacks?
A) Linked list
B) Stack
C) Hash table
D) Binary search tree
β Answer: B) Stack
π‘ Explanation: Since function calls store return addresses and local variables on the stack, buffer overflows can overwrite these, leading to arbitrary code execution.
64. What is “Heap Spraying” in the context of buffer overflow attacks?
A) Filling heap memory with predictable values to increase exploit reliability
B) A memory optimization technique
C) A method for randomizing stack layout
D) A technique for encrypting memory buffers
β Answer: A) Filling heap memory with predictable values to increase exploit reliability
π‘ Explanation: Heap spraying places predictable patterns in memory, making it easier for attackers to guess the location of their malicious code.
65. What is the purpose of the -D_FORTIFY_SOURCE=2 compiler flag in GCC?
A) Enables additional runtime buffer overflow protections
B) Disables buffer overflow checks
C) Optimizes function calls
D) Increases stack size
β Answer: A) Enables additional runtime buffer overflow protections
π‘ Explanation: _FORTIFY_SOURCE=2 enables compile-time and runtime buffer overflow checks, providing extra security.
66. How does StackGuard help prevent buffer overflows?
A) It inserts canary values to detect stack corruption
B) It encrypts stack memory
C) It increases buffer sizes dynamically
D) It prevents function pointers from being used
β Answer: A) It inserts canary values to detect stack corruption
π‘ Explanation: StackGuard places a canary value before the return address to detect buffer overflows before execution resumes.
67. Why is it important to initialize variables before use in memory-safe coding?
A) To prevent accessing unintended memory locations
B) To speed up execution
C) To optimize memory usage
D) To bypass stack canaries
β Answer: A) To prevent accessing unintended memory locations
π‘ Explanation: Uninitialized variables may hold arbitrary data, leading to undefined behavior, security risks, and buffer overflows.
68. Which Linux kernel feature prevents execution of code from writable memory regions?
A) DEP (Data Execution Prevention)
B) Heap spraying
C) Stack overflow protection
D) Dynamic function binding
β Answer: A) DEP (Data Execution Prevention)
π‘ Explanation: DEP ensures that memory regions intended for storing data (like the stack or heap) cannot execute code, preventing common buffer overflow attacks.
69. What is “ROP chaining” in the context of security exploits?
A) Linking multiple small code segments together to bypass DEP
B) A method for detecting buffer overflows
C) A compiler optimization technique
D) A form of memory encryption
β Answer: A) Linking multiple small code segments together to bypass DEP
π‘ Explanation: Return-Oriented Programming (ROP) chaining executes a sequence of existing instructions (gadgets) to perform malicious actions without injecting new code.
**70. What is the primary function of the GOT (Global Offset Table) in ELF binaries?
A) Stores addresses of dynamically linked functions
B) Increases execution speed
C) Prevents buffer overflow attacks
D) Encrypts stack memory
β Answer: A) Stores addresses of dynamically linked functions
π‘ Explanation: The GOT holds addresses of shared library functions. Attackers often target GOT overwrites to gain code execution.
71. How does “ExecShield” in Linux help mitigate buffer overflow attacks?
A) It marks memory segments as non-executable
B) It speeds up CPU performance
C) It removes stack canaries
D) It prevents function calls from returning
β Answer: A) It marks memory segments as non-executable
π‘ Explanation: ExecShield enforces non-executable stack and heap protections, preventing common memory corruption exploits.
72. Which of the following methods is most effective in preventing format string vulnerabilities?
A) Using static format strings in printf-like functions
B) Allowing user input to control format strings
C) Disabling stack protection
D) Using gets() for input handling
β Answer: A) Using static format strings in printf-like functions
π‘ Explanation: Format string vulnerabilities arise when user input is passed directly as a format string, leading to memory corruption.
73. Which of the following is an example of a mitigation technique rather than a prevention technique?
A) ASLR
B) Using secure coding practices
C) Validating input lengths
D) Using safer string functions
β Answer: A) ASLR
π‘ Explanation: ASLR mitigates exploitation by randomizing memory addresses, but does not prevent buffer overflows themselves.
**74. What is the primary purpose of the PaX kernel patch?
A) Enhancing memory protection against buffer overflows
B) Increasing execution speed
C) Reducing CPU power consumption
D) Disabling stack protection
β Answer: A) Enhancing memory protection against buffer overflows
π‘ Explanation: PaX provides security enhancements such as ASLR and non-executable memory pages.
75. Why is alloca() generally unsafe in memory-safe coding?
A) It allocates memory on the stack, increasing the risk of stack overflows
B) It is faster than malloc()
C) It uses heap memory, which is slower
D) It automatically frees allocated memory
β Answer: A) It allocates memory on the stack, increasing the risk of stack overflows
π‘ Explanation: alloca() dynamically allocates memory on the stack, which can lead to stack overflows if used improperly.
76. What security risk does “Uninitialized Stack Variables” introduce?
A) Attackers may read or modify unintended memory contents
B) The program executes faster
C) The stack uses less memory
D) It prevents stack overflows
β Answer: A) Attackers may read or modify unintended memory contents
π‘ Explanation: Uninitialized variables can contain sensitive data, leading to information disclosure or security vulnerabilities.
**77. What is the key security flaw in jump-oriented programming (JOP)?
A) It bypasses DEP by chaining indirect jumps
B) It prevents function calls
C) It disables ASLR
D) It blocks system calls
β Answer: A) It bypasses DEP by chaining indirect jumps
π‘ Explanation: JOP is an evolution of ROP, using indirect jumps to execute existing code sequences in a controlled manner.
78. Which of the following is an example of a memory-safe programming language?
A) Rust
B) C
C) Assembly
D) Fortran
β Answer: A) Rust
π‘ Explanation: Rust enforces strict memory safety rules at compile time, preventing buffer overflows and memory corruption.
79. Which tool is commonly used for dynamic analysis of memory vulnerabilities?
A) Valgrind
B) Git
C) Wireshark
D) Netcat
β Answer: A) Valgrind
π‘ Explanation: Valgrind detects memory leaks, buffer overflows, and other vulnerabilities at runtime.
80. What is the primary role of “Pointer Authentication” in modern CPUs?
A) Prevents control flow hijacking by verifying pointers
B) Increases stack size
C) Disables ASLR
D) Increases execution speed
β Answer: A) Prevents control flow hijacking by verifying pointers
π‘ Explanation: Pointer authentication adds cryptographic signatures to pointers, preventing unauthorized modifications.
81. Why are stack overflows more common in C and C++ than in Python or Java?
A) C and C++ do not perform automatic memory management
B) Python and Java do not support function calls
C) C and C++ execute code slower
D) Python and Java lack recursion
β Answer: A) C and C++ do not perform automatic memory management
π‘ Explanation: Python and Java use garbage collection and built-in memory safety features, whereas C and C++ require manual memory management, increasing the risk of buffer overflows.
82. What is “Function Pointer Overwriting” in buffer overflow exploits?
A) Overwriting function pointers to redirect execution flow
B) Increasing buffer sizes to prevent overflows
C) Using a function pointer to clear stack memory
D) Optimizing function execution speed
β Answer: A) Overwriting function pointers to redirect execution flow
π‘ Explanation: Attackers can overwrite function pointers stored in memory, causing the program to execute arbitrary code.
83. Which compiler option enables full stack protection in GCC?
A) -fstack-protector-strong
B) -O3
C) -Wall
D) -fno-stack-check
β
Answer: A) -fstack-protector-strong
π‘ Explanation: The -fstack-protector-strong flag provides enhanced stack protection against buffer overflows.
84. What is the purpose of “Memory Tagging” in modern ARM architectures?
A) It prevents use-after-free vulnerabilities by tracking memory access
B) It speeds up memory allocation
C) It compresses stack frames
D) It disables ASLR
β Answer: A) It prevents use-after-free vulnerabilities by tracking memory access
π‘ Explanation: Memory Tagging helps detect out-of-bounds and use-after-free issues by assigning tags to memory allocations.
85. What is “Safe Unlinking” in heap-based buffer overflow protection?
A) Prevents heap metadata corruption by checking integrity before unlinking
B) Speeds up memory deallocation
C) Prevents function calls from returning
D) Reduces heap memory usage
β Answer: A) Prevents heap metadata corruption by checking integrity before unlinking
π‘ Explanation: Safe Unlinking ensures that corrupted heap metadata cannot be exploited to overwrite critical pointers.
86. What is the purpose of “Non-Canonical Address Filtering” in modern CPUs?
A) Detects out-of-bounds memory accesses
B) Increases CPU execution speed
C) Disables ASLR
D) Compresses memory buffers
β Answer: A) Detects out-of-bounds memory accesses
π‘ Explanation: Non-canonical address filtering blocks attempts to access reserved or invalid memory regions, reducing exploitation risks.
87. Why should developers avoid strcat() in security-sensitive applications?
A) It does not check buffer boundaries, leading to overflows
B) It is slower than snprintf()
C) It automatically allocates memory
D) It is deprecated in modern compilers
β Answer: A) It does not check buffer boundaries, leading to overflows
π‘ Explanation: strcat() appends strings without bounds checking, which can lead to buffer overflow vulnerabilities.
88. What is “Stack Clashing” in the context of security vulnerabilities?
A) A technique where an attacker grows the stack to overwrite adjacent memory regions
B) A method for increasing stack performance
C) A way to optimize recursive function calls
D) A debugging technique for memory leaks
β Answer: A) A technique where an attacker grows the stack to overwrite adjacent memory regions
π‘ Explanation: Stack clashing manipulates memory layout to bypass stack protections and exploit adjacent memory regions.
89. Which security mechanism ensures that jump and return instructions do not lead to unintended memory locations?
A) Control Flow Integrity (CFI)
B) Heap Spraying
C) Return-Oriented Programming (ROP)
D) DEP (Data Execution Prevention)
β Answer: A) Control Flow Integrity (CFI)
π‘ Explanation: CFI enforces valid control flow, preventing redirection of execution to unintended locations.
90. What is the main limitation of Stack Canaries?
A) They do not protect against heap-based overflows
B) They prevent function calls from executing
C) They slow down execution significantly
D) They disable ASLR
β Answer: A) They do not protect against heap-based overflows
π‘ Explanation: Stack canaries detect stack-based buffer overflows but do not mitigate heap-based attacks.
91. Which of the following is NOT an effective strategy to prevent buffer overflows?
A) Using unsigned integers for buffer size calculations
B) Disabling stack execution
C) Validating input lengths
D) Allowing arbitrary user input
β Answer: D) Allowing arbitrary user input
π‘ Explanation: Unvalidated user input can lead to buffer overflows, so strict validation is necessary.
92. What does Address Sanitizer (ASan) help detect?
A) Buffer overflows, use-after-free, and memory leaks
B) Syntax errors in C code
C) Network vulnerabilities
D) Faster memory allocation
β Answer: A) Buffer overflows, use-after-free, and memory leaks
π‘ Explanation: ASan detects various memory errors dynamically, helping identify security issues during development.
93. How does “Backwards Edge Control Flow Integrity” improve security?
A) Protects return addresses from being overwritten
B) Encrypts function pointers
C) Disables stack execution
D) Prevents function arguments from being modified
β Answer: A) Protects return addresses from being overwritten
π‘ Explanation: This mechanism ensures that function return addresses remain unaltered, preventing return-oriented attacks.
94. What does “Pointer Obfuscation” help prevent?
A) Exploitation of buffer overflows by making pointer values harder to predict
B) Faster pointer dereferencing
C) Heap fragmentation
D) Compiler warnings
β Answer: A) Exploitation of buffer overflows by making pointer values harder to predict
π‘ Explanation: Obfuscating pointer values helps prevent memory corruption exploits.
**95. What is the primary purpose of the mitigation technique “Shadow Stacks”?
A) Protects return addresses from being modified by exploits
B) Encrypts heap memory
C) Speeds up execution time
D) Reduces buffer sizes
β Answer: A) Protects return addresses from being modified by exploits
π‘ Explanation: Shadow stacks store a protected copy of return addresses, preventing attacks that attempt to overwrite them.
96. How do “Read-Only Function Tables” improve security?
A) Prevent modification of function pointers used in indirect calls
B) Encrypt stack memory
C) Disable buffer overflows
D) Reduce CPU cycles
β Answer: A) Prevent modification of function pointers used in indirect calls
π‘ Explanation: Making function tables read-only prevents attackers from hijacking function pointers.
97. What is the main advantage of Rust’s ownership model in preventing buffer overflows?
A) It prevents use-after-free and double-free vulnerabilities
B) It makes execution faster
C) It disables stack memory
D) It replaces all pointer-based operations
β Answer: A) It prevents use-after-free and double-free vulnerabilities
π‘ Explanation: Rustβs ownership model enforces strict memory safety, preventing common vulnerabilities.
98. What is “Heap Feng Shui” in the context of exploits?
A) Manipulating heap memory layout to increase exploit reliability
B) A memory optimization technique
C) A way to randomize stack memory
D) A method for debugging heap fragmentation
β Answer: A) Manipulating heap memory layout to increase exploit reliability
π‘ Explanation: Heap Feng Shui arranges heap allocations in a predictable way to exploit memory corruption.
99. Why should developers prefer safe alternatives to malloc() and free()?
A) To prevent memory leaks and use-after-free vulnerabilities
B) To reduce execution time
C) To bypass ASLR
D) To disable DEP
β Answer: A) To prevent memory leaks and use-after-free vulnerabilities
π‘ Explanation: Safer memory allocation techniques reduce risks of memory corruption.
**100. What is the key function of Stack Clash Protection?
A) Prevents attackers from growing the stack into other memory regions
B) Encrypts stack memory
C) Reduces function call overhead
D) Prevents syntax errors
β Answer: A) Prevents attackers from growing the stack into other memory regions
π‘ Explanation: Stack clash protection ensures that expanding the stack cannot overwrite adjacent memory regions.
101. Which of the following best describes a “Write-What-Where” vulnerability?
A) An attacker gains arbitrary write access to overwrite critical memory locations
B) A compiler optimization technique
C) A method to encrypt memory allocations
D) A buffer overflow that only affects local variables
β Answer: A) An attacker gains arbitrary write access to overwrite critical memory locations
π‘ Explanation: “Write-What-Where” vulnerabilities allow attackers to modify specific memory addresses, leading to privilege escalation or arbitrary code execution.
102. What is the primary security risk of overwriting the Saved Frame Pointer (SFP) on the stack?
A) It can redirect execution to an attacker-controlled memory address
B) It speeds up function calls
C) It reduces memory fragmentation
D) It prevents stack execution
β Answer: A) It can redirect execution to an attacker-controlled memory address
π‘ Explanation: The Saved Frame Pointer (SFP) stores return addresses, and overwriting it can allow an attacker to hijack execution flow.
103. What does the -z relro linker flag do in GCC?
A) Enables read-only relocation protection for ELF binaries
B) Disables stack canaries
C) Increases execution speed
D) Allows execution of heap-based shellcode
β Answer: A) Enables read-only relocation protection for ELF binaries
π‘ Explanation: The -z relro option makes sections of ELF binaries read-only, preventing exploitation techniques like GOT overwrites.
104. Which memory region is affected by a heap overflow attack?
A) Dynamically allocated memory
B) Stack memory
C) CPU registers
D) ROM
β Answer: A) Dynamically allocated memory
π‘ Explanation: Heap overflow attacks target dynamically allocated memory, manipulating heap metadata or function pointers.
105. What does the Stack Erasure security technique do?
A) Clears sensitive stack memory before function return
B) Increases stack memory size
C) Allows execution of return-to-libc exploits
D) Optimizes function calls
β Answer: A) Clears sensitive stack memory before function return
π‘ Explanation: Stack Erasure helps prevent sensitive data leaks by clearing stack memory after function execution.
106. Which security feature prevents attackers from reusing freed memory blocks?
A) Safe unlinking
B) Stack pivoting
C) Function pointer obfuscation
D) Return-to-libc
β Answer: A) Safe unlinking
π‘ Explanation: Safe unlinking ensures that memory blocks cannot be reused in an unsafe manner, mitigating heap-based exploits.
107. What is the purpose of “Lazy Binding” in ELF binaries?
A) Defers resolving function addresses until first use
B) Encrypts return addresses
C) Prevents buffer overflows
D) Increases execution speed
β Answer: A) Defers resolving function addresses until first use
π‘ Explanation: Lazy binding optimizes execution by resolving function addresses at runtime, but it can be exploited through GOT overwrite attacks.
108. What security mechanism prevents integer overflows from leading to buffer overflows?
A) Bounds checking on integer operations
B) Using stack canaries
C) Disabling ASLR
D) Encrypting stack memory
β Answer: A) Bounds checking on integer operations
π‘ Explanation: Integer overflows can lead to incorrect buffer size calculations, so strict bounds checking is necessary to prevent buffer overflows.
**109. What is a primary weakness of ASLR (Address Space Layout Randomization)?
A) It can be bypassed using information leaks
B) It disables DEP
C) It slows down execution significantly
D) It prevents stack execution
β Answer: A) It can be bypassed using information leaks
π‘ Explanation: If an attacker can leak memory addresses, they can bypass ASLR and locate key memory regions.
110. Which of the following best describes a Buffer Underflow?
A) Reading data before the start of a buffer
B) Writing beyond the allocated buffer size
C) Executing code in protected memory regions
D) Increasing the buffer size dynamically
β Answer: A) Reading data before the start of a buffer
π‘ Explanation: A buffer underflow occurs when a program reads memory before the allocated buffer, potentially accessing unintended data.
111. How does “Return Address Protection” improve security?
A) It prevents buffer overflows from modifying return addresses
B) It speeds up execution time
C) It optimizes memory allocation
D) It disables stack execution
β Answer: A) It prevents buffer overflows from modifying return addresses
π‘ Explanation: Return Address Protection mechanisms (e.g., Shadow Stacks) prevent attackers from tampering with stored return addresses.
**112. What is the purpose of Pointer Authentication Codes (PAC) in ARM processors?
A) Adds cryptographic signatures to pointers to prevent tampering
B) Encrypts heap memory
C) Increases stack memory size
D) Reduces buffer overflow attack surfaces
β Answer: A) Adds cryptographic signatures to pointers to prevent tampering
π‘ Explanation: PAC protects function pointers and return addresses from being modified by attackers.
113. Which of the following is a safer alternative to realloc() to prevent buffer overflows?
A) Using calloc() with proper size checks
B) Using memcpy() without bounds checking
C) Using strcpy() for string copying
D) Allowing dynamic buffer growth without validation
β
Answer: A) Using calloc() with proper size checks
π‘ Explanation: calloc() initializes allocated memory and prevents uninitialized buffer access, reducing overflow risks.
114. What is “Heap Isolation” in modern memory allocators?
A) It ensures different heap allocations are separated to prevent corruption
B) It reduces memory fragmentation
C) It speeds up malloc/free operations
D) It disables stack execution
β Answer: A) It ensures different heap allocations are separated to prevent corruption
π‘ Explanation: Heap Isolation makes it harder for attackers to exploit heap overflows by keeping allocations separated.
**115. Which of the following can bypass DEP (Data Execution Prevention)?
A) Return-Oriented Programming (ROP)
B) Stack canaries
C) ASLR
D) Shadow stacks
β Answer: A) Return-Oriented Programming (ROP)
π‘ Explanation: ROP allows execution of malicious payloads using existing code, bypassing DEP.
116. What is the primary security benefit of stack reordering?
A) It makes it harder for attackers to predict memory layout
B) It speeds up execution
C) It prevents return-to-libc attacks
D) It allows safer use of function pointers
β Answer: A) It makes it harder for attackers to predict memory layout
π‘ Explanation: Stack reordering changes function variable layouts, making exploitation more difficult.
117. Why is zeroing out memory before freeing it a good security practice?
A) It prevents data leaks and reduces the risk of use-after-free vulnerabilities
B) It speeds up free() execution
C) It disables ASLR
D) It increases available memory
β Answer: A) It prevents data leaks and reduces the risk of use-after-free vulnerabilities
π‘ Explanation: Clearing memory before freeing it ensures sensitive data cannot be accessed after deallocation.
118. How do Mitigations like SafeStack in LLVM protect against buffer overflows?
A) Separates sensitive stack data from vulnerable buffers
B) Disables stack execution
C) Encrypts all function calls
D) Prevents pointer arithmetic
β Answer: A) Separates sensitive stack data from vulnerable buffers
π‘ Explanation: SafeStack places critical data on a separate protected stack to prevent corruption.
119. What is the primary goal of Heap Metadata Protection?
A) Prevents corruption of heap structures used by memory allocators
B) Encrypts all heap memory
C) Speeds up memory allocation
D) Reduces stack execution time
β Answer: A) Prevents corruption of heap structures used by memory allocators
π‘ Explanation: Heap metadata protection ensures that attackers cannot overwrite allocator metadata to hijack execution flow.
120. Why is Address Masking used in some modern processors?
A) It hides memory addresses to prevent exploitation
B) It speeds up execution
C) It disables stack execution
D) It reduces memory fragmentation
β Answer: A) It hides memory addresses to prevent exploitation
π‘ Explanation: Address Masking prevents attackers from guessing memory locations, mitigating address-based attacks.
121. Which of the following best describes “Code Reuse Attacks” in the context of buffer overflow exploits?
A) Attacks that use existing code sequences to perform malicious actions
B) A method to improve memory efficiency
C) A technique that encrypts memory addresses
D) A compiler optimization strategy
β Answer: A) Attacks that use existing code sequences to perform malicious actions
π‘ Explanation: Code reuse attacks (e.g., Return-Oriented Programming) leverage existing executable code to bypass security protections like DEP.
122. How does “Shadow Call Stack” improve security against buffer overflow attacks?
A) It stores a separate, protected copy of return addresses
B) It speeds up function execution
C) It disables heap memory
D) It prevents buffer allocation
β Answer: A) It stores a separate, protected copy of return addresses
π‘ Explanation: Shadow Call Stack prevents return address modification, protecting against return-oriented programming (ROP) attacks.
**123. Which of the following is a recommended alternative to gets() for safer input handling?
A) fgets()
B) strcpy()
C) strcat()
D) memcpy()
β
Answer: A) fgets()
π‘ Explanation: fgets() allows input size limitation, preventing buffer overflow vulnerabilities caused by gets().
124. What is “Code Pointer Integrity (CPI)” in memory safety?
A) A security mechanism that protects function pointers from being overwritten
B) A method for increasing execution speed
C) A technique for disabling stack execution
D) A way to optimize memory allocation
β Answer: A) A security mechanism that protects function pointers from being overwritten
π‘ Explanation: CPI ensures function pointers and return addresses cannot be modified maliciously, improving memory safety.
**125. What is the key security risk of using alloca() instead of malloc()?
A) alloca() allocates memory on the stack, leading to stack overflow risks
B) alloca() is slower than malloc()
C) alloca() requires manual memory management
D) alloca() increases memory fragmentation
β
Answer: A) alloca() allocates memory on the stack, leading to stack overflow risks
π‘ Explanation: Since alloca() allocates memory on the stack, excessive allocations can cause stack overflows.
126. Which technique helps protect function pointers from being modified by buffer overflow exploits?
A) Control Flow Integrity (CFI)
B) Heap Spraying
C) Stack Pivoting
D) Return-Oriented Programming (ROP)
β Answer: A) Control Flow Integrity (CFI)
π‘ Explanation: CFI ensures indirect function calls can only target valid locations, preventing attackers from hijacking function pointers.
127. What does the -Wformat-security flag do in GCC?
A) Warns about format string vulnerabilities
B) Disables stack execution
C) Encrypts return addresses
D) Enables faster execution
β Answer: A) Warns about format string vulnerabilities
π‘ Explanation: -Wformat-security helps detect format string vulnerabilities that could lead to memory corruption or code execution.
128. What is “Stack Layout Randomization”?
A) A technique that randomizes the memory layout of stack variables
B) A method for increasing stack execution speed
C) A way to reduce function call overhead
D) A compiler optimization strategy
β Answer: A) A technique that randomizes the memory layout of stack variables
π‘ Explanation: Stack Layout Randomization makes it difficult for attackers to predict memory addresses, reducing exploitability.
129. How does “Pointer Encryption” help prevent buffer overflow exploits?
A) It makes pointers harder to manipulate by attackers
B) It disables ASLR
C) It increases execution speed
D) It prevents function calls
β Answer: A) It makes pointers harder to manipulate by attackers
π‘ Explanation: Pointer encryption (e.g., Pointer Authentication Codes in ARM) ensures pointers cannot be altered without detection.
130. What is “Heap Tainting” in memory security?
A) A technique that tracks untrusted input in heap memory
B) A method for optimizing memory allocation
C) A debugging tool for stack-based overflows
D) A technique that encrypts heap metadata
β Answer: A) A technique that tracks untrusted input in heap memory
π‘ Explanation: Heap tainting helps identify memory corruption by marking and tracking untrusted input data.
**131. What security feature prevents Jump-Oriented Programming (JOP) exploits?
A) Control Flow Integrity (CFI)
B) Stack Smashing Protection (SSP)
C) Lazy Binding
D) Heap Metadata Protection
β Answer: A) Control Flow Integrity (CFI)
π‘ Explanation: JOP, like ROP, uses existing code sequences for exploitation, and CFI enforces valid execution paths.
132. What is a primary advantage of “Execute-Only Memory (XOM)” in security?
A) Prevents reading executable memory, stopping certain exploits
B) Increases execution speed
C) Encrypts stack memory
D) Reduces heap fragmentation
β Answer: A) Prevents reading executable memory, stopping certain exploits
π‘ Explanation: XOM makes it harder for attackers to extract useful code gadgets, reducing exploitability.
133. Which of the following memory-safe languages is designed to prevent buffer overflows?
A) Rust
B) C
C) Assembly
D) Bash
β Answer: A) Rust
π‘ Explanation: Rust enforces strict memory safety at compile time, preventing buffer overflows and memory corruption.
134. What is “Heap Hardening” in memory allocators?
A) Strengthening heap memory against exploitation techniques
B) Encrypting heap metadata
C) Reducing stack memory usage
D) Increasing CPU speed
β Answer: A) Strengthening heap memory against exploitation techniques
π‘ Explanation: Heap hardening includes techniques like safe unlinking and metadata protection to prevent heap-based exploits.
135. What is “Memory Shadowing” in security?
A) A technique that stores a copy of sensitive memory regions for integrity checking
B) A method for optimizing function execution
C) A technique for stack overflows
D) A way to disable ASLR
β Answer: A) A technique that stores a copy of sensitive memory regions for integrity checking
π‘ Explanation: Memory shadowing detects unexpected modifications in critical memory areas, preventing tampering.
136. Why are arbitrary write vulnerabilities particularly dangerous?
A) They allow modification of specific memory locations, leading to privilege escalation
B) They slow down execution
C) They optimize memory usage
D) They reduce heap fragmentation
β Answer: A) They allow modification of specific memory locations, leading to privilege escalation
π‘ Explanation: Arbitrary write vulnerabilities enable attackers to modify memory at will, often leading to full system compromise.
137. How does “Stack Coloring” improve security?
A) It places buffers and critical data in different memory locations
B) It speeds up execution
C) It prevents function calls
D) It disables ASLR
β Answer: A) It places buffers and critical data in different memory locations
π‘ Explanation: Stack Coloring separates local variables and buffers, preventing overflows from corrupting sensitive data.
138. Why is “Branch Target Identification (BTI)” important in modern processors?
A) It prevents speculative execution attacks
B) It speeds up CPU execution
C) It optimizes function calls
D) It reduces stack fragmentation
β Answer: A) It prevents speculative execution attacks
π‘ Explanation: BTI ensures that indirect branches are only made to valid destinations, reducing attack surfaces.
139. What is a primary advantage of “Stack Splitting” in security?
A) It separates sensitive stack data from normal buffers
B) It increases memory allocation speed
C) It disables stack execution
D) It optimizes recursion
β Answer: A) It separates sensitive stack data from normal buffers
π‘ Explanation: Stack splitting reduces the impact of buffer overflows by keeping sensitive data on a separate stack.
140. What is the primary role of “Retpoline” in modern CPU security?
A) It mitigates speculative execution vulnerabilities
B) It speeds up execution
C) It encrypts memory
D) It disables stack execution
β Answer: A) It mitigates speculative execution vulnerabilities
π‘ Explanation: Retpoline prevents speculative execution attacks like Spectre, securing memory access.
141. What is the primary purpose of “SafeStack” in LLVM?
A) It separates safe and unsafe stack variables to prevent buffer overflows
B) It speeds up function execution
C) It prevents function calls from returning
D) It disables heap memory
β Answer: A) It separates safe and unsafe stack variables to prevent buffer overflows
π‘ Explanation: SafeStack moves vulnerable stack variables to a separate region, protecting critical data from buffer overflows.
142. How does “Return Address Signing” in ARM processors enhance security?
A) It cryptographically signs return addresses to detect modification
B) It speeds up return instruction execution
C) It disables ASLR
D) It prevents heap fragmentation
β Answer: A) It cryptographically signs return addresses to detect modification
π‘ Explanation: Return Address Signing prevents attackers from modifying return addresses, reducing buffer overflow risks.
143. What is the primary goal of “Function Pointer Integrity (FPI)” in memory safety?
A) Prevents unauthorized modification of function pointers
B) Encrypts stack memory
C) Increases function execution speed
D) Disables stack execution
β Answer: A) Prevents unauthorized modification of function pointers
π‘ Explanation: FPI ensures that function pointers are not altered by exploits, preventing control flow hijacking.
144. Why should developers avoid using fixed-size character buffers in security-sensitive code?
A) They are susceptible to buffer overflows if input is not properly validated
B) They increase execution speed
C) They optimize memory allocation
D) They prevent memory fragmentation
β Answer: A) They are susceptible to buffer overflows if input is not properly validated
π‘ Explanation: Fixed-size character buffers without proper bounds checking can lead to buffer overflows.
145. How does “Load Hardening” improve security against speculative execution attacks?
A) It ensures memory loads cannot be exploited for side-channel attacks
B) It speeds up execution
C) It disables stack execution
D) It reduces memory fragmentation
β Answer: A) It ensures memory loads cannot be exploited for side-channel attacks
π‘ Explanation: Load Hardening prevents speculative execution attacks by ensuring sensitive data isn’t leaked through side channels.
146. What is the primary security concern with dangling pointers in C/C++?
A) They can lead to use-after-free vulnerabilities, allowing memory corruption
B) They slow down execution
C) They optimize memory allocation
D) They reduce heap fragmentation
β Answer: A) They can lead to use-after-free vulnerabilities, allowing memory corruption
π‘ Explanation: Dangling pointers reference freed memory, leading to unpredictable behavior and potential security vulnerabilities.
147. What is “Heap Canaries” in the context of buffer overflow protection?
A) A security mechanism that places special values before and after heap allocations to detect corruption
B) A method to increase execution speed
C) A compiler optimization strategy
D) A technique to bypass DEP
β Answer: A) A security mechanism that places special values before and after heap allocations to detect corruption
π‘ Explanation: Heap canaries detect buffer overflows by verifying if special marker values have been altered.
148. What is the primary security risk of using uninitialized variables?
A) They may contain sensitive data or lead to undefined behavior
B) They optimize execution speed
C) They prevent stack overflows
D) They disable ASLR
β Answer: A) They may contain sensitive data or lead to undefined behavior
π‘ Explanation: Uninitialized variables can leak sensitive data or cause unpredictable program behavior.
149. How does “Stack Frame Randomization” improve security?
A) It randomizes local variable placement to make exploits harder
B) It speeds up function calls
C) It prevents recursion
D) It reduces heap fragmentation
β Answer: A) It randomizes local variable placement to make exploits harder
π‘ Explanation: Stack Frame Randomization changes variable positions within a stack frame, making overflow exploits more difficult.
150. Which of the following is a safer alternative to strncpy() in C?
A) strlcpy()
B) gets()
C) strcat()
D) memcpy()
β
Answer: A) strlcpy()
π‘ Explanation: strlcpy() ensures null termination and prevents buffer overflows, making it safer than strncpy().
151. What is the purpose of “Branch Target Identification (BTI)” in modern processors?
A) Prevents speculative execution attacks by validating branch targets
B) Optimizes function calls
C) Increases execution speed
D) Disables ASLR
β Answer: A) Prevents speculative execution attacks by validating branch targets
π‘ Explanation: BTI ensures that indirect jumps and calls only go to valid targets, preventing control flow hijacking.
152. What is the main benefit of “Pointer Integrity Checking” in modern security architectures?
A) It ensures function pointers are not corrupted before execution
B) It speeds up pointer dereferencing
C) It prevents heap fragmentation
D) It optimizes stack memory
β Answer: A) It ensures function pointers are not corrupted before execution
π‘ Explanation: Pointer Integrity Checking prevents attackers from modifying function pointers, protecting execution flow.
153. What is a primary function of the Glibc Fortification feature?
A) Detects and prevents unsafe memory operations at runtime
B) Increases CPU performance
C) Optimizes heap memory allocation
D) Disables ASLR
β Answer: A) Detects and prevents unsafe memory operations at runtime
π‘ Explanation: Glibc Fortification adds runtime checks to detect buffer overflows and memory corruption.
154. Why are zero-length allocations a security risk in some memory allocators?
A) They can cause unintended behavior, leading to arbitrary memory corruption
B) They speed up memory allocation
C) They disable stack execution
D) They prevent function pointer overwriting
β Answer: A) They can cause unintended behavior, leading to arbitrary memory corruption
π‘ Explanation: Zero-length allocations may return valid pointers, leading to unexpected memory corruption.
155. How does “Forward Edge Control Flow Integrity” improve security?
A) Ensures indirect calls and jumps only go to valid function targets
B) Speeds up program execution
C) Prevents stack overflows
D) Optimizes memory allocation
β Answer: A) Ensures indirect calls and jumps only go to valid function targets
π‘ Explanation: Forward Edge CFI prevents control flow hijacking by verifying valid indirect jump targets.
**156. What is the main purpose of the Intel CET (Control-Flow Enforcement Technology)?
A) Protects against Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) attacks
B) Optimizes function execution
C) Increases buffer size automatically
D) Disables stack execution
β Answer: A) Protects against Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) attacks
π‘ Explanation: Intel CET introduces security features like Shadow Stacks to prevent control flow hijacking.
157. What is “Memory Corruption Propagation” in security?
A) When an exploit causes unintended modifications in adjacent memory regions
B) A method for optimizing heap memory
C) A debugging tool for stack overflows
D) A technique for encrypting memory allocations
β Answer: A) When an exploit causes unintended modifications in adjacent memory regions
π‘ Explanation: Memory corruption propagation allows exploits to extend their impact beyond the initial target.
158. How does “Stack Variable Reordering” improve security?
A) It makes buffer overflow exploits less predictable by rearranging variable positions
B) It speeds up execution
C) It reduces memory fragmentation
D) It prevents ASLR from being disabled
β Answer: A) It makes buffer overflow exploits less predictable by rearranging variable positions
π‘ Explanation: By reordering stack variables, attackers have difficulty predicting buffer locations.
159. What is the purpose of Heap Guard Pages?
A) They detect heap-based buffer overflows by placing protected memory regions around allocations
B) They optimize heap allocation
C) They increase CPU performance
D) They prevent stack execution
β Answer: A) They detect heap-based buffer overflows by placing protected memory regions around allocations
π‘ Explanation: Guard Pages help catch buffer overflows before they can corrupt critical memory.
160. Why is “Bounds Checking” important in preventing buffer overflows?
A) It ensures data does not exceed buffer limits
B) It speeds up execution
C) It optimizes heap allocation
D) It reduces stack size
β Answer: A) It ensures data does not exceed buffer limits
π‘ Explanation: Bounds checking verifies that memory accesses stay within allocated buffer limits, preventing overflows.
161. How does “Control Flow Integrity (CFI)” help prevent buffer overflow exploits?
A) It ensures that indirect jumps and calls only go to valid destinations
B) It encrypts function pointers
C) It prevents memory allocation failures
D) It increases execution speed
β Answer: A) It ensures that indirect jumps and calls only go to valid destinations
π‘ Explanation: CFI enforces valid execution paths to prevent control flow hijacking by attackers.
162. What is “Buffer Over-read” in the context of memory vulnerabilities?
A) When a program reads beyond the allocated buffer boundary, potentially exposing sensitive data
B) When a program writes beyond the buffer limits
C) When the buffer is allocated but never used
D) When a buffer is freed multiple times
β Answer: A) When a program reads beyond the allocated buffer boundary, potentially exposing sensitive data
π‘ Explanation: Buffer over-read vulnerabilities, such as those found in Heartbleed, can expose sensitive information stored in adjacent memory.
163. What role does “Heap Chunk Linking” play in memory exploitation?
A) Attackers can manipulate heap chunk metadata to corrupt memory and gain control over execution flow
B) It prevents heap overflows
C) It randomizes heap allocation
D) It optimizes memory usage
β Answer: A) Attackers can manipulate heap chunk metadata to corrupt memory and gain control over execution flow
π‘ Explanation: Heap chunk linking involves modifying heap metadata to overwrite critical structures, often leading to exploitation.
164. Why is “DEP (Data Execution Prevention)” ineffective against Return-Oriented Programming (ROP) attacks?
A) ROP does not inject new code but reuses existing executable instructions
B) DEP prevents only heap-based overflows
C) DEP encrypts return addresses
D) ROP requires special hardware features
β Answer: A) ROP does not inject new code but reuses existing executable instructions
π‘ Explanation: Since ROP chains use existing instructions, DEP does not prevent them, as no new code is executed.
165. Which compiler flag in GCC helps enable Position Independent Executable (PIE) for ASLR support?
A) -fPIE
B) -O2
C) -fstack-protector
D) -march=native
β
Answer: A) -fPIE
π‘ Explanation: -fPIE generates position-independent code, allowing ASLR to randomize memory layout and improve security.
166. What is the purpose of “Lazy Binding” in dynamic linking?
A) Defers the resolution of function addresses until they are called, potentially introducing security risks
B) Prevents buffer overflows
C) Encrypts memory allocations
D) Increases execution speed
β Answer: A) Defers the resolution of function addresses until they are called, potentially introducing security risks
π‘ Explanation: Lazy binding allows dynamic resolution of function addresses, which can be exploited via GOT overwrites.
167. How does “Shadow Call Stack” prevent return address corruption?
A) It maintains a separate, protected stack for return addresses
B) It encrypts return addresses
C) It randomizes function calls
D) It prevents heap fragmentation
β Answer: A) It maintains a separate, protected stack for return addresses
π‘ Explanation: Shadow Call Stack ensures return addresses cannot be modified by an attacker, protecting against ROP.
168. Why is “Backwards Edge Control Flow Integrity (CFI)” important?
A) It protects return addresses from being overwritten by exploits
B) It increases program execution speed
C) It prevents ASLR from being bypassed
D) It randomizes function arguments
β Answer: A) It protects return addresses from being overwritten by exploits
π‘ Explanation: Backwards Edge CFI ensures return addresses remain unaltered, preventing return-oriented exploits.
**169. What is the primary purpose of Intel CET (Control-flow Enforcement Technology)?
A) Mitigates Return-Oriented and Jump-Oriented Programming attacks
B) Speeds up memory allocation
C) Prevents integer overflows
D) Randomizes stack memory
β Answer: A) Mitigates Return-Oriented and Jump-Oriented Programming attacks
π‘ Explanation: Intel CET provides hardware-level security features like Shadow Stacks to prevent control flow hijacking.
170. What is the risk of using sprintf() instead of snprintf()?
A) sprintf() does not check buffer boundaries, leading to potential buffer overflows
B) sprintf() is slower than snprintf()
C) sprintf() does not support Unicode characters
D) sprintf() automatically encrypts output
β
Answer: A) sprintf() does not check buffer boundaries, leading to potential buffer overflows
π‘ Explanation: sprintf() does not limit output size, allowing overflows, whereas snprintf() enforces buffer limits.
171. What is “Pointer Subterfuge” in security exploitation?
A) Modifying function pointers or object pointers to hijack control flow
B) Encrypting pointers to prevent unauthorized access
C) Increasing pointer dereferencing speed
D) Using pointers to optimize memory allocation
β Answer: A) Modifying function pointers or object pointers to hijack control flow
π‘ Explanation: Pointer subterfuge attacks involve overwriting pointers to redirect execution, often leading to arbitrary code execution.
172. What is the purpose of “Full RELRO” in ELF binaries?
A) It makes the Global Offset Table (GOT) read-only to prevent modification
B) It speeds up dynamic linking
C) It increases function call performance
D) It prevents stack execution
β Answer: A) It makes the Global Offset Table (GOT) read-only to prevent modification
π‘ Explanation: Full RELRO ensures that the GOT cannot be modified, preventing GOT-based exploits.
173. Why is “Heap Spraying” an effective attack technique?
A) It fills heap memory with predictable patterns to increase exploit success rate
B) It randomizes heap memory
C) It prevents heap fragmentation
D) It speeds up heap allocation
β Answer: A) It fills heap memory with predictable patterns to increase exploit success rate
π‘ Explanation: Heap Spraying helps attackers place malicious payloads in predictable locations, improving exploit reliability.
174. What is “Heap Tainting” in security?
A) Marking untrusted input in heap memory to track potential security vulnerabilities
B) Encrypting heap memory
C) Increasing execution speed
D) Optimizing memory allocation
β Answer: A) Marking untrusted input in heap memory to track potential security vulnerabilities
π‘ Explanation: Heap tainting helps detect and analyze potential memory corruption exploits.
175. How does “Pointer Authentication (PAC)” in ARM processors prevent buffer overflow exploits?
A) It cryptographically signs pointers to prevent unauthorized modification
B) It randomizes function calls
C) It encrypts stack memory
D) It speeds up execution
β Answer: A) It cryptographically signs pointers to prevent unauthorized modification
π‘ Explanation: PAC ensures that pointers cannot be tampered with, preventing control flow hijacking.
176. What is “NOP Sledding” in buffer overflow exploitation?
A) Placing a sequence of NOP instructions to improve exploit success rate
B) Randomizing function calls
C) Encrypting stack memory
D) Increasing buffer size
β Answer: A) Placing a sequence of NOP instructions to improve exploit success rate
π‘ Explanation: NOP sleds allow execution to slide into the payload, making buffer overflow exploits more reliable.
177. How does “Stack Coloring” improve security?
A) It places different stack variables in separate memory regions to reduce the impact of buffer overflows
B) It speeds up execution
C) It disables ASLR
D) It prevents integer overflows
β Answer: A) It places different stack variables in separate memory regions to reduce the impact of buffer overflows
π‘ Explanation: Stack coloring helps prevent overflows from affecting critical stack data.
178. What is the main security risk associated with “Off-by-One Errors”?
A) They can lead to buffer overflows by writing one byte past an allocated buffer
B) They optimize memory allocation
C) They speed up program execution
D) They increase stack size
β Answer: A) They can lead to buffer overflows by writing one byte past an allocated buffer
π‘ Explanation: Off-by-one errors occur when a program writes one extra byte beyond a bufferβs boundary, potentially modifying adjacent memory structures like return addresses or heap metadata.
179. How does “Ret2PLT” (Return to Procedure Linkage Table) help bypass security mechanisms?
A) It allows attackers to call arbitrary library functions via the Procedure Linkage Table (PLT)
B) It speeds up function execution
C) It optimizes memory allocation
D) It prevents ASLR bypass
β Answer: A) It allows attackers to call arbitrary library functions via the Procedure Linkage Table (PLT)
π‘ Explanation: Ret2PLT attacks allow indirect function calls via the PLT, often used to execute system commands in buffer overflow exploits.
180. What is “Stack Pivoting” in the context of buffer overflow attacks?
A) Redirecting execution to a controlled stack memory region to facilitate exploitation
B) Increasing stack size to prevent overflows
C) Encrypting return addresses
D) Speeding up recursion
β Answer: A) Redirecting execution to a controlled stack memory region to facilitate exploitation
π‘ Explanation: Stack pivoting manipulates the stack pointer to redirect execution to attacker-controlled memory, enabling advanced exploitation techniques like Return-Oriented Programming (ROP).
181. How does “Heap Isolation” improve security?
A) It ensures different heap allocations are separated to prevent memory corruption
B) It speeds up heap allocation
C) It prevents integer overflows
D) It disables stack execution
β Answer: A) It ensures different heap allocations are separated to prevent memory corruption
π‘ Explanation: Heap isolation makes it harder for attackers to use heap-based buffer overflows to overwrite adjacent memory structures.
182. What is the main security benefit of “Function Argument Checking”?
A) Prevents buffer overflows by ensuring function arguments match expected sizes
B) Optimizes function execution
C) Encrypts function pointers
D) Increases recursion depth
β Answer: A) Prevents buffer overflows by ensuring function arguments match expected sizes
π‘ Explanation: Function argument checking prevents unintended buffer overflows by ensuring the correct number and size of arguments are passed to functions.
183. How do “Guard Pages” help prevent buffer overflows?
A) They place inaccessible memory regions around buffers to detect overflows
B) They encrypt memory allocations
C) They speed up execution
D) They reduce memory fragmentation
β Answer: A) They place inaccessible memory regions around buffers to detect overflows
π‘ Explanation: Guard pages are used to detect memory corruption by triggering exceptions when a program accesses protected memory.
184. What is the primary security risk of “Integer Truncation” in buffer overflow protection?
A) It can lead to incorrect buffer size calculations, causing overflows
B) It speeds up function execution
C) It reduces memory usage
D) It prevents heap fragmentation
β Answer: A) It can lead to incorrect buffer size calculations, causing overflows
π‘ Explanation: Integer truncation occurs when a larger integer is converted to a smaller type, potentially leading to buffer overflows due to incorrect size calculations.
185. Why is “Unaligned Memory Access” a potential security risk in buffer overflow attacks?
A) It can lead to undefined behavior and memory corruption
B) It speeds up memory allocation
C) It prevents stack overflows
D) It optimizes pointer usage
β Answer: A) It can lead to undefined behavior and memory corruption
π‘ Explanation: Unaligned memory access may cause unexpected crashes or vulnerabilities due to inconsistent memory handling.
186. How does “Relocation Read-Only (RELRO)” in ELF binaries improve security?
A) It makes the Global Offset Table (GOT) read-only to prevent modification
B) It disables stack execution
C) It speeds up dynamic linking
D) It prevents recursion
β Answer: A) It makes the Global Offset Table (GOT) read-only to prevent modification
π‘ Explanation: RELRO protects critical memory structures, such as the GOT, from being modified by attackers.
187. What is “Memory Compartmentalization” in modern security architectures?
A) Separating memory regions to limit the impact of exploits
B) Encrypting memory allocations
C) Optimizing heap allocation
D) Speeding up stack execution
β Answer: A) Separating memory regions to limit the impact of exploits
π‘ Explanation: Memory compartmentalization prevents exploits from affecting unrelated memory regions, reducing attack impact.
188. How does “Zeroing Freed Memory” improve security?
A) It prevents sensitive data from being accessed after memory deallocation
B) It speeds up memory reuse
C) It disables ASLR
D) It reduces memory fragmentation
β Answer: A) It prevents sensitive data from being accessed after memory deallocation
π‘ Explanation: Zeroing freed memory ensures that no sensitive data is left behind, reducing the risk of use-after-free vulnerabilities.
189. What is the purpose of “Pointer Masking” in memory security?
A) It obfuscates pointer values to prevent unauthorized manipulation
B) It speeds up pointer dereferencing
C) It prevents function calls
D) It optimizes memory allocation
β Answer: A) It obfuscates pointer values to prevent unauthorized manipulation
π‘ Explanation: Pointer masking makes it harder for attackers to predict and manipulate memory addresses.
190. Why is “Executable Space Protection” important in buffer overflow mitigation?
A) It prevents execution of injected shellcode in writable memory regions
B) It speeds up memory access
C) It increases stack memory size
D) It optimizes function calls
β Answer: A) It prevents execution of injected shellcode in writable memory regions
π‘ Explanation: Executable space protection ensures that memory regions designated for data storage cannot be executed, mitigating buffer overflow attacks.
191. What is the purpose of “Object Size Checking” in buffer overflow prevention?
A) Ensuring buffer accesses do not exceed the allocated size
B) Increasing execution speed
C) Encrypting memory addresses
D) Preventing recursive function calls
β Answer: A) Ensuring buffer accesses do not exceed the allocated size
π‘ Explanation: Object size checking prevents buffer overflows by ensuring that memory accesses do not exceed allocated buffer sizes.
192. How does “Randomized Structure Layout (RSL)” improve security?
A) It randomizes the order of fields in structures to prevent predictable memory corruption
B) It optimizes structure memory usage
C) It speeds up execution
D) It reduces function call overhead
β Answer: A) It randomizes the order of fields in structures to prevent predictable memory corruption
π‘ Explanation: RSL makes it harder for attackers to predict memory layouts, reducing exploitability.
193. What is “Stack Variable Padding” used for in buffer overflow prevention?
A) It adds unused space between variables to prevent memory corruption
B) It speeds up function execution
C) It prevents stack execution
D) It encrypts return addresses
β Answer: A) It adds unused space between variables to prevent memory corruption
π‘ Explanation: Stack variable padding ensures that buffer overflows cannot easily overwrite adjacent memory structures.
194. How does “Null Byte Injection” help bypass some buffer overflow protections?
A) It tricks functions into treating input as shorter than expected
B) It speeds up execution
C) It prevents stack execution
D) It randomizes memory addresses
β Answer: A) It tricks functions into treating input as shorter than expected
π‘ Explanation: Some string-based security mechanisms may stop processing at null bytes, allowing attackers to bypass length checks.
195. What is “Stack Growth Protection” in modern operating systems?
A) Prevents excessive stack expansion to adjacent memory regions
B) Encrypts stack memory
C) Prevents function call optimization
D) Optimizes recursion
β Answer: A) Prevents excessive stack expansion to adjacent memory regions
π‘ Explanation: Stack growth protection prevents attackers from overflowing the stack into other critical memory regions.
196. Why is “Dynamic Bounds Checking” useful in buffer overflow prevention?
A) It ensures memory accesses stay within allocated buffer sizes at runtime
B) It speeds up memory allocation
C) It disables stack execution
D) It optimizes heap fragmentation
β Answer: A) It ensures memory accesses stay within allocated buffer sizes at runtime
π‘ Explanation: Dynamic bounds checking detects and prevents out-of-bounds memory accesses, reducing buffer overflow risks.
197. What is the purpose of “Stack Reordering” in security?
A) It rearranges stack variables to make overflow exploits harder
B) It speeds up memory access
C) It reduces recursion depth
D) It prevents ASLR bypass
β Answer: A) It rearranges stack variables to make overflow exploits harder
π‘ Explanation: Stack reordering makes it difficult for attackers to predict the locations of critical stack variables.
198. What security risk does “Non-Terminated String Copying” introduce?
A) It may cause buffer overflows by allowing uncontrolled data copying
B) It speeds up execution
C) It prevents recursion
D) It randomizes memory addresses
β Answer: A) It may cause buffer overflows by allowing uncontrolled data copying
π‘ Explanation: Failing to null-terminate copied strings can lead to memory corruption and potential overflow vulnerabilities.
199. How does “Address Masking” improve security?
A) It hides memory addresses from attackers to prevent exploitation
B) It speeds up function execution
C) It optimizes memory fragmentation
D) It increases stack execution speed
β Answer: A) It hides memory addresses from attackers to prevent exploitation
π‘ Explanation: Address masking ensures that attackers cannot easily predict memory locations for exploitation.
200. What is the purpose of “Branch Control Security” in modern CPUs?
A) Prevents branch prediction attacks by validating execution paths
B) Optimizes recursive function calls
C) Speeds up function execution
D) Encrypts return addresses
β Answer: A) Prevents branch prediction attacks by validating execution paths
π‘ Explanation: Branch control security ensures that indirect jumps and branches do not lead to unauthorized code execution.
201. How does “Zero-Initialization of Memory” prevent security vulnerabilities?
A) It ensures uninitialized memory does not contain sensitive data
B) It speeds up memory allocation
C) It increases execution speed
D) It prevents recursion depth errors
β Answer: A) It ensures uninitialized memory does not contain sensitive data
π‘ Explanation: Zero-initializing memory prevents data leaks and reduces the risk of unintended memory access.
202. What is the purpose of “Pointer Obfuscation” in security?
A) It makes it harder for attackers to predict and manipulate pointers
B) It increases function execution speed
C) It prevents heap fragmentation
D) It encrypts function arguments
β Answer: A) It makes it harder for attackers to predict and manipulate pointers
π‘ Explanation: Pointer obfuscation ensures that memory addresses are not easily guessable by attackers.
203. How does “Control Flow Integrity Forward Edge (CFI-FE)” prevent attacks?
A) It ensures function calls only go to valid targets
B) It encrypts function pointers
C) It prevents recursion
D) It speeds up execution
β Answer: A) It ensures function calls only go to valid targets
π‘ Explanation: CFI-FE enforces strict validation of indirect calls, preventing attackers from hijacking execution flow.
204. Why is “Heap Metadata Randomization” important for security?
A) It prevents heap-based buffer overflows by making heap structures unpredictable
B) It speeds up memory allocation
C) It disables ASLR
D) It increases function call performance
β Answer: A) It prevents heap-based buffer overflows by making heap structures unpredictable
π‘ Explanation: Randomizing heap metadata makes it harder for attackers to predict and manipulate memory structures.
205. What is the primary role of “Stack Frame Pointers Validation” in security?
A) Ensures return addresses are not corrupted before execution resumes
B) Optimizes function execution
C) Increases execution speed
D) Reduces function call overhead
β Answer: A) Ensures return addresses are not corrupted before execution resumes
π‘ Explanation: Validating stack frame pointers helps detect buffer overflow attacks that attempt to modify return addresses.