Introduction to Operating Systems Nptel Week 8 Answers

Are you looking for Introduction to Operating Systems Nptel Week 8 Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 8 assignment in the Introduction to Operating Systems course.

Course Link: Click Here


These are Introduction to Operating Systems Nptel Week 8 Answers
Introduction to Operating Systems Nptel Week 8 Answers

Introduction to Operating Systems Nptel Week 8 Answers (July-Dec 2024)


  1. A user with confidential clearance has read only rights to a top secret file. He decides to save a copy of the file and email it to all his friends on Facebook. This breach of information can be prevented by implementing Bell-la-Padula model.
    A) True
    B) False

Answer: B) False


  1. Your project manager asks you to ensure that a particular source code is free from buffer overflow vulnerabilities. Which of the following would you need to look out for?
    A) scanf in the code
    B) strcpy in the code
    C) For loops that manipulate arrays
    D) All of the above

Answer: D) All of the above


  1. Address Space Layout Randomization randomizes the size of all arrays and thereby makes it difficult to overflow buffers.
    True
    False

Answer: B) False


  1. Arrange the following, based on the order parameters are pushed onto the stack
    A) Return address is pushed
    B) Local variables are allocated
    C) Previous frame pointers
    D) The function call parameters

A) a, b, c, d
B) b, c, d, a
C) b, a, c, d
D) d, a, c, b

Answer: D) d, a, c, b


  1. Gadgets are short sequences of instructions that ends with return instruction.
    A) True
    B) False

Answer: A) True


These are Introduction to Operating Systems Nptel Week 8 Answers


  1. An ROP attack can potentially be detected at run-time by
    A) Canaries
    B) The number of return statements executed in the processor
    C) The number of return statements present in the executable
    D) By a non-executable stack

Answer: A) Canaries


  1. The number of gadgets present in an implementation depends on the number of return instructions in the machine code.
    A) True
    B) False

Answer: A) True


  1. Programmer X has found that the source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is true?
    A) Buffer overflow vulnerabilities caused due to strcpy is avoided due to bounds check
    B) This will not make any changes in the source code
    C) Buffer overflow attack will not occur in this source code
    D) None of these

Answer: D) None of these


  1. Match the following:
    A) Secrecy – 1) Limits the resource usage
    B) Integrity – 2) Unauthorized modification
    C) Availability – 3) Unauthorized disclosure

A) a-1, b-2, c-3
B) a-2, b-3, c-1
C) a-3, b-2, c-1
D) None of these

Answer: C) a-3, b-2, c-1


  1. A gadget that ends with a branch instruction can never be used for an ROP attack.
    True
    False

Answer: B) False


These are Introduction to Operating Systems Nptel Week 8 Answers

All weeks of Introduction to Operating Systems: Click Here

For answers to additional Nptel courses, please refer to this link: NPTEL Assignment Answers


Introduction to Operating Systems Nptel Week 8 Answers (July-Dec 2023)

Course Name: Introduction to Operating Systems

See also  Introduction To Operating Systems NPTEL Week 2 Assignment

Course Link: Click Here

These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q1. Suppose a source code has buffer overflow vulnerabilities. Which of the following can cause buffer overflow vulnerabilities
scanf(“%s”,…)
strcpy(destination,source)
send command used for network connection

Only A
B and C
A and B
All of the above

Answer: All of the above


Q2. State True/False
The non executable stack helps to prevent buffer overflow attack, but the overhead for making a stack as non executable stack is more than that of canaries.

True
False

Answer: False


Q3. Arrange the following, based on the order the parameters are pushed into the stack
Return address is pushed
The function call parameters
Previous frame pointers
Local variables are allocated

a, b, c, d
b, c, d, a
b, a , c, d
a, c, d, b

Answer: b, a , c, d


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q4. User X has found that s source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is True
Buffer overflow attack will not occur in this source code
Buffer overflow vulnerabilities caused due to strcpy is avoided to some extend since it do the bound check
This will not make any change in the source code
None of these

Answer: Buffer overflow vulnerabilities caused due to strcpy is avoided to some extend since it do the bound check


Q5. State True/False
The number of gadgets present in the implementation depends on the number of C3 instruction in the machine code

True
False

Answer: False


Q6. Match the following
Gadget 1) pseudo random number which detect the buffer overflow
Canaries 2) Short sequence of instruction ends with return
Shellcode 3) Execute inside the stack
ASLR 4) Specific address location

a-4, b-3, c-2, d-1
a-2, b-1, c-4, d-3
a-1, b-2, c-4, d-3
a-2, b-1 c-3, d-4

Answer: a-2, b-1 c-3, d-4


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q7. ASLR randomizes
The size of all arrays, thereby making it difficult to perform buffer overflows
All instructions in the program
Positions of the stack, heap, and libraries
Position of all variables in the stack

Answer: Positions of the stack, heap, and libraries


Q8. Match the following:
Secrecy 1)Limit the resource usage
Integrity 2)Unauthorized modification
Availability 3)Unauthorized disclosure

a-1, b-2, c-3
a-2, b-3, c-1
a-3, b-2, c-1
None of these

Answer: a-3, b-2, c-1


Q9. Consider the following commands in a system that supports discretionary access control.
Which one of the following statements is TRUE?
There is no leakage of rights due to these commands
A leakage may occur when a user with write permissions, executes ADD_READ command
A leakage may occur when a user with write permissions, executes ADD_DELETE command

Only A is correct
Only B is correct
Only C is correct
Both B and C is correct

Answer: Only C is correct


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q10. Suppose in a system you have 2000 files and 4 user, who has access rights on these files. Which on of the following will be the best method to implement access control ?
Using an authorization table
Using a capability based implementation
Using access control lists
Any of the above would techniques would work well

See also  Introduction to Operating Systems Nptel Week 2 Answers

Answer: Any of the above would techniques would work well


Q11. Which of the following is False for the Information flow policies
Information can only flow from one security class to another is less secure
Information can flow from a lower class to a higher class is less secure
Combine information from a lower class with a higher class will result in a higher class is less secured
Combine information from one class with another information from another class will result in same class is more secure

Answer: Information can only flow from one security class to another is less secure


Q12. State True/False
In mandatory access control, information from top secret object will not flow to secret and vice versa.

True
False

Answer: False


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q13. A user X with secret clearance decides to transfer information to a third party Y. And Y tries to make changes in the confidential class. This breach of information can be prevented by _____.
Implementing access control matrix
Implementing Bell-laPadula model
Implementing the Biba Model
None of the above

Answer: Implementing Bell-laPadula model


Q14. Using a Biba model, a user X can read a file Y and can write a file Z. Which of the following is TRUE?
X has clearance Confidential, Y is a Top Secret file and Z is a confidential file
X has secret Confidential, Y is a Unclassified File and Z is a confidential file
X has secret Confidential, Y is a secret file and Z is a confidential file

A and C are TRUE
B and C are TRUE
A and B are TRUE
Only A is TRUE

Answer: A and C are TRUE


Q15. In a company, there are 4 levels of employees: Top management, group-leaders, team-leaders, and staff. The top management takes feedback from all leaders employees and then creates new policy document from the company. The new document should be classified ____.
A top management document
A team-leader document
A staff document
A public document

Answer: A team-leader document


Introduction to Operating Systems Nptel Week 8 Answers (Jan-Apr 2023)

Link of course: Click here

These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q1) ASLR randomizes the position of all variables in the stack and thereby making it difficult to perform buffer overflows.
a. True
b. False

Answer: a. True


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q2) Match the following
a)Gadget         1) pseudo random number which detects buffer overflow
b)Canaries        2) Short sequence of instructions ending in a return
c)Shellcode      3) May execute in the stack if the NX bit is disabled
d)ASLR            4) helps prevent ROP attacks

a. a-4, b-3, c-2, d-1
b. a-2, b-1, c-4, d-3
c. a-1, b-2, c-4, d-3
d. a-2, b-1 c-3, d-4

Answer: c. a-1, b-2, c-4, d-3


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q3) How does the NX bit prevent buffer overflow attacks?
a. It prevents buffers from overflowing
b. It prevents certain code from executing in data segments
c. It prevents the return address in the stack being replaced by an arbitrary location
d. All of the above

Answer: d. All of the above


These are Introduction to Operating Systems NPTEL Assignment 8 Answers

See also  Introduction To Operating Systems NPTEL Week 7 Assignment

Q4) An ROP attack can potentially be detected at run-time by
a. Canaries
b. The number of return statements executed in the processor
c. The number of return statements present in the executable
d. By a non-executable stack

Answer: c. The number of return statements present in the executable


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q5) In the Bell-Lapadula model, information from top secret object will not flow to secret clearance.
a. True
b. False

Answer: b. False


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q6) A user X with secret clearance decides to transfer information to a third party Y and Y tries to make changes in the confidential class.
This breach of information can be prevented by _________________.

a. Implementing access control matrix
b. Implementing Bell-laPadula model
c. Implementing the Biba Model
d. None of the above

Answer: d. None of the above


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q7) Programmer X has found that the source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is True?
a. Buffer overflow vulnerabilities caused due to strcpy is avoided due to  bounds check
b. This will not make any changes in the source code
c. Buffer overflow attack will not occur in this source code
d. None of these

Answer: d. None of these


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q8) Consider the following commands in a system that supports discretionary access control.
Which one of the following statements is TRUE?
A.There is no leakage of rights due to these commands
B.A leakage may occur when an owner of an object, executes CONFERwrite command.
C.A leakage may occur when a user with write permissions, executes ADD_READ command

a. Only A is correct
b. Only B is correct
c. Only C is correct
d. Both B and C is correct

Answer: b. Only B is correct


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q9) Your project manager asks you to ensure that a particular source code is free from buffer overflow vulnerabilities. Which of the following would you need to look out for.
a. scanf in the code
b. strcpy in the code
c. For loops that manipulate arrays
d. All of the above

Answer: b. strcpy in the code


These are Introduction to Operating Systems NPTEL Assignment 8 Answers


Q10) Arrange the following, based on the order  parameters are pushed onto the stack
a) Return address is pushed
b)The function call parameters
c)Previous frame pointers
d)Local variables are allocated

a) a, b, c, d
b) b, c, d, a
c) b, a , c, d
d) a, c, d, b

Answer: b) b, c, d, a