Hands On Ethical Hacking and Network

Defense 2nd Edition Simpson Test

Bank
Visit to download the full and correct content document: https://testbankdeal.com/dow
nload/hands-on-ethical-hacking-and-network-defense-2nd-edition-simpson-test-bank/
Chapter 7: Programming for Security Professionals

TRUE/FALSE

1. Most programming languages do not have a way to conduct testing of a variable.

ANS: F PTS: 1 REF: 167

2. Bugs are worse than syntax errors because a program can run successfully with a bug, but the output
might be incorrect or inconsistent.

ANS: T PTS: 1 REF: 167

3. You must always add “//” at the end of comment text in C.

ANS: F PTS: 1 REF: 170

4. To compile the “syntax.c” program in *nix you enter the gcc -c syntax.c -o syntax.o
command.

ANS: T PTS: 1 REF: 177

5. Security professionals often need to examine Web pages and recognize when something looks
suspicious.

ANS: T PTS: 1 REF: 178

6. HTML doesn’t use branching, looping, or testing.

ANS: T PTS: 1 REF: 178

MULTIPLE CHOICE

1. A ____ is a mini program within a main program that carries out a task.
a. function c. branch
b. script d. loop
ANS: A PTS: 1 REF: 167

2. ____ takes you from one area of a program (a function) to another area.
a. Branching c. Testing
b. Looping d. Dividing
ANS: A PTS: 1 REF: 167

3. ____ is the act of performing a task over and over.

a. Branching c. Testing
b. Looping d. Remembering
ANS: B PTS: 1 REF: 167

4. Software engineering firms don’t retain computer programmers who do not document their work
because they know that 80% of the cost of software projects is ____.
 a. documentation c. testing
b. debugging d. maintenance
ANS: D PTS: 1 REF: 169

5. The C programming language was developed by ____ at Bell Laboratories in 1972.

a. James Gosling c. Dennis Ritchie
b. Larry Wall d. Larry Tesler
ANS: C PTS: 1 REF: 169

6. UNIX was first written in assembly language, soon rewritten in ____.

a. Smalltalk c. Python
b. Perl d. C
ANS: D PTS: 1 REF: 169

7. You can use /* and */ instead of ____ symbol(s) for one-line comments in C.
a. # c. **
b. #! d. //
ANS: D PTS: 1 REF: 170

8. The ____ statement in C is used to load libraries that hold the commands and functions used in your
program.
a. #include c. use
b. package d. #import
ANS: A PTS: 1 REF: 171

9. In C, ____ show where a block of code begins and ends.

a. braces c. brackets
b. parenthesis d. dashes
ANS: A PTS: 1 REF: 171

10. The ____ special character is used with the printf() function in C to indicate a new line.
a. \t c. \n
b. \0 d. \l
ANS: C PTS: 1 REF: 171

11. The ____ special character is used with the printf() function in C to indicate a tab.
a. \t c. \n
b. \0 d. \l
ANS: A PTS: 1 REF: 171

12. The mathematical operator in C that increments the unary value by 1 is ____.
a. + c. ++
b. % d. &
ANS: C PTS: 1 REF: 172

13. The logical operator in C that is used to compare the equality of two variables is ____.
a. = c. ||
b. && d. ==
 ANS: D PTS: 1 REF: 173

14. The logical operator in C that is evaluated as true if both sides of the operator are true is ____.
a. = c. ||
b. && d. ==
ANS: B PTS: 1 REF: 173

15. In C, the statement ____ tells the compiler to keep doing what’s in the brackets over and over and
over.
a. loop c. do(forever)
b. continue d. for(;;)
ANS: D PTS: 1 REF: 175

16. ____ is a markup language rather than a programming language.

a. C c. Perl
b. HTML d. PHP
ANS: B PTS: 1 REF: 177

17. In HTML, each tag has a matching closing tag that’s written with a(n) ____ added.
a. forward slash (/) c. bang (!)
b. backward slash (\) d. ampersand (&)
ANS: A PTS: 1 REF: 178

18. If you want to know what the Perl print command does, you can use ____.
a. perl -h c. perl -h print
b. perldoc -f print d. man perl print
ANS: B PTS: 1 REF: 185

19. The print command for Perl is almost identical to the ____ print command.
a. Java c. PHP
b. C d. Smalltalk
ANS: B PTS: 1 REF: 185

20. In Perl, the keyword “____” is used in front of function names.

a. func c. sub
b. declare d. proc
ANS: C PTS: 1 REF: 186

21. In Perl, variables begin with the ____ character.

a. % c. *
b. ! d. $
ANS: D PTS: 1 REF: 186

22. In Perl, comment lines begin with the ____ character(s).

a. % c. #
b. // d. $
ANS: C PTS: 1 REF: 186
COMPLETION

1. A loop usually completes after ____________________ is conducted on a variable and returns a value
of true or false.

ANS: testing

PTS: 1 REF: 167

2. ____________________ language uses a combination of hexadecimal numbers and expressions, such

as mov, add, and sub, making it easier for humans to write programs than in binary or machine
language.

ANS: Assembly

PTS: 1 REF: 169

3. C programs must contain a(n) ____________________ function, but you can also add your own
functions to a C program.

ANS:
main()
main

PTS: 1 REF: 171

4. The HTML ____________________ tag formats text as a level 1 heading.

ANS: <H1>

PTS: 1 REF: 178

5. Many scripts and programs for security professionals are written in

________________________________________, a powerful scripting language.

ANS:
Practical Extraction and Report Language
PERL
Practical Extraction and Report Language (PERL)
PERL (Practical Extraction and Report Language)

PTS: 1 REF: 180

6. Structures called classes can be written in many ____________________ languages (Java, Object
COBOL, or Perl).

ANS: object-oriented

PTS: 1 REF: 192

MATCHING
 Match each term with the correct statement below.
a. pseudocode f. do loop
b. conversion specifier g. compiler
c. class h. while loop
d. bug i. gcc
e. variable
1. error that causes unpredictable results
2. English-like language you can use to help create the structure of your program
3. converts a text-based program, called source code, into executable or binary code
4. GNU C and C++ compilers
5. represents a numeric or string value
6. tells the compiler how to convert a value in a function
7. checks whether a condition is true and then continues looping until the condition becomes false
8. performs an action first and then tests to see whether the action should continue to occur
9. structure that holds pieces of data and functions

1. ANS: D PTS: 1 REF: 167

2. ANS: A PTS: 1 REF: 168
3. ANS: G PTS: 1 REF: 169
4. ANS: I PTS: 1 REF: 170
5. ANS: E PTS: 1 REF: 171
6. ANS: B PTS: 1 REF: 172
7. ANS: H PTS: 1 REF: 174
8. ANS: F PTS: 1 REF: 175
9. ANS: C PTS: 1 REF: 192

SHORT ANSWER

1. What is an algorithm? You may use an analogy to explain the concept.

ANS:
A computer program contains different functions, or modules, that perform specific tasks. Say you’re
writing a program for making a BLT sandwich. The first step is to list the tasks in this process. In
computer lingo, you’re writing an algorithm (a recipe) to make a BLT sandwich. You keep an
algorithm as simple as possible, but creating an algorithm is one of the most important programming
skills to master.

PTS: 1 REF: 167

2. Why is documenting computer programs essential?

ANS:
When writing any computer program, documenting your work is essential. To do this, you add
comments to the code that explain what you’re doing. Documentation not only makes your program
easier for someone else to modify; it also helps you remember what you were thinking when you wrote
the program. The phrase “No comment” might be appropriate for politicians or Wall Street investors
with inside trading information, but not for computer programmers.

PTS: 1 REF: 168

3. Mention three C compilers and on which operating systems they are available.

ANS:
Intel Compilers for Windows and Linux: Intel’s C++ compiler for developing applications for
Windows servers, desktops, and handheld PDAs. The Intel Linux C++ compiler claims to optimize the
speed of accessing information from a MySQL database, an open-source database program used by
many corporations and e-commerce companies.

Microsoft Visual C++ Compiler: This compiler is widely used by programmers developing C and C++
applications for Windows platforms.

GNU C and C++ compilers (GCC): These free compilers can be downloaded for Windows and *nix
platforms. Most *nix systems include the GNU GCC compiler.

PTS: 1 REF: 170

4. What is a dangerous thing about programming in the C language?

ANS:
What’s dangerous about C is that a beginner can make some big blunders. For example, a programmer
can write to areas of memory that cause damage to the OS kernel or, even worse, write a program that
allows a remote user to write to areas of memory. Usually, what’s written is executable code that
might give an attacker a backdoor into the system, escalate an attacker’s privileges to that of an
administrator, or simply crash the program. This type of attack is usually possible because the
programmer didn’t check users’ input. For example, if users can enter 300 characters when prompted
to enter their last names, an attacker can probably enter executable code at this point of the program.
When you see the term “buffer overflow vulnerability,” think “poor programming practices.”
Although C is easy to learn and use, errors in using it can result in system damage.

PTS: 1 REF: 170

5. In programming, what are variables used for?

ANS:
A variable represents a numeric or string value.For example, you can solve x + y = z if you know two
of the variable values. In programming, you can declare variables at the beginning of a program so that
calculations can be carried out without user intervention. A variable might be defined as a character or
characters, such as the letters of the alphabet, or it can be assigned a numeric value, as in the
expression int x = 1.

PTS: 1 REF: 171

6. List and describe the variable types used in C.

ANS:
int: Use this variable type for an integer (positive or negative number).
float: This variable type is for a real number that includes a decimal point, such as 1.299999.
double: Use this variable type for a double-precision floating point.
char: This variable type holds the value of a single letter.
string: This variable type holds the value of multiple characters or words.
 const: A constant variable is one you create to hold a value that doesn’t change for the duration of
your program. For example, you can create a constant variable called TAX and give it a specific value:
const TAX - .085. If this variable is used in areas of the program that calculate total costs after adding
an 8.5% tax, it’s easier to change the constant value to a different number if the tax rate changes,
instead of changing every occurrence of 8.5% to 8.6%.

PTS: 1 REF: 171

7. What is the difference between the = and = = operators in C?

ANS:
Many beginning C programmers make the mistake of using a single equal sign (=) instead of the
double equal sign (= =) when attempting to test the value of a variable. A single equal sign (the
assignment operator) is used to assign a value to a variable. For example, a = 5 assigns the value of 5
to the variable a. To test the value of variable a, you could use the command “if (a = = 5)”. If you
mistakenly wrote the statement as “if (a = 5)”, the value of 5 is assigned to the variable a, and then the
statement is evaluated as true. This is because any value not equal to zero is evaluated as true, and a
zero value is evaluated as false.

PTS: 1 REF: 173

8. How does C’s for loop work?

ANS:
The for loop is one of C’s most interesting pieces of code. In the following for loop, the first part
initializes the counter variable to 1, and then the second part tests a condition. It continues looping
until the value of counter is equal to or less than 10. The last part of the for loop increments the
counter variable by 1.

for (counter = 1;counter <= 10;counter++);

PTS: 1 REF: 175

9. How is branching performed in Perl?

ANS:
In a Perl program, to go from one function to another, you simply call the function by entering the
function name in your source code. In the following example, the &name_best_guitarist line branches
the program to the sub name_best_guitarist function:

# Perl program illustrating the branching function

# Documentation is important
# Initialize variables
$first_name = "Jimi";
$last_name = "Hendrix";
&name_best_guitarist;
sub name_best_guitarist
{
printf "%s %s %s", $first_name, $last_name, "was the best!";
}

PTS: 1 REF: 186

10. The Win32 class contains many functions you can call from your Perl script. How can attackers use
these functions? Should security professionals become proficient at using them in a program?

ANS:
Attackers and security professionals can use these functions to discover information about a remote
computer. Although these functions aren’t difficult to understand, becoming proficient at using them in
a program takes time and discipline. For security professionals who need to know what attackers can
do, gaining this skill is worth the time and effort.

PTS: 1 REF: 194