Secure Programming Study Guide - Mid Term
An ASCII file is opened for reading in a C/C++ program with g as its FILE Write a line of code that will read 15 characters into the string theString that may contain up-to 16 characters, including the null character '\0'.
char buf[16]; fgets(theString, 16, g);
The decimal number 175 translated to binary becomes:
a.) 1010 1100 b.) 1010 1101 c.) 1010 1110 d.) 1010 1111 (correct)
The number -5 stored as a signed char in RAM with a two's complement format becomes:
a.) 1111 1000 b.) 1111 1001 c.) 1111 1010 d.) 1111 1011
The signed char variable sChar contains the number -119 (1000 1001 in two-complement's format); Later sChar is type casted as: unsigned char uChar = (unsigned char) sChar; What is the value of uChar?
a.) 137 (correct) b.) 119 c.) 9
The binary number 1100 1010 translated to decimal becomes:
a.) 192 b.) 197 c.) 202 (correct) d.) 212
The variable num is defined as: unsigned char num = UCHAR_MAX + 3; If UCHAR_MAX is 255, what is the value of num?
a.) 257 b.) 0 c.) 1 (correct) d.) 2
What is the value of variable s after the following sentence?unsigned char s = 7 << 1;
a.) false b.) 3 c.) 14 (correct) d.) 15
The following are incorrect statements regarding data type conversions in C/C++, except:
a.)In Visual Studio we do not have to check if a signed long fits unto a signed int. b.) Converting from signed to unsigned variables we only need to check that the value is positive. c.) Converting from unsigned char to signed long we need to check that the value fits. d.) Converting from signed char to signed int we must check that the value fits.
Consider the following piece of C/C++ code: int a = 3, b = 5, c = 2; int *p = &a , *q = &b, *r = &c; Write a sentence that will multiply the values inside the variables a, b and c and save the result inside the variable b. using only the pointers p, q and r.
b = (*p)*(*q)*(*r);
Write just one line of code that uses malloc or calloc to create an array of 30 double values, all initialized to zero.
double *example = (double*)calloc(30*sizeof(double));
The following command declares two macros for a C /C++ program. Write an enumeration constant that may replace both macros. #define DAYS 7 #define Months = 12
enum Days = {mon, tues, wednesday...} enum Months = {January, Feburary...}
Consider the following declaration: char r[] = "1.4142 is good enough for square root of 2 "; Write a command to convert the beginning of string r onto a numeric value inside a float variable g:
float val - std::stof(r);
Write a printf command to print the values of the following variables in order: int daysInYear = 365;float inchesOfRainInYear = 2.37;
printf("The total amount of days in a year is %d\n There is %1.2f inches of rain in a year.", daysInYear, inchesOfRainInYear);
Write the sentence that will replace the comment inside the following loop to convert all the lower case characters in string s to upper case: char s[] = "A short sentence."; for (int i=0; i<strlen(s); i++) { if (islower(s[i]) { // place sentence here } }
s[i] = toupper(s[i]);
Given the following string definitions: char s[] = "WXYZ" ; char t[] = "9876" ; Write the strncpy function that will copy the first two characters from string s onto the first two characters in string t. The string t will be transformed into "98YZ". You Answered
stncpy(t,s,2);
Given the following string definition: char s[11] = "3+2=" ; Write the concatenation command that will produce the following string in s: "3+2=2*3"
strcat(s, "2*3);
Write the strrchr function that will find the first occurrence of the character 'i' in a string s You Answered
strchr(s, 'i');
Write the declaration of a structure that will hold one character, one integer, and one double number.
struct User{ char c; int i; double d; }
Rewrite the following piece of code to make it secure (all variables were declared as int and were properly initialized) a = b % c;
#include <stdio.h> int main(){ int a,b,c; b = 10; c = 5; if (divisor ==0){ printf("Cannot divide by zero") } else { a = b % c; } return 0;
Indicate which sentence is correct:
1. 'z' < 'Z' 2. 'D' >= 'd' 3. 'A' > '1' (Correct) 4. '8' == 8
The following are incorrect statements regarding files in C/C++, except:
1. ) A pointer to a file can be used after the file is closed. 2. Numbers stored in a file as binary occupy less space than if stored as ASCII characters. (Correct) 3. Output to the console can always be handled with the same commands used for handling a file. 4. Binary files can also be read line by line.
Consider the following piece of C/C++ code: char a[] = "SUPERMAN"; char *p; for (p=&a;[conditional expression] ;p=p+1) { if (*p == 'l') { *p = '\0' } } Which is the expression that should replace [conditional expression] inside the for-loop, so that the first characters before the character 'M' from string a are printed, and there is no memory leakage:
1. *p!='M' (Correct) 2. *p=='M' 3. *p>'M' 4. There is a syntax error in the code.
The following are correct statements regarding C/C++ arrays, except:
1. Arrays with more than 3 dimensions are possible. 2. Using negative numbers for array indexes will be out-of-bounds. 3. When arrays are declared, they are pre-initialized with zero values. (Correct) 4. Once arrays are declared they may not change size.
The following statements refer to correct secure programming rules for files in C/C++, except:
1. Files that are no longer in use should be closed. 2. ) Files must be opened before they are used. (Correct) 3. fgets may return only one character if the file contains only an end-of-line ('\n'). 4. fseek function must be used between fread and an fwrite function calls to reposition in the file.
The following are incorrect statements regarding dynamic allocation in C/C++, except:
1. If reallocation decreases the size of an array, its new elements must be initialized. 2. size_t is a value for the maximum size of dynamically allocated memory. 3. Allocated memory does not need to be deallocated. The garbage disposal will re-claim it. 4. Deallocated memory cannot be used again, unless a new allocation is made. (Correct)
The following are incorrect statements regarding pointers in C/C++, except:
1. Pointers pointing to other pointers cannot be de-referenced. 2. Subtracting the number 1 to a pointer references to the previous byte in memory before the pointer. 3. Pointers beyond the limits of an array can be used to increase the size of the array. 4. Pointers can be type casted to any other type of pointers. (Correct)
The following are correct statements regarding structures in C/C++, except:
1. The dot notation can be converted to an arrow notation. 2. A structure may have an array with dynamic size if it is a flexible array. 3. Declaring structures requires typedef commands. (Correct) 4. A structure may contain multiple arrays.
The following are correct statements regarding the lifetime of variables in C/C++, except:
1. The lifetime of a variable declared inside a loop ends after the last loop step. 2. The lifetime of a local variable declared inside a function ends after the function returns from a call. 3. A lifetime of a static local variable declared inside a function ends when the program ends 4. The lifetime of a global variable begins and ends when the program begins and ends. (Correct)
The following are incorrect statements regarding C/C++ characters, except:
1. The newline character '\n' is actually two characters added together. 2. The null character '\0' is the first of all unsigned characters. 3. The values of char data types cannot be negative. 4. Adding the characters '2'+ '3' produces the character '5'.
void aFunction2Bcalled(char *first, float *second, int *third); The following are correct statements regarding the C/C++ function declared above, except:
1. The prototype above is declaring three actual arguments. (Correct) 2. The first argument for the function could be a string or a pointer to just one character. 3. The second argument for the function is an address in memory that contains a decimal number. 4. The third argument for the function could be an array of integers or a pointer to just one number.
The following are incorrect statements regarding the scope of variables in C/C++, except:
1. The scope of a variable declared inside a loop is the function that contains the loop. 2. The scope of a local variable is larger than the function itself, if the variable is declared as static. 3. The scope of a global variable are all the files where the variable is declared with the same name. 4. The scope of an external variable is every file where it was declared or included.
The following are incorrect statements regarding C strings, except:
1. There are no numbers inside strings, only digits treated as characters in an array. (Correct) 2. After declaration, strings may grow to any required size 3. The length of the empty string is 1, because it contains the null character '\0'. 4. Strings that do not end in the null character '\0' are complicated, but allowed.
A C/C++ function can always be called inside a program in all the following situations, except:
1. When the function was defined before the function was called. 2. When the prototype for this function was declared inside the program. (Correct) 3. When the function is inside a C/C++ library that was included at the beginning of the program. 4. When the function is defined in another file that is included at the beginning of the program.
float funcA(float aVar, int bVar[], char *cVar); Which is its signature?
1. float-funcA-float-int*-char* 2. funcA-float-int-char* 3. funcA-float-int*-char* (Correct)
The following line correctly declares an array that will hold 12 integer numbers:1
1. int array [] = { 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12 }; 2. unsigned char array [2][6]; (Correct) 3. int array [3][4] = { { 2.0, 4.0, 6.0 , 8.0 }, { 2.0, 4.0, 6.0 , 8.0 }, { 2.0, 4.0, 6.0 , 8.0 }}; 4. int array [4][ ] = { { 3, 1, 5 }, { 2, 7, 6 }, { 11, 10, 12}, { 4, 8, 9 } };
extern int var1 = 7; float var2 = 1.4142; void f1 (float var3) { float *var4 = &var3; // ...other commands} The following are correct statements regarding the C/C++ statements above, except:
1. var1 is a global variable defined in the first line for this and all other files that include this one. 2. var2 is a local variable defined only for local use by all functions inside this file. (Correct) 3. var3 is a local variable defined in function f1, for exclusive use of function f1. 4.var4 is a pointer defined in the fourth line only to be used as a local variable.
A tally file contains a record of all times a database was accessed and a final count at the end of the file. This file is a binary file. In which mode a C/C++ program must open this file just to add a new record and update the final count at the end of the file?
1. wb 2. "wb+" 3. "ab" 4. "ab+" (Correct)
The following are logical operators in C/C++, except
1.) ! (correct) 2.) != 3.) >= 4.) <=
Which of the following is not a comment in C/C++
1.) /**/ 2.) //* 3.) /*/ (correct) 4.) ///
A program has to report different results when the value of certain integer variable is within any of 7 possible range of values. These ranges do not overlap and they cover all possible integer values. What is the minimal number of conditional expressions required to do this reporting?
1.) 6 (correct 2.) 7 3.) 8 4.) It is uncertain. This number may change based on other circumstances
The following are correct statements regarding C/C++ repetition commands, except:
1.) A loop may not have a conditional expression and still compile 2.) If its conditional expression is checked after the first loop step, it surely is a do-while loop. 3.) A for-loop is always a definitive loop(Correct) 4.) A while-loop could be definitive or indefinitive.
The following are incorrect statements regarding C/C++ switch commands, except:
1.) The break statement must always be used at the end of a case. 2.) The default option could be placed at the beginning of the switch, if needed. (Switch) 3.) There is a limit to the number of cases a switch may have. 4.) Multiple cases can always be lumped together.
The following are incorrect statements regarding C/C++ programs, except:
1.) The word integer can be used as a name of a variable (correct) 2.)A varible should be declared right before it is assigned its first value 3.) Shorthand commands should always be used if possible 4.) It is best to use generric names like x for varibles
The following are correct statements regarding floating point values and variables in C/C++, except:
1.) We can represent any floating point number we want using the IEEE-754 standard. (correct) 2.) Direct comparison of equality for floating point numbers is too strict for practical purposes. 3.) Floating point variables may be used as loop counters, but they should not. 4.) Adding two floating point numbers may not be computed if the numbers are too far apart.
The following commands can be written inside a C/C++ function, except:
1.) return 2.) #include (correct) 3.)printf 4.)comments inside /* */
The following names are correct identifiers in C/C++ except:
1.)float(float) 2.) x11010010 3.)bREAKINGbAD 4.) way_to_go
The following piece of code prints: "k=11". What was the value of the variable k before its execution? k--; k *= 3; k++; k += 1; printf("k=%d\n",k);
4
The following programming statement will be evaluated according to the C/C++ precedence rules for operations. What is the result of the first operation to be performed when evaluating this statement? int x = ( ( 2 * 7 ) /3) + (21 % (6 - 2));
5 or (14/3)+(21%3)
The following C/C++ code does not compile because it misses a statement. Write a statement that will fix the problem. int main() {int width = 2 , height, length = 10, ; printf("The volume of the box is %d\n",width*height*length); return 0;}
Define the value of height
An ASCII file is opened for reading in a C/C++ program with g as its FILE pointer. Write a small piece of code to read a character from this FILE *g and print it to screen. The code must also print a message if, when reading. it receives an end-of-file character
char example = fgetc(g); if (g!=EOF){ putc(c, g); } else{ printf("Got through the file";}
An ASCII file is opened for reading in a C/C++ program with g as its FILE pointer. The file contains many lines with two decimal numbers in each. Both numbers are aligned within columns of 15 characters each. Write a line of code that will read the double variable number1 and the double variable number2 from a line in the file.
char f[15]; if(g != EOF){ fscanf(fo, "%d, %f, %f", f, number1, number2); } else{printf("Got through the file.");}
Given two defined strings s and t, write a conditional statement that uses strcmp to decide if string s comes before string t.
char s[]; char t[]; if (strcmp(s,t) < 0){ printf("%s is before %s\n",s,t"); else if(strcmp(s, t) > 0) {printf("%s is after %s\n", s, t); else {printf("%s is the same as %s\n",s,t);
Write a for-loop to print all integer numbers between 67 to 78:
for(n=67;n>=78;n++){ printf("%d", n); }
Write a set of C conditional statements that will print "Too High" if the value of an integer variable height is bigger than 3, print "Normal" if the value of height is bigger than 2, but smaller than or equal to 3, or print "Too Low" otherwise.
if (c > 3){printf("Too high")] else if (c <= 3){printf("Normal")} else{printf("Too low")}
Consider the following function header that receives the array of float named grades: float getGrade(float grades[]) Write a command inside this function that calculates the size of the array grades inside the integer variable m:
int m = sizeof(grades)/sizeof(int);
Rewrite the following statment and type cast the expression on the right side to math the left side int y = 1.4142 * (3.14159 / 2);
int y = (int)(1.4142 *(3.14159/2));
The following piece of code compiles and runs in a C/C++ program: for (int j=-5, a=0; a=j; j++){printf("%d %d\n", j, a);} What is wrong with this sentence?
the second clause should equate either >= or ==. so a==j