A well-known information security company in China published a post in Shanghai on the afternoon of October 10, October 12

It is derived from the worship of the hacker spirit and exclusive respect for the company. Although the treatment is not very high, I must be able to feel it there.ProgramFun.

After reading the company's test paper, I erased the name of the company mentioned in the previous article. (PS: Sharing pen classics also reflects the hacker spirit ~~). Commercial Secrets are marked on the homepage of the examination paper. The last small note of the examination paper says that you should not spread the objective of the examination. I think today's record only lists the knowledge points that I don't know or fuzzy, so that I can improve my technology ~~ The proportion is small, and the complete question itself is basically not mentioned. Thank you!

1. Understanding of character devices and block Devices

2. multiline Synchronization Method

3. Process Communication Method

4. Declaration of function pointers, pointer arrays, and array pointers

5. Learn about three cloud service modes: sass, pass, and IASs.

Software as a service (SAAS) serves to provide applications as services to customers.

Platform as a service (PAAs) is used to provide a development platform as a service to users.

Infrastructure as a service, infrastructure as a service (IAAS), serves to provide virtual machines or other resources as services to users.

I) SaaS Model

In SaaS mode, users only need to connect to the network and use a browser to directly use applications running on the cloud without worrying about installation or other things, in addition, high hardware and software investment in the early stage is not required. SAAS mainly targets common users. Main products include Salesforce sales cloud, Google Apps, zimbra, zoho, and IBM Lotus live.

Ii) PAAs Mode

With paas, you can easily write applications on a development platform, including sdks, documents, and test environments, users do not need to worry about the management of servers, operating systems, networks, storage and other resources. These tedious tasks are handled by the PAAs supplier, and the PAAs integration rate is amazing, for example, a server running Google App Engine can support thousands of applications. That is to say, Paas is very economical. Paas is primarily intended for developers. Main products include: Google App Engine, force.com, Heroku, and Windows
Azure platform.

Iii) IAAs Mode

In IAAs mode, users can obtain the virtual machine or storage resources they need from the supplier to load related applications, at the same time, the tedious management of these infrastructures will be handled by IAAs vendors. IAAs supports a wide range of applications through virtual machines. The main users of IAAs are system administrators. Main products include Amazon EC2, linode, joyent, rackspace, IBM Blue cloud, and Cisco UCS.

Iv) Relationship between the three modes

The relationship between them can be analyzed from two perspectives: first, from the perspective of user experience, the relationship between them is independent, because they face different types of users. Second, from the technical point of view, they are not simple inheritance relationships (SAAS is based on PAAs and Paas is based on IAAS ), first, SAAS can be based on paas or directly deployed on IAAs. Second, Paas can be built on IAAs or on physical resources.

6. What does SQL Injection mean?

Injection attacks are security vulnerabilities at the database layer of applications. In short, the SQL command is injected into the input string, ignoring the check in poorly designed programs, then these injected commands will be run by the database server for a normal SQL command and thus be damaged. Example:

SQL query of Logon verification for a siteCodeIs

 
Strsql = "select * from users where (name = '" + username + "') and (PW = '" + password + "');"
 

Malicious Filling

 
Username = "'or '1' = '1 ";
 

And

 
Password = "'or '1' = '1 ";
 

Will cause the original SQL string to be filled in

Strsql = "select * from users where (name ='' or '1' = '1') and (PW = ''or '1' = '1 ');"
 

That is, the actual running SQL command will become the following:

 
Strsql = "select * from users ;"
 

Therefore, you can log on to the website without an account or password. Therefore, SQL injection attacks are commonly known as hacking.

7. The GCC compiler will perform atomic operations on the following statements: A & = 1; A = A & 1; A ++;

8. TCP three-way handshake. SYN; ACK-SYN; ack;

9. The sub-function parameters and return values are of the subclass type. How many times have I called the constructor of the parent class and sub-class before calling this function?

Class A {public: A () {cout <"constructor a" <Endl ;}~ A () {cout <"destructor a" <Endl ;}}; Class B: Public A {public: B () {cout <"constructor B" <Endl ;}~ B () {cout <"destructor B" <Endl ;}}; B get (B) {return B ;}int main () {B; B c = get (B); Return 0 ;}
 

After running, the output is as follows:

Constructor A // B
Constructor B
Destructor B // get B
Destructor
Destructor B // C
Destructor
Destructor B // B
Destructor

10. Find a C-code program vulnerability.

11. char * getx ()
{
Char * P = "hello ";
Return P;
}
Void main ()
{
Char * STR = NULL;
STR = getx ();
Strcpy (STR, "ABC ");
Cout <STR <Endl;
}

What is output after running? The answer is hello. Constants on the stack cannot be directly modified. Strcpy is invalid.