Security and Compiler Design MCQs January 8, 2026December 14, 2024 by u930973931_answers 30 min Score: 0 Attempted: 0/30 Subscribe 1. What is the primary role of a compiler in security? (A) To detect and prevent certain security vulnerabilities during code translation (B) To increase execution speed (C) To manage memory allocation (D) To optimize hardware usage 2. Which type of attack can a compiler help mitigate? (A) SQL injection (B) Buffer overflow (C) Cross-site scripting (XSS) (D) All of the above 3. How can a compiler prevent buffer overflow attacks? (A) By ignoring input lengths (B) By disabling loops (C) By encrypting the source code (D) By inserting runtime bounds checking on arrays and buffers 4. What is a “stack smashing” attack? (A) Overwriting stack memory to alter program execution (B) Modifying the heap memory (C) Deleting temporary files (D) Causing CPU overheating 5. Which compiler feature can help detect unsafe pointer usage? (A) Lexical analysis (B) Type checking (C) Code generation (D) Linker optimization 6. What is the role of static analysis in compiler security? (A) Analyzing runtime behavior (B) Generating machine code (C) Managing memory allocation (D) Examining source code for potential vulnerabilities without execution 7. Which of the following is a common compiler-level defense against format string vulnerabilities? (A) Code obfuscation (B) Input validation and sanitization (C) Stack canaries insertion (D) Removing printf statements 8. What is a stack canary? (A) A debugging tool (B) A random value placed on the stack to detect buffer overflows (C) A type of malware (D) An optimization flag 9. What is Control Flow Integrity (CFI) in compiler security? (A) Preventing loops in programs (B) Protecting source code from copying (C) Ensuring that program execution follows only legitimate control-flow paths (D) Optimizing execution speed 10. Which type of attack modifies a program’s return address to gain control? (A) SQL injection (B) Return-oriented programming (ROP) (C) Man-in-the-middle (D) Phishing 11. Which compiler technique helps defend against ROP attacks? (A) Stack canaries and Control Flow Integrity (B) Loop unrolling (C) Dead code elimination (D) Inline expansion 12. What is the main goal of code obfuscation in compilers? (A) Reduce code size (B) Make reverse engineering difficult for attackers (C) Improve memory usage (D) Speed up compilation 13. How does Address Space Layout Randomization (ASLR) enhance security? (A) Randomizes memory addresses to prevent predictable exploits (B) Encrypts memory contents (C) Prevents syntax errors (D) Increases CPU speed 14. Which compiler-level technique can help prevent integer overflow vulnerabilities? (A) Loop unrolling (B) Ignoring large inputs (C) Bounds checking and safe arithmetic operations (D) Inlining functions 15. What is “sandboxing” in compiler-generated code? (A) Encrypting source code (B) Restricting program execution to a controlled environment (C) Optimizing loops (D) Storing code in RAM only 16. Which of the following is a compiler defense against format string attacks? (A) Disabling printf entirely (B) Type-safe printf functions or format string validation (C) Stack overflow (D) Memory leaks 17. How can compilers assist in preventing use-after-free errors? (A) Reusing freed memory immediately (B) Ignoring dangling pointers (C) Implementing runtime checks and safe memory reclamation (D) Increasing compiler optimization levels 18. Which is a benefit of automatic memory management for security? (A) Prevents memory leaks and dangling pointers that can be exploited (B) Speeds up compilation (C) Optimizes CPU instructions (D) Encrypts memory contents 19. Which compiler warning is commonly used to enhance security? (A) Unused variable warnings (B) Pointer and buffer size warnings (C) Loop count warnings (D) Constant folding warnings 20. What is the role of Control Flow Graph (CFG) analysis in compiler security? (A) To identify potential execution paths that could be exploited (B) To generate machine code (C) To optimize memory layout (D) To perform syntax checking 21. Which technique helps prevent stack-based buffer overflows at compile-time? (A) Stack-smashing protection (SSP) (B) Loop unrolling (C) Tail recursion elimination (D) Function inlining 22. How does pointer sanitization improve security in compiled programs? (A) By verifying that pointer dereferences are safe at runtime (B) By encrypting pointer addresses (C) By reducing memory usage (D) By optimizing CPU cache usage 23. Which compiler-generated security feature prevents execution of injected code in the stack? (A) Loop optimization (B) Data Execution Prevention (DEP) (C) Dead code elimination (D) Constant propagation 24. Which of the following is a compiler-level mitigation for heap overflow attacks? (A) Loop unrolling (B) Bounds checking and safe allocation (C) Constant folding (D) Inline expansion 25. What is a common compiler strategy for mitigating side-channel attacks? (A) Encrypting arithmetic operations (B) Removing loops (C) Constant-time execution and avoiding data-dependent branching (D) Inlining functions 26. What is “code injection” in the context of compiler security? (A) Introducing malicious code through unsafe inputs (B) Optimizing code at runtime (C) Rewriting code for performance (D) Encrypting object code 27. Which compiler analysis can detect potential null pointer dereferences? (A) Data flow analysis (B) Lexical analysis (C) Code generation (D) Peephole optimization 28. How does stack layout randomization improve security? (A) Compresses stack memory (B) Randomizes stack memory locations to prevent predictable overflows (C) Optimizes stack usage (D) Encrypts stack contents 29. Which compiler technique helps prevent format string vulnerabilities in C/C++? (A) Safe formatting libraries like snprintf (B) Using printf without arguments (C) Disabling compiler warnings (D) Stack compaction 30. What is a key limitation of compiler-based security? (A) Reduces code readability (B) Slows down compilation (C) Cannot prevent runtime logic errors or vulnerabilities in third-party libraries (D) Cannot optimize memory usage