CSE 4471
CSE 4471 MIDTERM 1 EXAM 2025
QUESTIONS WITH VERIFIED
ANSWERS
Needs of the business - - protect organization's ability to function
- protect assets
- enable safe enterprise operation
- establish or maintain a market segment
- establish or improve profitability
1. Compromised intellectual property - Damage caused by software lost to piracy (lost
revenue, reputation damage)
Violating protections and end user licensing agreements (EULA)
2. Quality of Service Deviations - Includes both situations where products or services not
delivered as expected
Information system may depend on many interdependent internal support systems
Internet service, communications, and power irregularities may dramatically affect
availability of information and systems
DoS (Denial of Service) - an attack which attempts to overload a target host so that it
cannot respond to legitimate requests, thus effectively taking the provided service off-
line.
CSE 4471
,CSE 4471
DDoS (Distributed Denial of Service) - a DoS attack which coordinates multipleattackers
to provide a greater attack volume
Smurf Attack - An attack that broadcasts a ping request to computers yet changes the
address so that all responses are sent to the victim.
Reflection Email Attack - - Send thousands of emails to legitimate mail server
- uses illegitimate email
-source email is victim
Botnet - ◦ Master sends commands to compromised zombie
◦ Zombies attack victim
◦ Victim only sees attacks from zombie
3. Espionage - Business Intelligence (legal),
open source intelligence (osint),
industrial espionage (apple car)
state-sponsored espionage
tempest - a side-channel attack that passively monitors acoustic, electrical or other
emissions to gain confidential information
insider - Employee or contractor that enters a trusted relationship with an organization.
CSE 4471
, CSE 4471
◦ Trust means that by entering a work relationship, the insiders agree to the rules and
obligations that come with the role
◦ This relationship of trust does not, and should not, include alleged dishonest, unethical
or illegal activity.
◦ The insider must obey laws and hold to ethical practices, despite the trusted
relationship.
Whistleblower - An insider that reports wrongdoing (generally not for personal gain).
◦ It is unlawful for an employer to retaliate against you for making a "protected
disclosure." A disclosure is protected only if it meets two criteria:
1 The disclosure based on a reasonable belief that wrongdoing has occurred.
2 The disclosure must also be made to a person or entity that is authorized to receive it
(news media and sensitive data not included)
Open Source Intelligence - Property / tax record (name, city, home address)
Voting Registration (name, city, political party)
Genealogy Records (mother's maiden name)
Obituaries (siblings and children, time of funerals)
Criminal Records
Traffic Camera Information
Open source intelligence commercial info - Surfing habits
CSE 4471
CSE 4471 MIDTERM 1 EXAM 2025
QUESTIONS WITH VERIFIED
ANSWERS
Needs of the business - - protect organization's ability to function
- protect assets
- enable safe enterprise operation
- establish or maintain a market segment
- establish or improve profitability
1. Compromised intellectual property - Damage caused by software lost to piracy (lost
revenue, reputation damage)
Violating protections and end user licensing agreements (EULA)
2. Quality of Service Deviations - Includes both situations where products or services not
delivered as expected
Information system may depend on many interdependent internal support systems
Internet service, communications, and power irregularities may dramatically affect
availability of information and systems
DoS (Denial of Service) - an attack which attempts to overload a target host so that it
cannot respond to legitimate requests, thus effectively taking the provided service off-
line.
CSE 4471
,CSE 4471
DDoS (Distributed Denial of Service) - a DoS attack which coordinates multipleattackers
to provide a greater attack volume
Smurf Attack - An attack that broadcasts a ping request to computers yet changes the
address so that all responses are sent to the victim.
Reflection Email Attack - - Send thousands of emails to legitimate mail server
- uses illegitimate email
-source email is victim
Botnet - ◦ Master sends commands to compromised zombie
◦ Zombies attack victim
◦ Victim only sees attacks from zombie
3. Espionage - Business Intelligence (legal),
open source intelligence (osint),
industrial espionage (apple car)
state-sponsored espionage
tempest - a side-channel attack that passively monitors acoustic, electrical or other
emissions to gain confidential information
insider - Employee or contractor that enters a trusted relationship with an organization.
CSE 4471
, CSE 4471
◦ Trust means that by entering a work relationship, the insiders agree to the rules and
obligations that come with the role
◦ This relationship of trust does not, and should not, include alleged dishonest, unethical
or illegal activity.
◦ The insider must obey laws and hold to ethical practices, despite the trusted
relationship.
Whistleblower - An insider that reports wrongdoing (generally not for personal gain).
◦ It is unlawful for an employer to retaliate against you for making a "protected
disclosure." A disclosure is protected only if it meets two criteria:
1 The disclosure based on a reasonable belief that wrongdoing has occurred.
2 The disclosure must also be made to a person or entity that is authorized to receive it
(news media and sensitive data not included)
Open Source Intelligence - Property / tax record (name, city, home address)
Voting Registration (name, city, political party)
Genealogy Records (mother's maiden name)
Obituaries (siblings and children, time of funerals)
Criminal Records
Traffic Camera Information
Open source intelligence commercial info - Surfing habits
CSE 4471
