CSE 4471 Midterm 1 Questions and Answers
"Needs of the business" Correct Ans-•protect organization's ability to function
• protect assets
• enable safe enterprise operation
• establish or maintain a market segment
• establish or improve profitability
threat: acts of human error or failure Correct Ans-• system misconfiguration;
• poor patch management;
• poor password selection
• lost devices;
• sending secure information to an incorrect email address
• opening an unsafe URL or attachment
intellectual property Correct Ans-Intellectual property (IP) refers to anything of value to
the organization which exists only in the mind of one or more human resources.
industrial espionage: Correct Ans-utilizing unethical or illegal methods (such as theft) to
obtain trade secrets or other intellectual property for a competitive advantage
, CSE 4471 Midterm 1 Questions and Answers
Deadly Sins of Software Development (Threat: software failure) Correct Ans-•buffer
overruns
•". . . anything after the 256th character can be executed on the computer" [Microsoft, 1998]
•command injection
•responding to a string prompt with "Hello&del *.*"
•failure to handle errors
•what is a program's initial state, and how does system respond?
•failure to protect network traffic
•encryption in public places
•pseudo-random numbers
•rand will always return same pattern with same key
•untrusted source for a format string
sending @my_subroutine into a formatted string
brute force attack Correct Ans-an attack which tries all possible variations
, CSE 4471 Midterm 1 Questions and Answers
attack: back door Correct Ans-an access mechanism in an authentication system or
method that subverts normal authentication or access requirements.
if ( user_entered_password != "welcomeKingGeorge" )
then
if ( ! hash_verify_password(user_entered_id, user_entered_password ) )
then
send "invalid login or password"
exit fail
endif
endif
start_user_session( user_entered_id )
attack: protocol TCP handshake Correct Ans-Client SYN
Server SYN / ACK
Client SYN
Packet Switching Correct Ans-a mode of data transmission in which a message is broken
into a number of parts that are sent independently, over whatever route is optimum for each
packet, and reassembled at the destination.
"Needs of the business" Correct Ans-•protect organization's ability to function
• protect assets
• enable safe enterprise operation
• establish or maintain a market segment
• establish or improve profitability
threat: acts of human error or failure Correct Ans-• system misconfiguration;
• poor patch management;
• poor password selection
• lost devices;
• sending secure information to an incorrect email address
• opening an unsafe URL or attachment
intellectual property Correct Ans-Intellectual property (IP) refers to anything of value to
the organization which exists only in the mind of one or more human resources.
industrial espionage: Correct Ans-utilizing unethical or illegal methods (such as theft) to
obtain trade secrets or other intellectual property for a competitive advantage
, CSE 4471 Midterm 1 Questions and Answers
Deadly Sins of Software Development (Threat: software failure) Correct Ans-•buffer
overruns
•". . . anything after the 256th character can be executed on the computer" [Microsoft, 1998]
•command injection
•responding to a string prompt with "Hello&del *.*"
•failure to handle errors
•what is a program's initial state, and how does system respond?
•failure to protect network traffic
•encryption in public places
•pseudo-random numbers
•rand will always return same pattern with same key
•untrusted source for a format string
sending @my_subroutine into a formatted string
brute force attack Correct Ans-an attack which tries all possible variations
, CSE 4471 Midterm 1 Questions and Answers
attack: back door Correct Ans-an access mechanism in an authentication system or
method that subverts normal authentication or access requirements.
if ( user_entered_password != "welcomeKingGeorge" )
then
if ( ! hash_verify_password(user_entered_id, user_entered_password ) )
then
send "invalid login or password"
exit fail
endif
endif
start_user_session( user_entered_id )
attack: protocol TCP handshake Correct Ans-Client SYN
Server SYN / ACK
Client SYN
Packet Switching Correct Ans-a mode of data transmission in which a message is broken
into a number of parts that are sent independently, over whatever route is optimum for each
packet, and reassembled at the destination.
