UNIVERSITY EXAMINATIONS 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF APPLIED
COMPUTING
BAC 2511 CYBER SECURITY
FULL TIME/PART TIME
DATE: DECEMBER, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) (i) Differentiate between security audit, vulnerability assessment and penetration
testing. 3 Marks
(ii) State any two human behaviors that are vulnerable to social engineering attacks.
2 Marks
(iii) Why is social engineering effective? 2 Marks
(iv) Explain the phases involved in a social engineering attack. 2 Marks
b) a. Explain how the following attack tools operate:
(i) Spyware 2 Marks
(ii) Keystroke logger 2 Marks
(iii) Rootkit 2 Marks
c) (i) Discuss briefly what constitutes a computer crime. 2 Marks
(ii) Each type of evidence is important in a criminal investigation, because any piece
of evidence may have a enormous impact on the outcome of the case. Describe briefly
any four types of evidence. 4 Marks
d) Describe briefly any five practices that should be enhanced in order to combat computer
fraud within an organization. 5 Marks
e) State any four myths about cybercriminals 4 Marks
QUESTION TWO [20 MARKS]
a) A graduate student accidentally releases a program that spreads from computer system to
computer system. It deletes no files but requires much time to implement the necessary defenses.
The graduate student is convicted. Despite demands that he be sent to prison for the maximum
time possible (to make an example of him), the judge sentences him to pay a fine and perform
community service.
(i) What factors do you believe caused the judge to hand down the sentence he did?
3 Marks
(ii) As a cyber security expert, what extra information would you have needed to
justify your decision? 3 Marks
b) Discuss a detailed procedure to follow when processing an incident or crime scene.
6 Marks
c) Explain in detail the Web Server attack methodology. 6 Marks
d) Why and when do you use computer forensics? 2 Marks
QUESTION THREE [20 MARKS]
a) Banner grabbing or OS fingerprinting is the method of determining the operating system
running on a remote target system. There are two types of banner grabbing: active and passive.
Differentiate between these two types of banner grabbing. 4 Marks
b) State the goals and techniques used during the following hacking stages:
(i) Gaining access 2 Marks
(ii) Escalating privileges 2 Marks
(iii) Executing applications 2 Marks
(iv) Covering tracks 2 Marks
c) Explain any six techniques used to defend against privilege escalation. 6 Marks
d) Explain the vulnerable areas in mobile business environment. 2 Marks
QUESTION FOUR [20 MARKS]
a) State any six salient features of a good forensics report. 6 Marks
b) State any four roles of an expert witness. 4 Marks
c) Differentiate between a technical witness and an expert witness. 4 Marks
d) Provide a checklist for preserving digital evidence from a standalone computer.
6 Marks.
QUESTION FIVE [20 MARKS]
a) Discuss briefly any three major characteristics exhibited by most cyber criminals.
6 Marks
b) Discuss the major reasons why Cyber Security is considered a “hard, multifaceted
problem”.
10 Marks
c) Even when everyone acknowledges that a computer crime has been committed,
computer crime is hard to prosecute. State four reasons why it is hard to prosecute
computer crimes. 4 Marks
