UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
APPLIED COMPUTING
BAC 3118 NETWORK SECURITY
FULLTIME/PARTIME
ORDINARY EXAMINATIONS
DATE: NOVEMBER, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE
The case below depicts authentication in network security. Read to answer the questions that
follow.
Alice, Bob, and Charlie need to authenticate themselves in such a way that each of them is
certain about the identities of the other two parties. The process is successful if and only if all
pairs are mutually authenticated, otherwise it fails.
a) Describe two possible solutions using the following;
i. Symmetric-key cryptography [10 Marks]
ii. Public-key cryptography [10 Marks]
b) Explain the concept of CIA triad security model and motivate its relevance
[10 Marks]
QUESTION TWO
a) Using examples, give two types of passive, and two types of active attacks experienced in
network security. [2 Marks]
b) Describe the mechanisms used by Diffie-Hellman for security with respect to Man-InThe Middle attacks. [6 Marks]
c) Briefly describe how Hush Functions utilize the following in security
i. Message Integrity Check (MIC) [4 Marks]
ii. Message Authentication Code (MAC) [4 Marks]
iii. Digital Signature [4 Marks]
QUESTION THREE
a) Network security is never achieved by 100%. Discuss [8 Marks]
b) IP Security can be implemented to protect extranets and intranets. Briefly discuss the
merits of IP security for an organization that has a virtual private network over the
Internet or over a public WAN. [8 Marks]
c) Briefly describe the main differences between MAC and DAC access control models
[4 Marks]
QUESTION FOUR
a) A Malware can propagate itself from one computer to another in a network.
i. Give two examples of Malware [2 Marks]
ii. State two ways of stopping a malware propagation in a network [2 Marks]
b) Describe the roles played by the following in network security implementations
i. IDS [2 Marks]
ii. Firewall [4 Marks]
iii. ACL [4 Marks]
c) Using a relevant example, explain how the Kerberos network security model works
[6 Marks]
QUESTION FIVE
a) State and explain three services provided by digital signature for network security
systems [6 Marks]
b) Differentiate between the following encryption techniques
i. Permutation and Substitution Vs The Caesar cipher [2 Marks]
ii. The monoalphabetic substitution cipher Vs The transposition cipher [2 Marks]
c) State the working of a Honey Pot in network security [4 Marks]
d) Briefly explain how secret keys in symmetric-key cryptography and how public keys in
asymmetric-key cryptography are distributed and maintained [6 Marks]
