UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF APPLIED
COMPUTING
BAC5201 ETHICAL HACKING
FULL TIME/PART TIME
DATE: APRIL, 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Discuss any three types of passwords attacks and the techniques used. 6 Marks
b) Explain in detail the steps an attacker goes through to hack a network using sniffers.
6 Marks
c) Explain the malware analysis procedure in preparing a testbed 5 Marks
d) Explain briefly any five OWASP Mobile Top 10 Risks 5 Marks
e) State any four types of error-based SQL injections. 4 Marks
f) Explain briefly any two categories of DoS/DDoS attack vectors. 4 Marks
QUESTION TWO [20 MARKS]
a) State any ten web application threats. 5 Marks
b) What is the purpose of footprinting? 4 Marks
c) Discuss any three types of password attacks 6 Marks
d) Why is session hijacking successful? 5 Marks
QUESTION THREE [20 MARKS]
a) Discuss three techniques that attackers use to propagate malicious code to newly
discovered vulnerable system 6 Marks
b) State any three indications of a:
(i) System intrusion 3 Marks
(ii) Network intrusion 3 Marks
c) Why are web servers compromised? 4 Marks
d) What is the impact of web server attacks? 4 Marks
QUESTION FOUR [20 MARKS]
a) Explain any six ways of defending against privilege escalation. 6 Marks
b) Discuss the mobile attack vectors 8 Marks
c) Describe the wireless hacking methodology 6 Marks
QUESTION FIVE [20 MARKS]
a) Explain briefly any three types of rootkits. 6 Marks
b) Describe any four different types of viruses 4 Marks
c) Discuss the key considerations for penetration testing in the cloud. 4 Marks
d) Outline the steps to follow to perform Man-in-the-browser attack 6 Marks