UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF APPLIED
COMPUTING
BAC5201 ETHICAL HACKING
FULL TIME/PART TIME
DATE: DECEMBER, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Discuss in detail each of the phases of the hacking cycle. 5 Marks
b) (i) Most testers and attackers follow an informal, open source, or proprietary-defined
testing methodology that guides the testing process. There are certain advantages of
following a methodology. Outline any two of these advantages. 2 Marks
(ii) Generally, the first step in a penetration test or an attack is the collection of
open-source intelligence, or OSINT. OSINT is information collected from public sources,
particularly the Internet. State any six of the most common online information sources
used by the attacker. 3 Marks
c) State any six information technology attack vectors. 6 Marks
d) Explain the separation of security responsibilities on the cloud in IaaS, PaaS and SaaS.
6 Marks
e) Explain in detail how the following attacks are conducted:
(i) Mobile based social engineering using fake security applications 2 Marks
(ii) Social engineering through impersonation on social networks 2 Marks
f) Differentiate between file and multipartite viruses 4 Marks
QUESTION TWO [20 MARKS]
a) Discuss in detail the methodology you would follow in conducting a vulnerability
assessment of an organization. 10 Marks
b) State any four sources of competitive intelligence. 4 Marks
c) State any six Top 10 OWASP Web Application security flaws. 6 Marks
QUESTION THREE [20 MARKS]
a) Discuss the major reasons why cybersecurity is considered a “hard, multifaceted
problem”. 10 Marks
b) Explain how the following attack tools operate:
(i) Spyware 2 Marks
(ii) Keystroke logger 2 Marks
(iii) Rootkit 2 Marks
c) Explain briefly the any four reasons why penetration testing is conducted 4 Marks
QUESTION FOUR [20 MARKS]
a) (i) What is SQL injection? 1 Marks
(ii) Explain how the Boolean Exploitation technique works 3 Marks
(iii) Explain the information gathering stage of SQL injection methodology.
6 Marks
b) Discuss briefly the activities in each of the phases of penetration testing. 6 Marks
c) What security issues arise from mobile App Stores? 4 Marks
QUESTION FIVE [20 MARKS]
a) With the aid of a diagram, explain the working of an e-banking Trojan. 6 Marks
b) Why do people create computer viruses? 4 Marks
c) Explain briefly any four scanning methods used to find vulnerable machines.
4 Marks
d) Explain the goals and techniques used in system hacking for the following phases:
(i) Executing applications 2 Marks
(ii) Hiding files 2 Marks
(iii) Covering tracks 2 Marks
