BAC5201  ETHICAL HACKING .

UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF APPLIED
COMPUTING
BAC5201 ETHICAL HACKING
FULL TIME/PART TIME
DATE: APRIL, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.

QUESTION ONE [30 MARKS]
a) Explain the four main types of attack on a system. 4 Marks
b) Explain in detail the network vulnerability assessment methodology. 10 Marks
c) With the aid of a diagram, explain a typical botnet setup. 6 Marks
d) Explain the goals and techniques used in system hacking for the following phases:
(i) Gaining access 2 Marks
(ii) Escalating privileges 2 Marks
(iii) Executing applications 2 Marks
f) Explain why session hijacking is successful. 4 Marks
QUESTION TWO [20 MARKS]
a) (i) Differentiate between active sniffing and passive sniffing. 4 Marks
(ii) Explain the procedure followed by an attacker to hack a network using sniffers.
6 Marks
b) Explain the security issues arising from App stores. 4 Marks
c) Explain in detail the Web Server attack methodology. 6 Marks
QUESTION THREE [20 MARKS]
a) Banner grabbing or OS fingerprinting is the method of determining the operating system
running on a remote target system. There are two types of banner grabbing: active and passive.
Differentiate between these two types of banner grabbing. 4 Marks
b) Explain in detail how the following attacks are conducted:
(i) Mobile based social engineering using fake security applications 3 Marks
(ii) Social engineering through impersonation on social networks 3 Marks
c) (i) What is SQL injection? 1 Marks
(ii) Explain how the Boolean Exploitation technique works 3 Marks
(iii) Explain the information gathering stage of SQL injection methodology.
6 Marks
QUESTION FOUR [20 MARKS]
a) Explain the separation of responsibilities on the cloud in IaaS, PaaS and SaaS.
6 Marks
b) Explain briefly the following cloud computing threats:
(i) Unknown risk profile 2 Marks
(ii) Abuse of cloud services 2 Marks
c) Discuss any six cloud computing security considerations. 6 Marks
d) Outline any four best practices for securing the cloud. 4 Marks.
QUESTION FIVE [20 MARKS]
a) Discuss briefly any three major characteristics exhibited by most cyber criminals.
6 Marks
b) Discuss the major reasons why Cyber Security is considered a “hard, multifaceted
problem”.
10 Marks
c) Even when everyone acknowledges that a computer crime has been committed,
computer crime is hard to prosecute. State four reasons why it is hard to prosecute
computer crimes. 4 Marks

(Visited 107 times, 1 visits today)
Share this:

Written by