UNIVERSITY EXAMINATIONS: 2021/2022
EXAMINATIONS FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION SECURITY AND FORENSICS/ BACHELOR OF
SCIENCE IN APPLIED COMPUTING
BISF 3204/BAC 3213: ETHICAL HACKING
FULL TIME/PART TIME
DATE: DECEMBER, 2021 TIME: 2 HOURS
INSTRUCTIONS: Answer QUESTION ONE AND ANY OTHER TWO questions.
QUESTION ONE – COMPULSORY [20 MARKS]
a) Discuss in detail each of the phases of the hacking cycle. 5 Marks
b) Explain the goals and techniques used in system hacking for the following phases:
(i) Gaining access 2 Marks
(ii) Escalating privileges 2 Marks
(iii) Executing applications 2 Marks
c) Explain briefly any five information technology attack vectors. 5 Marks
d) Explain briefly the any four reasons why penetration testing is conducted 4 Marks
QUESTION TWO [15 MARKS]
a) Discuss in detail the methodology you would follow in conducting a vulnerability
assessment of an organization. 8 Marks
b) Discuss the activities in each of the phases of penetration testing. 7 Marks
QUESTION THREE [15 MARKS]
a) Explain in detail the Web Server attack methodology. 5 Marks
b) Discuss in detail the SQL injection methodology 6 Marks
c) Explain briefly any four scanning methods used to find vulnerable machines.
4 Marks
QUESTION FOUR [15 MARKS]
a) Discuss the necessity for Ethical Hacking. 3 Marks
b) Discuss the technical and non-technical skills of an Ethical Hacker. 6 Marks
c) Discuss the methodology you would follow in discovering WiFi networking using
Wardriving. 6 Marks
