UNIVERSITY EXAMINATIONS: 2020/2021
EXAMINATION FOR THE DEGREES OF BACHELOR OF SCIENCE IN
APPLIED COMPUTING/ BACHELOR OF BUSINESS INFORMATION
TECHNOLOGY
BIT 3102/BBIT 301/BISF 2107/BSD 2206/BAC 2209: PRINCIPLES OF
INFORMATION SYSTEM SECURITY
FULLTIME/ PART TIME/DISTANCE LEARNING
DATE: DECEMBER, 2021 TIME: 2 HOURS
INSTRUCTIONS: QUESTION ONE IS COMPULSORY, CHOOSE TWO OTHER
QUESTIONS
QUESTION ONE (20 marks) Compulsory
a) Define the following terms as used in information security [5 Marks]
i) Threat
ii) Attack
iii) Vulnerability
iv) Risk
v) Hacker
b) With the help of a diagram, discuss the Three major security objectives [6 Marks]
c) What is social engineering and what are the four main social engineering strategies?
[6 Marks]
1) What is the purpose of an information security policy (ISP) [3 Marks]
QUESTION TWO (15 marks)
a) Distinguish between the following [8 Marks]
i. Active attacks and Passive attacks
ii. Cybersecurity and Cybercrimes
b) Describe five roles of firewalls in computer security [5 Marks]
c) State any four reasons why physical security is needed [2 Marks]
QUESTION THREE (15 marks)
a) Networks are subject to a number if different attacks that jeopardize their ability to support
the major security objectives. Describe the following network attacks
[6 Marks]
i. Man-in- the middle attack
ii. Zero-day exploit
iii. Cross-site scripting
b) Discuss in detail the methodology you would follow in conducting a vulnerability
assessment of an organization. [6 Marks]
c) What are the objectives of network scanning [3 Marks]
QUESTION FOUR (15 marks)
a) You have been assigned the role of a security consultant for an organization that uses
computers for their day-to-day operations. Your first task is to prepare a defence in depth
plan for the organization, with a view to securing the organization’s data.
i. Prepare a detailed Defence-in-Depth plan for the organization [9 Marks]
b) Describe the three major types of hackers [6 Marks]