UNIVERSITY EXAMINATIONS: 2013/2014
ORDINARY EXAMINATION FOR THE BACHELOR OF SCIENCE
IN INFORMATION TECHNOLOGY
BIT 3102 INFORMATION SYSTEM SECURITY AND
CRYPTOGRAPHY
(WEEKEND)
DATE: APRIL, 2014 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO
QUESTION ONE
a) Define the following terms as used in security of Information Management systems
[6 Marks]
i). An exposure
ii). A Vulnerability
ii). Threats
b) Public key infrastructure PKI manages public keys automatically through
the use of public certificates. State and describe the Functional roles
of PKI entities [10 Marks]
c) A plain-text produced the following cipher-text, when Caesar cipher used
with (+5 ) key. Decipher the cipher-text [6 Marks]
Cipher: QJY RD UJTUQJ LT
d) Briefly explain the following security services as used to provide protection to
business information system resources [8 Marks]
i. Data confidentiality
ii. Data integrity
iii. Authentication
iv. Availability
QUESTION TWO
a) Define symmetric-key cryptography and describe five ingredients of a symmetric
encryption scheme [7 Marks]
b) Describe five roles of firewalls in computer security [5 Marks]
c) State and briefly explain 4 components of a good security policy for protecting an
organization’s technology and information assets. [8 Marks]
QUESTION THREE
a) In computing, authentication mechanisms use any of three user qualities “something
the user has”, “something the user knows”, “or “something the user is”. Explain each
giving examples. [6 Marks]
b) Differentiate stream cipher from block cipher stating an example of each.
[4 Marks]
c) Explain the desirable characteristics of Intrusion Detection System [10 Marks]
QUESTION FOUR
a) Differentiate the following methods of breaking ciphers: [8 Marks]
i. Cipher text only attack
ii. Known plain text attack
iii. Chosen plain text attack
iv. Chosen cipher text attack
b) Distinguish between symmetric and asymmetric cryptosystems and describe the
conditions which the public key cryptography must meet. [6 Marks]
c) Explain the vulnerabilities associated with password [6 Marks]
QUESTION FIVE
a) Risk analysis of an information management system involves the evaluation of
system assets and their vulnerabilities to threats. Outline the five steps undertaken in
risk analysis. [10 Marks]
b) Describe five common threats to both a computer system and the data being
processed. [10 Marks]