UNIVERSITY EXAMINATIONS: 2014/2015
ORDINARY EXAMINATION FOR THE BACHELOR OF SCIENCE
IN INFORMATION TECHNOLOGY
BIT 3102 INFORMATION SYSTEMS SECURITY AND
CRYPTORAPHY DISTANCE LEARNING
DATE: APRIL, 2015 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO
QUESTION ONE
a) List any five reasons why people will violate policy. (5 Marks)
b) A firm security implementation plan can be launched and established using a
series of best practices. State any five of these best practices. (5 Marks)
c) Discuss briefly the benefits and limitations of asymmetric key encryption.
(6 Marks)
d) Discuss the following:
(i) Mandatory Access Control (MAC) (2 Marks)
(ii) Discretionary Access Control (DAC) (2 Marks)
e) Discuss the two types of errors that occur when biometrics are used for authentication. (4 Marks)
f). Networks are subject to a number of different attacks that jeopardize their ability
to support confidentiality, integrity, and availability. Describe the following
network attacks:
(i) Denial of Service (DoS) (2 Marks)
(ii) Spam (2 Marks)
(iii) Malicious code (2 Marks)
QUESTION TWO
a) Describe briefly the following cryptographic algorithms:
(i) RC5 (3 Marks)
(ii) Blowfish (3 Marks)
b) Discuss any five ways in which cryptographic algorithms are compromised.
(5 Marks)
c) Discuss the hash function and its role in information security. (6 Marks)
d) State any three characteristics of a good cryptographic algorithm. (3 Marks)
QUESTION THREE
a) One of the simplest ways to prevent attackers compromising the network is to
customize the settings of the network. Customization of the network settings will
give the network administrators an efficient means of monitoring network traffic.
They can also put restrictions on the data, and the information exchanged over the
network, to prevent exposure of the company’s network, thus preventing
unknown, and unauthenticated, users from accessing the network. In this regard,
describe the following components of network security:
(i) Firewall (2 Marks)
(ii) Honeypot (2 Marks)
(iii) Intrusion Detection System (IDS) (2 Marks)
b) (i)What benefits does the security principle known as job rotation provide?
(2Marks)
(ii) How is a sensitivity profiling developed and what is the benefit? (3 Marks)
c) Describe the following methods that are used to detect an intrusion:
(i Signature recognition. (3 Marks)
(ii Anomaly detection (3 Marks)
d) Describe the following as used in access control:
(i) Authentication. (1 Mark)
(ii) Authorization. (1 Mark)
(iii) Auditing. (1 Mark)
QUESTION FOUR.
a) Even when everyone acknowledges that a computer crime has been committed,
computer crime is hard to prosecute. State four reasons why it is hard to prosecute computer crimes. (4 Marks)
b) Outline four categories of computer fraud. (4 Marks)
c) Outline briefly any four important factors to consider when choosing a firewall
solution. (4 Marks)
d) Explain briefly the following data access principles:
(i) Least privilege (2 Marks)
(ii) Separation of Duties (SoD) (2 Marks)
e) With the aid of examples, briefly explain the following types of access control:
(i) Compensation access control (2 Marks)
(ii) Directive access control (2 Marks)
QUESTION FIVE
a) A Business Continuity Plan (BCP) should address various types of disruptive
events that can target the continuity of daily business operations. Discuss.
(6Marks)
b) Discuss briefly any five factors can increase or decrease the level of impact a
threat may have on an enterprise and its assets. (5 Marks)
c) Describe how public key encryption is used to establish the authenticity of a
message that is exchanged between two parties, say Alice and Bob.
(5Marks)
d) Describe the following general security policies that an organization may invoke:
(i) Statement of authority and scope (1
Mark)
(ii) Acceptable use policy (AUP) (1
Mark)
(iii) Identification and authentication policy (1
Mark)
(iv) Internet access policy (1
Mark)
