UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BIT3102 BBIT301 BCT2106 BCT2209 INFORMATION SYSTEMS
SECURITY AND CRYPTOGRAPHY/ NETWORK SECURITY/
INFORMATION SECURITY POLICY/ PRINCIPLES OF INFORMATION
SECURITY
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: DECEMBER, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Differentiate between:
(i) Passive reconnaissance and active reconnaissance 2 Marks
(ii) Authenticity and Integrity 2 Marks
(iii) Suicide hackerand cyber terrorist 2 Marks
b) Outline any five motives behind information security attacks. 5 Marks
c) A penetration test will not only point out vulnerabilities, it also will document how the
weaknesses can be exploited and how several minor vulnerabilities can be escalated by an
attacker to compromise a computer or network. Describe the following types of penetration
testing:
(i) Black-box testing 2 Marks
(ii) Gray-box testing 2 Marks
d) There are many different factors that should be considered when managing cryptographic
keys. Explain any five of these factors. 5 Marks
e) One of the simplest ways to prevent attackers compromising the network is to customize
the settings of the network. Customization of the network settings will give the network
administrators an efficient means of monitoring network traffic. They can also put restrictions on
the data, and the information exchanged over the network, to prevent exposure of the company’s
network, thus preventing unknown, and unauthenticated, users from accessing the network. In
this regard, describe the following components of network security:
(i) Firewall 2 Marks
(ii) Honeypot 2 Marks
(iii) Intrusion Detection System (IDS) 2 Marks
f) Discuss the difficulties facing investigators and prosecutors of computer crimes.
4 Marks
QUESTION TWO [20 MARKS]
a) With the aid of a diagram, discuss how you would go about causing a denial of service
attack in an organization using a typical botnet setup. 10 Marks
b) State the four characteristics of a good cryptographic algorithm. 4 Marks
c) Discuss briefly the activities in each of the phases of penetration testing. 6 Marks
QUESTION THREE [20 MARKS]
a) Discuss any five reasons why cybersecurity is considered a “hard, multifaceted
problem”. 10 Marks
b) Identify tools used to protect networks, servers, and clients 4 Marks
c) (i) Discuss how hashing is used in password protection. 4 Marks
(ii) State two limitations of asymmetric key encryption. 2 Marks
QUESTION FOUR [20 MARKS]
a) Describe briefly any five design principles for secure systems. 10 Marks
b) With the aid of a diagram, explain in detail how an e-banking trojan is deployed to
manipulate banking transactions. 6 Marks
c) Discuss the FOUR possible policies an organization may adopt with regard to providing
Internet access to users of a private LAN. 4 Marks
QUESTION FIVE [20 MARKS]
a) You’re meeting with the IT team to review the organization’s information security
policies and procedures. Discuss five tasks needed to establish an effective information
security governance structure. 10 Marks
b) Application Embedded Secret Computation is a piece of program code embedded within
an application and performing some secret undocumented computation whenever the application
is running.
(i) Describe how the salami attack is conducted 4 Marks
(ii) State four reasons why the salami attack is persistent 4 Marks
(iii) Outline the counter-measures of the salami and covert channel attacks
2 Marks