UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BIT3102 BBIT301 BCT2106 BCT2209 INFORMATION SYSTEMS
SECURITY AND CRYPTOGRAPHY/ NETWORK SECURITY/
INFORMATION SECURITY POLICY/ PRINCIPLES OF INFORMATION
SECURITY
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: APRIL, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Explain briefly the three people involved in a cybercrime. (3 Marks)
b) Explain any five responsibilities of an incident response team (5 Marks)
c) Discuss briefly the activities in each of the phases of penetration testing. (6 Marks)
d) Differentiate between:
(i) Passive reconnaissance and active reconnaissance (2 Marks)
(ii) Authenticity and Integrity (2 Marks)
(iii) Suicide hackerand cyber terrorist (2 Marks)
e) Explain the steps followed in creating a trojan to infect systems. (5 Marks)
f) Public Key Infrastructure (PKI) is a set of hardware, software, people, policies and
procedures required to create, manage, distribute, use and revoke digital certificates.
Describe briefly any five components of PKI. (5 Marks)
QUESTION TWO [20 MARKS]
a) With the aid of relevant examples, describe what three types of information can be used to
authenticate a user (6 Marks)
b) Discuss the FOUR possible policies an organization may adopt with regard to providing
Internet access to users of a private LAN. (4 Marks)
c) Discuss any five critical areas physical security must address. (5 Marks)
d) Describe five technical skills required of an ethical hacker. (5 Marks)
QUESTION THREE [20 MARKS]
a) Explain in detail the steps involved in creating and implementing security policies.
(8 Marks)
b) Describe the procedure followed in using a digital signature for secure communication.
(6 Marks)
c) Describe how a hash algorithm operates (6 Marks)
QUESTION FOUR [20 MARKS]
a) A firm security implementation plan can be launched and established using a series of
best practices. State any five of these best practices. (5 Marks)
b) Discuss any four design principles for secure systems. (4 Marks)
c) (i) What is Kerberos? (1 Mark)
(ii) Describe the kerberos logon process (5 Marks)
d) Describe how public key encryption is used to establish the authenticity of a message that is
exchanged between two parties, say Alice and Bob. (5 Marks)
QUESTION FIVE [20 MARKS]
a) Describe any FIVE major considerations you must take into account when choosing the
security design that will secure an organization’s data. (5 Marks)
b) In the last few years, customers have been turning to Managed Security Service (MSS)
providers in growing numbers. That growth reflects a general increase in IT outsourcing.
(i) Outline any four common motivations for companies to seek outside security help.
(4 Marks)
(ii) Explain briefly any four categories of Managed Security Services (4 Marks)
c) Access control services implementation is required for all systems, regardless of the access
control system type. Once the access control rules are provided and implemented, the
system must then limit access based on those rules. List the five steps involved in
implementing access control services. (5 Marks)
d) What do trojan creators look for? (2 Marks)
