UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BIT 3102/BBIT 301/BCT 2106/BCT 2209: INFORMATION SYSTEMS
SECURITY AND CRYPTOGRAPHY/ NETWORK SECURITY/
INFORMATION SECURITY POLICY/ PRINCIPLES OF INFORMATION
SECURITY
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: AUGUST, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Explain the security issues arising from App stores. 4 Marks
b) Explain in detail how the following attacks are conducted:
(i) Mobile based social engineering using fake security applications 3 Marks
(ii) Social engineering through impersonation on social networks 3 Marks
c) Explain the separation of security responsibilities on the cloud in IaaS, PaaS and SaaS.
6 Marks
d) Explain how the following attack tools operate:
(i) Spyware 2 Marks
(ii) Keystroke logger 2 Marks
(iii) Rootkit 2 Marks
e) State any four myths about cybercriminals 4 Marks
f) Describe briefly how Public Key Infrastructure (PKI) works. 4 Marks
QUESTION TWO [20 MARKS]
a) (i) Differentiate between security audit, vulnerability assessment and penetration
testing. 3 Marks
(ii) State any two human behaviors that are vulnerable to social engineering attacks.
2 Marks
(iii) Why is social engineering effective? 2 Marks
(iv) Explain the phases involved in a social engineering attack. 2 Marks
b) A graduate student accidentally releases a program that spreads from computer system to
computer system. It deletes no files but requires much time to implement the necessary defenses.
The graduate student is convicted. Despite demands that he be sent to prison for the maximum
time possible (to make an example of him), the judge sentences him to pay a fine and perform
community service.
(i) What factors do you believe caused the judge to hand down the sentence he did?
3 Marks
(ii) If you were the judge, what extra information would you have needed to make
your decision? 3 Marks
c) Describe briefly any five practices that should be enhanced in order to combat computer
fraud within an organization. 5 Marks
QUESTION THREE [20 MARKS]
a) (i) Explain briefly why ethical hacking is necessary. 3 Marks
(ii) Outline the technical and non-technical skills of an ethical hacker 5 Marks
b) Discuss briefly any three major characteristics exhibited by most cyber criminals.
6 Marks
c) With the aid of a diagram, outline the organized cybercrime organizational chart.
6 Marks
QUESTION FOUR [20 MARKS]
a) (i) What is computer fraud? 1 Mark
(ii) What are the four major categories of computer fraud? 4 Marks
(iii) What recent developments are contributing to increasing risk of computer fraud?
3 Marks
b) Any network that is going to deploy a defense system to protect their network must fulfill
some common requirements if the defense is going to be successful. Although these are
not written as a hard and fast rule, they should be followed in nearly all organizations.
With the aid of a diagram, discuss an outline defence-in-depth security model for any
network. 6 Marks
c) Explain briefly any six processes that help in achieving information Assurances
6 Marks
QUESTION FIVE [20 MARKS]
a) Ciphers are algorithms used to encrypt or decrypt the data. In this regard:
(i) How did classic ciphers operate? 2 Marks
(ii) How do modern ciphers operate? 2 Marks
b) Describe how public key cryptography solves the key management problem experienced
in symmetric key cryptography. 4 Marks
c) There are many different factors that should be considered when managing cryptographic
keys. Explain any four of these factors. 4 Marks
d) (i) Describe briefly the software package called PGP. 2 Marks
(ii) State three things that PGP is basically used for. 3 Marks
e) Discuss in detail how digital signatures are used in Electronic money (digital cash).
3 Marks