UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BIT 3102/BBIT 301/BCT 2106/BCT 2209: INFORMATION SYSTEMS
SECURITY AND CRYPTOGRAPHY/ NETWORK SECURITY/
INFORMATION SECURITY POLICY/ PRINCIPLES OF INFORMATION
SECURITY
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: APRIL, 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) Discuss in detail each of the phases in a hacking cycle. 5 Marks
b) Encrypt the text: “The Operation Linda Nchi has started” using
(i) Caesar’s Cipher 5 Marks
(ii) Transposition cipher with key 4 2 1 3 5 Marks
c) Describe any five processes that help in achieving information assurance. 5 Marks
d) (i) Define the term “computer fraud”. 1 Mark
(ii) Discuss four developments that have led to an increase in computer fraud.
4 Marks
e) Describe briefly the steps involved in implementing access control services.
5 Marks
QUESTION TWO [20 MARKS]
a) You have been assigned the role of a security consultant for an organization that uses
computers for their day-to-day operations. You first task is to prepare a defence plan for
this organization with a view to securing the organization’s data. Describe any FOUR
major considerations you must take into account when choosing the design.
8 Marks
b) State any four weaknesses that compromise cryptographic algorithms. 4 Marks
c) Describe briefly any five IDS categories. 5 Marks
d) List any three reasons why people will violate policy. 3 Marks
QUESTION THREE [20 MARKS]
a) Once security goals are in place, there are a number of concepts that can be applied to
reinforce security within your organization. Techniques such as personnel management
are critical components to strengthening organizational security. Employing these
techniques will help you increase security levels and protect your information systems
from intrusive, unauthorized access.
(i) When hiring a new employee, it is important to match the appropriate employee
with the applicable job and security responsibilities. Outline the Baseline hiring
procedures. 5 Marks
(ii) From a security standpoint, what security benefit does mandatory vacations
provide? 2 Marks
(iii) How is a sensitivity profiling developed and what is the benefit? 2 Marks
(iv) How can you address the major considerations of sensitivity profiling for job
positions? 2 Marks
b) With the aid of relevant examples, describe what three types of information can be used
to authenticate a user. 6 Marks
c) Why do companies resort to seeking security help outside their organizations?
3 Marks
QUESTION FOUR [20 MARKS]
a) Discuss in detail the methodology you would follow in conducting a vulnerability
assessment of an organization. 10 Marks
b) We can create categories of cybercrime victims. It is important to note that not all victims
fit neatly into these categories, and some of the categories overlap at times. Discuss any
five common cybercrime victim characteristics. 5 Marks
c) Why is it necessary for attackers to conduct footprinting of a target before the actual
attack? 2 Marks
d) What are the objectives of network scanning? 3 Marks
QUESTION FIVE [20 MARKS]
a) Discuss any
(i) four common social engineering attack targets 2 Marks
(ii) attack techniques for each of the above 2 Marks
(iii) defence strategies for each of the above 2 Marks
b) Explain in detail how you would go about creating and implementing security policies in
an organization. 8 Marks
c) Explain in detail how an attacker hacks a network using sniffing tools. 6 Marks
