UNIVERSITY EXAMINATIONS: 2016/2017
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY/BACHELOR OF BUSINESS
INFORMATION TECHNOLOGY/BACHELOR OF SCIENCE IN
INFORMATION AND COMMUNICATIONS TECHNOLOGY
BIT 3102/BBIT 301/BCT 2106: INFORMATION SYSTEMS SECURITY
AND CRYPTOGRAPHY/NETWORK SECURITY/INFORMATION
SECURITY POLICY
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: DECEMBER, 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [30 MARKS]
a) State four reasons why computer networks will continue to experience security problems.
4Marks
b) Access controls fall into different areas or categories depending on their functions. Each
access control category has its own, unique function and performance capability.
Describe briefly the functions of any six major categories of access controls.6 Marks
c) Outline any two advantages and two disadvantages associated with the use of digital
signature 4 Marks
d) Intrusion Detection System evasion techniques are modifications made to attacks in order
to prevent detection by an Intrusion Detection System (IDS). Almost all published
evasion techniques modify network attacks. Describe briefly any five of the techniques
used to evade IDS. 5 Marks
e) Describe how secret key encryption is used in protecting pay TV transmissions.
5Marks
f) Identify any six key security threats in the e-commerce environment. 6 Marks
QUESTION TWO [20 MARKS]
a) Biometric measurements or personal attributes are used for authentication. These
attributes are unique to the individual seeking to authenticate identification.
(i) List any four types of biometrics that are used for authentication 2 Marks
(ii) Discuss the two types of errors that occur when biometrics are used for
authentication. 4 Marks
b) State any five steps you would take in order to avoid a trojan infection 5 Marks
c) In public key encryption, compare and contrast RSA and Diffie-Hellman algorithms
9Marks
QUESTION THREE [20 MARKS]
a) Differentiate between the following:
(i) Trojan horse and rootkit 2 Marks
(ii) Virus and worm 2 Marks
(iii) cyber terrorist and suicide hacker. 2 Marks
b) Describe briefly the steps involved in implementing access control services.
5Marks
c) Cryptography is the study of the mathematical algorithms and functions used to secure
messages. These algorithms fall into two camps: restricted and open. Explain which of the above
the algorithm is preferable and why you could choose it. 6 Marks
d) State the THREE requirements that a scheme for unforgeable signatures must possess.
3Marks
QUESTION FOUR [20 MARKS]
a) Explain how the following attack tools operate:
(i) Botnet 2 Marks
(ii) Keystroke logger 2 Marks
(iii) Rootkit 2 Marks
b) Discuss the following security models:
(i) Lattice Model 2 Marks
(ii) Biba Model 2 Marks
c) A penetration test will not only point out vulnerabilities, it also will document how the
weaknesses can be exploited and how several minor vulnerabilities can be escalated by an
attacker to compromise a computer or network. Describe the following types of penetration
testing:
(i) Black-box testing 3 Marks
(ii) Gray-box testing 3 Marks
d. Outline any four reasons why physical security is needed. 4 Marks
QUESTION FIVE [20 MARKS]
a) Describe the following as used in access control:
(i) Authentication. 1 Mark
(ii) Authorization. 1 Mark
(iii) Auditing. 1 Mark
(iv) Biometric factor 1 Mark
(v) Single Sign-On (SSO) 1 Mark
b) Describe the following types of attack:
(i) Man-in-the-middle attack 3 Marks
(ii) Replay attack 3 Marks
c) Explain briefly the concept of steganography and how it has evolved. 6 Marks
d) Describe the encryption-based birthday attack. 3 Marks