KCA UNIVERSITY
UNIVERSITY EXAMINATIONS 2017
SPECIAL/SUPPLEMENTARY EXAMINATIONS FOR YEAR II TRIMESTER
III FOR THE BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY
BIT3102 INFORMATION SYSTEMS SECURITY AND CRYPTOGRAPHY
SUPPLEMENTARY/ SPECIAL EXAMINATIONS
DATE: JULY, 2017 TIME: 2 HOURS
INSTRUCTIONS
Answer Question one and any other two questions.
1. a. State any four reasons why physical security is needed. 4 Marks
b. Session hijacking can be either active or passive in nature, depending on the degree of
involvement of the attacker in the attack. Explain briefly these two types of session hijacking.
4 Marks
c. There are many different types of Trojans, which can be grouped into main categories.
However, it is usually difficult to classify a Trojan into a single group, as Trojans often have
traits that would place them in multiple categories. Describe briefly any three categories that
outline the main types of Trojan. 6 Marks
d. Brute force attack is a type of password attack, which uses exhaustive trial and error
methods for finding legitimate authentication credentials. State four issues the difficulty of a
brute force attack depends on. 4 Marks
e. The Gartner Group notes six human behaviors for positive response to social engineering.
Explain briefly these human behaviours. 6 Marks
f. Explain how the following attack tools operate:
(i) Spyware 2 Marks
(ii) Keystroke logger 2 Marks
(iii) Rootkit 2 Marks
2. a. Describe how public key cryptography solves the key management problem experienced
in symmetric key cryptography. 4 Marks
b. Describe briefly the features of the following cryptographic algorithms:
(i) RC4 2 Marks
(ii) RC5 2 Marks
(iii) Blowfish 2 Marks
c. State five things that Secure Shell (SSH) protects against. 5 Marks
d. Explain briefly five things that PGP is basically used for. 5 Marks
3. a. (i) Describe the two types of automated vulnerability scanners. 4 Marks
(ii) What are the limitations of vulnerability scanning software? 3 Marks
b. (i) The web application can be comprised of many layers of functionality. However,
it is considered a three-layer architecture. Briefly describe each of these layers.
3 Marks
(ii) Exploitive behavior, as demonstrated by hackers, can take many forms. Explain
any five of these exploitative forms. 5 Marks
c. Explain the following terminologies as used in information systems security:
(i) Sniffing 1 Mark
(ii) Shoulder surfing 1 Mark
(iii) Dumpster diving 1 Mark
(iv) Social engineering 1 Mark
(v) Security perimeter 1 Mark
4. a. Networks can be protected from attacks by using different mechanisms to prevent or
identify the attacks as they occur. Describe briefly the following network security
mechanisms:
(i) Firewall 2 marks
(ii) ACL 2 Marks
(iii) IDS 2 Marks
b. A single point of failure is any device, circuit, or process that causes the unavailability of
data upon failure, thus requiring consistent maintenance and redundancy. Explain briefly
how the following points of failure are dealt with:
(i) Disks 2 Marks
(ii) Servers 2 Marks
(iii) Routers 2 Marks
c. (i) How is a sensitivity profiling developed and what is the benefit? 2 Marks
(ii) How can you address the major considerations of sensitivity profiling for job
positions? 2 Marks
d. Information technology has been advancing at an unprecedented rate. Not surprisingly,
law enforcement has been left behind, especially at the local and national level. Explain any
four reasons for this. 4 Marks
5. a. Discuss briefly any four factors can increase or decrease the level of impact a threat may
have on an enterprise and its assets. 4 Marks
b. Outline any two advantages and two disadvantages associated with the use of digital
signature 4 Marks
c. State four reasons for performing a risk analysis 4 Marks
d. (i) In a non-electronic banking scenario, a customer, A, may write instructions to his
bank to transfer funds from his account to another customer B’s account. A third party
(messenger) delivers the instructions to the bank. Explain the integrity and authentication
concerns in this scheme and how they are typically addressed. 5 Marks
(ii) In an electronic banking scenario, and considering the transaction described
above, explain the integrity and authentication concerns and their cryptography- based
solutions. 3 Marks
