UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF MASTER OF SCIENCE IN
MDC6305 ADVANCED DATA COMMUNICATIONS
DATE: APRIL 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE (20 MARKS)
ASK international proposes to launch a new subsidiary to provide e-consultancy services for
organizations throughout the world, to assist them in system development, strategic planning and
e-governance areas. The fundamental guidelines, programs modules and draft agreements are all
preserved and administered in the e-form only.
The company intends to utilize the services of a professional analyst to conduct a preliminary
investigation and present a report on smooth implementation of the ideas of the new subsidiary.
Based on the report submitted by the analyst, the company decides to proceed further with three
specific objectives (i)reduce operational risk, (ii)increase business efficiency and (iii) ensure that
information security is being rationally applied.
The company has advised to adopt BS 7799 for achieving the same.
a) What are the two primary methods though which the analyst would have collected the data?
b) Suppose an audit policy is required, how will you lay down the responsibility of audit?
c) To retain their e-documents for specified period, what are the conditions laid down by the
Information Technology act. (4 Marks)
d) Define what is risk management and describe the risk management lifecycle
QUESTION TWO (15 MARKS)
a) In your own view discuss the risk assessment process clearly showing the benefits of such a
process. (4 Marks)
b) Describe what digital signatures are in relation to information systems security
Page 2 of 3
c) Using appropriate examples explain the difference between active and passive threats
d) Discuss briefly the following encryption techniques
i) Advanced Encryption Standard (AES)
ii) RSA (4 Marks)
e) Threats to the security of distributed systems are pervasive. Describe SSL and
S-HTTP standards as used in information systems security? (4 Marks)
QUESTION THREE (15 MARKS)
a) Given the following TCP/IP architecture, explain possible attack strategies that can be used
in each layer and an appropriate protective measure. (4 Marks)
b) What are the challenges posed by the existence of various types of information systems in the
enterprise? How can these challenges be addressed? (6 Marks)
c) Sketch the figure below and briefly discuss all point of attacks and the possible attack
strategies. Outline also possible protective measures. (5 Marks)
QUESTION FOUR (15 MARKS)
a) Describe two fundamentally different conceptual approaches that can be used for user
authentication. (4 Marks)
b) List and explain three network threats that a firewall does not protect against. (If a threat
only applies to certain types of firewalls, then explain why this is the case.)
c) When starting a new TCP connection, why do the sender and receiver each pick a random
initial sequence number (ISN)? Why not start every TCP transfer with a sequence number
of 0? (5 Marks)
QUESTION FIVE (15 MARKS)
a) Discuss process on how to troubleshoot a DHCP Client clearly showing the Client Server
problems and how to solve them. (9 Marks)
b) A client wants to set up a Metropolitan Area Network (MAN) and has the option of
implementing FDDI and DQDB. Discuss the factors you would consider if you were to
advice him on an option. (6 Marks)