department of computerexampapers.nust.na/greenstone3/sites/localsite... · common passwordsuch as...
TRANSCRIPT
;
FIRITIIBIH UI'HVERSITY
0F SCIEI'ICE RI'ID TECHNOLOGY
FACULTY OF COMPUTING AND INFORMATICS
Department of Computer Science
QUALIFICATION: BACHELOR OF COMPUTER SCIENCE / BACHELOR OF INFORMATICS
QUALIFICATION CODE: 07BACS / 07BA|F LEVEL: 7
COURSE: IT SYSTEMS SECURITY COURSE CODE: |SS610S
DATE: JUNE 2017 SESSION: THEORY
DURATION: 3 HOURS MARKS: 100
FIRST OPPORTUNITY EXAMINATION QUESTIONS PAPER
EXAMINERISI ASSOCIATE PROFESSOR HUSIN JAZRI CISSP
MODERATOR:MR ISAAC NHAMU
THIS QUESTION PAPER CONSISTS OF 14 PAGES
(Including this front page)
INSTRUCTIONS
1. Answer ALL questions in Part 1, Part2 and Part 3. In Part 1, select one best answer to
each question by encircling the right answer and transfer it in the examination book in
the right numbering sequence. In Part 2, fill up the blank lines with the right answer. In
Part 3, answer one essay question and write down your answers appropriately. All
answers should be provided in the examination book.
NUST examination rules and regulations apply.
3. DO NOT FORGET to write down your student number and your name at the designated
place on top of the next page (Page 2).
4. Submit both your examination book and this question papers together.
Student Number:
Student Name :
Answer all questions. Select only ONE best answer to each question by encircling the right
answer.
[PART 1 — 50 MULTIPLE CHOICE QUESTIONS. 50 MARKS IS ALLOCATED FOR 50 QUESTIONS
WITH THE CORRECT ANSWER. ONE CORRECTLY ANSWERED QUESTION IS GIVEN ONE MARK]
1. Which statement is correct from the perspective of IT System Security?
ups-9:Loss of data is much more difficult to replace than hardware or software
Hardware is much more attractive than software
An operating system is the heart of the computer system thus difficult to replaceOff the shelf software is not easily replaceable and expensiVe to do so
2. Identity theft is best mitigated by:
9.969:Encrypting information in transit to prevent readability of information
Implementing authentication controls
Determining location of sensitive information
Both a and b
3. When threats and vulnerabilities are matching, the following shall happen:
goo-5»Intrusion Detection System will flag security warning
The impact of security breaches can be felt immediately
Firewall alarms will trigger
Anti-virus software alarm will trigger
4. Which statement best describes the concept of confidentiality in computing?
d.
The ability of a system to ensure that data is viewed based on need-to—know
principle
Encryption is the only way to ensure confidentiality
Digital signature is a process where confidentiality is preserved from unauthorized
parties
Confidentiality can be implemented through access control
5. Which statement best describes the concept of non—repudiation in computing?
The ability of a system to confirm that a sender cannot convincingly deny having
sent something
Non—repudiation can best be achieved through symmetric key encryption system
Non-repudiation is about being accountable to everyone
2
d. Non-repudiation is a mandatory feature in all government applications and contract
documents
6. Which of the following statement describes risk management accurately?
Risk management is about managing the risk that is not known to the company or
not in control by the company
Risk management can be done once a year
Risk management involves choosing which threats to control, vulnerabilities to
rectify and what resources to devote to protection
Risk management is a process of identifying the cost to prevent threats from
prevailing
7. Which of the following statement explains on vulnerability more accurately?
Vulnerabilities are weaknesses that will allow harm to occur if not addressed
immediately and reachable by the appropriate threats
Vulnerabilities existed through external threat and security research by commercial
vendors
Vulnerabilities are easy to overcome as they are within the organization control
Vulnerabilities are weaknesses that should be hidden from external parties as longas it takes
8. Which of the following statement is true about Authentication?
goo-5»Authentication is based on something you know, you are or you have
Authentication is about presenting your ID to the computer system
Authentication is needed if you are not known to the computer
Authentication is about describing your identity to the computer
9. Which of the following statement is true about common passwords?
10.
0'5”
Common password can be shared by the group
Common password is secured to be used in a group work
Common password such as qwerty, password and 123456 are used astonishinglyoften
Common password is meant to be communicated securely by selected group
Which of the following statement is true about Rainbow Table?
Rainbow Table is a technique used to list strong passwordsRainbow Table is needed to allow strong passwords to be used by the system
Rainbow Table is a function within the operating system to check whether the
password is weakly chosen
Rainbow Table is a pre-computed list of popular values, such as passwords
11. Which of the following statement is true about a false positive?
13.
False positive is a situation where the device is correctly identifying inactive users
False positive is a situation where the device is incorrectly confirming an identityFalse positive is a situation where the device is incorrectly confirming a legitimate
process
False positive is a situation where the device is correctly denying an authorised users
. Which of the following statement is true about tokens?
Active tokens do not change and passive tokens communicate with relevant sensors
Passive tokens do not change and active tokens communicate with relevant sensors
Active tokens are better than passive tokens and much more secure and easily
implemented
Passive tokens do not change and active tokens communicate with the
manufacturers for updates
Which of the following statement is best to describe Federated Identity Management?
Federated identity management unifies the identification and authentication
process for a group of systems
One time pad is a good example of a federated identity management using
password generator
Single Sign On is a federated identity management using Public Key Infrastructure
Federated identity management is much more secure as it provides stronger
password to users
. Which of the following statement is best to describe access control?
Access control is a cryptographic function that supports the authentication process
and resource control
Access control is about identifying the right users and authenticating them with the
right passwordsAccess control is about limiting who can access computer resources and in what
ways
Access control is a security function embedded in the operating system to deter
intruders from hacking
15. Which of the following statement is true about Reference Monitor?
Reference Monitor is a secure module where all the secret data are kept and made
secure
Reference Monitor is a secure module that list all the possible attacks from both
internal and external
Reference Monitor is a secure module where access control is correlated with
sensitive databases
d. Reference Monitor is a secure module where access control is always invoked,
tamperproof, and verifiable
16. Which of the following statement is best to describe IT security?
91 IT security is about securing IT systems from hacking and intrusions
b. IT security is about implementing cryptographic solutions to enhance confidentialityIT security is about ensuring adequate confidentiality, integrity and availability of IT
systems and its resources
d. IT security covers information security, business continuity, secure networks and
usability of appropriate applications
17. Which of the following statement is true about Role-Based Access Control?
a. Role-Based Access Control recognizes common needs of all members of a set of
subjectsb. Role-Based Access Control is an access control based on the data classification
Role—Based Access control is an access control based on the object categories
d. All of the above
.0
18. Which of the following statement is true about cipher text?
Cipher text is material in an intelligible form and plain text is coded messages
Cipher text is a textbook that discusses about Cryptography
Cipher text is a secret message and plaintext is not a secret message
Cipher text is an encrypted data and plaintext is a data in intelligible formgnu-5::19. Which of the following statement is true about asymmetric encryption?
a. Asymmetric encryption system uses one key to encrypt and a different key to
decryptb. Asymmetric encryption system is also known as a private key system
c. Asymmetric encryption system uses common key to encrypt and decryptd. The most popular algorithm for asymmetric encryption system is called DES.
20. Which of the following statement is true?
a. A cryptographer is a profession that focuses on breaking the secret codes
b. A cryptanalyst attempts to develop a secure code that is unbreakable
c. Cryptanalyst attempts to deduce the original meaning of a cipher text message by
determining which decrypting algorithm being used and which key matches the
encrypting algorithmd. A good hacker is often a good cryptanalyst.
21. Which of the following statement is true about stream ciphers?
a. Stream ciphers encrypt one bit at a time whereas block ciphers encrypt a fixed
number of bits as a single block
b. Stream ciphers encrypt one block at a time whereas block ciphers encrypt multipleblocks at a time
c. Stream ciphers encrypt multiple blocks in series whereas block ciphers encrypt
multiple blocks in paralleld. Stream ciphers encrypt 64bits at a time and block ciphers encrypt a single chunk of
128bits
22. Which of the following statement is true about AES?
a. Advanced Encryption System (AES) is a public key system that provide an alternative
to DES
b. Advanced Encryption System (AES) is a public key system and DES is a symmetric key
system
c. Advanced Encryption System (AES) is an alternative to DES and run on a fast
algorithm that can easily be implemented on a simple processors
d. Advanced Encryption System (AES) is developed by the US NIST and NSA whereas
DES is developed by the Dutch Cryptographer
23. Which of the following statement is true?
a. RSA Cryptosystem is a public key system whereas AES is a one secret key
cryptosystem
b. A public key cryptosystem and a private key cryptosystem is the same because both
has a secret keyc. AES is a public key cryptosystem whereas DES is a public key cryptosystem
cl. AES is a public key cryptosystem whereas RSA is a private key cryptosystem
24. Which of the following statement is true?
a. The basic purpose of error detecting codes is to demonstrate that a block of data
has been transmitted
b. The basic purpose of error detecting codes is to demonstrate that a block of data
has been encryptedc. The basic purpose of error detecting codes is to demonstrate that a block of data
has been modified
d. All of the above
25. Which of the following statement is true about a cryptographic checksum?
a. A cryptographic checksum is a cryptographic function that provides access control
b. A cryptographic checksum is a cryptographic function that can be used to verify
integrity6
cl.
A cryptographic checksum is a cryptographic function that produces a cipher text
A cryptographic checksum is a cryptographic function that protects data
26. Which of the following statement is best to describe a digital signature?
27.
28.
ape-9:29.
ape-9)30.
A digital signature is a combination of public key cryptosystem and private key
cryptosystem
A digital signature is a technique where a signature is scanned and captured digitally
protected through an integrity checker
A digital signature is a way by which a person can affix a bit pattern to a file such
that it implies confirmation, pertains to that file only, cannot be forged and
demonstrates authenticityA digital signature is a system in which a file is verify through an integrity checker
and validated by a trusted party
Digital signature consists of the following except:
A file and connection of the signature to the file
Demonstration that the file has not been altered
Indication of who applied the signature and validation that the signature is
authentic
An indication that the file has been read by the recipient
Which of the following statement is best to describe about benign flaws?
Benign flaws are backdoors that were planted during the programming phase
Benign flaws can be and often are exploited for malicious impact
Benign flaws are not dangerous if not known to the outsiders
Benign flaws are bound to happen due to human fatigues
Which of the following statement is true about memory management?
Memory resident malware is able to distinguish between data and code
In memory, data is segmented from code through procedure calls
In memory, code is treated differently from data for security reasons
In memory, code is indistinguishable from data and the origin of code is also not
visible
Which of the following statement is true?
Overflow into system space is a matter of chances and luck
Overflow into system space can redirect execution immediately or on exit from the
current called procedure
Overflow into system space can be overcome by triggering alarm before execution
Overflow into system space can be manipulated easily even though no buffer
overflow exists
7
31. Which of the following statement is true?
Secure programming is intended to make sure that all programs are free from major
security vulnerabilities
Secure programming is a programming process that takes into account human and
machine errors
Users make errors from ignorance, misunderstanding, distraction but in a good
program design, user errors should not cause program failures
All of the above
32. Which of the following statement is correct?
If data can be changed by unauthorised parties, assume that they have been
changedIf data can be changed by unauthorised parties, the system can be compromisedIf data can be changed by unauthorised parties, there is a possibility that malware is
presence
All of the above
33. Which of the following statement conforms to good security practice?
34.
PC“
35.
Secret backdoors are handy for programmers to do short cut and save time
Secret backdoors are eventually found, therefore security cannot depend on such
secrecy
Secret backdoors are only for programmers, no one else should know
Secret backdoors will help programmers to do remote access in case system
maintenance is needed
Which of the following statement is correct?
Race conditions exists when two different processes are trying to complete their
work at the same time
Race conditions exist when malware is infecting the operating system
Rootkits is a malware that take advantage of race condition
Race conditions depend on the order and timing of two different processes, makingthese errors hard to find and test for
Which of the following statement is true?
Viruses can be detected by any anti—virus software
Virus is a code with malicious behaviour and propagates copies of itself to other
programs
Virus is no longer a threat when secure programming is appliedVirus is a program that replicates itself rapidly in an email system
36. Which of the following statement is true about Trojan horse?
ago-5»37.
Us»
Trojan horse is an encryption algorithm
Trojan horse is a zero day attack by hackers
Trojan horse is easy to detect if updated anti-virus is installed
Trojan horse is a program with benign apparent effect but second, hidden and
malicious effect
Which of the following statement is false?
Time bomb is a code that can carry a payload such as worm
Time bomb is a code that can work in combination with other malwares
Time bomb is a code that attacks a computer internal time and manipulate it to its
advantageTime bomb is code that triggers action when a predetermined time occurs
38. Which of the following statement is true about Bot?
po-
Bot is a semi-autonomous agent, under control of a remote controller or ”herder"
and can be malicious
Bot is a program that is being used as a bug tracker
Combination of many Bots is in a network is called Botnet
A and C are correct
39. Which of the following statement is true regarding Browser hijacker?
PU
Browser hijacker is code that changes browser settings, disallows access to certain
sites, or redirects browser to others
Browser hijacker is a tiny code that allow web tracking to occur
Browser hijacker is a code that does ClickjackingBrowser hijacker is a code that steals private information of users
40. Which of the following statement is true?
Trapdoor is a function in the firewall to trap unauthorised access to network
resources
Trapdoor is personal firewall installed on users computer to block any suspicious
activities
Trapdoor is code feature that allows unauthorised access to a machine or program;
bypasses normal access control and authentication
Trapdoor is a code developed by programmers to trap unforced errors and buffer
overflows
41. Which of the following statement is best to describe Scareware?
a. Scareware is not a code; but rather a false warning of malicious code attack
9
P
Scareware is a technique to trick people to a specific website
Scareware is a category of clickjackingScareware is an advertisement used by anti-virus vendors to force people to buytheir products
42. Which of the following statement is true?
0)
44.
45.
moo-m
The main purpose of public key is to make your identity publicDES is much stronger algorithm than AES
The main use of secret key is protecting confidentiality and integrity of data at rest
or in transit
The main use of secret key is to generate cryptographic hash function
. Which of the following statement is true?
Out-of—Band Communication means the status of communication is no longer
functioningOut—of-Band Communication means transferring one fact along a communication
path separate from that of another fact
Out-of—Band Communication means the communication channel has been
compromised
Out-of—Band Communication means the communication channel has been
interrupted by other communication frequencies
Which of the following statement is true about website defacement?
A website defacement occurs when an attacker replaces or modifies the content of
a legitimate website
A website defacement is sometimes not so dangerous because it is just a graffiti in
digital world
A website defacement can lead to a loss of reputation in business
All of the above
Which of the following statement is false?
Integrity checksums can detect altered content on a web site
Integrity checksums can detect altered files in the data folders
Integrity checksums can detect the presence of rootkits malware
integrity checksums can help to verify the originality of the operating system files
46. Which of the following statement is correct about web bug?
Tiny action points called web bug can report page traversal patterns to central
collecting points, compromising privacy
Tiny action points called Web bug is a bug trouble shooter that can be used to
detect weaknesses in websites
10
c.
d.
Web bug is a diagnostic software that help to track location of interested suppliersNone of the above
47. Which of the following statement is true about drive—by download?
48.
A drive—by download is a service that provides online download of security services
to protect IT systems
A drive-by download is a freely available service that provides tools for security use
and provide regular updatesA drive—by download is an attack in which code is downloaded, installed, and
executed on a computer without the user’s permission and usually without user’s
knowledgeA drive-by download is a subscription based website vulnerabilities scanners
Which of the following statement is true?
In an attack called cross-site scripting, executable code is included in the interaction
between client and server and executed by the client or server
In an attack called cross-site scripting, an executable code is injected with the
intention to interact with database server
Cross—site scripting is an attack technique to compromise a website by linking it to
other websites that have been compromised earlier
Cross-site scripting is a technique used to steal private information from websites
. Which of the following statement is true regarding a phishing attack?
In a phishing attack, html command scripts are injected into the website input page
with the intention to fool the operating system into running the injected script
In a phishing attack, SQL injection technique is used to control the running web
browser
In a phishing attack, the email message tries to trick the recipient into disclosing
private data or taking another unsafe action
None of the above
. Which of the following statement is correct to describe Rootkits?
Rootkits is a malware that is commonly used by hackers to take control of computer
resources
Rootkit is a tool or script that obtains privileges of root and can be used for good or
malicious purposes
Rootkits is a program that controls all communication devices in both local and wide
area networks
Both a and b above are correct
11
[PART 2 — ANSWER ALL QUESTIONS. ON EACH QUESTION, FILL IN THE BLANK LINE WITH
THE RIGHT ANSWER]
[40 MARKS ALLOCATED FOR 20 QUESTIONS WITH THE CORRECT ANSWER. ONE QUESTION
IS GIVEN TWO MARKS IF ANSWERED CORRECTLY]
Example: Confidentiality, Integrity and Availability are three key important concepts that can
provide us with a good understanding as how to address IT security breaches systematically
1. is the ability of a system to confirm the identityof a sender
2. is the ability of a system to ensure that an asset can be used by any
authorised parties
3. a table of subjects and objects indicating what actions
individual subjects can take upon individual objects
4. is a set of mathematical and logic rules used in cryptographic
functions
5. Malicious use of bots is the coordination and operation of an automated attack is called
a
6. A substitution processes used in encryption functions to increase randomness is called
7. A science of secret writing that enables an entity to store and transmit data in a form
that is available only to the intended individuals is known as
8. is the individual responsible for the protection and classification of a
own data set
9. is a practice of uncovering flaws within cryptosystems
12
10. is a combination of HTFP and SSL/TLS that is commonly used for secure
Internet connections and e-commerce transactions.
11. A system that randomly generates a private key, and is used only once to encrypt a
message that is then decrypted by the receiver using a matching one-time pad and key is
known as
12. A scam in which the perpetrator sends out legitimate looking emails, in an effort to obtain
personal and financial information from the recipient is known as
attack
13. is a value used in public key cryptography that is used for
encryption and signature validation that can be known by all parties
14. A concept that defines a set of design requirements of a reference validation
mechanism such as security kernel, which enforces an access control policy over subject’s
(processes, users) ability to perform operations (read, write, execute) on objects (files,
resources) on a system is called a
15. is when as intruder takes over a connection after the originalsource has been authenticated
16. is an encryption method in which a cryptographic key and an
algorithm are applied to each bit in a data stream, one bit at a time
17. A is a danger of an external agent exploiting a vulnerability
18. is a program that is disguised as another program with the goal of
carrying out malicious activities in the background without the user knowing
19. are different from viruses in that they can reproduce on their own
without a host application and are self—contained programs
13
20. is a type of attack occurs when an attacker intercepts authentication
information through the use of network monitoring utilities. The attacker then ”replays” this
information to the security system in an effort to gain access to the system
[PART 3 — ONE ESSAY QUESTION (10 MARKS — 2 MARKS FOR EACH NEW ATTACK TECHNIQUES
DISCUSSED)]
1. In the most recent RSA 2017 Conference, The Seven Most Dangerous New Attack
Techniques, and What’s Coming Next was discussed in a panel discussion and was also shown
in the class.
Describe any five (5) of the most dangerous new attack techniques that was discussed by these
panellists.
END
14