;

FIRITIIBIH UI'HVERSITY

0F SCIEI'ICE RI'ID TECHNOLOGY

FACULTY OF COMPUTING AND INFORMATICS

Department of Computer Science

QUALIFICATION: BACHELOR OF COMPUTER SCIENCE / BACHELOR OF INFORMATICS

QUALIFICATION CODE: 07BACS / 07BA|F LEVEL: 7

COURSE: IT SYSTEMS SECURITY COURSE CODE: |SS610S

DATE: JUNE 2017 SESSION: THEORY

DURATION: 3 HOURS MARKS: 100

FIRST OPPORTUNITY EXAMINATION QUESTIONS PAPER

EXAMINERISI ASSOCIATE PROFESSOR HUSIN JAZRI CISSP

MODERATOR:MR ISAAC NHAMU

THIS QUESTION PAPER CONSISTS OF 14 PAGES

(Including this front page)

INSTRUCTIONS

1. Answer ALL questions in Part 1, Part2 and Part 3. In Part 1, select one best answer to

each question by encircling the right answer and transfer it in the examination book in

the right numbering sequence. In Part 2, fill up the blank lines with the right answer. In

Part 3, answer one essay question and write down your answers appropriately. All

answers should be provided in the examination book.

NUST examination rules and regulations apply.

3. DO NOT FORGET to write down your student number and your name at the designated

place on top of the next page (Page 2).

4. Submit both your examination book and this question papers together.

Student Number:

Student Name :

Answer all questions. Select only ONE best answer to each question by encircling the right

answer.

[PART 1 — 50 MULTIPLE CHOICE QUESTIONS. 50 MARKS IS ALLOCATED FOR 50 QUESTIONS

WITH THE CORRECT ANSWER. ONE CORRECTLY ANSWERED QUESTION IS GIVEN ONE MARK]

1. Which statement is correct from the perspective of IT System Security?

ups-9:Loss of data is much more difficult to replace than hardware or software

Hardware is much more attractive than software

An operating system is the heart of the computer system thus difficult to replaceOff the shelf software is not easily replaceable and expensiVe to do so

2. Identity theft is best mitigated by:

9.969:Encrypting information in transit to prevent readability of information

Implementing authentication controls

Determining location of sensitive information

Both a and b

3. When threats and vulnerabilities are matching, the following shall happen:

goo-5»Intrusion Detection System will flag security warning

The impact of security breaches can be felt immediately

Firewall alarms will trigger

Anti-virus software alarm will trigger

4. Which statement best describes the concept of confidentiality in computing?

d.

The ability of a system to ensure that data is viewed based on need-to—know

principle

Encryption is the only way to ensure confidentiality

Digital signature is a process where confidentiality is preserved from unauthorized

parties

Confidentiality can be implemented through access control

5. Which statement best describes the concept of non—repudiation in computing?

The ability of a system to confirm that a sender cannot convincingly deny having

sent something

Non—repudiation can best be achieved through symmetric key encryption system

Non-repudiation is about being accountable to everyone

2

d. Non-repudiation is a mandatory feature in all government applications and contract

documents

6. Which of the following statement describes risk management accurately?

Risk management is about managing the risk that is not known to the company or

not in control by the company

Risk management can be done once a year

Risk management involves choosing which threats to control, vulnerabilities to

rectify and what resources to devote to protection

Risk management is a process of identifying the cost to prevent threats from

prevailing

7. Which of the following statement explains on vulnerability more accurately?

Vulnerabilities are weaknesses that will allow harm to occur if not addressed

immediately and reachable by the appropriate threats

Vulnerabilities existed through external threat and security research by commercial

vendors

Vulnerabilities are easy to overcome as they are within the organization control

Vulnerabilities are weaknesses that should be hidden from external parties as longas it takes

8. Which of the following statement is true about Authentication?

goo-5»Authentication is based on something you know, you are or you have

Authentication is about presenting your ID to the computer system

Authentication is needed if you are not known to the computer

Authentication is about describing your identity to the computer

9. Which of the following statement is true about common passwords?

10.

0'5”

Common password can be shared by the group

Common password is secured to be used in a group work

Common password such as qwerty, password and 123456 are used astonishinglyoften

Common password is meant to be communicated securely by selected group

Which of the following statement is true about Rainbow Table?

Rainbow Table is a technique used to list strong passwordsRainbow Table is needed to allow strong passwords to be used by the system

Rainbow Table is a function within the operating system to check whether the

password is weakly chosen

Rainbow Table is a pre-computed list of popular values, such as passwords

11. Which of the following statement is true about a false positive?

13.

False positive is a situation where the device is correctly identifying inactive users

False positive is a situation where the device is incorrectly confirming an identityFalse positive is a situation where the device is incorrectly confirming a legitimate

process

False positive is a situation where the device is correctly denying an authorised users

. Which of the following statement is true about tokens?

Active tokens do not change and passive tokens communicate with relevant sensors

Passive tokens do not change and active tokens communicate with relevant sensors

Active tokens are better than passive tokens and much more secure and easily

implemented

Passive tokens do not change and active tokens communicate with the

manufacturers for updates

Which of the following statement is best to describe Federated Identity Management?

Federated identity management unifies the identification and authentication

process for a group of systems

One time pad is a good example of a federated identity management using

password generator

Single Sign On is a federated identity management using Public Key Infrastructure

Federated identity management is much more secure as it provides stronger

password to users

. Which of the following statement is best to describe access control?

Access control is a cryptographic function that supports the authentication process

and resource control

Access control is about identifying the right users and authenticating them with the

right passwordsAccess control is about limiting who can access computer resources and in what

ways

Access control is a security function embedded in the operating system to deter

intruders from hacking

15. Which of the following statement is true about Reference Monitor?

Reference Monitor is a secure module where all the secret data are kept and made

secure

Reference Monitor is a secure module that list all the possible attacks from both

internal and external

Reference Monitor is a secure module where access control is correlated with

sensitive databases

d. Reference Monitor is a secure module where access control is always invoked,

tamperproof, and verifiable

16. Which of the following statement is best to describe IT security?

91 IT security is about securing IT systems from hacking and intrusions

b. IT security is about implementing cryptographic solutions to enhance confidentialityIT security is about ensuring adequate confidentiality, integrity and availability of IT

systems and its resources

d. IT security covers information security, business continuity, secure networks and

usability of appropriate applications

17. Which of the following statement is true about Role-Based Access Control?

a. Role-Based Access Control recognizes common needs of all members of a set of

subjectsb. Role-Based Access Control is an access control based on the data classification

Role—Based Access control is an access control based on the object categories

d. All of the above

.0

18. Which of the following statement is true about cipher text?

Cipher text is material in an intelligible form and plain text is coded messages

Cipher text is a textbook that discusses about Cryptography

Cipher text is a secret message and plaintext is not a secret message

Cipher text is an encrypted data and plaintext is a data in intelligible formgnu-5::19. Which of the following statement is true about asymmetric encryption?

a. Asymmetric encryption system uses one key to encrypt and a different key to

decryptb. Asymmetric encryption system is also known as a private key system

c. Asymmetric encryption system uses common key to encrypt and decryptd. The most popular algorithm for asymmetric encryption system is called DES.

20. Which of the following statement is true?

a. A cryptographer is a profession that focuses on breaking the secret codes

b. A cryptanalyst attempts to develop a secure code that is unbreakable

c. Cryptanalyst attempts to deduce the original meaning of a cipher text message by

determining which decrypting algorithm being used and which key matches the

encrypting algorithmd. A good hacker is often a good cryptanalyst.

21. Which of the following statement is true about stream ciphers?

a. Stream ciphers encrypt one bit at a time whereas block ciphers encrypt a fixed

number of bits as a single block

b. Stream ciphers encrypt one block at a time whereas block ciphers encrypt multipleblocks at a time

c. Stream ciphers encrypt multiple blocks in series whereas block ciphers encrypt

multiple blocks in paralleld. Stream ciphers encrypt 64bits at a time and block ciphers encrypt a single chunk of

128bits

22. Which of the following statement is true about AES?

a. Advanced Encryption System (AES) is a public key system that provide an alternative

to DES

b. Advanced Encryption System (AES) is a public key system and DES is a symmetric key

system

c. Advanced Encryption System (AES) is an alternative to DES and run on a fast

algorithm that can easily be implemented on a simple processors

d. Advanced Encryption System (AES) is developed by the US NIST and NSA whereas

DES is developed by the Dutch Cryptographer

23. Which of the following statement is true?

a. RSA Cryptosystem is a public key system whereas AES is a one secret key

cryptosystem

b. A public key cryptosystem and a private key cryptosystem is the same because both

has a secret keyc. AES is a public key cryptosystem whereas DES is a public key cryptosystem

cl. AES is a public key cryptosystem whereas RSA is a private key cryptosystem

24. Which of the following statement is true?

a. The basic purpose of error detecting codes is to demonstrate that a block of data

has been transmitted

b. The basic purpose of error detecting codes is to demonstrate that a block of data

has been encryptedc. The basic purpose of error detecting codes is to demonstrate that a block of data

has been modified

d. All of the above

25. Which of the following statement is true about a cryptographic checksum?

a. A cryptographic checksum is a cryptographic function that provides access control

b. A cryptographic checksum is a cryptographic function that can be used to verify

integrity6

cl.

A cryptographic checksum is a cryptographic function that produces a cipher text

A cryptographic checksum is a cryptographic function that protects data

26. Which of the following statement is best to describe a digital signature?

27.

28.

ape-9:29.

ape-9)30.

A digital signature is a combination of public key cryptosystem and private key

cryptosystem

A digital signature is a technique where a signature is scanned and captured digitally

protected through an integrity checker

A digital signature is a way by which a person can affix a bit pattern to a file such

that it implies confirmation, pertains to that file only, cannot be forged and

demonstrates authenticityA digital signature is a system in which a file is verify through an integrity checker

and validated by a trusted party

Digital signature consists of the following except:

A file and connection of the signature to the file

Demonstration that the file has not been altered

Indication of who applied the signature and validation that the signature is

authentic

An indication that the file has been read by the recipient

Which of the following statement is best to describe about benign flaws?

Benign flaws are backdoors that were planted during the programming phase

Benign flaws can be and often are exploited for malicious impact

Benign flaws are not dangerous if not known to the outsiders

Benign flaws are bound to happen due to human fatigues

Which of the following statement is true about memory management?

Memory resident malware is able to distinguish between data and code

In memory, data is segmented from code through procedure calls

In memory, code is treated differently from data for security reasons

In memory, code is indistinguishable from data and the origin of code is also not

visible

Which of the following statement is true?

Overflow into system space is a matter of chances and luck

Overflow into system space can redirect execution immediately or on exit from the

current called procedure

Overflow into system space can be overcome by triggering alarm before execution

Overflow into system space can be manipulated easily even though no buffer

overflow exists

7

31. Which of the following statement is true?

Secure programming is intended to make sure that all programs are free from major

security vulnerabilities

Secure programming is a programming process that takes into account human and

machine errors

Users make errors from ignorance, misunderstanding, distraction but in a good

program design, user errors should not cause program failures

All of the above

32. Which of the following statement is correct?

If data can be changed by unauthorised parties, assume that they have been

changedIf data can be changed by unauthorised parties, the system can be compromisedIf data can be changed by unauthorised parties, there is a possibility that malware is

presence

All of the above

33. Which of the following statement conforms to good security practice?

34.

PC“

35.

Secret backdoors are handy for programmers to do short cut and save time

Secret backdoors are eventually found, therefore security cannot depend on such

secrecy

Secret backdoors are only for programmers, no one else should know

Secret backdoors will help programmers to do remote access in case system

maintenance is needed

Which of the following statement is correct?

Race conditions exists when two different processes are trying to complete their

work at the same time

Race conditions exist when malware is infecting the operating system

Rootkits is a malware that take advantage of race condition

Race conditions depend on the order and timing of two different processes, makingthese errors hard to find and test for

Which of the following statement is true?

Viruses can be detected by any anti—virus software

Virus is a code with malicious behaviour and propagates copies of itself to other

programs

Virus is no longer a threat when secure programming is appliedVirus is a program that replicates itself rapidly in an email system

36. Which of the following statement is true about Trojan horse?

ago-5»37.

Us»

Trojan horse is an encryption algorithm

Trojan horse is a zero day attack by hackers

Trojan horse is easy to detect if updated anti-virus is installed

Trojan horse is a program with benign apparent effect but second, hidden and

malicious effect

Which of the following statement is false?

Time bomb is a code that can carry a payload such as worm

Time bomb is a code that can work in combination with other malwares

Time bomb is a code that attacks a computer internal time and manipulate it to its

advantageTime bomb is code that triggers action when a predetermined time occurs

38. Which of the following statement is true about Bot?

po-

Bot is a semi-autonomous agent, under control of a remote controller or ”herder"

and can be malicious

Bot is a program that is being used as a bug tracker

Combination of many Bots is in a network is called Botnet

A and C are correct

39. Which of the following statement is true regarding Browser hijacker?

PU

Browser hijacker is code that changes browser settings, disallows access to certain

sites, or redirects browser to others

Browser hijacker is a tiny code that allow web tracking to occur

Browser hijacker is a code that does ClickjackingBrowser hijacker is a code that steals private information of users

40. Which of the following statement is true?

Trapdoor is a function in the firewall to trap unauthorised access to network

resources

Trapdoor is personal firewall installed on users computer to block any suspicious

activities

Trapdoor is code feature that allows unauthorised access to a machine or program;

bypasses normal access control and authentication

Trapdoor is a code developed by programmers to trap unforced errors and buffer

overflows

41. Which of the following statement is best to describe Scareware?

a. Scareware is not a code; but rather a false warning of malicious code attack

9

P

Scareware is a technique to trick people to a specific website

Scareware is a category of clickjackingScareware is an advertisement used by anti-virus vendors to force people to buytheir products

42. Which of the following statement is true?

0)

44.

45.

moo-m

The main purpose of public key is to make your identity publicDES is much stronger algorithm than AES

The main use of secret key is protecting confidentiality and integrity of data at rest

or in transit

The main use of secret key is to generate cryptographic hash function

. Which of the following statement is true?

Out-of—Band Communication means the status of communication is no longer

functioningOut—of-Band Communication means transferring one fact along a communication

path separate from that of another fact

Out-of—Band Communication means the communication channel has been

compromised

Out-of—Band Communication means the communication channel has been

interrupted by other communication frequencies

Which of the following statement is true about website defacement?

A website defacement occurs when an attacker replaces or modifies the content of

a legitimate website

A website defacement is sometimes not so dangerous because it is just a graffiti in

digital world

A website defacement can lead to a loss of reputation in business

All of the above

Which of the following statement is false?

Integrity checksums can detect altered content on a web site

Integrity checksums can detect altered files in the data folders

Integrity checksums can detect the presence of rootkits malware

integrity checksums can help to verify the originality of the operating system files

46. Which of the following statement is correct about web bug?

Tiny action points called web bug can report page traversal patterns to central

collecting points, compromising privacy

Tiny action points called Web bug is a bug trouble shooter that can be used to

detect weaknesses in websites

10

c.

d.

Web bug is a diagnostic software that help to track location of interested suppliersNone of the above

47. Which of the following statement is true about drive—by download?

48.

A drive—by download is a service that provides online download of security services

to protect IT systems

A drive-by download is a freely available service that provides tools for security use

and provide regular updatesA drive—by download is an attack in which code is downloaded, installed, and

executed on a computer without the user’s permission and usually without user’s

knowledgeA drive-by download is a subscription based website vulnerabilities scanners

Which of the following statement is true?

In an attack called cross-site scripting, executable code is included in the interaction

between client and server and executed by the client or server

In an attack called cross-site scripting, an executable code is injected with the

intention to interact with database server

Cross—site scripting is an attack technique to compromise a website by linking it to

other websites that have been compromised earlier

Cross-site scripting is a technique used to steal private information from websites

. Which of the following statement is true regarding a phishing attack?

In a phishing attack, html command scripts are injected into the website input page

with the intention to fool the operating system into running the injected script

In a phishing attack, SQL injection technique is used to control the running web

browser

In a phishing attack, the email message tries to trick the recipient into disclosing

private data or taking another unsafe action

None of the above

. Which of the following statement is correct to describe Rootkits?

Rootkits is a malware that is commonly used by hackers to take control of computer

resources

Rootkit is a tool or script that obtains privileges of root and can be used for good or

malicious purposes

Rootkits is a program that controls all communication devices in both local and wide

area networks

Both a and b above are correct

11

[PART 2 — ANSWER ALL QUESTIONS. ON EACH QUESTION, FILL IN THE BLANK LINE WITH

THE RIGHT ANSWER]

[40 MARKS ALLOCATED FOR 20 QUESTIONS WITH THE CORRECT ANSWER. ONE QUESTION

IS GIVEN TWO MARKS IF ANSWERED CORRECTLY]

Example: Confidentiality, Integrity and Availability are three key important concepts that can

provide us with a good understanding as how to address IT security breaches systematically

1. is the ability of a system to confirm the identityof a sender

2. is the ability of a system to ensure that an asset can be used by any

authorised parties

3. a table of subjects and objects indicating what actions

individual subjects can take upon individual objects

4. is a set of mathematical and logic rules used in cryptographic

functions

5. Malicious use of bots is the coordination and operation of an automated attack is called

a

6. A substitution processes used in encryption functions to increase randomness is called

7. A science of secret writing that enables an entity to store and transmit data in a form

that is available only to the intended individuals is known as

8. is the individual responsible for the protection and classification of a

own data set

9. is a practice of uncovering flaws within cryptosystems

12

10. is a combination of HTFP and SSL/TLS that is commonly used for secure

Internet connections and e-commerce transactions.

11. A system that randomly generates a private key, and is used only once to encrypt a

message that is then decrypted by the receiver using a matching one-time pad and key is

known as

12. A scam in which the perpetrator sends out legitimate looking emails, in an effort to obtain

personal and financial information from the recipient is known as

attack

13. is a value used in public key cryptography that is used for

encryption and signature validation that can be known by all parties

14. A concept that defines a set of design requirements of a reference validation

mechanism such as security kernel, which enforces an access control policy over subject’s

(processes, users) ability to perform operations (read, write, execute) on objects (files,

resources) on a system is called a

15. is when as intruder takes over a connection after the originalsource has been authenticated

16. is an encryption method in which a cryptographic key and an

algorithm are applied to each bit in a data stream, one bit at a time

17. A is a danger of an external agent exploiting a vulnerability

18. is a program that is disguised as another program with the goal of

carrying out malicious activities in the background without the user knowing

19. are different from viruses in that they can reproduce on their own

without a host application and are self—contained programs

13

20. is a type of attack occurs when an attacker intercepts authentication

information through the use of network monitoring utilities. The attacker then ”replays” this

information to the security system in an effort to gain access to the system

[PART 3 — ONE ESSAY QUESTION (10 MARKS — 2 MARKS FOR EACH NEW ATTACK TECHNIQUES

DISCUSSED)]

1. In the most recent RSA 2017 Conference, The Seven Most Dangerous New Attack

Techniques, and What’s Coming Next was discussed in a panel discussion and was also shown

in the class.

Describe any five (5) of the most dangerous new attack techniques that was discussed by these

panellists.

END

14