Get premium membership and access revision papers, questions with answers as well as video lessons.
Got a question or eager to learn? Discover limitless learning on WhatsApp now - Start Now!

Information Systems Security And Cryptography Question Paper

Information Systems Security And Cryptography 

Course:Bachelor Of Science In Information Technology

Institution: Kca University question papers

Exam Year:2010



UNIVERSITY EXAMINATIONS: 2009/2010
THIRD YEAR EXAMINATION FOR THE DEGREE OF BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY
BIT 3102: INFORMATION SYSTEMS SECURITY AND CRYPTOGRAPHY
DATE: APRIL 2010 TIME: 2 HOURS
INSTRUCTIONS: Answer question ONE and any other TWO questions
QUESTION ONE
a) Explain the basic essential steps of public key encryption [5 Marks]
b) With the aid of relevant examples, describe what three types of information can be used to authenticate a user. [6 Marks]
c) Discuss briefly any six factors that can increase or decrease the level of impact a threat may have on an enterprise and its assets. [6 Marks]
d) Computer security is not restricted to the three broad concepts of confidentiality, integrity and availability. Describe briefly four additional ideas that are often considered part of the taxonomy of computer security. [4 Marks]
e) Define the following terminologies as used in information systems security:
i.Trojan horse [1 Mark]
ii. Trapdoor [1 Mark]
iii. Principle of Adequate Protection [1 Mark]
iv.Encryption [1 Mark]
v.Kerberos [1 Mark]
f) Even when everyone acknowledges that a computer crime has been committed, computer crime is hard to prosecute. State four reasons why it is hard to prosecute computer crimes. [4 Marks]
QUESTION TWO
a) Discuss briefly the benefits and limitations of asymmetric key encryption. [6 Marks]
b) If encryption is the primary way of protecting valuables, programs themselves are the second facet of computer security. Programs must be secure enough to prevent outside attack. They must also be developed and maintained so that we can be confident of the programs’ dependability. Describe briefly the four basic program controls. [4 Marks]
c) Access control services implementation is required for all systems, regardless of the access control system type. Once the access control rules are provided and implemented, the system must then limit access based on those rules. Describe the steps involved in implementing access control services. [5 Marks]
d) Describe briefly five ways in which cryptographic algorithms are compromised. [5 Marks]
QUESTION THREE
a) (i) Browsing, leakage and inference are threats to the secrecy of data. Discuss in detail how each of these threats are realized. [6 Marks]
(ii) Two threat classifications that fit into neither integrity nor secrecy categories are masquerading and Denial of Service (DoS). Discuss briefly these two threats. [4 Marks]
b) Discuss briefly any five access control attacks that are directed against people. [5 Marks]
c) Starting as British Standard (BS) 7799, then BS 17799, and renamed International Organization for Standardization (ISO) International Electrotechnical Commission (IEC) 27002, the ISO 27002
document is the current international standard for information systems security. State any five areas that this document provides guidance on [5 Marks]
QUESTION FOUR
a) Most security protocols today have been upgraded from their initial versions to provide increased protection, or have used other protocols to encapsulate their data in a secure envelope. Describe briefly the following protocols:
(i) SSL [2 Marks]
(ii) TLS [2 Marks]
(iii) HTTPS [2 Marks]
b) Networks can be protected from attacks by using different mechanisms to prevent or identify the attacks as they occur. Describe the following network security mechanisms:
(i) ACL [2 Marks]
(ii) Firewall [2 Marks]
(iii) IDS [2 Marks]
(iv) IPS [2 Marks]
c) Discuss how hashing is used in password protection. [4 Marks]
d) After one-way hashing encryption transforms cleartext into ciphertext, what is the result?
[2 Marks]
QUESTION FIVE
a) Intellectual property law protects the rights of ownership of ideas, trademarks, patents, and copyrights, including the owners’ right to transfer intellectual property and receive compensation for the transfer. Describe the following as defined under the Intellectual Property Law:
(i) Patent [1 Mark]
(ii) Trademark [1 Mark]
(iii) Copyright [1 Mark]
(iv) Trade secret [1 Mark]
(v) Privacy [1 Mark]
b) (i) You work for a large multi-national corporation. As the chief security officer, you have been asked to chair the Business Continuity Planning (BCP) advisory team for the company
headquarters. Who might you invite to join the team? [3Marks]
(ii) The advisory committee has met for its monthly meeting and you have left the meeting with a beta-level draft of the BCP. You have been charged with evaluating the BCP prior to
implementation. What are some examples of items that you will be evaluating? [5 Marks]
c) Audit logs can be generated at the system level to record a number of activities. State any eight activities that are recorded by audit logs. [4 Marks]
d) What are some characteristics of symmetric encryption? [3 Marks]




More Question Papers

Enhance your teaching with our comprehensive Schemes of Work and Notes!

Popular Exams

Return to Question Papers    

© 2008-2024 by KenyaPlex.com. All Rights Reserved | Home | About Us | Contact Us | Copyright | Terms Of Use | Privacy Policy | Advertise