Get premium membership and access revision papers, questions with answers as well as video lessons.
Got a question or eager to learn? Discover limitless learning on WhatsApp now - Start Now!

Information Systems Security And Cryptography Question Paper

Information Systems Security And Cryptography 

Course:Bachelor Of Science In Information Technology

Institution: Kca University question papers

Exam Year:2011



UNIVERSITY EXAMINATIONS: 2010/2011
THIRD YEAR EXAMINATION FOR THE DEGREE OF BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY
BIT 3102: INFORMATION SYSTEMS SECURITY AND CRYPTOGRAPHY
DATE: APRIL 2011 TIME: 2 HOURS
INSTRUCTIONS: Answer question ONE and any other TWO questions
QUESTION ONE
a) Discuss the following methods of mitigating physical threats:
(i) Hardware threat mitigation (2 Marks)
(ii) Environmental threat mitigation (2 Marks)
b) State three of the most effective methods for counteracting eavesdropping. (3 Marks)
c) Outline the anatomy of a worm attack. (3 Marks)
d) Discuss how a security policy benefits an organization (4 Marks)
e) List any five ways whereby the files in one''s computer can be viewed by a remote third party if one
is connected to the Internet. (5 Marks)
f) Discuss how homophonic coding and the use of polyalphabetic cipher improves the security
provided by a simple substitution cipher. (6 Marks)
g) Access control services implementation is required for all systems, regardless of the access control
system type. Once the access control rules are provided and implemented, the system must then
limit access based on those rules. List the steps involved in implementing access control services.
(5 Marks)
2
QUESTION TWO
a) Networks are subject to a number of different attacks that jeopardize their ability to support
confidentiality, integrity, and availability. Describe the following network attacks:
(i) Denial of Service (DoS) (2 Marks)
(ii) Spam (2 Marks)
(iii) Malicious code (2 Marks)
b) The Information Security Officer (ISO) is charged with providing support for expected governance
activities. To support the governance responsibilities of the Board, the ISO is required to perform
many different functions and assume numerous roles in the organization. Describe any six of these
functions. (6 Marks)
c) i) What benefits does the security principle known as job rotation provide? (2 Marks)
ii) How is a sensitivity profiling developed and what is the benefit? (3 Marks)
d) How can you address the major considerations of sensitivity profiling for job positions?
(3 Marks)
QUESTION THREE
a) Developing an effective security policy requires clearly defining an organization''s information
protection needs. A firm security implementation plan can be launched and established using a
series of best practices. State any five of these best practices. (5 Marks)
b) Once risks are discovered, it is essential to ascertain the specific areas of an organization that are
especially vulnerable to known risks. Describe the five specific vulnerability areas. (5 Marks)
c) Determining risks and vulnerabilities requires the evaluation of three factors. Discuss these three
factors. (6 Marks)
d) As a security professional, it may help you to defend against hackers and other information security
criminals if you recognize that they often consider their motivations to be neither illicit nor
unethical. List any four ethics fallacies and their motivating factors. (4 Marks)
QUESTION FOUR
a) Discuss the concept of encryption in relation to information security. (4 Marks)
b) Access controls fall into different areas or categories depending on their functions. Each access
control category has its own, unique function and performance capability. Describe the function of
each of the six access control categories. (6 Marks)
c) There are many different factors that should be considered when managing cryptographic keys.
Explain any four of these factors. (4 Marks)
3
d) There are many available symmetric encryption algorithms. Describe briefly any four of these
algorithms. (4 Marks)
e) What is the relationship between an algorithm and a cipher? (2 Marks)
QUESTION FIVE
a) Describe the following general security policies that an organization may invoke:
(i) Statement of authority and scope (1 Mark)
(ii) Acceptable use policy (AUP) (1 Mark)
(iii) Identification and authentication policy (1 Mark)
(iv) Internet access policy (1 Mark)
b) Most security incidents occur because system administrators do not implement available
countermeasures, and attackers or disgruntled employees exploit the oversight. To assist with the
compliance of a security policy, the Security Wheel, a continuous process, has proven to be an
effective approach. The Security Wheel promotes retesting and reapplying updated security measures
on a continuous basis.
(i) To begin the Security Wheel process, first develop a security policy that enables the
application of security measures. What does a security policy include? (4 Marks)
(ii) How do you secure connectivity? (4 Marks)
c) Describe briefly any four major classifications of threats (4 Marks)
d) Discuss the two types of errors that occur when biometrics are used for authentication. (4 Marks)




More Question Papers

Enhance your teaching with our comprehensive Schemes of Work and Notes!

Popular Exams

Return to Question Papers    

© 2008-2024 by KenyaPlex.com. All Rights Reserved | Home | About Us | Contact Us | Copyright | Terms Of Use | Privacy Policy | Advertise