Get premium membership and access revision papers, questions with answers as well as video lessons.

Cisy 431:Information System Security And Audit Question Paper

Cisy 431:Information System Security And Audit 

Course:Computer Science

Institution: Kenya Methodist University question papers

Exam Year:2013



KENYA METHODIST UNIVERSITY

END OF 1ST TRIMESTER 2013 EXAMINATION


FACULTY : COMPUTING & INFORMATICS
DEPARTMENT : COMPUTER SCIENCE & BUSINESS INFORMATION
UNIT CODE : BBIT 443/CISY 431
UNIT TITLE : INFORMATION SYSTEM SECURITY AND AUDIT
TIME : 2 HOURS


INSTRUCTIONS
Answer question one (compulsory) and any other two questions.

Question One
a. Define the following (8 Marks)
i) Access control
ii) Non-repudiatia
iii) Active attacks
iv) Information system audit
b. With a diagram show the SSL architecture as applied in web security. (4 Marks)
c. List and explain two techniques used to avoid guessable passwords. (4 marks)
d. Explain the three types of cryptographic algorithm and explain why we use the three cryptographic algorithms. (6 marks)
e. To determine the right user in regard to information access or information resource access the computer authenticators use a number of parameters to authenticate users. Give a note on four of these factors. (8 Marks)

Question Two

a. Explain the following (4 marks)
i) Discretionary access control
ii) Mandatory access control
b. The value of information comes from the characteristics it possesses. Briefly explain. (8 Marks)
c. There are two basic components of the access control model. Give a brief explanation. (4 marks)
d. Discuss the following (4 marks)
i) Penetration testing
ii) Whitebox testing

Question Three

a. What do you understand by digital signatures? Discuss. (4 Marks)
b. List three types of system audits (3 Marks)
c. Discuss why there is need for control and audit of computer system. (6 marks)
d. Briefly discuss the symmetric key cryptography concept as one of the security measures as it applies to the unsecure network. (7 marks)

Question Four

a. State and explain four major roles of information and information systems in supporting and enabling business processes. (8 Marks)
b. List and explain two sources of threat to an information system. (2 marks)
c. Distinguish between passive and active attack. (2 marks)
d. Define the following terms; (8 marks)
i) Information resource
ii) Threat
iii) Vulnerability
iv) Attack




More Question Papers

Enhance your teaching with our comprehensive Schemes of Work and Notes!

Popular Exams

Return to Question Papers    

© 2008-2024 by KenyaPlex.com. All Rights Reserved | Home | About Us | Contact Us | Copyright | Terms Of Use | Privacy Policy | Advertise