Get premium membership and access revision papers, questions with answers as well as video lessons.

Bmit 416:It Security And Audit December 2008 Question Paper

Bmit 416:It Security And Audit December 2008 

Course:Bachelor Of Business Management And Information Technology

Institution: Kabarak University question papers

Exam Year:2008



KABARAK UNIVERSITY
EXAMINATIONS
2008/2009 ACADEMIC YEAR
FOR THE DEGREE OF BACHELOR OF BUSINESS
MANAGEMENT AND INFORMATION TECHNOLOGY
COURSE CODE: BMIT 416

INSTRUCTIONS:
· Answer ALL questions in section A and any THREE questions in section B
· Section A carry 40 marks while each question in section B carry 20 marks
SECTION A (40 MARKS)
ANSWER ALL QUESTIONS IN THIS SECTION QUESTIONS
Question One (20 marks)
a) When evaluating an organizations information asset and considering whether and how to
protect it a number of important issues need to be considered state FIVE of these issues that
require considerable attention. [5 marks]
b) Computer and network security are built on THREE pillars. Identify and explain these pillars
[9 marks]
c) Among the computer and network security pillars identified in question one (a) above state
giving appropriate reasons which pillar(s) are/is [6 marks]
i. A baseline security need for everyone
ii. Of paramount importance in protecting nationals defense information and
highly proprietary business information
iii. Of paramount importance in funds transfer and other financial transactions

Question Two (20 marks)
a) Explain what is meant by “a disaster recovery plan´ [2 marks]
b) Explain what “risk analysis´ entails in the context of computer security [3 marks]
c) Even in a highly trusted system, security isn’t automatic there is need for a security policy to
guide the security administrator and security auditors.
i. What is a security policy? [2 marks]
ii. Distinguish between a “penetration test (pen-test)´ and “a computer
security audit´
[4 marks]
d) Explain the concept of ‘sensitivity labels¶ with regard to computer security [3 marks]- 3 -
e) List at least THREE methods that can be used to make communication in a network secure
[3 marks]
f) Explain the financial effects of malicious programs [3 marks]

SECTION B (60 MARKS)
ANSWER ANY THREE QUESTIONS IN THIS SECTION
Question Three (20 marks)
a) Distinguish between ‘Bell-LaPadula¶ andµBiba¶ access models paying close attention to the
security pillars that each is optimized for, and where each can suitably be applied. [4 marks]
b) State and Explain the THREE rules applied in Bell-LaPadula access model [6 marks]
c) Explain the importance of each of the rules stated in question Three (b) above with regard to
system security. [3 marks]
d) State and describe two types of security policies [3 marks]
e) Explain TWO primary methods of password cracking [4 marks]

Question Four (20 marks)
a) Outline the activities that will be involved in a disaster recovery plan [2 marks]
b) With respect to disaster planning list and describe THREE types of emergency sites
[6 marks]
c) State the THREE distinct complementary administrative personnel that may be required in a
highly secure system and for each outline the typical functions/roles performed by the office
bearers [9 marks]
d) State THREE basic types of access controls that provide different levels of protection to the
files in a computer system. [3 marks]




More Question Papers

Enhance your teaching with our comprehensive Schemes of Work and Notes!

Popular Exams

Return to Question Papers    

© 2008-2024 by KenyaPlex.com. All Rights Reserved | Home | About Us | Contact Us | Copyright | Terms Of Use | Privacy Policy | Advertise