Information Systems Security And Cryptography Question Paper

Information Systems Security And Cryptography 

Course:Bachelor Of Science In Information Technology

Institution: Kca University question papers

Exam Year:2009



UNIVERSITY EXAMINATIONS: 2008/2009
THIRD YEAR EXAMINATION FOR THE DEGREE OF BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY
BIT 3102: INFORMATION SYSTEMS SECURITY AND CRYPTOGRAPHY
DATE: AUGUST 2009 TIME: 2 HOURS
INSTRUCTIONS: Answer question ONE and any other TWO questions
QUESTION ONE
a) State the four characteristics of a good cryptographic algorithm. [4 Marks]
b) Discuss briefly the four major classifications of programmed threats. [8 Marks]
c) Denial-of-service attacks come in a variety of forms and target a variety of services. State four
major problems that these attacks may cause [4 Marks]
d) Information security seeks to protect three specific elements, or principles: confidentiality,
integrity, and availability. This is called the CIA triad or triple. If one of the principles is
compromised, the security of the organization is threatened. Discuss briefly the CIA triad.
[6 Marks]
e) Access control services implementation is required for all systems, regardless of the access control
system type. Once the access control rules are provided and implemented, the system must then
limit access based on those rules. List the five steps involved in implementing access control
services. [5 Marks]
f) List any three factors that contribute to the success of security measures put in place. [3 Marks]
QUESTION TWO
a) Discuss briefly the following access control categories:
(i) Detective access control [2 Marks]
2
(ii) Corrective access control [2 Marks]
(iii)Deterrent access control [2 Marks]
(iv) Recovery access control [2 Marks]
b) Discuss briefly any three categories of intrusion detection systems [6 Marks]
c) Discuss briefly the benefits and limitations of asymmetric key encryption. [6 Marks]
QUESTION THREE
a) Starting as British Standard (BS) 7799, then BS 17799, and renamed International Organization for
Standardization (ISO) International Electrotechnical Commission (IEC) 27002, the ISO 27002
document is the current international standard for information systems security. List any six items
that this document provides guidance on. [6 Marks]
b) Networks are subject to a number of different attacks that jeopardize their ability to support
confidentiality, integrity, and availability. Describe briefly the following attacks:
(i) Man-in-the-middle [2 Marks]
(ii) Spam [2 Marks]
(iii) Trojan horse [2 Marks]
c) A data backup is a second copy of data captured at a point in time and stored in a secure area as a
precautionary safeguard in case of a disaster. Backups can use a variety of media copy mechanisms
and different methods for selecting the data to back up. These variables affect the amount of data
stored and the amount of time and media required for the backup. Describe the following data
backup schemes:
(i) Incremental backup [2 Marks]
(ii) Differential backup [2 Marks]
(iii) Remote journaling [2 Marks]
(iv) Electronic vaulting [2 Marks]
QUESTION FOUR
a) When hiring a new employee, it is important to match the appropriate employee with the applicable
job and security responsibilities. Outline the baseline hiring procedures. [5 Marks]
3
b) An operating system environment contains various software control functions that help to secure
systems during software development. Describe briefly any three of these software control
functions. [6 Marks]
c) (i) Explain briefly how XOR and Initialization vectors are used in symmetric key cryptography.
[5 Marks]
(ii) Describe briefly the ECB and CBC block cipher modes that are used in symmetric key
encryption. [4 Marks]
QUESTION FIVE
a) When a system fails, data recovery attempts can be made at two levels: trusted recovery and
untrusted recovery. Trusted recovery is a protection mechanism used in data recovery that ensures
the security of a computer system that crashes or fails by recovering security-relevant elements in a
trusted or secure state. Outline the steps involved in the trusted recovery mechanism. [5 Marks]
b) (i) Explain the term hash function [2 Marks]
(ii) Discuss the properties, strengths and uses of hash functions [6 Marks]
c) Outline the elements of disaster recovery planning [7 Marks]






More Question Papers


Exams With Marking Schemes

Popular Exams


Mid Term Exams

End Term 1 Exams

End Term 3 Exams

Opener Exams

Full Set Exams



Return to Question Papers