Get premium membership and access revision papers, questions with answers as well as video lessons.
Bmit 416:It Security Audit And Ethics March 2010 Question Paper
Bmit 416:It Security Audit And Ethics March 2010
Course:Bachelor Of Business Management And Information Technology
Institution: Kabarak University question papers
Exam Year:2010
KABARAK UNIVERSITY
UNIVERSITY EXAMINATIONS
2009/2010 ACADEMIC YEAR
FOR THE DEGREE OF BACHELOR OF BUSINESS MANAGEMENT
& INFORMATION TECHNOLOGY
COURSE CODE: BMIT 416
COURSE TITLE: IT SECURITY, AUDIT AND ETHICS
STREAM: Y4S1
DAY: MONDAY
TIME: 2.00 – 5.00 P.M.
DATE: 22/03/2010
INSTRUCTIONS:
Answer ALL questions in PART ONE and any THREE questions in PART TWO
PART ONE
QUESTION ONE (40 MARKS)
a) Cryptographic systems offer four different types of protection to information
being transmitted on a network. Name these four types of protection. (4 marks)
b) What is the difference between a block cipher and a stream cipher? (4 marks)
c) Give one reason why encryption keys used in public key encryption are longer
than those used in symmetric key encryption? (2 marks)
d) A simple columnar transposition cipher is used to produce the ciphertext below.
catyetwsos otiorbiads nuouiesnby glnagshdlo rasrhtegeu
Decrypt the ciphertext to get the plaintext. (4 marks)
e) Digital signatures are used to provide message authenticity between two
communicating parties.
• Describe how a digital signature is created. (5 marks)
• Describe how a digital signature is verified. (5 marks)
f) Describe how digital signatures provide message integrity. (2 marks)
g) The Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is primarily
used to authenticate a remote user to a server. Describe the MS-CHAP authentication
process. (4 marks)
h) Describe how symmetric keys are exchanged using
• Public key encryption (4 marks)
• Diffie-Hellman key agreement (6 marks)
PART TWO
QUESTION TWO (20 MARKS)
a) Most organizations use centralized security management. Give one advantage
of using centralized security management. (2 marks)
b) What is the main disadvantage of using centralized security management?(2 marks)
c) The following steps usually take place after a security incident occurs; they are part of
the intrusion response process. Briefly describe what occurs in each step.
(i) Initiation and analysis (2 marks)
(ii) Containment (2 marks)
(iii) Recovery (2 marks)
(iv) Communication (2 marks)
(v) Post mortem (2 marks)
d) Give two reasons why some organizations do not prosecute people who attack or
compromise their networks (information systems). (4 marks)
e) What is business continuity planning in relation to Information Technology Security?
(2 marks)
QUESTION THREE (20 MARKS)
a) An organization has three branches in three different towns. Each branch has a
network connected to the internet via a router. The organization wants to use the
internet to securely exchange information between the three branches. How can they
do this without adding an additional device? (3 marks)
b) What additional device would they need at each site, in order to allow users to
securely access the network when they are out of the office? (1 marks)
c) What would the users need in order to securely access the network when they are out
of the office? (2 marks)
d) Give three steps that you can take to provide physical security for an organization’s
information system. (6 marks)
e) You have been hired by a small organization which has not implemented any security
on there network. They have a mail server, and according to them, their major
problem is frequent virus and worm attacks. After some investigation, you find out
that most of the viruses and worms are spread via e mail. What protective steps
would you advice them to take;
(i) On the mail server (4 marks)
(ii) On the client computers (4 marks)
QUESTION FOUR (20 MARKS)
a) Biometric authentication can be done using the following two methods. Describe each
method.
(i) Verification (2 marks)
(ii) Identification (2 marks)
b) In biometric authentication, what do false acceptance rate and false rejection rate
mean? (2 marks)
c) Give three ways in which viruses can propagate from computer to computer in
an organization. (3 marks)
d) An organization has a network which is connected to the internet. They have a mail
server and a web server which are accessible from the internet. They protect their
network using a firewall. They use the following access control list to allow
connections only to these two servers.
1 If destination IP address = 120.60.3.9 and TCP destination port = 80,ALLOW
2 If destination IP address = 120.60.3.4 and TCP destination port = 25, ALLOW
3 DENY ALL
Recently, the host with IP address 30.7.8.9 has been used to try to attack the network.
How would you modify the access control list so as to deny the host access to all
computers on the network? Explain your answer. (5 marks)
e) Describe three functions of an HTTP proxy server. (6 marks)
QUESTION FIVE (20 MARKS)
a) What is the difference between an intrusion detection system and a firewall?(4 marks)
b) Name the four elements (modules) of an intrusion detection system. (4 marks)
c) What is the difference between a standalone intrusion detection system and
a distributed intrusion detection system? (3 marks)
d) What is the advantage of using a distributed intrusion system as opposed
to a standalone intrusion detection system? (3 marks)
e) Describe three measures that you would take to ensure the availability of information
in an information system in the event of a disaster. (6 marks)
More Question Papers