Get premium membership and access revision papers, questions with answers as well as video lessons.
Bmit 416:It Security Audit And Ethics December 2009 Question Paper
Bmit 416:It Security Audit And Ethics December 2009
Course:Bachelor Of Business Management And Information Technology
Institution: Kabarak University question papers
Exam Year:2009
KABARAK UNIVERSITY
EXAMINATIONS
2009/2010 ACADEMIC YEAR
FOR THE DEGREE OF BACHELOR OF BUSINESS MANAGEMENT
& INFORMATION TECHNOLOGY
COURSE CODE: BMIT 416
INSTRUCTIONS:
• Answer question ONE and any other THREE questions
• Do NOT write anything on the question paper
QUESTION ONE [40MKS]
a) Give the appropriate answer for the following descriptions:
i. The measure to protect data during their transmission over number of
networks is called.............................................................................. [1mk]
ii. The concealment of digital resources is referred as………………... [1mk]
iii. Integrity in Information Technology (IT) includes both…………. and ….
trustworthiness of data [1mk]
iv. The ability to use the information or computer resources as desired in an
organization is referred as ………………… [1mk]
v. “The security of mechanisms should not depend on the secrecy of its
design.”This statement is describing ………………….. [1mk]
b) Highlight the three problems of Access control Matrix [3mks]
c) Using suitable example describe what you understand by transposition cipher [3mks]
d) State and explain the classes of computer threats [4mks]
e) Give one advantage and one disadvantage of each of the following biometric
technologies
i. Hand geometry [2mks]
ii. Voice recognition [2mks]
iii. Face recognition [2mks]
iv. Signature [2mks]
v. Iris [2mks]
f) Briefly describe the following computer security policies
i. Information flow policy [1mks]
ii. Confidentiality policy [1mks]
iii. Integrity policy [1mks]
g) When someone breaks into the computer system, that person takes advantage of
lapses in management, ………….., and …………… [2mks]
h) Decipher the following cipher text which was enciphered using the Caesar Cipher
i. TEBKFKQEBZLROPBLCERJXKBSBKQP [3mks]
ii. VHFUHW [2mks]
i) State and describe the three components of auditing system [3mks]
j) Carson is a system security officer at Nyamakoroto Information Resource Center
(NIRC). He wants to encourage his customers to use strong passwords. He has
approached you as IT security expert. Advise him on the passwords he must
discourage his customer from using to avoid guessing them [5mks]
QUESTION TWO [20MKS]
a) Highlight the types of Audits [4mks]
b) Threat is a potential violation of security. Briefly explain the possible threat classes to
computer system [4mks]
c) Briefly describe the following audit stages
i. Preparing the audit [3mks]
ii. Gathering Evidence [3mks]
iii. Performing Audit test [3mks]
iv. Reporting the Results [3mks]
QUESTION THREE [20MKS]
b) You have been hired as a system administrator. You have received a hard disk from
your vendor for your new computer operating system. If you install it, what are some of
the assumption that you may make to improved security of your system? [4mks]
c) Identify three basis of trust [3mks]
d) Research Into Secure Operating System (RISO) was prepared to aid in understanding
security issues in operating system and determine the level of effort to enhance their
system security. Identify the flaws according to RISOS [7mks]
e) Password guessing is the simplest attack against a password based authentication
system. In line with this statement:
i. State the Anderson’s formula [2mks]
ii. Let the passwords be composed of characters drawn from alphabets of 36
characters. Assume that one million guesses can be tested each minute. The
probability is 0.2 over a period of 180 day period. What is the minimum
password length that will give this probability [4mks]
QUESTION FOUR [20MKS]
a) Specific design principles underlie the design and implementation of mechanism for
supporting security policies. These principles built on the ideas of, ……………,
and……………………… [4mks]
b) Explain how the following security issues affect electronic transaction:
i. Security Policy [2mks]
ii. Unauthorized access [2mks]
iii. Legal environment [2mks]
c) Explain the following terms
i. Digital certificate [2mks]
ii. Cryptosystem [2mks]
iii. Digital signature [2mks]
iv. Revocation of Rights [2mks]
v. Cipher text [2mks]
QUESTION FIVE [20MKS]
a) Highlight the ethical principles that affect IT professionals [4mks]
b) The Kenya Communication (Amendment) Bill 2008 Chap 83 and Chap 84 affect the
Information Technology (IT) Professionals in a number of ways. Highlight the security issues
addressed in this Act, giving specific sections of the Act and penalty therein in any [10 mks]
c) State and explain the phases of best practice in business continuity planning [6 mks]
More Question Papers