Bit 3102 Information Systems Security And Cryptography Question Paper
Bit 3102 Information Systems Security And Cryptography
Course:Bachelor Of Science In Information Technology
Institution: Kca University question papers
Exam Year:2014
UNIVERSITY EXAMINATIONS: 2013/2014
ORDINARY EXAMINATION FOR THE BACHELOR OF SCIENCE
IN INFORMATION TECHNOLOGY
BIT 3102 INFORMATION SYSTEMS SECURITY AND
CRYPTOGRAPHY
DATE: AUGUST, 2014
TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO
QUESTION ONE
a) State the four characteristics of a good cryptographic algorithm.
(4 Marks)
b). Cryptography is the study of the mathematical algorithms and functions used to
secure messages. These algorithms fall into two camps: restricted and open.
Explain which of the above the algorithm is preferable and why you could
choose it.
c)
(4 Marks)
Biometric measurements or personal attributes are used for authentication. These
attributes are unique to the individual seeking to authenticate identification.
(i)
List any four types of biometrics that are used for authentication
(2 Marks)
(ii)
Discuss the two types of errors that occur when biometrics are used for
authentication.
d)
(4 Marks)
Discuss briefly any six factors can increase or decrease the level of impact a threat
may have on an enterprise and its assets. (6 Marks)
e) Explain the basic essential steps of public key encryption (5 Marks)
f) Define the following terminologies as used in information systems security:
(i) Trojan horse (1 Mark)
(ii) Trapdoor (1 Mark)
(iii) Principle of Adequate Protection (1 Mark)
(iv) Encryption (1 Mark)
(v) Kerberos (1 Mark)
1
QUESTION TWO
a) Discuss how hashing is used in password protection.
(4 Marks)
b) Describe briefly six ways in which cryptographic algorithms are compromise.
(6 Marks)
c)
Discuss briefly the benefits and limitations of asymmetric key encryption.
(6 Marks)
d)
For the commercial sector, the provision of confidentiality is no longer the
major application of cryptography. In addition to its traditional use for privacy,
state any four major uses that cryptography is now used to provide.
(4 Marks)
QUESTION THREE
a)
Intellectual property law protects the rights of ownership of ideas, trademarks,
patents, and copyrights, including the owners’ right to transfer intellectual
property and receive compensation for the transfer. Describe the following as
defined under the Intellectual Property Law:
(i) Patent (1 Mark)
(ii) Trademark (1 Mark)
(iii) Copyright (1 Mark)
(iv) Trade secret (1 Mark)
(v) Privacy (1 Mark)
b) Describe the working of a Trojan.
(6 Marks)
c) State any five specific items to note in administrative security policies.
(5 Marks)
d)
The response to the introduction of risk can result in one of four decisions.
Explain briefly each of the four possible decisions.
(4 Marks)
QUESTION FOUR
a)
Discuss the following:
(i) Mandatory Access Control (MAC) (2 Marks)
(ii) Discretionary Access Control (DAC) (2 Marks)
2
b)
Relations between encryption and signature methods became possible with the
"digitalization" of both and the introduction of the computational-complexity
approach to security.
(i) State the THREE requirements that a scheme for unforgeable
signatures must possess.
(3 Marks)
(ii) State the THREE requirements for a scheme that would perform
message authentication.
c)
(3 Marks)
A Disaster Recovery Plan (DRP) is a policy that defines how people and
resources will be protected in the case of a natural or man-made disaster, and how
the organization will recover from the disaster. Discuss the three residual risks
that must be considered.
d)
(6 Marks)
Discuss the following security models:
(i) Lattice Model (2 Marks)
(ii) Information Flow Model (2 Marks)
QUESTION FIVE
a) Striking the right balance between functionality and accessibility is a critical facet of
IT security supporting e-commerce. Discus the six basic steps involved.
(6 Marks)
b)
Describe briefly the following categories, or types, of access control services that
support the phases of access control implementation:
(i) (2 Marks)
(ii) Audit (1 Mark)
(iii) Authorization (1 Mark)
(iv)
c)
Identification and Authorization (I&A) Accountability (1 Mark)
Once security goals are in place, there are a number of concepts that can be
applied to reinforce security within your organization. Techniques such as
personnel management are critical components to strengthening organizational
3
security. Employing these techniques will help you increase security levels and
protect your information systems from intrusive, unauthorized access.
(i)
When hiring a new employee, it is important to match the
appropriate employee with the applicable job and security responsibilities.
Outline the Baseline hiring procedures.
(ii)
From a security standpoint, what security benefit does mandatory
vacations provide?
(iii)
(5 Marks)
(2 Marks)
How is a sensitivity profiling developed and what is the benefit?
(2 Marks)
(iv)
How can you address the major considerations of sensitivity profiling for
job positions?
(2 Marks)
4
More Question Papers
Exams With Marking Schemes