Your SlideShare is downloading. ×
  • Like
  • Save
Security in Computing IT
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Security in Computing IT

  • 756 views
Published

Sample of Security and Computing IT exam paper.

Sample of Security and Computing IT exam paper.

Published in Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
756
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security in Computing and IT1. Differentiate the following security terms with suitable examples: a. Confidentiality (1 Mark). b. Integrity (1 Mark).2. Worms usually do a sweep scan technique to identify the potential victims to attack. in an IPv4 environment, how many potential victim addresses can be searched? (3 marks).3. Decrypt the following cipher text using Caesar ciphering (with n=3 for rotation): "UHWXUA WR URPH" (3 marks).4. Explain in detail an example in real-life whereby authentication using proof by knowledge and prrof by possession is implemented together. (5 marks).5. Give an example of a Statistical Inference attack in a database. (3 Marks).6. Briefly describe what the following figure illustrates: (4 Marks) Security Functionality Security7. Differentiate between logic bomb and Trojan horse. Name one famous logic bomb and one famous trapdoor. (5 marks).8. Below is an attack done by a hacker on a websites login page (the hacker keyed in the following in the username input box): SELECT * FROM customer WHERE username = OR 1 a. Explain what kind of attack is the hacker using (1 Mark). b. Assuming that the hackers attack is successful, what is the outcome of the attack? (2 Marks). c. How can this kind of attack be prevented? (2 Marks).
  • 2. Security in Computing and IT9. You are required to implement an open source CRM system in your organization. The system is accessible via the Internet as well as internally. a. The management team requires you to implement a simple yet secure authentication mechanism to verify the identity of its users. Explain in detail your suggestion for the authentication mechanism. (4 Marks). b. The management team is also looking into the possibility of external affirmation to authenticate the legitimacy of the online communication with its suppliers. What would you suggest to make this possible? (4 marks). c. The backend database resides on a Linux platform; In order to save cost. However, the CEO of your organization is having trouble understanding how the access control mechanism works. Draw a simple access control matrix which consists of the following information in order to help the CEO understand how the mechanism works: i. The system administrator has all access control rights to the web servers configuration directory and customer table in the database. ii. The database administrator has all access control rights to the customer table in the database only. iii. Customers have read access to the customer table in the database only. (2 Marks). d. Another major concern of the management team is the fact that the system is accessible from the internet. They are very concerned with the following web application security risk (as determined by OWASP): cross-site scripting. Provide a brief security assessment for this risk. your assessment must include the following : brief description of the security risk, threat agents, attack vectors, security weakness, technical and prevention methods. (10 marks).10. Briefly describe one memory protection method that an operating system should have (2 marks).11. What is a Network Intrusion Detection System? (2 marks).12. Briefly describe three Bluetooth vulnerabilities (3 Marks).13. Mr. A posted the following message on his Facebook Update section: "Working to troubleshoot a major software bug we just found." How can this information become a potential security and/or social threat? (3 Marks).