Sample of Security and Computing IT exam paper.

1. Security in Computing and IT
1. Differentiate the following security terms with suitable examples:
a. Confidentiality (1 Mark).
b. Integrity (1 Mark).
2. Worms usually do a sweep scan technique to identify the potential victims to attack. in an IPv4
environment, how many potential victim addresses can be searched? (3 marks).
3. Decrypt the following cipher text using Caesar ciphering (with n=3 for rotation): "UHWXUA WR
URPH" (3 marks).
4. Explain in detail an example in real-life whereby authentication using proof by knowledge and prrof
by possession is implemented together. (5 marks).
5. Give an example of a Statistical Inference attack in a database. (3 Marks).
6. Briefly describe what the following figure illustrates: (4 Marks)
Security
Functionality Security
7. Differentiate between logic bomb and Trojan horse. Name one famous logic bomb and one famous
trapdoor. (5 marks).
8. Below is an attack done by a hacker on a website's login page (the hacker keyed in the following in
the username input box):
SELECT * FROM customer WHERE username = ' ' OR 1' '
a. Explain what kind of attack is the hacker using (1 Mark).
b. Assuming that the hacker's attack is successful, what is the outcome of the attack? (2
Marks).
c. How can this kind of attack be prevented? (2 Marks).

2. Security in Computing and IT
9. You are required to implement an open source CRM system in your organization. The system is
accessible via the Internet as well as internally.
a. The management team requires you to implement a simple yet secure authentication
mechanism to verify the identity of its users. Explain in detail your suggestion for the
authentication mechanism. (4 Marks).
b. The management team is also looking into the possibility of external affirmation to
authenticate the legitimacy of the online communication with its suppliers. What would you
suggest to make this possible? (4 marks).
c. The backend database resides on a Linux platform; In order to save cost. However, the CEO
of your organization is having trouble understanding how the access control mechanism
works. Draw a simple access control matrix which consists of the following information in
order to help the CEO understand how the mechanism works:
i. The system administrator has all access control rights to the web server's
configuration directory and customer table in the database.
ii. The database administrator has all access control rights to the customer table in the
database only.
iii. Customers have read access to the customer table in the database only. (2 Marks).
d. Another major concern of the management team is the fact that the system is accessible
from the internet. They are very concerned with the following web application security risk
(as determined by OWASP): cross-site scripting. Provide a brief security assessment for this
risk. your assessment must include the following : brief description of the security risk,
threat agents, attack vectors, security weakness, technical and prevention methods. (10
marks).
10. Briefly describe one memory protection method that an operating system should have (2 marks).
11. What is a Network Intrusion Detection System? (2 marks).
12. Briefly describe three Bluetooth vulnerabilities (3 Marks).
13. Mr. 'A' posted the following message on his Facebook Update section: "Working to troubleshoot a
major software bug we just found." How can this information become a potential security and/or
social threat? (3 Marks).