SYSTEM SECURITY

-


THURSDAY: 24 MAY 2018 SECTION 6 SYSTEM SECURITY
QUESTION ONE
(a)    Appraise the use of the following techniques employed in modern none voice telecommunications and digital computer applications
                     i.            Block ciphers.(2marks)
                   ii.            Stream ciphers. (2marks)
(b)   A sniffer may turn a network card to  a promiscuous mode to sniff sensitive information from the network
With respect to the above statement, assess two major types of sniffing that could be applied while sniffing sensitive data. (4marks)
(c)    Describe two tools a potential hacker might use to analyze traffic on a network and dissect information in transit (4marks)
(d)   A hacker intends to carry out reconnaissance attacks on an ICT installation. (4marks)
Discuss two techniques that the hacker is likely to use to establish the existing vulnerabilities (4marks)
(e)   Being a member of an incident response team, outline the four primary responsibilities  that should be undertaken when an incident is reported.(4marks)
QUESTION TWO
(a)    Describe four categories of access control services that support the phases of access control implementation. (4marks)
(b)   Asha and Sarah’s daily assignment involves exchanging sensitive electronic information that requires maximum protection. The information requires to be verified that it has actually originated from the approved source and has not been tampered with.
Examine the algorithm that Asha and Sarah should apply to ensure that the above requirements are met. (4marks)
(c)    (i) Describe three denial of service attacks. (3marks)
(ii) Highlight a countermeasure you need to implement to mitigate each of the attacks mentioned in (c) (i) above.  (3marks)
(d)   XYZ insurance company has identified ICT infrastructure as one of the various business processer that could affect its bottom line in a given financial year. The company needs to carry out a risk assessment on this infrastructure
Discuss the various phases of the risk assessment that the company plans to undertake in order to safeguard its ICT infrastructure. (6marks)

QUESTION THREE
(a)    XYZ Ltd. Is a company with three branches in Nairobi town. The general manger of the company has requested you as a security expert to conduct an audit across all systems in the organization and give a comprehensive report
Prepare a security check list with areas that would guide your audit process. (3marks)
(b)   Mr. Bean, a computer teacher who also offers cyber services in town centre, has been accused of helping in forgery of legal documents using electronic means.
Propose three possible services one could use to take meaningful data for investigation. (3marks)
(c)    XYZ Airport intends to install a security system that will ensure that “something that you are” is used to gain access to sensitive installations within its premises
Required
Discuss how you will determine the best device to use in relation to its Cross Error Rate (CER). (8marks)
(d)   An organization intends to deploy a firewall between its private network and a link to the internet to control malicious traffic from interfering with its operations. The firewall should be able to examine the packet header information from the network to the application layer of the OSI model.

With reference to the above:
(i)      State the firewall that should be deployed by the organization. (1mark)
(ii)    Outline the factors that this type of firewall uses to make decisions. (2marks)
(iii)   Describe two strengths and weaknesses of the firewall. (3marks)
QUESTION FOUR
(a)    An organization intends to install layer3 virtual private network to secure the information transmission across its branches located in various counties
 Required
Discuss the layer 3 virtual private network (VPN) protocol citing:
·         Why it is popular protocol
·         The different nodes that it can operate in.
·         Its primary components or functions. (6marks)
(b)   Discuss the four components that should be in place for the public key infrastructure to function. (8marks)
(c)    Examine four issues that should be addressed to ensure that an organization’s email is used effectively and in accordance to the organization’s expectations. (4marks)
(d)   Explain how creeping privileges could be controlled in an information system. (3marks)

QUESTION FIVE
(a)    An organization intends to set up an Enterprise Resource Planning (ERP) system that will have several users in various locations. They have approached you for advice on the best authentication method to apply in order to secure the ERP system
Required
Citing in each case a weakness and strength, discuss three different types of authentication methods. (6marks)
(b)   Explain an advantage and a disadvantage of the following systems:
(i)      Centralized access control system. (2marks)
(ii)    Decentralized access control system.(2marks)
(c)    Cyber security greatly depends on physical security. Attackers who gain physical access to computer can further the attack
Discuss the four challenges inherent to lack of integration between physical access and cyber security. (4marks)
(d)   XYZ Ltd plans to set up a data centre that will be used as a cloud computing centre hosting data from various firms that include financial, insurance and manufacturing among others. The management of the company have hired you as a physical security consultant to design the security for this environment.
Citing examples in each case, discuss the functional order of the physical controls that should be put in place. (6marks)

Comments

Post a Comment

Popular posts from this blog

STRUCTURED PROGRAMMING - JUNE 2013

-
CICT PART II SECTION 3: STRUCTURED PROGRAMMING WEDNESDAY: 5 JUNE 2013: TIME ALLOWED: 3 HOURS. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Show ALL your workings. ALL programs written should be in C programming language. QUESTION ONE (a) Describe the uses of the following terms in the context of structured programming environment: (i) Compilation (2 marks) (ii) Linking (2 marks) (iii) Build (2 marks) (iv) IDE (2 marks) (b) Citing suitable examples in each case, describe three types of declarations in structured programming. (9 marks) (c) Below is a programming declaration. Int *ptv1,} (i), x, } (ii), a[10]; } (iii) Required: Identify the parts labeled (i) to (iii). (3 marks) QUESTION TWO (a) (i) Distinguish between “declaring a function” and “defining a function”. (4 marks) (ii) Write a C language function that calculates and returns the square of an integer number. (4 marks) (b) Use illustrations to exp
Read more

PRINCIPLES OF WEB DEVELOPMENT MAY 2018

-
DICT LEVEL III PRINCIPLES OF WEB DEVELOPMENT MAY 2018          TUESDAY: 22 MAY 2018                              TIME ALLOWED: 3 HOURS QUESTION ONE a)     Explain four new features inbuilt in HTML5 differentiate between canvas and SVG as used in HTML5 for graphics b)     Using HTML code illustrate the font tag for Arial font showing eight different sizes of font each with its own colour c)     Write down HTML code that would create a table with the following data : Community Male Female OBC 35 40 SC/ST 23 12 GEN 12 10 QUESTION TWO a)     Describe the following types of positions as used in HTML pages: i)       Static positioning ii)      Relative positioning iii)     Absolute positioning iv)    Fixed positioning b)     Write the HTML code that would display the following content on being rendered by a browse I love my county * I buy food freely * I exercise my rights * I c
Read more