Security Management Questions

Security Management (COME3108)

Computer Engineering - COM

Semester: First Semester

Level: 300

Year: 2019

Answers (200 )

Page 1 of 1

N I M MUM M I N S IO P _ _

REPUBLIC OF CAMEROON

Peace-Work-Fatherland

THE UNIVERSITY OF BAMENDA

P.O BOX 39 Bambili

School/Faculty: NAIIPI Department/Year: Computer Engineering - Year 2 Lecturer(s): Dr. Su h C Forbacha

Course Code: COME3108 Course Title: Security Management Course Credits:

Date: 20/03/2019 NAHPI Amphi 2 Time: 1.5 hrs

Instructions: Answers all questions and for the MCQs, choose from options a-d plus note that only one of these options is the correct

answer

First Semester Exam 2018/2019

Section A

I) Which of the following is a mechanism for protecting information, networks and the Internet? 1 mark

(a) Intrusion (b) Authentication (c) Network hardware (d) Protocols

2) An IAS server configured to forward RADIUS traffic to another server is known as: 1 mark

(a) An 1AS prophy (b) An IAS troxy (c) An IAS proxy (d) None of the above

3) How many keys are used in the public-key system? 1 mark

(a) 1 (b) 3 (c) 4 (d) 2

4) A scenario whereby a hacker listens to TCP/IP packets which come out of the network plus steals

information in them is called: 1 mark

(a) Packet sniffing attack (b) IP spoofing attack (c) Session hi-jacking attack(d) Trust-access attack

5) The prevention of unauthorized disclosure of information is referred to as.: I mark

(a) Integrity (b) Accountability (c) Confidentiality d) Availability

6) The main aim of cryptography is to provide a mechanism for two or more people: 1 mark

(a)

To communicate while anyone else is capable of reading their message(s)

(b)

To communicate while allowing anyone else to be able to decipher their message(s)

(c)

To communicate but without keeping anything hidden from anyone else

(d)

To communicate without anyone else being able to read their message(s)

7) An attack in which an individual calls on the phone and pretends to be a member of the IT department

to obtain a user's password is known as which of the following? 1 mark

(a) Attack script (b) Social engineering attack (c) Brute force attack(d) Dictionary attack

8) Which of the following is the best technique for securing transmitted/received data: 1 mark

(a) Encryption (b) Firewalls (c) Proxy servers (d) Leased lines

Section B

Explain the concept of data encryption and state its significance within today's networked

environment. 5 marks

Packet filters and application level gateways are exposed to insecurity vulnerabilities which can allow

non-friendly users into the network who could gain access to unauthorized information. Explain how

this is possible plus give the best method of protection that can be used to protect data leaving from

this network. 5 marks

Differentiate between a private-key and a public-key plus state which of them is more suited/feasible for

both large-scale networks such as Internet/e-commerce (secured) and why? 6 marks

Explain the concept of Denial of Service attacks plus state the implication that this has on the affected

systems. 7 marks

Briefly explain how a firewall would use the following parameters to filter incoming and outgoing

TCP/IP packets.

marks (2,2)

1) Source IP address:ii) Destination Port:

www.schoolfaqs.net