Scribd Logo
Upload

Welcome to Scribd!

  • CSC662 2013 01

    Uploaded by

    Haire Kahfi Maa Takaful
    179 views6 pages
    exam paper for CSC662

    Original Title

    CSC662_2013_01

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    exam paper for CSC662

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    179 views6 pages

    CSC662 2013 01

    Uploaded by

    Haire Kahfi Maa Takaful
    exam paper for CSC662

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    CONFIDENTIAL

    CS/JAN 2013/CSC662

    UNIVERSITI TEKNOLOGI MARA


    FINAL EXAMINATION

    COURSE

    COMPUTER SECURITY

    COURSE CODE

    CSC662

    EXAMINATION

    JANUARY 2013

    TIME

    3 HOURS

    INSTRUCTIONS TO CANDIDATES
    1.

    This question paper consists of thirteen (13) questions.

    2.

    Answer ALL questions in the Answer Booklet. Start each answer on a new page.
    Do not bring any other material into the examination room unless permission is given by the
    invigilator.
    Please check to make sure that this examination pack consists of:
    i)
    ii)

    the Question Paper


    an Answer Booklet - provided by the Faculty

    DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO


    This examination paper consists of 6 printed pages
    Hak Cipta Universiti Teknologi MARA

    CONFIDENTIAL

    CONFIDENTIAL

    CS/JAN 2013/CSC662

    QUESTION 1
    Given the following scenario:
    After selecting your groceries, you push your cart full of goods to one of the
    checkout counters. The checkout sale assistant scans your groceries, totals
    what you owe, and upon receiving payment from you gives you an itemized
    receipt. However, you can't then simply exit the building with your groceries.
    At the exit you are required by a security officer who inspects your receipt. If
    the receipt looks okay (appears to match the number and types of items in
    your cart), the security officer wills write the time of the checkout on the
    receipt and hands it back to you. At this point, you can exit the building and
    take the groceries to your car.
    a)

    Identify TWO (2) security principles illustrated by the supermarket's approach.


    (2 marks)

    b)

    Discuss the above security principles.


    (4 marks)

    c)

    By writing the checkout time on the receipt, describe an attack that supermarket tries
    to prevent.
    (2 marks)

    QUESTION 2
    Determine the below statements regarding computer virus and worm are TRUE or FALSE.
    a)
    b)
    c)
    d)

    e)
    f)

    How a virus spread can be completely independent of the payload it executes on


    each system it infects.
    During their initial phase of propagation, well-designed worms can spread
    exponentially fast.
    A fundamental property of how viruses spread is that they generate random Internet
    addresses and then probe those to find new victims.
    One of the most promising approaches for defending against worm outbreaks is to
    release "counter worms" that spread by exploiting the same vulnerability, but upon
    infection de-install the original worm.
    A common approach for creating polymorphic viruses uses encryption technology.
    Viruses can spread to systems even if they have no Internet connectivity.
    (6 marks)

    Hak Cipta Universiti Teknologi MARA

    CONFIDENTIAL

    CONFIDENTIAL

    CS/JAN 2013/CSC662

    QUESTION 3
    As a software engineer, you have been assigned to design a mechanism that only allows
    legitimate users to install and run an application. The application will be distributed through
    the internet.
    a)

    Identify the security objective is suitable to be used in this situation.


    (2 marks)

    b)

    Why do you choose the above security objective?


    (2 marks)

    c)

    Explain how your mechanism works. Please take into consideration that there are
    possibilities of multiple installations of the application using the same serial number.
    (4 marks)

    QUESTION 4
    a)

    Describe the meaning of the following terms in cryptography.


    i)
    ii)

    Confusion
    Diffusion
    (4 marks)

    b)

    How do these terms relate to transposition and substitution ciphers?


    (4 marks)

    QUESTION 5
    a)

    What is cryptographic protocol?


    (2 marks)

    b)

    Describe the THREE (3) types of cryptographic protocols:


    i)
    ii)
    iii)

    Arbitrated Protocols
    Adjudicated Protocols
    Self-enforcing Protocols
    (6 marks)

    Hak Cipta Universiti Teknologi MARA

    CONFIDENTIAL

    CONFIDENTIAL

    CS/JAN 2013/CSC662

    QUESTION 6
    a)

    What is role-based access control (RBAC)?


    (2 marks)

    b)

    Discuss TWO (2) advantages of RBAC?


    (4 marks)

    QUESTION 7
    Describe with example how the computer security objectives of confidentiality, integrity and
    availability relate to database management system.
    (9 marks)

    QUESTION 8
    Connecting a computer system to a network such as the Internet creates many threats to
    computer security. Describe THREE (3) of these threats.
    (6 marks)

    QUESTION 9
    a)

    How does a threat to information security differ from an attack?


    (4 marks)

    b)

    When can the threat and attack happen simultaneously?


    (2 marks)

    QUESTION 10
    a)

    What is Cross-Site Scripting or XSS attack?


    (2 marks)

    b)

    Give TWO (2) impacts of Cross-Site Scripting (XSS) attack.


    (4 marks)

    c)

    List FOUR (4) the network authentication protocol, Karberos design criteria.
    (4 marks)

    Hak Cipta Universiti Teknologi MARA

    CONFIDENTIAL

    CONFIDENTIAL

    CS/JAN 2013/CSC662

    QUESTION 11
    The access control matrix is a simple framework to describe the relationship between
    subjects and objects.

    Subject
    I

    Subject
    i
    owner,
    control

    Subject
    2
    owner.
    control

    Subject
    2
    Subject
    3

    Sribject
    3
    call

    call
    owner.
    control

    File i

    File 2

    Process
    1

    owner.
    read,
    write
    read

    write

    waketip

    read

    owner

    Figurel: Portion of an access matrix


    a)

    Based on Figure 1, explain the access permission granted to Sub j e c t 1.


    (3 marks)

    b)

    List FOUR (4) basic classification system involved in Bell-LaPadula Model.


    (4 marks)

    QUESTION 12
    NGSCB employs a unique hardware and software design to enable new kinds of secure
    computing capabilities to provide enhanced data protection, privacy and system integrity.
    NSGCB operates two modes of operating systems in one system.
    List FOUR (4) criteria's of trusted modes in the NGSCB Computing Environment.
    (4 marks)

    Hak Cipta Universiti Teknologi MARA

    CONFIDENTIAL

    CONFIDENTIAL

    CS/JAN 2013/CSC662

    QUESTION 13
    In cryptography, one-time pad (OTP) encryption has been proven to be impossible to crack if
    it is used correctly. Assuming A is represented by 0, answer the following questions based
    on the information below:
    Plain-text
    Key
    a)

    THE BRITISH ARE COMING


    DKJFOISJOGIJPAPDIGN

    Write a pseudo-code to encrypt the above plain-text using OTP encryption.


    (4 marks)

    b)

    Encrypt the plain-text using the key given.


    (6 marks)

    c)

    Decrypt the cipher-text in (b) in order to prove that your encryption is correct.
    (4 marks)

    END OF QUESTION PAPER

    Hak Cipta Universiti Teknologi MARA

    CONFIDENTIAL

    You might also like