BIT 2317

W1-2-60-1-6
JOMO KENYATTA UNIVERSITY
OF
AGRICULTURE AND TECHNOLOGY

University Examinations 2015/2016

FOURTH YEAR FIRST SEMESTER EXAMINATION FOR THE DEGREE OF BACHELOR

OF SCIENCE IN INFORMATION TECHNOLOGY

BIT 2317 : FUNDAMENTALS OF COMPUTER SECURITY

DATE: DECEMBER 2015 TIME: 2 HOURS

INSTRUCTIONS: ANSWER QUESTION ONE (COMPULSORY) AND ANY OTHER

TWO QUESTIONS.
_____________________________________________________________________________________

QUESTION ONE (30 MARKS)

(a) Explain the following techniques as used in social engineering: [5 marks]

(i) Bating.
(ii) Vishing.
(iii) Pretexting.
(iv) Pharming.
(v) Sniffers.

(b) A successful organization should have the multiple layers of security in place to
protect its operations. Explain any five of these layers. [5 marks]

(c) (i) What is a hash function? [1 mark]

(ii) What can it be used for? [2 marks]

(d) (i) Illustrate the key difference between digital signatures and digital certificates.
[4 marks]
(ii) Discuss three components of pK1. [6 marks]

(e) Outline the three basic operations in cryptography. [3 marks]

1
 BIT 2317

(f) Briefly describe four critical characteristics of information. [4 marks]

QUESTION TWO (20 MARKS)

(a) Information security is one of the key non-functional software requirements. To

secure information, we need a quality software which is the degree of conformance
to explicit or implicit requirements and expectations. Describe any five generally
accepted security principles with regard to secure software system. [10 marks]

(b) Define the following terms: [6 marks]

(i) Virtual Private Network (VPN).

(ii) The Remote Authentication Dial-In User Service (RADIUS).
(iii) Terminal Access Controller Access Control System (TACACS).

(c) Discuss the following types of computer threats: [4 marks]

(i) Espionage.
(ii) Deviations in quality of service.
(iii) Information extortion.
(iv) Technological obsolescence.

QUESTION THREE (20 MARKS)

(a) An attack is an act that takes advantage of a vulnerability to compromise a

controlled system. State and explain any five attacks that exist when a specific act
may cause a loss. [10
marks]

(b) Explain the following terms as used in computer security policies: [3 marks]

(i) Laws.
(ii) Ethics.
(iii) Policies.

(c) (i) What is a firewall? [1 mark]

(ii) Firewall falls into five major processing-mode categories. List and explain
any three. [6 marks]

2
 BIT 2317

QUESTION FOUR (20 MARKS)

(a) Implementing information security involves identifying specific threats and creating
specific threats. Using an illustration, describe the Sec SDLC that unifies this
process into a coherent program as opposed to a series of random and unconnected
actions. [10 marks]

(b) (i) What is meant by the term risk management? [1½ marks]

(ii) Risk management involves three major undertakings. List and explain them.
[6 marks]

(iii) List any five basic strategies used to control the risks. [2½ marks]

QUESTION FIVE (20 MARKS)

(a) (i) Explain the term access control. [2 marks]

(ii) Access control is achieved by means of a combination of policies, programs

and technologies. State and explain the three main access control methods.
[6 marks]

(iii) Describe any four mechanisms used in access control approaches.

[8 marks]

(b) Explain any four components of information system. [4 marks]