Imam Mohammad Ibn Saud Islamic University

College of Computer and Information Sciences

Information Systems Department
Course Title: Information Security
Course Code: IS433
Course Instructor: Dr. Taher Alzahrani, T. Alanoud Alotibi
Exam: Final
Semester: Spring 2020
Date: 28-4-2020 /5-9-1441
Duration: 2 hours
Marks: 20
Privileges: ☐ Open Book ☐ Open Notes Ö Take Home Exam
☐ Calculator Permitted ☐ Laptop Permitted

Student Name (in English):

Student ID:
Section No.:

Instructions:
1. Answer All questions; there are __3__ questions in __5__ pages.
2. Answer should be in hand-writing using pen.
3. Write your name on each page of the answer paper.
4. Write your answers by clearly specifying the question number.
5. If information appears to be missing from a question, make a reasonable assumption, state
your assumption, and proceed.
6. If due to any reason, you cannot upload the answer file to the LMS you can email it using
your official imam university email to the instructors email before the end of the exam
duration.
7. Any electronic submission by you after exam duration will not be accepted.
8. No questions will be answered by the invigilator(s) during the exam period.
9. Instructors email talzahrani@imamu.edu.sa

Official Use Only

Question Student Marks Question Marks
1 10
2 4
3 6
Total 20

Imam University | CCIS | Doc. No. 006-02-20170316 Page 1 of 5

Student Name (in English): __________________________________________ Student ID: _____________________________

Question 1: Multiple choice questions To be answered in ( _20_ ) Minutes [ ] / __10_ Marks

1. ____________ is a type of malware when an attacker access information

resources that bypass regular authentication or authorization.
a) Rabbit
b) Backdoor
c) Flash worms
d) Botnets

2. __________ detection is a malware detection method that monitor system for

anything “unusual” or “virus-like” or potentially malicious activity.
a) Signature
b) Anomaly
c) Change
d) Digital

3. Nowadays, malicious activities have been raised widely, and the main types of
that activities are formed of viruses and worms, what is the main difference
between virus and worm:
a) Virus strong than worm
b) Virus less spread than worm
c) Virus can be detected
d) All the above

4. _______ is a type of malware when an attacker predetermine all vulnerable IP

addresses, then embed these addresses into the malware to infect entire Internet
almost instantly.
a) Rabbit
b) Backdoor
c) Flash worms
d) Botnets

5. A protocol that uses symmetric key, time stamp and is used for single-sign on is
called:
a) SSH
b) SSL
c) Kerberos
d) WEP
6. _________ is a type of malware in which each infection utilizes a different
cryptographic key causing the main code to appear completely different on each
system.
a) Encrypted virus
b) Flash worm
c) Botnet
d) All of the above

Imam University | CCIS | Doc. No. 006-02-20170316 Page 2 of 5

 7. Which of the following protects Kerberos against replay attacks?
a) Cryptography
b) Timestamps
c) Tokens
d) Password

8. The replay attack in SSH authentication can be avoided by using:

a) Hash
b) Nounce
c) Digital Signature
d) TGT
9. Which one is not true for Anomaly-based intrusion detection system?
a) Must be combined with another method such as signature detection.
b) Can only detect known attacks
c) High false alarm rate.
d) All the above

10. In Kerberos protocol, the timestamp was used to increase the efficiency of the
protocol and decreased number of messages instead of using challenge-response
mechanism.
a) TRUE.
b) FALSE

Question 2: Kerberos Security Protocol To be answered in ( _30_ ) Minutes [ ] / __4_ Marks

Answer the following questions:

A) Your organization used Kerberos security protocol to authenticate its users when
they login to the server domain. In this case, what server represent, and why it
should be protected? [1 Mark]

B) The employee named “Ahmed” working in finance department, and when he

logins to the domain, he enters his password, What does Kerberos do with his
password, and why? [1 Mark]

C) Why can Ahmad not remain anonymous when requesting a TGT from the KDC?
[1 Mark]

D) Ahmed wants to copy file from Fileserver, then Kerberos will provide Ahmed
with shared key with Fileserver. Why this situation happened in Kerberos? [1
Mark]

Imam University | CCIS | Doc. No. 006-02-20170316 Page 3 of 5

Question 3: Scenario To be answered in ( __30_ ) Minutes [ ] / __6_ Marks

Coronavirus is pandemic which hit the world in January 2020, it first appeared
in China – Wuhan city. This pandemic known by COVID-19 as scientific
medical name and it classified as dangerous virous. However, bad guys
(hacker) exploited this pandemic and abuse this panic to launch special
malware, cyber attack and/or phishing attack.

You are working in cybersecurity department, and you have been asked to take
countermeasure to protect your organization from malicious COVID-19 attack.

Based on this, please answer the following questions:

A) If you received an email stated that, “see the last updated number of infected
people with Coronavirus on the next link ”, If you click on the link t will launch
you to website (www.covid19.com) , and you observe the certificate for this
website and it looks like:

1) What is wrong with this certificate? [1 Mark]

2) Does the Covid19.com needs to authenticates you? Why? [2 Marks]

Imam University | CCIS | Doc. No. 006-02-20170316 Page 4 of 5

 B) Your organization have three branches in Riyadh, you work in Head
Quarter and you want to access the backup server in branch number 2, you
want to make sure your connection is secure from bad guys, which protocol
you will use? [1 Mark]

C) According to the current rates and indicators of the spread of the novel
Coronavirus, the Ministry of health working hard to reduce the infected cases
with covid19. What is the best methods for preventing an illegal or unethical
activity with examples. [2 Marks]

END QUESTIONS
GOOD LUCK

Imam University | CCIS | Doc. No. 006-02-20170316 Page 5 of 5