Scribd Logo
Upload

Welcome to Scribd!

  • Com 323 Question Paper

    Uploaded by

    Albert Omondi
    19 views2 pages
    (1) The document is an exam for an Information System Security course at Maasai Mara University covering topics like phishing attacks, access control, authentication, and digital forensics. (2) The exam has 4 questions, with question one being compulsory and worth 30 marks, while the other questions are worth 20 marks each. (3) The exam instructions state that students must answer question one and any other two questions, and that mobile phones are not allowed.

    Original Description:

    Original Title

    COM 323 QUESTION PAPER

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    (1) The document is an exam for an Information System Security course at Maasai Mara University covering topics like phishing attacks, access control, authentication, and digital forensics. (2) The exam has 4 questions, with question one being compulsory and worth 30 marks, while the other questions are worth 20 marks each. (3) The exam instructions state that students must answer question one and any other two questions, and that mobile phones are not allowed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    19 views2 pages

    Com 323 Question Paper

    Uploaded by

    Albert Omondi
    (1) The document is an exam for an Information System Security course at Maasai Mara University covering topics like phishing attacks, access control, authentication, and digital forensics. (2) The exam has 4 questions, with question one being compulsory and worth 30 marks, while the other questions are worth 20 marks each. (3) The exam instructions state that students must answer question one and any other two questions, and that mobile phones are not allowed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    MAASAI MARA UNIVERSITY

    REGULAR UNIVERSITY EXAMINATIONS


    2017/2018 ACADEMIC YEAR
    FIRST YEAR SECOND SEMESTER

    SCHOOL OF SCIENCE

    COURSE CODE: COM 323


    COURSE TITLE: INFORMATION SYSTEM SECURITY

    DATE: 23RD AUGUST, 2018 TIME: 08:30AM – 10:30AM

    INSTRUCTIONS TO CANDIDATES
    (b) Answer question ONE (compulsory) and any other
    TWO questions.
    (c) Question one carries 30 marks
    (d) All other questions carry 20marks
    (e) Mobile Phone is not allowed in the exam room
    SECTION A (COMPULSORY –30 MARKS)
    QUESTION ONE
    a. Explain with example the types of vulnerability(ies) is/are mainly
    exploited by phishing attacks (10 Marks)
    b. Propose security controls (methods) to prevent phishing attacks in
    computer system of Maasai Mara University (10 Marks)

    SECTION TWO IS 40 MARKS. ANSWERS TWO QUESTION


    QUESTION TWO
    a. Mention threats against the registration phase of access control
    (10 Marks)
    b. Explain how authorization has been defined to make meaningful the
    definitions of confidentiality and integrity in X.800, and also the Kenya
    Computer Fraud & Abuse Act (10 Marks)
    QUESTION THREE
    a) A user is authenticated to an online web service at the start of a session
    and sends data to the web server through his client computer. Explain to
    what degree the service provider can assume that the data received
    during the session are authentic as a result of the user authentication
    (10 Marks)

    b) Articulate a simple security policy for your personal computer, stating


    who has authorized access. (10 Marks)

    QUESTION FOUR
    a) As an information system security officer of Maasai Mara University. You
    have an incident that took place of fraud at the finance office. With the
    skills of digital forensic you have been tasked to establish the evidence of
    the fraud and bring the culprit into record. Discus the main FIVE steps to
    carry out computer forensics investigation in the finance (10 Marks)
    b) Discus FIVE Common security attacks and their countermeasures
    (5 Marks)
    c) Network Security is another threat to the customer and unknowingly
    they are directed to a false website. Explain the effect of being directed to
    false website by giving example (5 Marks)

    You might also like