Professional Documents
Culture Documents
NSC March 2016 Exam MS Final
NSC March 2016 Exam MS Final
NSC March 2016 Exam MS Final
2 March 2016
Marking Scheme
This marking scheme has been prepared as a guide only to markers. This is not a set of
model answers, or the exclusive answers to the questions, and there will frequently be
alternative responses which will provide a valid answer. Markers are advised that, unless a
question specifies that an answer be provided in a particular form, then an answer that is
correct (factually or in practical terms) must be given the available marks.
If there is doubt as to the correctness of an answer, the relevant NCC Education materials
should be the first authority.
Where markers award half marks in any part of a question, they should ensure that
the total mark recorded for the question is rounded up to a whole mark.
Answer ALL questions
Marks
Question 1
a) Briefly explain what is meant by the term encryption with reference to key and 3
algorithm.
Encryption is the process of converting readable clear-text/plain-text using
an algorithm and a key (1 mark) to cipher-text (1 mark) which is an
obscured / unrecognisable form (1 mark).
b) ‘For successful encryption, it is important that the key and algorithm must be kept 2
secret’. Is this statement valid or misleading?
The Algorithm does not have to be kept secret, (1 mark) but in symmetric-
key cryptography the key must be kept secret (1 mark)
Total: 10 Marks
Page 2 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 2
a) Public Key Infrastructure (PKI) is a security architecture that has been introduced 5
to provide an increased level of confidence for exchanging information. E-
Commerce makes use of Public Key Infrastructure using TLS when you make a
purchase.
Spell out the acronym TLS and explain how a browser uses TLS to ensure that
the E-commerce server is authentic and not a spoof website.
b) PKI uses ‘Public Key Cryptography’ rather than ‘Symmetric Key Cryptography’. 1
Explain the weakness of Symmetric Key cryptography that Public Key
Cryptography overcomes.
The problem of securely distributing the secret (Symmetric Key).
c) Alice wants to send a secure message to James. Describe how Alice would use 2
Public Key Infrastructure to send a send a secure message to James.
Alice encrypts her message with James’s Public Key and transmits it to
James. (1 mark). James decrypt with his Private Key. (1 mark)
d) Public Key encryption has limitations. What is the disadvantage of Public Key 1
encryption compared to Symmetric Key encryption?
PK is much slower than Symmetric
e) How can Public and Symmetric Key encryption be combined to overcome the 1
disadvantage you identified in part (d)?
Overcome by using PK to exchange Symmetric Key then use Symmetric
encryption for speed.
Total: 10 Marks
Page 3 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 3
a) You are the IT manager of a company that provides laptop PCs to its sales 4
employees. You are concerned about the security implications. This is because
the sales staff can store sensitive data on their laptop PCs and then use them for
email.
Identify TWO (2) risks to data on a laptop PC and briefly explain how each risk
can compromise the confidentiality, integrity or availability of the data.
The maximum number of marks awarded to this question is 4. Award 1
mark for identifying a threat and 1 mark for a correct explanation of the CIS
issue. Examples include:
b) You decide to address these security issues. State THREE (3) methods that you 6
can use to secure data on the PC and explain how each of your measures can
reduce the risk of a security breach.
The maximum number of marks awarded to this question is 6. Award 1
mark for stating a method and 1 mark for a correct explanation of how it
reduces a security breach. Examples include:
Total: 10 Marks
Page 4 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 4
c) Digital Certificates are important in this process. Explain the purpose of a Digital 2
Certificate and outline how you would obtain this certificate.
Total: 10 Marks
Page 5 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 5
a) Passwords are still the most common method of user authentication. State FOUR 4
(4) problems of using passwords.
• Short passwords
• Predictable passwords
• Reuse of passwords
• Writing down passwords
Key loggers
c) A social networking site has introduced additional security to its accounts called 2
login approvals. It requires you to enter a code that the social network sends to
your mobile phone via text message whenever you log into the social network
from a new or unrecognized computer.
Is this multi-factor authentication? You should justify your answer with ONE (1)
point.
Total: 10 Marks
Page 6 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 6
b) Explain what is meant by the term password audit and briefly discuss why it is 2
important.
An organisation regularly attempts to crack users’ passwords using
techniques such as a dictionary attack (1 mark). Passwords are still the
most widely used authentication mechanism and weak passwords are
common (1 mark)
c) Explain what is meant by the term port scan and describe its role in a 3
vulnerability assessment and how the results should be used.
Award 1 mark for each bullet point up to a maximum of 3 marks:
• A port scan or port scanner attempts to connect to all 65536 ports on
a server to see whether there are services listening (that is, waiting
for connections) on those ports.
• The purpose of a port scan is to audit network computers for likely
vulnerabilities or exploits. Attackers can use open ports as a means
of exploiting known vulnerabilities in applications that use the ports.
• Unused ports should always be closed.
Total: 10 Marks
Page 7 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 7
b) Draw a diagram which shows how a single network firewall could be used with a 4
Demilitarized Zone, Internal network and Internet. Show where a Web Server and
Domain Controller would be positioned.
PC
PC
Network Firewall
PC
switch
Internet
DC
Internal LAN
DMZ, Mail,
DNS,Web server
etc
c) Provide TWO (2) examples of Access (Firewall) rules for your network in part (b). 2
Award 1 mark for each valid example up to a maximum of 2 marks:
Total: 10 Marks
Page 8 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 8
a) Companies are increasingly enabling their employees to connect to corporate
networks from home or mobile devices. A VPN is often used for this purpose.
b) Draw a diagram to show how a home user could connect their home laptop PC to 3
the corporate network using a VPN. Explain the components on your diagram.
Total: 10 Marks
Page 9 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 9
i. Name the device that connects the wireless devices to the network and 3
briefly describe how it works.
Wireless Access Point (1 mark) It acts as a switch (1 mark), identified
by SSID (1 mark)
ii. Draw a diagram to show how wireless devices (e.g. Laptop PC, Tablet) can 2
be connected to a corporate LAN. You should label the components.
Diagram showing WAP connected to a LAN switch or Firewall (i.e. in a
DMZ). (1 mark) with some representation of a corporate network (1
mark). An example diagram is:
Corporate LAN
PC
PC
Network Firewall
PC
switch
DC
Internet
Note: Firewall/ Internet is not required for full marks unless DMZ is
discussed.
b) Wireless networking is inherently less secure than a wired LAN. This is because
the wireless network broadcasts its existence and the signal can be received by
devices not authorised to join the network.
i) How can you protect the confidentiality of traffic across the network? 1
Encryption for confidentiality
ii) How can you make sure unknown devices cannot be connected to the 1
network?
Authentication (1 mark) or MAC address filtering
iii) How can you ‘hide’ the network from public view? 1
SSID should not be broadcast
iv) Two protocols used for securing Wi-Fi are WEP and WPA-2. Which is best 2
and why?
WPA-2 is best (1 mark), Since WEP can be broken in a very short time
(1 mark)
Total: 10 Marks
Page 10 of 13
Network Security and Cryptography © NCC Education Limited 2016
Marks
Question 10
a) Bob has just read CYREN’s 2015 Cyberthreat Yearbook report which begins: 10
“Enterprises of all sizes are now besieged by cybercrime at an alarming rate”.
This report found that successful cyber-attacks on businesses of all sizes
increased by 144% over a four-year period.
Bob believes that there is a simple answer: the way to deal with this problem is to
invest more in powerful firewalls. Do you agree with Bob? You should explain
and justify your answer in detail.
The aim here is to see security in context of the business and to provide
students with more opportunity to elaborate an argument rather than recall
knowledge and facts.
Award 1 mark for stating that Bob is wrong. Award up to 9 marks for the
explanation. Points should include:
Total: 10 Marks
Page 11 of 13
Network Security and Cryptography © NCC Education Limited 2016
Learning Outcomes matrix
Page 12 of 13
Network Security and Cryptography © NCC Education Limited 2016
Grade descriptors
Page 13 of 13
Network Security and Cryptography © NCC Education Limited 2016