Professional Documents
Culture Documents
SS 2020 2021 Sept-Oct PDF
SS 2020 2021 Sept-Oct PDF
NORTH CAROLINA, U. S. A.
SEPTEMBER/OCTOBER EXAMINATION
Instructions to Candidates:
● This is an open book final online assessment. You MUST answer the assessment questions on
your own without any assistance from other persons.
● You must submit your answers within the following time frame allowed for this online
assessment:
o The deadline for the submission of your answers is half an hour from the end time of this
online assessment.
● Penalty as below WILL BE IMPOSED on students who submit their answers late as follows:
o The final marks of this online assessment will be reduced by 10 marks for answer scripts
that are submitted within 30 minutes after the deadline for the submission of answers for
this online assessment.
o The final marks of this online assessment will be downgraded to zero (0) mark for any
answer scripts that are submitted after one hour from the end time of this online assessment.
● Extenuation Mitigating Circumstance (EMC) encountered, if any, must be submitted to the
Faculty/Branch/Centre within 48 hours after the date of this online assessment. All EMC
applications must be supported with valid reasons and evidence. The UC EMC Guidelines apply.
Question 1
a) Security development lifecycle (SDL) is a process that standardizes security best practices across
a range of products and applications. It consists of 7 important phases to help in software
development.
Draw a diagram to discuss the significance of each SDL phase in ensuring that security is built
into the application. (17 marks)
b) Compare and contrast between white hat and black hat. (8 marks)
[Total: 25 marks]
Question 2
a) In the fault model for web applications, a transaction between a web user and a web server has
three main components: the web server, the web client and the network. Some main issues to be
considered are as follows:
(i) A malicious user can tamper with all data that is stored on the web client.
(ii) All network traffic from the web client must be validated and treated as untrustworthy.
Evaluate the security problems caused by the above-mentioned issues and propose approaches
for solving the problems. (16 marks)
b) Describe the THREE (3) main security goals for a security development lifecycle (SDL).
(9 marks)
[Total: 25 marks]
Question 3
a) The DeliveryToU.com website has the following rules for its customers:
One main problem with the given password rules is that such passwords are not usable at all as
they are difficult for users to remember.
Question 3 a) (Continued)
(i) Suggest TWO (2) methods together with ONE (1) example in which
DeliveryToU.com can make authentication both usable and secure at the same time.
(4 marks)
(ii) Write justification for each proposed method in Question 3 a) (i). (4 marks)
b) The attack tree is useful for evaluating a system’s security based on various threats. Consider the
attack tree shown below. The cost to attack is indicated in the leaf nodes. Identify the cheapest
path and the most expensive path. Show how you derive your answer.
A
B C D
E F J K
RM1,000 RM8,000 RM7,000 RM4,000
G H I
RM2,000 RM3,000 RM6,000
(17 marks)
[Total: 25 marks]
Question 4
a) A buffer overflow occurs when a program exceeds a buffer’s boundary and overwrites adjacent
memory locations as it is writing data to the buffer.
(i) Identify TWO (2) potential impacts of the buffer overflow on security vulnerability.
(4 marks)
(ii) Discuss THREE (3) counter-measures that can be put in place to prevent the security
vulnerability. (9 marks)
b) Software security testing is essential to identify defects and vulnerabilities during the
development phases.
Propose TWO (2) types of security testing and elaborate how your suggested security testing
can help to reveal flaws in the security mechanism of a software program. (6 marks)
c) “Program testing can be used to show the presence of bugs, but never to show their absence!”
Write justifications to support the above statement by discussing the importance of software
security testing. (6 marks)
[Total: 25 marks]