UNIVERSITY OF COLOMBO, SRI LANKA

UNIVERSITY OF COLOMBO SCHOOL OF COMPUTING

Master of Information Security

First Semester Examination – August 2021

MIS 1204 - Network Security

Part B

One (1) hour for this Part

Important Instructions to candidates:

1. Students should answer in the medium of English language only.

2. This paper consists of two parts: Part A (Question No. 1 and Question No. 2) and Part
B (Question No. 3 and Question 4). Each part has to be submitted separately.
3. This part has 2 questions and 07 pages.
4. Answer ALL questions.
5. Write your index number on each and every page of the answer sheet.
 Index Number

Q3. (a). Write one (1) benefit and one (1) drawback of dedicated network communication links over
Virtual Private Networks (VPN).

[4 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

(b). “ A Virtual Private Network (VPN) may not necessarily be secure”.

State if the above statement true or false and justify your answer using examples.

[5 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

2
 Index Number

(c). Explain how network VPN devices implement network tunnels by using TCP/IP network
packet structure.

[8 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

3
 Index Number

(d). Most of the Next Generation Firewalls or Unified Threat Management (UTM) devices have
the capability to implement VPNs. In addition to VPN and Intrusion Detection/Prevention
Systems, write three (3) features of the Next Generation Firewalls or UTM devices.

[3 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

(e). “ Intrusion Detection Systems (IDS) could be used to identify zero day vulnerabilities ”.
State if the above statement true or false and justify your answer using examples.

[5 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

4
 Index Number

Q4. (a). Kerberos is a protocol that is used to authenticate both clients and services in an open (inse-
cure) network.
i. List the components of a Key Distribution Center (KDC).
[2 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

ii. Authentication server does not directly provide a Service Granting Ticket (SGT). In-
stead, it provides a Ticket Granting Ticket (TGT). Explain the benefit of this protocol
design.
[5 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

iii. Apart from having to maintain a synchronised clock across all machines in a Kerberos
realm, list two(02) assumptions Kerberos protocol and its security relies on.
[4 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

5
 Index Number

(b). Describe two factor authentication using real world examples.

[6 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

(c). “ Storing a salt value in plain text is not recommended”.

State if the above statement true or false and justify your answer.

[5 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

6
 Index Number

(d). List two (2) ways an attacker could use to obtain passwords from a system.

[3 marks]
ANSWER BOX (TO GUESS THE EXPECTED LENGTH OF THE ANSWER)

————————– *********************** ————————–