0% found this document useful (0 votes)
110 views2 pages

Uganda Christian University: Date: December 2011 Time: 3 Hrs

This document appears to be exam instructions and questions for a third year Information Security exam for students studying Computer Science or Information Technology at Uganda Christian University. The exam contains 6 questions with sub-questions in Section A and Section B. Section A asks students to explain various information security terms and distinguish between concepts. Section B asks multi-part questions about risk mitigation plans, information security plans, firewall selection, risk identification factors, project planning, security auditing, contingency planning, and business continuity options.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
110 views2 pages

Uganda Christian University: Date: December 2011 Time: 3 Hrs

This document appears to be exam instructions and questions for a third year Information Security exam for students studying Computer Science or Information Technology at Uganda Christian University. The exam contains 6 questions with sub-questions in Section A and Section B. Section A asks students to explain various information security terms and distinguish between concepts. Section B asks multi-part questions about risk mitigation plans, information security plans, firewall selection, risk identification factors, project planning, security auditing, contingency planning, and business continuity options.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

UGANDA CHRISTIAN UNIVERSITY

FACULTY OF SCIENCE AND TECHNOLOGY


BACHELOR OF SCIENCE IN COMPUTER SCIENCE
AND
BACHELOR OF SCIENCE IN INFORMATION TECHNOLGY
THIRD YEAR SEPTEMBER SEMESTER EXAMINATION
IN
INFORMATION SECURITY

Date: December 2011

Time: 3 hrs

Instructions:
Answer all questions is section A and any four in section B.
SECTION A (40 marks)
1. Explain what you understand by the following
(a) Trojan
(b) Spoofing
(c) Risk appetite
(d) Business Impact Analysis
(e) Annual loss expectancy

(2 each)

2. What is a bastion host? List three common characteristics of a bastion host?

(8)

3. With respect to Information Security, distinguish between


(a) ethics and laws
(b) a policy and law
(c) detective control and preventive control
(d) subject and object of an attack

(3 each)

4. What are fourth generation firewalls? How do they differ from fifth generation firewalls?

(6)

5. A biometric system can be beaten. True or false? If true, give two scenarios where this is possible.
(4)

- 2 -

SECTION B (60 marks)


Question 1
a) Mitigation is a risk control strategy. What is the objective of this control strategy and outline some
rules of thumb for choosing this strategy.
(6)
b) Identify and explain the three (3) types of plans needed for risk mitigation
(9)

Question 2
a) Identify the five (5) stages involved during the development of an information systems security
plan. Describe the three (3) most important steps in detail. What steps would you take in
responding to a security breach?
(10)
b) What is meant by denial of service attack? Describe a scenario that occurs in such an attack. (5)

Question 3
a) Write short notes on the following:
(i) Benchmarking
(ii) Base lining
(iii) defence-in-depth
(iv) Security perimeter
(v) Traps
b) What considerations need to be considered when selecting a firewall for an organization?
c) What are the four (4) risk identification estimate factors? How are they related?

(5)

(5)
(5)

Question 4
a) What are the major steps in executing a project plan for Information security?
(3)
b) What is the importance of application level testing during an Information security audit?
(5)
c) How does SETA (Security Education Training and Awareness) enhance security within an
organization?
(7)

Question 5
a) Hot sites, warm sites and cold sites are three major options while planning for business continuity.
Briefly describe how each one of these options is used.
(9)
b) In order for an organization to get the sites mentioned above up and running quickly, the
organization must have the ability to port the data into the the new site systems. Describe three
ways in which an organization can port its data into the new site's systems.
(6)

Question 6
a) Why are policies difficult to shape?
b) What do ACL policies regulate?
c) Describe the primary functions of the components of contingency planning.

(3)
(3)
(9)

You might also like