Scribd
Upload
345 views9 pages

Final Assessment 20202

This document contains a confidential final exam for a Computer Security course. It has two parts, Part A with 10 questions worth 80 marks total, and Part B with 2 questions worth 20 marks total, for a total exam mark of 100. Part A questions cover topics like operating system security, security components, threats prevention, malicious software, network security, access control, authentication, and attacks. Part B questions cover virtual private networks and a case study analyzing security flaws at a company. The exam is 3 hours long and instructs candidates to answer all questions in English.

Uploaded by

athirasubki
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
345 views9 pages

Final Assessment 20202

This document contains a confidential final exam for a Computer Security course. It has two parts, Part A with 10 questions worth 80 marks total, and Part B with 2 questions worth 20 marks total, for a total exam mark of 100. Part A questions cover topics like operating system security, security components, threats prevention, malicious software, network security, access control, authentication, and attacks. Part B questions cover virtual private networks and a case study analyzing security flaws at a company. The exam is 3 hours long and instructs candidates to answer all questions in English.

Uploaded by

athirasubki
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

CONFIDENTIAL 1 CS/JULY 2020/CSC662

UNIVERSITI TEKNOLOGI MARA


FINAL TEST

COURSE : COMPUTER SECURITY


COURSE CODE : CSC662
ASSESSMENT : JULY 2020
TIME : 3 HOURS

INSTRUCTIONS TO CANDIDATES

1. This question paper consists of two (2) parts. PART A (10 Questions)
PART B (2 Questions)

2. Answer ALL questions in the Question Paper.

3. Answer ALL questions in English.

Name:
Student ID:
Group:

PART A PART B TOTAL MARKS

/80 /20 /100

DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO


This examination paper consists of 5 printed pages

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 2 CS/JULY 2020/CSC662

PART A

QUESTION 1

a) Why the operating system security is important in the implementation of grading


application system in education?

(2 marks)

b) Identify THREE (3) security components in Windows and Linux Operating System

(6 marks)

QUESTION 2

a) Provide TWO (2) example steps how to prevent computer security threats from insiders.

(2 marks)

b) Malicious software denotes program code executed without a user’s consent and carrying
out harmful functionality. Provide THREE (3) examples of dependent and independent
malicious code.

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 3 CS/JULY 2020/CSC662

QUESTION 3

a) As a technical staff, provide TWO (2) importance on how internet users are dealing with
Internet Security Threats.

(2 marks)

b) Identify the following activity security threats either interception, interruption or fabrication

Security Threats Answer

i) Insertion of spurious messages in a network

ii) Wiretapping to capture data in a network

iii) Sniffing the network packets in local area network

iv) Disabling windows file system

v) Swamping a computer with jobs or communication link


with packets

vi) Insertion of data in database files

(6 marks)

QUESTION 4

a) As security consultant, suggest TWO (2) preliminary layers of protection in securing the
network of an organization.

(2 marks)

b) Briefly explain types of intrusion detection system (IDS).

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 4 CS/JULY 2020/CSC662

QUESTION 5

a) Provide ONE (1) examples technique that attacker may use to successfully exploit a
vulnerability of threats by Buffer Overflow Attack.

(2 marks)

b) Briefly explain THREE (3) mechanism in protecting software in computer system

(6 marks)

QUESTION 6

a) Which code represent the identifier authority (IA), and who is the security principal
(based on relative identifier) of the following Security Identifier (SID) in a Windows
operating system?

S-1-3-21-1180699209-877415012-3182924384-513

(2 marks)

b) Give THREE (3) examples of subjects, objects and operations in a Hotel Management
Information System. Suggest the most suitable access model for the system and give a
reason for your suggestion.

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 5 CS/JULY 2020/CSC662

QUESTION 7

a) Identify where the user credential is being stored and verified in the Windows Operating
System.

(2 marks)

b) Write an access control matrix (ACM) for the for following files listed in a Linux operating
system in Table1.

user@bash: ~$ ls -l

-rwxr---wx 1 home home 0 2020-06-06 19:06 test1


-r--rwxr-- 2 home home 1 2020-06-06 21:23 assign2

Subject test1 assign2

Users

Group

Other
Table 1

(6 marks)

QUESTION 8

a) Name TWO (2) main detection approaches in defending against shellcode

(2 marks)

b) SQL Injection – or SQLI is a type of cyber security attack that targets application security
weakness and allows attackers to gain control of an application’s database. Discuss TWO
(2) ways in preventing SQL injection in securing Web Application System.

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 6 CS/JULY 2020/CSC662

QUESTION 9

a) Provide TWO (2) differences between active attack and passive attack.

(2 marks)

b) Briefly describe the following:

i) Social Engineering
ii) Logic Bomb
iii) Smurf Attack

(6 marks)

QUESTION 10

a) Identify TWO (2) levels of security measures in protecting a computer system.

(2 marks)

b) Virus is a fragment of code embedded in a legitimate system or program. It literally falls


into several main categories. Briefly explain THREE (3) categories of viruses.

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 7 CS/JULY 2020/CSC662

PART B

QUESTION 1

A Virtual Private Network (VPN) is the extension of a private network that encompasses links
across shared or public networks like the Internet.

a) IPSec has two encryption modes which are Transport and Tunnel mode. Discuss the
differences between Transport mode and Tunnel mode.

(4 marks)

b) Illustrate by using diagram, identify TWO (2) methods of implementing VPN connection
in corporate network.

(4 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 8 CS/JULY 2020/CSC662

c) What is the advantage of using IPsec in VPN network?

(2 marks)
QUESTION 2

Company Sapura Holding Sdn Bhd has 200 employees from the various department such as
Engineering Department, IT Department, Human Resource Department, Business
Department and Corporate Communication Department. This company has planned to apply
the MSC status company by the end of this year. They hired the security consultant in order
to provide security assessment in their company. During the investigation, each of the
employee can access all the system using default password which has been posted in front
of their desk. Besides that, they leave for their lunch without logged out of their desktop. Some
of the employee spends two to three hours per day on chatting messenger at their desktop.
The user as system admin still remain active even though it has been fired last 3 months. The
security consultants have identified many security flaws happens in this organization which
can allow intruder to breach against their security system.

a) Provide the FOUR (4) major security flaws from the above case study

(4 marks)

b) Briefly explain TWO (2) ways of security flaws in the Question 1 (b) which can be
improvise to prevent any security breach in this company

(4 marks)

c) Name TWO (2) possibility may occur when the security breaches of this company has
been compromised

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


CONFIDENTIAL 9 CS/JULY 2020/CSC662

(2 marks)

END OF QUESTION PAPER

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

You might also like