Section A

1. The roots of modern encryption can be traced back almost _____ years.
A. 2,000
B. 4,000
C. 200
D. 100

2. Encryption is based on _____.

A. Phrenology
B. Cartography
C. Chronology
D. Cryptography

3. Modern encryption is classified as _____ or _____.

A. Symmetric or Asymmetric
B. Encrypted or Decrypted
C. Public or Private
D. Algorithmic or Manual

4. Most web browsers have a little _____ icon that lets you know that your transactions are secured
and that the communication are encrypted.
A. Lock
B. Skull and Crossbones
C. Bell
D. Smiley

5. The acronym AES stands for?

A. American Encryption System
B. Advanced Encryption System
C. American Encryption Standard
D. Advanced Encryption Standard

6. Identify the term which denotes that only authorized users are capable of accessing the
information
A. Confidentiality
B. Availability
C. Integrity
D. Non-repudiation

Page 1 of 6
7. State whether True or False: Data encryption is primarily used to ensure confidentiality.
A. True
B. False

8. Identify the oldest phone hacking technique used by hackers to make free calls.
A. Spamming
B. Phreaking
C. Cracking
D. Phishing

9. In which category does compromising confidential information fall?

A. Threat
B. Bug
C. Attack
D. Vulnerability

10. In which category does the lack access control policy fall?
A. Threat
B. Bug
C. Attack
D. Vulnerability

11. Identify the class of computer threats

A. Phishing
B. DOS Attack
C. Soliciting
D. Both B and C

12. Which software is mainly used to help users detect viruses and avoid them?
A. Antivirus
B. Adware
C. Malware
D. None of the above

13. Which of the following tool is used in Wi-fi hacking?

A. Aircrack-ng
B. Wireshark
C. Norton
D. None

14. Which of the following is considered an element of cyber security?

A. Network security
B. Operational Security
C. Application Security
D. All of the above.

15. Identify the malware which does not replicate or clone through an infection?
A. Trojans
B. Worms
C. Rootkits

Page 2 of 6
 D. Virus

16. Identify the private search engine.

A. Bing
B. DuckDuckGo
C. Google
D. Yahoo

17. What is the CIA triad also known as?

A. AIC(Availability, Integrity, Confidentiality)
B. NIC(Non-repudiation, Integrity, Confidentiality)
C. AIN(Availability, Integrity, Non-Repudiation)
D. ANC(Availability, Non-repudiation, Confidentiality)

18. Identify the term which denotes the protection of data from modification by unknown users.
A. Confidentiality
B. Authentication
C. Integrity
D. Non-repudiation

19. Which of the following is considered as the unsolicited commercial email?

A. Virus
B. Malware
C. Spam
D. All of the above

20. _______ is a type of software designed to help the user's computer detect viruses and avoid them.
A. Malware
B. Adware
C. Antivirus
D. Both B and C

Page 3 of 6
Section B [30 Marks]

1. Define the following terms and explain the importance of each in Information Security
a. Confidentiality [3]

Confidentiality refers to the concept of protecting information from being accessed by

unauthorized individuals. Confidentiality ensures that only authorized personnel can access the
information.

b. Integrity [3]
Integrity refers to the concept that information should be trustworthy, accurate, and consistent
throughout the data's life cycle.
c. Availability [3]
Availability ensures that users have access to resources and data when they need them. It's
particularly crucial for mission-critical systems that cannot afford any downtime.
d. Threats [3]
A threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in
general.
Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks and
other attack vectors
e. Vulnerability [3]
Vulnerabilities are weaknesses that can be used to harm us. In essence, they are holes that
can be exploited by threats in order to cause us harm.
Vulnerability might be a specific operating system or application that we are running, a physical
location where we have chosen to place our office building, a data centre that is populated over
the capacity of its air-conditioning system, a lack of backup generators, or other factors
f. Risk [3]
Risk is the likelihood that something bad will happen
2. Discuss the following types of controls and give two examples of each.
a. Physical Controls [4]
Physical controls are security measures that limit access to buildings, systems, and equipment,
and also protect against damage or theft of assets.
e.g., Fences, CCTV Camera.
b. Administrative Controls [4]
Administrative controls are policies and procedures that an organization implements to ensure
its security objectives are met.
e.g., ACL, Security Awareness
c. Technical Controls [4]

Page 4 of 6
 Logical access control refers to security measures that restrict access to computer systems and
data using software.
e.g., Encryption, Firewalls

Section C [30 Marks]

1. As an organization, you have specific cyber security legal responsibilities, list four. [4]
 Compliance Laws
 Regulatory Standards
 User agreements
 Cyber Insurance
2. Discuss any three best practices for cyber security. [9]
 Train Employees
Implement regular security training to protect against internal and external threats.
 Update Software and Firmware
Keep software, firmware, and operating systems upto- date to prevent against known
vulnerabilities.
 Secure Network
Infrastructure Secure network devices, such as routers, firewalls, and switches.
3. Discuss four tools user in information security. [9]
 Authentication
Authentication is the process of verifying the identity of a user or device.
e.g., Google's 2-step verification, Touch ID on iPhones, RSA SecurID tokens.
 Access Control
Access control determines what data a user or device can access.
e.g., File permissions on a computer, firewalls in a network, physical access controls like locks and
badges.
 Encryption

Encryption is the process of converting data into a code that can't be easily read without a key.

e.g., SSL encryption for secure web browsing, PGP encryption for email, BitLocker encryption for
files and drives.

4. Discuss four common password policies. [8]

 Password Length
Passwords should be at least 8 characters long.
 Complexity
Passwords should contain a mix of upper and lowercase letters, numbers, and symbols.

Page 5 of 6
  Expiration
Passwords should be changed regularly, such as every 90 days.
 Failed Attempts
Passwords should lock out after a certain number of failed attempts to prevent brute force
attacks.
Section D [20 Marks]
1. A plaintext was encrypted with a Caesar cipher with a shift of 7. The resulting ciphertext is:
“Kvu'a qbknl h ivvr if paz jvcly”. What was the original plaintext? *Use the alphabet* [5]
Don’t judge a book by its cover.
2. A plaintext was encrypted with a Caesar cipher with a shift of 4 . The resulting ciphertext is: “M
pszi Irgvctxmsr erh Higvctxmsr” What was the original plaintext? *Use the alphabet* [5]
I love Encryption and Decryption.
3. Discuss any two advantages and 2 disadvantages of an Incident Response Plan. [10]
Advantages
 Identification and Response Time Reduction
 Proper Allocation of Resources
 Improved Communication
 Better Management of Reputational Damage

Disadvantages

 Costly to Develop and Implement

 Can Be Complicated and Time-Consuming to Create
 Risk of Relying Too Heavily on the Plan
 Potential for the Plan to Become Outdated Quickly

Page 6 of 6