Question 1: Choose correct or incorrect for the following statements: [15 Marks]

1 The CIA triad includes confidentiality, identity, and availability. Correct  Incorrect 
2 Passive attacks are typically easier to detect than active attacks. Correct  Incorrect 
The Internet Society (ISOC) is responsible for publishing internet infrastructure
3 Correct  Incorrect 
standards.
A breach with a moderate impact may still significantly disrupt operations without
4 Correct  Incorrect 
total failure.
5 DES uses a 64-bit key and a 56-bit block size. Correct  Incorrect 
6 AES supports multiple key lengths but only a fixed block size. Correct  Incorrect 

7
In ECB mode, identical plaintext blocks yield different ciphertext blocks for the same Correct  Incorrect 
key.
8 Stream ciphers typically require a pseudorandom keystream to be secure. Correct  Incorrect 
9 Hash functions used for authentication must include a secret key. Correct  Incorrect 
10 Public key encryption involves one shared key between sender and receiver. Correct  Incorrect 
11 HMAC strengthens traditional hash-based authentication by incorporating a key. Correct  Incorrect 
12 Diffie-Hellman is primarily used for secure message encryption. Correct  Incorrect 
13 Kerberos uses public-key encryption to securely distribute symmetric keys. Correct  Incorrect 
14 A Kerberos realm must have a master database that is centrally managed. Correct  Incorrect 
15 X.509 certificates cannot be verified by anyone except the certificate authority. Correct  Incorrect 

Question 2: Choose the correct answer for each of the following 15 statements: [15 Marks]

1. Which organization plays a central role in developing internet standards?

A. NIST B. IEEE C. ISOC D. NSA

2. Which encryption scheme uses a Feistel structure with 16 rounds?

A. AES B. RSA C. DES D. RC4

3. Which mode of operation encrypts identical plaintext blocks into identical ciphertexts under the same key?

A. CBC B. ECB C. CTR D. CFB

4. What characteristic makes stream ciphers resistant to brute-force

attacks?

A. Long key length B. Fixed message length C. Block chaining D. Hash-based padding

5. What is a key reason for transitioning from DES to AES?

A. AES is faster than RC4 B. DES lacks public documentation

C. DES has too short a key length D. AES is hardware only

6. What does HMAC improve upon compared to plain hash functions?

A. Speed B. Confidentiality C. Authentication security D. Signature generation

 7. What is the main use of the Digital Signature Algorithm (DSA)?

A. Encrypting emails B. Key exchange C. Signing data D. Verifying passwords

8. What is the main output of a secure hash function used in digital

signatures?

A. Session key B. Message digest C. Certificate D. Encrypted block

9. Which Kerberos server issues the Ticket Granting Ticket (TGT)?

A. TGS B. KDC C. AS D. NAS

10. What part of a Kerberos principal identifies the service?

A. Realm B. Instance C. Key D. Ticket

11. What is a main reason for certificate revocation?

A. Ticket lifetime expired B. DNS configuration changed

C. User left the organization D. CA private key changed

12. Which of the following is a core function in an identity management

system?

A. Cryptographic modeling B. Self-service password reset C. Traffic sniffing D. File system auditing

13. In IEEE 802.1X, the Supplicant is:

A. The switch interface B. The authentication server

C. The device requesting access D. The network administrator

14. What is the function of the Authenticator in NAC systems?

A. Assign IP addresses B. Evaluate patch levels C. Relay authentication messages D. Detect malware

15. Which of the following defines NIST's cloud computing model?

A. Five service models B. Three deployment characteristics

C. Five essential characteristics D. Four encryption levels

Page 2 of 5
Question 3: Fill in the blanks: [5 Marks]

1. The protocol that combines HTTP with SSL to secure web communication is known as __________.
2. SSL uses the __________ Protocol to define a shared secret key for both confidentiality and
message integrity.
3. In HTTPS, if secure communication is established, the URL begins with __________ instead of http.
4. The 48-byte shared secret used in SSL to generate encryption and MAC keys is called the
__________.
5. The SSL __________ Protocol is responsible for initiating the secure session between client and
server.
6. In SSH authentication, the __________ method sends the client’s public key signed by its private
key.
7. An __________ vector (IV) is used in SSL when a block cipher is operating in CBC mode.
8. The standardized version of SSL defined by IETF as RFC 5246 is called __________.
9. In SSH, the protocol responsible for secure channel management over an authenticated tunnel is the
__________ Protocol.
10. A key feature of SSH is __________ which allows insecure TCP connections to be secured.
11. ________ is an umbrella term for managing access to a network and authenticating users and
devices.

12. The three main components of a NAC system are Access Requester (AR), ________ , and Policy
Server.

13. An Access Requester (AR) may also be referred to as a ________ or client.

14. IEEE ________ is a common standard used for port-based network access control.

15. In cloud computing, the three main service models are SaaS, ________, and IaaS.

16. A ________ provides connectivity and transport of cloud services between consumers and
providers.

17. The role of a ________ is to verify and assure that the cloud provider complies with security
standards.

18. The ________ model gives the appearance of exclusive database use but actually shares the
environment among tenants.

19. Data in the cloud must be protected when at rest, in transit, and in ________.

20. SecaaS stands for ________ as a Service.

Page 3 of 5
Question 4: Confusion matrix: [15 Marks]
You are working as a cybersecurity analyst at a university that has implemented Kerberos-based
authentication to protect its internal digital services, including access to email, learning platforms, and staff
portals.
One day, a student logs in to their personal device and tries to access the university’s course registration
system, which requires secure authentication through Kerberos. You are asked to explain how the Kerberos
authentication process works to ensure both the identity of the user and secure access to services.

1. Describe the key goals of using Kerberos in such an environment. What are the main security
benefits Kerberos provides to both users and the organization?

2. Draw and label the Kerberos message exchange process (Version 4 or 5).

Page 4 of 5
Question 5: Answer the following Question: [10 Marks]
A government agency is implementing a secure communication system for exchanging sensitive information
between departments using public-key infrastructure (PKI). Each employee is issued a digital certificate
signed by the agency’s internal Certificate Authority (CA). You are asked to explain how digital certificates
and public-key encryption help establish secure communication in this environment.

1. Briefly explain how public-key encryption works and how it differs from symmetric encryption.

2. Describe the role of a digital certificate and the function of the Certificate Authority (CA).

3. Why is certificate revocation important, and how is it typically managed?

4. In cloud computing environments, data can exist in three primary states:

• List these three states of data.
• For each state, describe the main security technique used to protect the data and provide an
example illustrating its application.

Page 5 of 5