Академический Документы
Профессиональный Документы
Культура Документы
Network Security
Cohort: BCNS/18A/FT
Instructions to Candidates:
Page 1 of 4
Data and Network Security I (SECU2123C) SITE/June 2019 Sem 1
QUESTION 1: (25 MARKS)
Data security is not as simple as it might first appear. New threats, vulnerabilities and
risks are emerging with the advancement of technology.
(b) In October 2016 Dyn Domain Name System (DNS) was attacked by botnets
called ‘Mirai’. This attack affected numerous online services. Explain how botnet
attacks work. Illustrate your answer with the use of a diagram. (9 Marks)
(c) Phishing and Pharming are two popular methods used by hackers to harvest
usernames and passwords. Define both terms. (6 Marks)
(d) Trojan horses are software which conceal malicious payloads while appearing to
perform legitimate actions. What can these payloads do to your computer?
(4 Marks)
Access control is a protection mechanism used to control which entity can have
access to a specific resource.
(a) In order to use MCB Juice, a user has to use his/her mobile application to sign-in.
Assume the user is able to sign-in using his/her fingerprint. While doing a
transaction (e.g sending money to someone), the user has to input a PIN and
depending on the amount being sent, he/she will receive a code (unique for each
transaction) via sms, which will be required to complete the transaction.
Page 2 of 4
Data and Network Security I (SECU2123C) SITE/June 2019 Sem 1
(i) Is this a single-factor or multi-factor authentication? (1 Mark)
(c) What are the main differences between a Mandatory Access Control (MAC) and
Discretionary Access Control (DAC)? (8 Marks)
(d) The Bell-LaPadula Model (BLM) has three rules. The 2nd rule states that a
subject at a given security level must not write to any object at a lower security
level (no write-down). According to you, why is this rule important? (4 marks)
(b) Encrypt the below Playfair Cipher using the Key: THANOS. Show your workings.
THE HARDEST CHOICES REQUIRE THE STRONGEST WILLS (9 marks)
(d) PGP is known as a hybrid cryptosystem. Explain how PGP encryption works.
(10 Marks)
Page 3 of 4
Data and Network Security I (SECU2123C) SITE/June 2019 Sem 1
QUESTION 4: (25 MARKS)
(a) A public key digital signature provides authentication, integrity and non-
repudiation. Explain how this is achieved. (6 Marks)
(b) Calculate the public (e, n) and private (d, n) RSA keys, given the values of the
primes are p=29, q=31 and choosing e=11. Show all your workings. (10 marks)
(c) (i) Ciphers can be classified into two groups: block ciphers and stream ciphers.
According to you which cipher is better for voice transmission and why. (5 marks)
(ii) How can block ciphers ensure that identical blocks/messages encrypted on
the same day do not produce identical ciphertext? (4 marks)
Page 4 of 4
Data and Network Security I (SECU2123C) SITE/June 2019 Sem 1