BSc (Hons) Computer Science with

Network Security
Cohort: BCNS/17B/FT

Examinations for 2018 – 2019 / Semester 1

MODULE: Data and Network Security I

MODULE CODE: SECU2123C

Duration: 2 hours 30 mins

Instructions to Candidates:

1. Answer all 4 questions.

2. Questions may be answered in any order but your answers must
show the Question number clearly.
3. Always start a new question on a fresh page.
4. The use of electronic calculator is permitted.
5. Total marks to be scored: 100

This question paper contains 4 questions and 4 pages.

Page 1 of 4
Data and Network Security I (SECU2123C) SITE/Dec 2018/2019 Sem 1
QUESTION 1: (25 MARKS)

(a) Data should be protected against threat no matter where it resides - in

databases, applications or reports.
(i) What do you understand by the term ‘threat’? (3 marks)
(ii) List four (4) threats to Information Security. (4 marks)

(b) Risk is the intersection of three (3) factors. What are they? (3 marks)

(c) Spam is electronic junk email. Why is it considered a serious threat? (3 marks)

(d) Why is Pharming more difficult to detect compared to regular Phishing?

(4 marks)

(e) In May 2017 there was an outbreak of the ransomware ‘WannaCry’.

(i) What is a ransomware? (5 marks)
(ii) How could this attack been prevented? (3 marks)

QUESTION 2: (25 MARKS)

(a) Access Control is one of the most important protection mechanism being used to
enforce security. Describe the four (4) processes included in Access Control.
(8 marks)

(b) Access control models used by current systems tend to fall into one of two
classes: those based on capabilities and those based on access control lists
(ACLs). Define both terms. (4 marks)

(c) Biometrics are automated methods of recognizing a person based on a

physiological or behavioral characteristic. Explain step-by-step how the capture,
process and verification is achieved using Biometrics. (8 marks)

Page 2 of 4
Data and Network Security I (SECU2123C) SITE/Dec 2018/2019 Sem 1
(d) In order to ensure accountability, systems usually generate reports known as
System Logs. List five (5) best practices when handling these logs. (5 marks)

QUESTION 3: (25 MARKS)

(a) A firewall can be a hardware or software which is used to control incoming and
outgoing packets from and to the organizational perimeter, based on criteria you
specified within the access lists.
(i) What are those criteria? (4 marks)
(ii) What do you understand by the term Stateful Packet Inspection (SPI)?
(3 marks)

(b) Decrypt the below Caesar cipher. Show your workings.

WKH PRUH L OHDUQ WKH OHVV L UHPHPEHU (5 Marks)

(c) Encrypt the below Playfair Cipher using the Key: PLANET. Show your workings.
AND THAT, KIDS, IS HOW I MET MY LECTURER (9 marks)

(d) (i) What is Steganography? (2 marks)

(ii) How is it useful in the digital world? (2 marks)

QUESTION 4: (25 MARKS)

(a) Calculate the public (e, n) and private (d, n) RSA keys, given the values of the
primes are p=5, q=11 and choosing e=3. Show all your workings. (9 marks)

(b) What is the difference between a Block and Stream cipher? (4 marks)

Page 3 of 4
Data and Network Security I (SECU2123C) SITE/Dec 2018/2019 Sem 1
(c) Quantum Cryptography is the only known method for transmitting a secret key
over distance that is secure in principle and based on the laws of physics.
(i) Using an example, explain how a key is shared using Quantum
Cryptography. (10 marks)
(ii) Give two (2) problems with Quantum Cryptography. (2 marks)

***END OF QUESTION PAPER***

Page 4 of 4
Data and Network Security I (SECU2123C) SITE/Dec 2018/2019 Sem 1