Scribd Logo
Upload

Welcome to Scribd!

  • 102 views

    CSC662 Feb 2022

    Uploaded by

    athirasubki
    The document is an exam paper for a Computer Security course taken in February 2022. It consists of two parts - Part A with 10 multiple choice questions worth 80 marks total, and Part B with 2 questions worth 20 marks total. The exam is 3 hours long. The questions cover topics like blockchains, malware, UNIX security, network attacks, authentication, intrusion detection systems, two-factor authentication, cross-site scripting, digital watermarking, the Trusted Platform Module, and buffer overflow vulnerabilities in C code.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    CSC662 Feb 2022

    Uploaded by

    athirasubki
    102 views14 pages
    The document is an exam paper for a Computer Security course taken in February 2022. It consists of two parts - Part A with 10 multiple choice questions worth 80 marks total, and Part B with 2 questions worth 20 marks total. The exam is 3 hours long. The questions cover topics like blockchains, malware, UNIX security, network attacks, authentication, intrusion detection systems, two-factor authentication, cross-site scripting, digital watermarking, the Trusted Platform Module, and buffer overflow vulnerabilities in C code.

    Original Description:

    good

    Original Title

    CSC662 feb 2022

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document is an exam paper for a Computer Security course taken in February 2022. It consists of two parts - Part A with 10 multiple choice questions worth 80 marks total, and Part B with 2 questions worth 20 marks total. The exam is 3 hours long. The questions cover topics like blockchains, malware, UNIX security, network attacks, authentication, intrusion detection systems, two-factor authentication, cross-site scripting, digital watermarking, the Trusted Platform Module, and buffer overflow vulnerabilities in C code.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    102 views14 pages

    CSC662 Feb 2022

    Uploaded by

    athirasubki
    The document is an exam paper for a Computer Security course taken in February 2022. It consists of two parts - Part A with 10 multiple choice questions worth 80 marks total, and Part B with 2 questions worth 20 marks total. The exam is 3 hours long. The questions cover topics like blockchains, malware, UNIX security, network attacks, authentication, intrusion detection systems, two-factor authentication, cross-site scripting, digital watermarking, the Trusted Platform Module, and buffer overflow vulnerabilities in C code.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 14

    CONFIDENTIAL 1 CS/FEB 2022/CSC662

    UNIVERSITI TEKNOLOGI MARA


    FINAL TEST

    COURSE : COMPUTER SECURITY


    COURSE CODE : CSC662
    EXAMINATION : FEBRUARY 2022
    TIME : 3 HOURS

    INSTRUCTIONS TO CANDIDATES

    1. This question paper consists of two (2) parts: PART A (10 Questions)
    PART B (2 Questions)

    2. Answer ALL questions in the Answer Booklet. Start each answer on a new page.

    3. Answer ALL questions in English.

    Name:
    Student ID:
    Group:

    PART A PART B TOTAL MARKS

    /80 /20 /100

    DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO


    This examination paper consists of 14 printed pages
    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
    CONFIDENTIAL 2 CS/FEB 2022/CSC662

    PART A (80 MARKS)

    QUESTION 1

    Blockchain technology is the backbone of any cryptocurrency system.

    a) What is the blockchain?


    (2 marks)

    b) Identify and describe the usage of TWO (2) cryptographic algorithms used in the
    blockchain.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 3 CS/FEB 2022/CSC662

    QUESTION 2

    In 2020, 61% of organizations experienced malware activity that spread from one employee
    to another. In 2021, that number rose to 74%, which is the highest since the state-owned
    enterprises (SOES) survey began in 2016.

    (Comparitech [Online]. Available: https://www.comparitech.com/antivirus/malware-statistics-


    facts/, September 1st, 2021)

    a) What is malware?
    (2 marks)

    b) Describe THREE (3) steps taken to control the malware outbreak in a large organization
    that has a network with multiple domains.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 4 CS/FEB 2022/CSC662

    QUESTION 3

    The UNIX operating system (OS) design uses a "small or simple is good" approach. As a
    result, every program is performing one task in a very well manner. Therefore, the OS has
    become a more flexible and adaptive OS.

    a) List TWO (2) the most basic security mechanisms in UNIX.


    (2 marks)

    b) Using your answer in a), explain how UNIX grants access to any computing resources.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 5 CS/FEB 2022/CSC662

    QUESTION 4

    WatchGuard reported that the network attacks have reach four million cases since the first
    quarter of 2018 (WatchGuard Threat Lab, Internet Security Report, 2021).

    a) Why an organization with a computer network is more vulnerable than an organization


    without a computer network?
    (2 marks)

    b) Describe THREE (3) protection mechanisms that can increase the security of a computer
    network.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 6 CS/FEB 2022/CSC662

    QUESTION 5

    The authentication process always runs at the start of any computer system.

    a) List TWO (2) distinct phases in the authentication process.


    (2 marks)

    b) Discuss user authentication used in the Windows operating system in terms of:
    i) The types of user authentication.
    ii) The purpose of each authentication type.
    ii) From the computer security perspective, explain the advantage of having these
    distinctive authentication methods.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 7 CS/FEB 2022/CSC662

    QUESTION 6

    As a security consultant, your assignment is to assess the level of security of the computing
    facilities at ABC Sdn. Bhd. You have read the intrusion detection system’s (IDS) log for the
    last six months and found out that there are no issues with their host-based IDS (HIDS).
    According to Ms. Sherry, their head of the IT Department, there are lots of false-negative cases
    for the last few months. She doesn’t know what to do as all their HIDSs are using up-to-date
    signatures.

    a) What is a false-negative case?


    (2 marks)

    b) What is your suggestion? Give TWO (2) reasons to support your answer.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 8 CS/FEB 2022/CSC662

    QUESTION 7

    Your company wants to design and develop a secure but affordable smartphone. To keep the
    development cost down, you cannot use any biometric sensors. Mr. Wayne, the Security
    Engineer, proposes the smartphone uses two-factor authentication by incorporating
    behavioral biometrics.

    a) What is a behavioral biometric?


    (2 marks)

    b) Describe how to implement two-factor authentication as suggested by Mr. Wayne.


    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 9 CS/FEB 2022/CSC662

    QUESTION 8

    As a new Security Engineer, you have found that the company’s web-based system has cross-
    site scripting (XSS) attack vulnerabilities.

    a) You have reported your finding to Ms. Sally, Head of the IT Department. She said that the
    company’s policy is to use “secure cookies”, therefore, the system is safe. Do you agree
    with her? Explain your answer.

    (Note: Secure cookies are the cookies that will be sent over a secure network channel
    using HTTPS rather than HTTP.)
    (2 marks)

    b) Explain THREE (3) mechanisms to be used to minimize the effects of XSS attacks.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 10 CS/FEB 2022/CSC662

    QUESTION 9

    Digital watermarking is a technology that offers protection of unencrypted digital content.

    a) Discuss the difference between digital watermarking and encryption in terms of digital
    content.
    (2 marks)

    b) To overcome the fake academic certificate and transcript issues, Bahagian Hal Ehwal
    Akademik, UiTM plans to introduce digital academic certificates and transcripts. Identify
    and discuss TWO (2) the usage of digital watermarking techniques to secure both
    documents.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 11 CS/FEB 2022/CSC662

    QUESTION 10

    Microsoft’s new Windows 11 operating system will require a computer security feature, the
    Trusted Platform Module (TPM). The TPM is the core hardware component in trusted
    computing base systems.

    a) Why the TPM is consider as a Root-of-Trust (RoT) component in trusted computing based
    systems?
    (2 marks)

    b) Explain THREE (3) TPM’s functions that enable the component being consider as RoT.
    (6 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 12 CS/FEB 2022/CSC662

    PART B (20 MARKS)

    QUESTION 1

    Most of the modern operating systems (OS) are written in C language which due to its
    architecture is very well suited to cooperate with hardware directly including that related to
    computer security.

    void dumbFunction(char *str) {


    char buffer[16];
    strcpy(buffer, str);
    }
    void main() {
    char large_string[256];
    int i;

    for(i = 0; i < 255; i++)


    large_string[i] = 'A';
    dumbFunction(large_string);
    }

    a) Based on the segment of C source code above:

    i) Identify and describe the vulnerability in the above source code.


    ii) Why this vulnerability can happen?
    (5 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 13 CS/FEB 2022/CSC662

    b) On the vulnerability perspective:

    i) What is a vulnerability assessment?


    ii) Describe TWO (2) protection mechanisms implemented in the OS.
    (5 marks)

    QUESTION 2

    Information security and ethics are defined as an all-encompassing term that refers to all
    activities needed to protect the information.

    a) Identify the below statements based on the given lists.

    Moral Virtue Law Professional Conduct


    Ethics Regulation Veracity Work Conduct

    i) A set of established professional norms and behaviors which extend beyond the
    workplace.
    ii) A set of principles governing the conduct of all persons governed by these rules.
    iii) A set of rules which a particular country or community recognizes as governing the
    actions.
    iv) The principles of right and wrong behavior.
    v) The general quality of being morally good.
    (5 marks)

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL


    CONFIDENTIAL 14 CS/FEB 2022/CSC662

    b) A representative from an insurance company requested a statement of income of a UiTM


    staff from Bahagian Perkhidmatan, Pejabat Pendaftar UiTM. The Bahagian Perkhidmatan
    clerk gave him a standard letter of income that means to be used for the staff’s private
    matters.

    i) Which component of computer security that being breached by the unethical act of the
    staff?

    ii) Give ONE (1) reason to support your answer on b) i).

    iii) Suggest ONE (1) action need to be taken by the staff to make it an ethical act.
    (5 marks)

    END OF QUESTION PAPER

    © Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

    You might also like