Session 3 2019 Examination
Part A – Multiple Choice
5 marks (0.5 marks per question)
Instructions:
1.Circle only one answer per question.
2.Circle the correct answer on this exam paper.
3.This exam paper must be handed in at the end of the exam.
The following exam questions refers to this short case study.
You are a cybersecurity consultant. One of your newest clients is a multi-national accounting group known as Big Accounting Group (BAG), with offices in many different countries. They collect and store their accounting client’s information on a database which authorised employees can access via the internet. They can read and write to this database. Some of this information includes personal identifiable information (PII) and client payment details (e.g. credit card details).
A recent cyber-attack occurred prior to you having them as a client, whereby a malicious actor compromised the client database and installed ransomware. The attacker is demanding $100000 USD to unlock the data.
The Chief Executive Officer (CEO) wants you to speak to the BAG Board. You have asked some preliminary questions regarding their systems. There is a website hosted on the same server as both the customer and an employee database.
The CEO has also asked you for a briefing on the complete cybersecurity risk management process (identification, assessment and controls) required; including a BIA (Business Impact Analysis) based on the recent compromise of their central database.
1.Which of the following is an attempt to learn or make use of information from the system that does not affect system resources?
A.Passive attack.
B.Outside attack.
C.Inside attack.
D.Active attack.
2. For the BIA apart from the credit card details what are other possible impacts?
(a)Customer PII
(b)Details on third-party entities
(c)Financial records
(d)Answers a and b
(e)Answers a, b and c
3. Which of the following code is inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met?
A.Logic bomb.
B.Trapdoor.
C.Worm.
D.Trojan horse.
4.Which of the following is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.
A.Digital signature.
B.Keystream.
C.One way hash function.
D.Secret key.
5.A risk assessment is designed to achieve which of the following?
(a)To identify the likely impact if a vulnerability is exploited
(b)To identify the degree of likelihood that a vulnerability will be exploited
(c)To identify the likely impact if a threat occurs
(d)To identify the degree of likelihood that a threat will occur and its likely impact.
(e)Answers a, c and d
E.
Part B – 15 marks (3 marks per question)
Instructions:
1.Answer these questions in the provided answer book.
1.In the context of BAG (presented in part A), briefly describe each of the following, (3 marks)
a.Three (3) assets
b.Three (3) threats.
2.In the context of BAG, briefly describe each of the following, including comment on the primary means of propagation. (3 marks)
a.Virus.
b.Warm.
c.Trojan horse.
3.BAG have ID/IPS as one of their security measures. In what layers of the defence-in-depth model would firewalls be found? (3 marks)
4.Describe how a Distributed Denial of Service (DDOS) Attack functions and describe three lines of defence against such attacks.
5.List and describe briefly the two (2) rules specified by the Bell-LaPadula (BLP) model for a multilevel security system. (3 marks)
Part C – 30 marks (5 marks per question)
Instructions:
1.Answer this question in the provided answer book.
2.Attempt ANY SIX(6) out of TEN (10) of the following questions
1.Compare and contrast the cybersecurity concepts threats, Hazards and Risk. Give examples to explain each concept. (5 marks)
Definition (1.5 marks)
Examples (1.5 marks)
Differences between the concepts (in a scenario) (2 marks)
2.Estimate the risk of your PC to be physically damaged in the following scenario: (5 marks)
Your PC is vulnerable to physical damage. The likelihood of the PC being damaged due to dropped or liquid spilled is estimated at 0.3. The PC has been assigned an impact value of 1000. You have reduced the impact of the vulnerability by 70 percent using regular backup. There is a 80 percent certainty of the assumptions and data.
Application of the right formula (3 marks)
Results (2 marks)
3.Distributed Denial of Service (DDoS) is one of the most frequent and dangerous network attacks. Explain the DDoS working mechanism and discuss the measures an SME can take to minimize the impact of DDoS attacks. (5 marks)
DDoS working mechanism (3 marks)
Measures to minimize DDoS impact (2 marks)
4.In Windows, you have an option to run a program e.g. notepad as Administrator (see picture bellows). Explain in what situation you will need to use this option and what access control model is implemented in Windows in this case. (5 marks)
Correctly identify the situation (2 marks)
Correctly identify the ACL model (1 mark)
Correctly explain why you have chosen that model (2 marks)
5.Discuss how the security principle of “separation of duty” is implemented in SME context. (5 marks)
Explanation of the separation of duty principle (1 mark)
Example scenario (SME context) to illustrate the principle (2 marks)
Explanation of how the principle is applied in the scenario to improve the security (2 marks)