 |
SAS821S - SECURITY ANALYTICS - 2ND OPP - JAN 2025 |
|
|
1 Page 1 |
▲back to top |
n Am I BI A u n IVE Rs ITY
OF SCIEnCE Ano TECHnOLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENTOF CYBERSECURITY
QUALIFICATION:BACHELOROF COMPUTERSCIENCE(HONSDIGITALFORENSICS}
QUALIFICATIONCODE: 08 BCCS
COURSE:SECURITYANALYTICS
LEVEL:8
COURSECODE: SAS821S
DATE: JANUARY2025
SESSION:THEORY
DURATION: 2 HOURS
MARKS: 70
SECONDOPPORTUNITY/SUPPLEMENTAREYXAMINATIONQUESTIONPAPER
EXAMINER(S)
PROFATTLEEM. GAMUNDANI
MODERATOR:
MR MBAUNGURAIJETJIKUZU
THISQUESTIONPAPERCONSISTSOF 2 PAGES
(Excluding this front page)
INSTRUCTIONS
1. Answer ALLthe questions.
2. Write clearly and neatly.
3. In answering questions, be guided by the allocated marks.
4. Number your answers clearly following the numbering used in this
question paper.
1. None
PERMISSIBLEMATERIALS
|
|
2 Page 2 |
▲back to top |
j SECTION A: Case Study - 20 Marks
QUESTION 1
20 marl<s
ABC Enterprises has implemented an access control system to manage employee access to its
resources. Recently, there have been incidents of unauthorised data access despite the access
controls. The company wants to develop an analytics solution to detect anomalies in user access
patterns using machine learning.
(a) Explain the concept of access analytics and its importance in detecting anomalies in user
access patterns.
(S marks)
(b) Outline the steps you would take to develop and implement a machine learning-based access
anomaly detection system.
(10 marks)
(c) Discussthe limitations of using machine learning for access anomaly detection and suggest
ways to mitigate these limitations.
(S marks)
ISECTION B - SOMarks
QUESTION 2
15 marks
(a} Describe how simulations can be used in "what-if" security scenarios to aid strategic
decision-making. Provide an example related to cyber-attack response planning. (7 marks)
(b} Identify and discuss the challenges involved in using simulations for security process
implementations, such as data accuracy and computational resources.
(8 marks)
Page 2
|
|
3 Page 3 |
▲back to top |
I"
QUESTION3
15 marks
(a) Compare and contrast supervised and unsupervised machine learning approaches in the
context of malware detection.
(7 marks)
(b) Propose a machine learning-based solution for detecting zero-day malware attacks. Explain
how your approach would identify previously unseen malware.
(8 marks)
QUESTION4
20 marks
{a) Define security intelligence and explain its role in enhancing an organisation's risk
management strategies.
(5 marks)
(b) Discusshow security intelligence can be leveraged to detect insider threats. Specify the types
of data and analytics methods that would be employed.
(10 marks)
(c) Explain the challenges of integrating security intelligence solutions into existing security
infrastructures and suggest possible solutions.
(5 marks)
*****ENDOFEXAMINATIOPNAPER*****
Page 3