 |
PRS821S - PROGRAMMING FOR SECURITY PERSONNEL - 1ST OPP - NOV 2023 |
|
|
1 Page 1 |
▲back to top |
nAmlBIA UnlVERSITY
OF SCIEnCE Ano TECHnOLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENTOF SOFTWAREENGINEERING
QUALIFICATION: BACHELOROF COMPUTERSCIENCEHONOURS(SOFTWARE
DEVELOPMENT)
QUALIFICATIONCODE:08BCHS
LEVEL: 8
COURSE:PROGRAMMING FORSECURITY
PERSONNEL
DATE: NOVEMBER2023
COURSECODE:PRS821S
PAPER:THEORY
DURATION: 2 HOURS
MARKS: 100
FIRSTOPPORTUNITYEXAMINATION QUESTION PAPER
EXAMINER
DR AMBROSEAZETA
MODERATOR:
MR OMOBAVO AVOKUNLEESAN
INSTRUCTIONS
1. Answer ALLthe questions.
2. Read all the questions carefully before answering.
3. Number the answers clearly.
THIS QUESTIONPAPERCONSISTSOF 5 PAGES
(Including this front page)
1
|
|
2 Page 2 |
▲back to top |
SECTIONA: TRUEOR FALSE
This section consist of 20 questions. Answer all the questions
Each correct answer is allocated 2 Marks
Write True or False for Questions 1 to 20.
1. One of the software used to monitor the status of any network packet sent is Wireshark.
[2 Marks]
2. Plagiarism statement must be on top of a VPL Python program on elearning. [2 Marks]
3. Malware stands for Multipurpose software.
[2 Marks]
4. In order to ensure the security of the data/ information, we need to Decrypt the data.[2 Marks]
5. TCP/IP stands for Transmission Control Protocol/ internet prototype.
[2 Marks]
6. Hackers usually use the computer virus to send good will messages to users.
[2 Marks]
7. To protect the computer system against the hacker and different kind of viruses, one must
always keep firewall on in the computer system.
[2Marlcs]
8. A software program or a hardware device that filters all data packets coming through
the internet, a network, etc, is known as Cookies.
[2 Marks]
9. Worm is considered as an unsolicited commercial email.
[2 Marks]
10. One way to prevent password attack is use of surname as password.
[2 Marks]
11. A ransomware attacks may be similar to kidnapers kidnap data for money.
[2 Marks]
12. Insider attacks involve someone outside the organization carrying out an attack. [2 Marks]
13. Denial of Service (DoS) and Distributed DoS are the same.
[2 Marks]
14. Passiveattacks and Active attacks are types of attacks.
[2 Marks]
15. Since cyber attackers are now using Artificial Intelligence {Al) tools to carryout attacks, it is
essential for organisations to Upgrade their protection mechanism from conventional
defense to Al-based defense mechanism.
[2 Marks]
16. Additional functionalities to cater for the shortcomings of IPV4, includes, security,
authentication and integrity.
[2 Marks]
17. The IP Address: 210.125.15.100 is a ClassA.
[2 Marks]
18. SQLinjection involves adding malicious code to a database query to gain unauthorized
access to a web application's database.
[2 Marks]
19. Command injection is a database injection technique that exploits a security flaw. [2 Marks]
20. The netid of the IP Address: 128.98.89.129 is 128.98.0.0
[2 Marks]
SECTIONB: NETWORKPACKETS
Explain each of the following send statement and the possible output, when is executed on
Scapy environment. For instance, the statement send(IP{dst='127.0.0.1')) creates a network
packet with destination IP address 127.0.0.1. When executed on Scapy, the output will be:
Sent 1 packets
21. send(IP{dst='127.0.0.1'), return_packets=True)
(2 Marks]
22. send{IP{src='128.99.4.123', dst='127.110.120.100'))
[2 Marks]
23. send{IP{ttl=64, src='128.99.4.123', dst='127.110.120.100'))
(2 Marks
24. send{IP(ttl=64, src='128.99.4.123', dst='127.110.120.100'), count=3)
(2 Marks]
25. send(I P(ttl=64, src='128.99.4.123', dst='127. 110.120.100')/TCP{)/"Welcome Class") (2 Marks]
26. send{IP{ttl=64, src='128.99.4.123', dst = '127.110.120.100')/TCP
(sport=135,dport=136)/"Welcome to Python Lecture", count=3)
(2 Marks]
2
|
|
3 Page 3 |
▲back to top |
SECTIONC: CODESNIPPET
This section consists of 3 questions. Answer ALLthe questions
Each correct answer is allocated 8 Marks
Question One
[8 Marks]
(A) The Python program below get input data from the keyboard and compare with
username and password within the program. Modify the program to compare
username and password from a dataset named: Password-ld.csv
(4 Marks)
attempts=0
remains=5
print('PASSWORD ENTERINGMENU FORABC BANI<,MAXIMUM ATTEMPTIS5')
while attempts< 5:
username = input('Enter your username: ')
password = input('Enter your password: ')
if username == 'admin' and password== 'admin123':
print('You have successfully logged in')
break
else:
print('lncorrect username and/or password, you may retry again')
remains-= 1
print('Number of Attempts left:', remains)
attempts+= 1
if attempts== 5:
print('Account locked')
break
continue
(B) Find the Class,netids and hostids for the following IP addresses:
130.90.80. 108
200.10.117.106
80.125.15.100
(4 Marks)
Question Two
[8 Marks]
(A) If a user continues to enter a wrong password in the Python code segment below,
how many times will the print statement print.
attempts= 1
while attempts< 7:
username = input('Enter your username: ')
password= input('Enter your password:')
if username == 'admin' and password== 'admin123':
print('You have successfully logged in.')
break
else:
print('lncorrect credentials. Check if you have Caps lock on and try again.')
attempts+= 1
continue
3
|
|
4 Page 4 |
▲back to top |
(B) Write a Python program to check if a number is a spy number or not using the for loop.
For example, if the sum of digits equals the product of individual digits in a number, it is
a spy. In this Python spy number example, we used a while loop to divide the number
into digits and find the sum and the product of the digits. The if statement checks
whether the sum equals product, if true, spy number.
Sample output1:
Enter a number to check for spy number: 123
123 is a spy number
Sample output2:
Enter a number to check for spy number: 1124
1124 is a spy number
Sample output3:
Enter a number to check for spy number: 22
22 is a spy number
Sample output4:
Enter a number to check for spy number: 33
22 is a spy number
Sample outputs:
Enter a number to check for spy number: 1441
1441 is Not a spy number
Question Three
[8 Marks]
(A) Write a Python program segment to check the IP address of a web site: ium.edu.na (4 Marks)
(B) Discuss six differences between IPV4 and IPV6.
(4 Marks)
SECTIOND: CODES/THEORY
Answer all questions
Each correct answer is allocated 8 Marks
Question One
[8 Marks]
(A) Write short note on the following:
-Password attack and how to avoid it.
-Command Injection attack
(4 Marks)
(B) Explain the security risk with the codes below and rewrite the codes to avoid attack.
import os
Numl=input("Enter an integer Arithmetic Expression : ")
print ("Result=", eval(Numl))
(4 Marks)
4
|
|
5 Page 5 |
▲back to top |
Question Two
Modify the Python program segment below to avoid command injection.
[8 Marks]
import os
Numl=input("Enter an integer Arithmetic Expression:")
print ("Result=", eval(Numl))
Question Three
[8 Marks]
(A) The Python program below extracts the first 3 characters in an IPV4 IP Address and
display them by appending the first octet to the previous.
IP= ["198.454.234.023","177.232.187.001","298.367.823.201","323.419.312.222"]
#Extract the first 3 characters
networks=[]
for address in IP:
networks.append(address[0:3])
print(networks)
(4 Marks)
Sample output:
['198']
['198', '177']
['198', '177', '298']
['198' I '177' I '298' I '323']
Modify the above program to extract the first 4 characters in IPV6 Address below:
8194: 1753:8162:1004:0500:2220:17753:8162
6193.4444.1285 .5731.2399.0200.1200.6525
7193.3232.1285.5731. 7199.3330.4440.1225
and display them by appending the first octet to the previous.
(B} Briefly discuss the following types of network topology - Bus, Star and Hybrid (4 Marks)
--THE
END
5