 |
PRS821S - PROGRAMMING FOR SECURITY PERSONNEL - 2ND OPP - DEC 2025 |
|
|
1 Page 1 |
▲back to top |
nAmlBIA un lV ERSITY
OF SC IEn CE Ano TECHn OLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENT OF SOFTWARE ENGINEERING
QUALIFICATION: BACHELOR OF COMPUTER SCIENCE HONOURS {SOFTWARE
DEVELOPMENT)
QUALIFICATION CODE : 08BCHS
LEVEL: 8
COURSE: PROGRAMMING FOR SECURITY
PERSONNEL
DATE: DECEMBER 2025
COURSE CODE: PRS821S
PAPER: THEORY
DURATION: 2 HOURS
MARKS: 100
SECOND OPPORTUNITY/SUPPLEMENTARY EXAMINATION QUESTION PAPER
EXAM IN ER
PROF AMBROSE AZETA
MODERATOR:
DR OMOBAYO ESAN
INSTRUCTIONS
1. Answer ALL the questions.
2. Read all the questions carefully before answering.
3. Number the answers clearly.
THIS QUESTION PAPER CONSISTS OF 5 PAGES
(Including this front page)
1
|
|
2 Page 2 |
▲back to top |
SECTION A: TRUE OR FALSE, AND MULTIPLE-CHOICE QUESTIONS
This section consists of 20 questions. Answer all the questions
Each correct answer is allocated 2 Marks
Write True or False for Questions 1 to 12, and select a, b, cord for Questions 13 to 20
1. Insider attacks involve someone outside the organization carrying out an attack. [2 Marks]
2. Security refers to the mechanisms in place to protect the confidentiality and privacy of
personal information.
[2 Marks]
3. Security is the protection of information and information systems from unauthorized access,
use, disclosure, disruption, modification, or destruction in order to provide confidentiality,
integrity, and availability.
[2 Marks]
4. Additional functionalities to cater for the short comings of IPV4, includes, security,
authentication and integrity.
[2 Marks]
5. Adding malicious codes to a database query to gain unauthorized access to a web
application's database is known as MySQL injection.
[2 Marks]
6. Command injection is a database injection technique that exploits a security flaw.[2 Marks]
7. Security incidents are not a potential threat to the integrity of personally identifiable
information.
[2 Marks]
8. Using two-factor authentication is not an effective tool for securing your account.[2 Marks]
9. Cybersecurity is IT's responsibility. The everyday end-users in the office don 't need to worry
about this topic.
[2 Marks]
10. Software and application updates are not important and can just be ignored.
[2 Marks]
11. A software program or a hardware device that filters all data packets coming through
the internet, a network, etc, is known as Cookies.
[2 Marks]
12. Security is an individual's right to control the use or disclosure of personal information.[2Mks]
13. Which of the following is defined as an attempt to harm, damage or ca use threat to a system or
network?
[2 Marks]
a. Digital crime b. Threats c. System hijacking d. Cyber Attack
14. Ransomware attacks may be described as,
[2 Marks]
a. Attackers kidnaping people for money b. Attackers kidnaping data for money
c. Attackers kidnaping animals for money d. Attackers kidnaping cell phones for money
15. Which one of the following is a type of antivirus program?
a. Facebook b. Notepad c. RoofofAfrica
d. McAfee
[2 Marks]
16. To protect the computer system against hackers and different kind of viruses, one must
always keep __on in the computer system: a. Sapol b. Music Player c. Firewall d. Java IDE
[2 Marks]
17. A software program or hardware device that filters all data packets coming through the
internet, a network, etc, is known as: a. Virus b. Firewall c. Cookies d. Malware [2 Marks]
18. Which of the following do cyber attackers commonly target for fetching IP address of a
target or victim user? a) ip tracker b) emails
c) websites d) web pages [2 Marks]
19. Hackers usually use the computer virus for the following purpose, except one [2 Marks]
a. To log, monitor each and every user's actions
b. To gain access to sensitive information like user's Id and Passwords
c. To corrupt the use r's data stored in the computer system
d. To send birthday messages to users
2
|
|
3 Page 3 |
▲back to top |
20. Insider attacks involve one of the following
[2 Marks]
a. Someone within the organization carrying out an attack
b. Someone outside the organization carrying out an attack
c. Intentional malicious outsiders eavesdrop, steal data or erase it
d. Unauthorized access to digital assets without seeking permission by external person
SECTION B: CODE SNIPPET AND EXPLANATIONS
This section consists of 3 questions. Answer ALL the questions
Each correct answer is allocated 8 Marks
Question One
[8 Marks]
(A) If a user continues to enter a wrong password in the Python code segment below,
how many times will the print statement print.
{4 Marks)
attempts= 1
while attempts< 7:
username = input('Enter your username: ')
password= input{'Enter your password:')
if username == 'admin' and password== 'admin123':
print('You have successfully logged in.')
break
else:
print{'lncorrect credentials. Check if you have Caps lock on and try again.')
attempts+= 1
continue
(B) Find the Class, netids and hostids for the following IP addresses:
130.90.80. 108
200.10.117.106
80.125.15.100
(4 Marks)
Question Two
[8 Marks]
The Python program below get input data from the keyboard and compare with username
and password within the program. Modify the program to compare username and password
from a dataset named: Password-ld.csv
attempts=0
remains=5
print('PASSWORD ENTERING MENU FOR ABC BANK, MAXIMUM ATTEMPT IS 5')
while attempts< 5:
username = input('Enter your username: ')
password = input('Enter your password: ')
if username == 'admin' and password== 'admin123':
print{'You have successfully logged in')
break
3
|
|
4 Page 4 |
▲back to top |
else:
print('lncorrect usernam e and/or password, you may retry again')
remains-= 1
print('Number of Attempts left:', remains)
attempts+= 1
if attempts== 5:
print('Account locked')
break
continue
Question Three
[8 Marks]
(A) (i) Write a Python program segment to display the usern ame of the current user that
is log into the syst em, it must check who you are
(2 Marks)
(ii) What are Cyberattacks? Name the most common ones?
(2 Marks)
(B) Explain Phishing with examples, and highlight how to avoid Phishing attacks. (4 Marks)
SECTION C: NETWORK PACKETS AND IP ADDRESS
Describe the following send commands:
Cl.
send(IP(ttl=64, src='128.99.4.123', dst='127.110.120.100'))
(2 Marks)
Briefly explain the following with example(s):
C2. 1Pv6 Compressed
C3. 1Pv6 Uncompressed
C4. 1Pv6 Fully Uncompressed
cs. send(I P(dst='127 .0.0.1'), return_packets=True)
CG. send (I P(src=' 128.99.4.123', dst='127.110.120.100'))
(2 Marks)
(2 Marks)
(2 Marks)
(2 Marks)
(2 Marks)
SECTION D: CODES/THEORY
Answer all questions
Each correct answer is allocated 8 Marks
Question One
[8 Marks]
Write short note on the following:
-Password attack and how to avoid it.
-Command Injection attack
(4 Marks)
(4 Marks}
Question Two
[8 Marks]
Assume th ere is a Python program named pwchecker.py that accepts a password from the
keyboard as a combination of alphanumeric characters along with specia l characters, and
checking whether the password is valid or not, a password validation is to be carried out as
follows. Write the Python program pwchecker.py
4
|
|
5 Page 5 |
▲back to top |
a. At least one alphabet should be of Lower Case [a-z]
b. At least one alphabet should be of Upper Case [A-Z]
c. Minimum 6 characters.
d. At least 1 number or digit between [0-9].
e. At least 1 character from [_or@ or$].
Sample outputl
Input : Cput_fortune$
Output : Invalid Password
Explanation: Number is missing
Sample output2
Input: C@m@_f0rtu9e$
Output : Valid Password
Sample output3
Input : Cput#fortu9e
Output : Invalid Password
Explanation: Must consist from_ or@ or$
Question Three
[8 Marks]
Briefly discuss the following types of network attacks - Phishing, Man-in-the-Middle Attack, DoS
(Denial of Service), and Social Engineering.
- - THE END
5