 |
SAS821S - SECURITY ANALYTICS - 2ND OPP - DEC 2025 |
|
|
1 Page 1 |
▲back to top |
nAml BI A UnlVERS ITY
OF SCIEnCE AnDTECHnOLOGY
Faculty of Computing and
Informatics
School of Computing
Department of Cyber
Security
13 Jackson Kaujeua Street
Private Bag 13388
Wi ndhoek
NAMIBIA
T: +264 612072052
F: +264 61 207 9052
E: dcy@nust.na
W: www.nust.na
DEPARTMENT OF CYBER SECURITY
QUALIFICATION: BACHELOR OF COMPUTER SCIENCE (HONS DIGITAL FORENSICS)
QUALIFICATION CODE: 08BCCS
LEVEL: 8
COURSE: SECURITY ANALYTICS
COURSE CODE: SAS821S
DATE: DECEMBER 2025
SESSION: THEORY
DURATION : 3 HOURS
MARKS: 100
SECOND OPPORTUNITY/ SUPPLEM ENTARY EXAMINATION QUESTION PAPER
EXAMINER (S}
DR ARPIT JAIN
MODERATOR:
MR MBAUNGURAIJE TJll<UZU
THE QUESTION PAPER CONSISTS OF 4 PAGES
(Including th is front page)
INSTRUCTIONS
1. Answer ALL the questions.
2. Write clearly and neatly.
3. In answering questions, be guided by the allocated marks.
4. Number your answers clearly following the numbering used in this
question paper.
1. None
PERMISSIBLE MATERIALS
1
|
|
2 Page 2 |
▲back to top |
Question 1
(a) Describe the main objectives and benefits of implementing Security Analytics in modern
organisations.
[05 Marks]
(b) Explain how data collection, correlation, and visualisation enhance threat detection in
security analytics.
[OS Marks]
(c) Describe how machine learning and predictive modelling can be utilised to forecast cyber
threats and ass ist in proactive defence mechanisms.
[10 Marks]
Question 2
(a) What are the different kinds of features which are used in existing ML-based detection
algorithms?
[10 Marks]
(b) Explain how supervised and unsupervised learning techniques can be applied in detecting
unknown or zero-day attacks.
[10 Marks]
Question 3
(a) Explain the Incident Response Life Cycle in detail.
(b) Explain the below phases of the analytics in incident response.
1. Detection and analysis
2. Containment
[10 Marks]
[05 Marks]
[05 Marks]
Question 4
(a) Differentiate Threat Intelligence and Security Intelligence
[10 Marks]
(b) Explain the role of text mining techniques to analyse security logs, alerts, and incident
reports.
[10 Marks]
2
|
|
3 Page 3 |
▲back to top |
Question 5
Scenario:
The owners of a sma ll start-up company found it stra nge when several of their programmers quit
the company at the same time. When company executives "got wind" that the individuals had
gone to work for a competitor, they began to ask questions about whether or not the company's
intellectual property had been stolen, si nce these programmers were working on key pieces of
their product. Since this was a sma ll company, the management did not have a security officer, so
they looked to the IT personnel to examine the problem and to look for evidence. The first area
the IT personnel examined was the email of the employees. Through the email, they were able
to piece together that the employees who left the company were collaborating, and they
intended to steal the code they developed at this company. These emails were key evidence that
the company saved to an external storage device for preservation. The company made a
secondary copy so that they could review the data.
(a) Identify the type of security threat demonstrated in the case study and explain why it fits that
category.
[04 Marks]
(b) What are the potential risks and consequences for the company if it fails to handle the
evidence properly or can not prove intellectual property theft?
[04 Marks]
(c) From an ethical and legal standpoint, was it appropriate for the IT team to access and review
employee e-mai ls without prior consent? Explain your reasoning.
[04 Marks]
(d) How can security analytics help the company detect or investigate this kind of insider t hreat
earlier? Explain what data or tools could be used to find susp icious activity. [04 Marks]
(e) If you were appointed as a new cybersecurity advisor for this start-up, what long-term
strategies would you implement to protect intellectual property and prevent insider attacks
in the future?
[04 Marks]
---------------- END OF EXAMINATION ----------------
3