SAS821S - SECURITY ANALYTICS - 1ST OPP - NOV 2025


SAS821S - SECURITY ANALYTICS - 1ST OPP - NOV 2025



1 Page 1

▲back to top


nAm lBI A UnlVERSITY
OF SCIEnCE AnD TECHnOLOGY
Faculty of Computing and
Informatics
13 Jackson Kaujeua Street
Private Bag 13388
Windhoek
NAMIBIA
School of Computing
Department of Cyber
Security
DEPARTM ENT OF CYBER SECURITY
T: +264 61207 2052
F: +264 61 207 9052
E: dcy@nust.na
W: www.nust.na
QUALIFICATION: BACHELOR OF COM PUTER SCIENCE (HONS DIGITAL FORENSICS)
QUALI FICATION CODE: 08BCCS
LEVEL: 8
COURSE: SECURITY ANALYTICS
COURSE CODE: SAS821 S
DATE: NOVEMBER 2025
SESSION: THEORY
DURATION: 3 HOURS
MARKS: 100
FIRST OPPORTUNITY EXAMINATION QUESTION PAPER
EXAMIN ER (S)
DR ARPIT JAIN
M ODERATOR:
MR MBAUNGURAIJE TJIKUZU
THE QUESTION PAPER CONSISTS OF 3 PAGES
{Including this front page)
INSTRUCTIONS
1. Answer ALL the questions.
2. Write clearly and neatly.
3. In answering questions, be guided by the allocated m arks.
4. Number your answers clearly, following the numbering used in this
question paper.
1. None
PERMISSIBLE MATERIALS
1

2 Page 2

▲back to top


Question 1
(a) What are the techniques for Security analytics? List them.
[OS Marks]
(b) Explain how analytics is applied in cybersecurity.
[05 Marks]
(c) How do simulation techniques support threat detection, risk assessment, and proactive
decision-making in security analytics?
[10 Marks]
Question 2
(a) Compare and contrast signature-based detection and behaviour-based detection in threat
identification.
[10 Marks]
(b) Describe how anomaly detection techniques help in identifying zero-day attacks.
[10 Marks]
Question 3
(a) What are the goals in incident response?
(b) How does an incident responder know what to fix?
[05 Marks]
[OS Marks]
(c) Name the phases of Incident response? Explain the role of analytics in each phase.
[10 Marks]
Question 4
(a) Differentiate between text mining and data mining.
[10 Marks]
(b) Consider the scenario of the access logs of a cloud application showing multiple failed login
attempts from different IPs.
1. Describe how access analytics can help identify potential brute-force or credential-
stuffing attacks.
[05 Marks]
2. Suggest mitigation strategies based on your analysis.
[05 Marks]
2

3 Page 3

▲back to top


Question 5
(a) What are insider threats in cybersecurity? Discuss how security intelligence can be applied to
detect, prevent, and mitigate insider threats.
[10 Marks]
(b) Explain the Security Intelligence Cycle, describing each phase in detail. Also, explain the basic
process of security intelligence analysis.
[10 Marks]
---------------- END OF EXAMINATION -------------------
3

4 Page 4

▲back to top


nAm I BI A un IVERSITY
OF SCIEnCE AnDTECHnOLOGY
Officeof the Registrar
Exuminiltions anu Assessment /\\c1ministriltion
13 Jackson KauJcua ~>Lrcct
Private Bag H388
Windhoek
Nt\\MIIJlt\\
T: •264 61 2072,117
F: 1?64 61l07 9~1l
[ : exams@m1st.11<1
W: WW W. 11\\151.llcl
MODERATOR'S REPORT: QUESTION PAPER & MEMORANDA
This report is to accompany every question paper and marking scheme/memorandum of model answers
that is set and moderated.
PERSONAL INFORMATION
Surname and Name/s
Tjikuzu Mbaunguraije
Postal Address
PO Box 81559
Tel Number(s)
Course (e.g. Economics 1)
0812020627
Security Analytics
I Course Code: SAS811S
Exam Session/Date
Exam Type (tst/2nd
Oooortunitvl
November 2025
1st Opportunity
Signature {,/!,t .
~
Date: 16/ 10/2025
CATEGORY
1. Front cover: The fnllow;na information is available on the front cover
The name of the institution
The dt>nartment within which the course fa lls
The name and level of t he course
The course code
The examination session and the ,,.,,.,
The duratio n of the naner
The names of the Examiners and Mn<l0 ratnrfsl
Instructio ns to candidates and such instructions are clear and unambiounus
A list of all the material that is nermkd li lP for a-
the n11Pstion nanar
2. Standard of""""' & memorandum
The standard of then, estinn< is satisfartnru and annrnnriatP t o the level of t he
The question paper com prises a range of question types, i. e., recall, comp rehension,
analvtical etc.
The nuestions cover all oarts of the annroved svllabus.
There is no reoet itinn of ouestinn<
The nuPstinn n,nor is ,,,n...,nanied bv a memorandu m of model answers
The model answers are of ~i!.tl~li!.!:.tQ[~ standard and cover all i!~11ect ~ Qf the guestions
Where ann,nr,ria•0 alternative answers are
The memorandum is desii:□ed in such a W.i!.~ that 11eo111!: other than an exa miner can
3. Lan" " """ & Format Question oaoer & memorandum
The instructions and the nuo,tinns are clear and ,.n,mbio11n11s
Does the oaoer co ntain anv " rammat;r,.I and <n°11ine errors
The naner is formatted c!P;irlv l e.P. n ,oo<Hons are rlPa rlv SP" "at erll
The marks for each question are allocated clearly in the right hand margin of t he
auestion oaoer & the memorandum
The marks for each guestion, each section and the whole 11a11er are calcu lated
Question paper
YES
NO
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
M emorandum
YES
NO
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X

5 Page 5

▲back to top


nA ml BI A UnlV ERS ITY
OF SC IEn CE RnDTECHn OLO GY
Office of the Registrar
Exurnini.ltions anu Assessment /\\clministration
13 JJckson KJ ujeua ~trect
Prll/iltC Ba!', 1-1388
Windhoek
N/\\M l fl l / \\
T: +264 61 207 2'112
F: ,C,4 G1 707 941/.
[ : exa/lls@nust. 11,1
W: WWW.IIUSl.11~
MODERATOR'S REPORT: QUESTION PAPER & MEMORANDA
This report is to accompany every question paper and marking scheme/memorandum of model answers
that is set and moderated.
PERSONAL INFORMATION
Surname and Name/s
Tjikuzu Mbaunguraije
Postal Address
PO Box 81559
Tel Number(s)
0812020627
Course (e.g. Economics 1)
Security Analytics
I Course Code: SASBUS
Exam Session/Date
Exam Type (1S1/2nd
Oooortunitv\\
December 2025
2nd Opportunity
SignatureJZl. .. _
TT 0
Date: 16/10/2025
Question paper
Memorandum
CATEGORY
YES
NO YES
1. Front cover: The fnllowin" information is available on the front cover
The name of the institution
X
X
The deoartment within which the course falls
X
X
The name and level of the course
X
X
The course code
The examination session and the "e~r
X
X
Ill
The duration of the naner
X
X
The names of the Examiners and ~Anderatnrlsl
X
X
Instructions to candidates and such instructions are clear and 11nambi"uou<
X
X
A list of all the material that is nermissible for anrn•0 rin" the nuestion naner
X
X
2. Standard of naner & memorandum
The standard of the nuestions is <atisfactorv and annrnnri~t" to the level of the
X
X
The question paper comprises a range of question types, i.e., recall, comprehension,
X
X
analvtical etc.
The nuestions cover all narts of the annroved svllabus.
X
X
There is no ,nnntitinn of auestions
X
X
The nuestinn nanor is ~ccnmnaniPrl bv a memorandum of model answers
X
X
The model answers are of <~ti<factorv standard and cover all asnects of the auestions X
X
Where annrnnriate alternative answers are nrnvided
X
X
The memorandum is desioned in such a wav that neonlP other than an examiner can X
X
3. Lanl'Ual'e & Format Question n~n"r & memorandum
The instructions and the nuestions are clear and unambivuous
X
X
Does the naner contain anv l'rammat;r~I and snellin° errors
X
The oaoer is formatted rlearlv re" · n" 0 <tions are clearlv senarated\\
X
X
The marks for each question are allocated clearly in the right hand margin of the
X
X
auestion oaoer & the memorandum
The marks for each guestion, each section and the whole [!a11er are calculated
X
X
NO
X
X