 |
SSS811S - SECURE SYSTEMS - 1ST OPP - JUNE 2023 |
|
|
1 Page 1 |
▲back to top |
nAml BIA UnlVERSITY
OF SCIEnCE AnDTECHnOLOGY
Facultyof Computingand
Informatics
Schoool f Computing
DepartmentofSoftware
Engineering
13JacksonKaujeuaStreet
PrivateBag13388
Windhoek
NAMIBIA
T: +264612072052
F: +264 61207 9052
E: dse@nust.na
W: www.nust.na
DEPARTMENTOF SOFTWAREENGINEERING
QUALIFICATION:BACHELOROF COMPUTERSCIENCE(HONS SOFTWAREDEVELOPMENT)
QUALIFICATIONCODE:08BCHS
LEVEL:8
COURSE:SECURESYSTEMS
COURSECODE:SSS811S
DATE:JUNE 2023
SESSION:THEORY
DURATION: 3 HOURS
MARKS: 100
FIRSTOPPORTUNITY EXAMINATION QUESTION PAPER
EXAMINER (S)
MR ARPITJAIN
MODERATOR:
MR NDANGI NASHIKU
THE QUESTIONPAPERCONSISTSOF 2 PAGES
(Including this front page)
INSTRUCTIONS
1. Answer ALLthe questions.
2. Write clearly and neatly.
3. In answering questions, be guided by the allocated marks.
4. Number your answers clearly following the numbering used in this
question paper.
PERMISSIBLEMATERIALS
1. None
|
|
2 Page 2 |
▲back to top |
Question 1
[20]
Provide two examples of defence techniques you can implement at each of the following stages of a
Cyber Kill Chain. [2 Marks for listing, 4 Marks for an explanation of defence technique]
(a) Reconnaissance:The attacker uses a search engine to find the email addresses of employees at a
target organization.
[4]
. (b) Entry: Attacker sends phishing emails to employees that lead to compromised account
credentials. The attacker then signs into the organization's virtual private network (VPN) service using
those credentials.
[4]
(c) Lateral Movement: Attacker remotely logs in to other systems using the compromised credentials.
[4]
(d) Persistence: Attacke; installs a backdoor on the newly compromised systems that provide them
with remote access.
[4]
(e) Attacker Goals: Attacker steals documents from the network and uses the remote access
backdoor to exfiltrate them.
[4]
Question 2
[20]
(a) Explain confidentiality, integrity, and availability in perspective of reliability and security.
[10]
(b) Explain the design for insider risk?
[10]
Question 3
[20]
(a) Explain Threat Intelligence and its advantages.
[10]
(b) Multi Factor Authorization and.Multi Party Authorization (5 marks each)
[10]
Question 4
[20]
(a) Explain the design principle for Recovery
[10]
(b) What is the motivation for the attackers?
[10]
Question 5
[20]
(a) What is Trojan Horse? Explain the stages of Trojan Horse.
[10]
(b) What do you mean by controlling the blast radius?
[10]
)
I