KABARAK UNIVERSITY
UNIVERSITY EXAMINATIONS
MAIN CAMPUS
SECOND SEMESTER, 2023 ACADEMIC YEAR
EXAMINATION FOR THE DEGREE OF BACHELOR OF INFORMATION
TECHNOLOGY & BACHELOR OF BUSINESS MANAGEMENT &
INFORMATION TECHNOLOGY
INTE 422/BBIT 422: IT SECURITY, AUDIT AND ETHICS
STREAM: Y4/ S2 REGULAR TIME:9:00-11:00AM
EXAMINATION SESSION: MAY-AUGUST DATE:09/08/2023
INSTRUCTIONS
1. Answer Question 1 and any other two questions in the answer booklet provided.
2. Do not write on your question papers. All rough work should be done in your
answer booklet.
3. Clearly indicate which question you are answering.
4. Edit your work for language and grammar errors.
5. Follow all the instructions in the answer booklet
As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart, Jesus
as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 1 of 4
�SECTION A: (COMPULSORY) TOTAL MARKS FOR THIS SECTION IS 30.
1a ) Evaluate TWO Proactive and TWO Reactive Security measures that Kabarak
university can implement for its wireless Network (6 Marks)
b) Evaluate THREE core principles of Biba security model (6 Marks)
c) Outline FOUR goals an ideal password authentication scheme should achieve. (4 Marks)
d) Outline THREE the need of Ethical hacking in any information system. (3 Marks)
e) In any given organizational setting a dedicated firewall would be required between your
network and outside world, describe TWO types of firewall configurations (5 Marks)
f) Create Social Media Policy, Standard and Procedure for Kabarak ICT Department
(6 Marks)
SECTION B. TOTAL MARKS FOR THIS SECTION IS 40.
ANSWER ANY TWO QUESTIONS FROM THIS SECTION. EACH QUESTION IN
THIS SECTION CARRIES 20 MARKS.
2 a) Describe how e-commerce sites implement asymmetric algorithm to securely perform
transactions. (4 Marks)
b) Describe THREE factors that can make software vulnerable (6 Marks)
c) When thinking about security, it is helpful to think in terms of availability, confidential,
vulnerabilities, and attacks outline the meaning of each of these terms giving relevant
examples. (6 Marks)
d) Discuss Chinese wall security model in detail also indicate circumstances where it can be used
(4 Marks)
3 a) Vulnerability to a system can be either, physical, natural, hardware/software or human
Discuss this statement in relation to IT security (4 Marks)
b) Distinguish between Cryptography and steganography, state ONE advantages and ONE
limitations for each detail (4Marks)
c) Outline THREE roles performed by firewalls and Antivirus software play on security of
computer systems (6 Marks)
As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart, Jesus
as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 2 of 4
�d) You have been appointed the chief information security officer in an international
corporation that conducts many of its activities online. Your job comes as a result of numerous
ICT security breaches originating from within and outside the organization. So you have been
given the mandate to reengineer the entire ICT security system.
You are required to answer the following:
i) What aspect of security will you give first priority? Give a reason for your answer.
(2 Marks)
ii) As you develop and implement the security programme, what FOUR main goals will
you be seeking to achieve? (4 Marks)
4 a) An ideal password authentication scheme has to withstand a number of attacks. Describe
SIX of these attacks (6 Marks)
b) “Security is much more difficult to maintain in the mobile/ wireless network” Criticize this
statement (6 Marks)
c) Evaluate FOUR best computer security practices students should observe while using shared
resources like computer labs organization can implement (4 Marks)
d) Evaluate FOUR main principles of Bell-LaPadula model. What are its limitations
(4 Marks)
5 a) Alice and Bob participate in a public-key infrastructure that enables them to exchange legally
binding digital signatures. Name THREE reasons why, for some purposes, Alice might prefer to
use a message authentication code, instead of a digital signature, to protect the integrity and
authenticity of her messages to Bob. (6 Marks)
b) In order to assess the level of risk, likelihood and the impact of incidental occurrences should
be estimated. Explain THREE techniques that can be used to assess. (6 Marks)
c) Below are some of the security incidences that occurs while PC is in use. For each case,
identify with supporting answer which goals of security is violated. (8 Marks)
(i) Moses crashes Annette’s PC
(ii) Jane hacks into his Equity Bank Ltd payroll system
(iii) Kevin defaces the homepage of MCA’s website
As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart, Jesus
as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 3 of 4
� (iv) Mwasi cracks into Ann’s facebook account and use it to chat with Tom.
As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart, Jesus
as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 4 of 4
