Scribd
Upload
52 views2 pages

Com 323 Question Paper

(1) The document is an exam for an Information System Security course at Maasai Mara University covering topics like phishing attacks, access control, authentication, and digital forensics. (2) The exam has 4 questions, with question one being compulsory and worth 30 marks, while the other questions are worth 20 marks each. (3) The exam instructions state that students must answer question one and any other two questions, and that mobile phones are not allowed.

Uploaded by

Albert Omondi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
52 views2 pages

Com 323 Question Paper

(1) The document is an exam for an Information System Security course at Maasai Mara University covering topics like phishing attacks, access control, authentication, and digital forensics. (2) The exam has 4 questions, with question one being compulsory and worth 30 marks, while the other questions are worth 20 marks each. (3) The exam instructions state that students must answer question one and any other two questions, and that mobile phones are not allowed.

Uploaded by

Albert Omondi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

MAASAI MARA UNIVERSITY

REGULAR UNIVERSITY EXAMINATIONS


2017/2018 ACADEMIC YEAR
FIRST YEAR SECOND SEMESTER

SCHOOL OF SCIENCE

COURSE CODE: COM 323


COURSE TITLE: INFORMATION SYSTEM SECURITY

DATE: 23RD AUGUST, 2018 TIME: 08:30AM – 10:30AM

INSTRUCTIONS TO CANDIDATES
(b) Answer question ONE (compulsory) and any other
TWO questions.
(c) Question one carries 30 marks
(d) All other questions carry 20marks
(e) Mobile Phone is not allowed in the exam room
SECTION A (COMPULSORY –30 MARKS)
QUESTION ONE
a. Explain with example the types of vulnerability(ies) is/are mainly
exploited by phishing attacks (10 Marks)
b. Propose security controls (methods) to prevent phishing attacks in
computer system of Maasai Mara University (10 Marks)

SECTION TWO IS 40 MARKS. ANSWERS TWO QUESTION


QUESTION TWO
a. Mention threats against the registration phase of access control
(10 Marks)
b. Explain how authorization has been defined to make meaningful the
definitions of confidentiality and integrity in X.800, and also the Kenya
Computer Fraud & Abuse Act (10 Marks)
QUESTION THREE
a) A user is authenticated to an online web service at the start of a session
and sends data to the web server through his client computer. Explain to
what degree the service provider can assume that the data received
during the session are authentic as a result of the user authentication
(10 Marks)

b) Articulate a simple security policy for your personal computer, stating


who has authorized access. (10 Marks)

QUESTION FOUR
a) As an information system security officer of Maasai Mara University. You
have an incident that took place of fraud at the finance office. With the
skills of digital forensic you have been tasked to establish the evidence of
the fraud and bring the culprit into record. Discus the main FIVE steps to
carry out computer forensics investigation in the finance (10 Marks)
b) Discus FIVE Common security attacks and their countermeasures
(5 Marks)
c) Network Security is another threat to the customer and unknowingly
they are directed to a false website. Explain the effect of being directed to
false website by giving example (5 Marks)

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy