Scribd
Upload
144 views5 pages

ISEC MST Mock Paper 2223s2 SectionB

This document contains a mock exam paper with questions on cybersecurity topics. It asks students to: 1) List characteristics of weak passwords and motivations of threat actors. 2) Explain the CIA triad of information security - confidentiality, integrity, and availability. 3) Describe logic bombs, ways to reduce USB security risks, and social engineering attack methods. 4) Explain types of botnet attacks and advantages of automated patch updates. 5) Discuss code emulation in antivirus software, places for mantraps, and how virtualization can reduce costs.

Uploaded by

Damien Seow
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
144 views5 pages

ISEC MST Mock Paper 2223s2 SectionB

This document contains a mock exam paper with questions on cybersecurity topics. It asks students to: 1) List characteristics of weak passwords and motivations of threat actors. 2) Explain the CIA triad of information security - confidentiality, integrity, and availability. 3) Describe logic bombs, ways to reduce USB security risks, and social engineering attack methods. 4) Explain types of botnet attacks and advantages of automated patch updates. 5) Discuss code emulation in antivirus software, places for mantraps, and how virtualization can reduce costs.

Uploaded by

Damien Seow
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Official (Open)

ST1004 ISEC MST Mock Paper

SECTION B: Answer All Questions (60 marks)

1. (a) List 3 characteristics of a weak password. (6 marks)

Keyboard patterns such as qwerty or 1234.

Having your name or family names in the password.

Passwords with no special characters.

(b) State 4 possible motivations of threat actors. (4 marks)

Monetary gain

Causing chaos

Spread political related messages

Expose private information from an organisation.

______________________________________________________________

(c) Besides “layering”, state 4 other security principles to defend against an attack.
(4 marks)

Layering

2223s2 Page 1
Official (Open)

Limiting

Diversity

Obscurity

Simplicity

______________________________________________________________

(d) The 3 types of information protection is known as “CIA”. Explain “CIA”.


(6 marks)

CIA stands for confidentiality integrity and availability.

Confidentiality means that only authorized individuals may access information.

Integrity is correct and unaltered.

Availability means that information is accessible to authorized users.

2. (a) What is a logic bomb? (3 marks)

Logic bomb is a computer code that remains dormant until it is triggered by a specific logical event

(b) Describe 2 ways to reduce the risk introduced by USB devices. (4 marks)
2223s2 Page 2
Official (Open)

Ensure that the USB is only handled by authorized persons and use an encrypted
USB. When passing usb for others to view content, flip the read only switch/

(c) Describe 2 physical procedures used in Social Engineering attacks. (4 marks)

Impersonating to be someone to gain trust. Making the victim feel scared.

(d) State and briefly describe THREE types of attack that uses botnets. (9 marks)

Denying services by flooding a web server and overwhelming it preventing people to access the webseite.
This is known as DDOS

Spamming emails. Botnets are able to send


emails to thousands of people .

Manipulate online polls since each bot have unique ip addresses, they are able to vote as if they
were a real person.

2223s2 Page 3
Official (Open)

3. (a) Describe 3 advantages of the automated patch update service. (6 marks)

Downloading patches from a local server saves bandwidth and time.

Better control over the updates. For example they can change the time of the update and
skip updates.

Approve updates for detection only. Basically admins can check if the device require the
update and skip it if not necessary.

(b) Describe the code emulation technique used by anti-virus software. (4 marks)

Suspicious codes are executed in virtual environments to determine if it is a virus

(c) List 3 places where mantraps can be deployed. (6 marks)

Clean rooms

Vaults

Research laboratories

2223s2 Page 4
Official (Open)

(d) Explain why virtualization can help an organization to reduce costs.


(4 marks)

Fewer physical computers are needed as one computer can run multiple multiple virtual machines at
once.

– End of Paper –

2223s2 Page 5

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy