Scribd
Upload
28 views4 pages

MIS1040 2013 Paper

The document contains questions for an exam on network security. It provides instructions for the exam and covers topics like public key infrastructure, TLS authentication, OpenSSL commands, HMAC vs hash codes, PGP security services, Kerberos authentication, intrusion detection techniques, vulnerability assessments, and defenses against ARP poisoning.

Uploaded by

erica jayasundera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views4 pages

MIS1040 2013 Paper

The document contains questions for an exam on network security. It provides instructions for the exam and covers topics like public key infrastructure, TLS authentication, OpenSSL commands, HMAC vs hash codes, PGP security services, Kerberos authentication, intrusion detection techniques, vulnerability assessments, and defenses against ARP poisoning.

Uploaded by

erica jayasundera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

UNIVERSITY OF COLOMBO, SRI LANKA

UNIVERSITY OF COLOMBO SCHOOL OF COMPUTING

MASTER OF SCIENCE IN INFORMATION SECURITY


FIRST SEMESTER EXAMINATION

Academic Year 2012/2013

MIS1040 – Network Security


TWO (2) HOURS

Answer All Questions

Important Instructions:

• The duration of the paper is 2 (two) hours.


• The medium of instruction and questions is English.
• This paper has 4 questions and 4 pages.
• Answer all questions (25 marks each).
• Write your answers in English in the Answer Book provided.
• Do not tear off any part of the answer book.
• Under no circumstances may the answer book, used or unused, be
removed from the Examination Hall by a candidate.
• Note that questions appear on both sides of the paper.
If a page is not printed, please inform the supervisor immediately.
• Non-programmable Calculators may be used.
1.
(a). The User A who belongs to PKI-1 receives the public key certificate of the User B
who belongs to the PKI-2 as shown in the following diagram. Propose a method to
establish the trust between these two Public Key Infrastructures (PKIs). In your
method, identify the certificates that the User A needs to verify, before accepting the
user B’s public key certificate.
[7 marks]

PKI-1 PKI-2

CA-S1
CA-T1

CA-S2
CA-T2

Public Key
Certificate
CA-T3 User A User B

(b). What is the purpose of an Online Certificate Status (OCSP) protocol with respect to
public key management?
[5 marks]

(c). Briefly explain the authentication process of Transport Layer Security (TLS) protocol.
[7 marks]

(d). What are the files that will be created as the result of the following OpenSSL
command?
openssl req -new -x509 -out host.pem

[6 marks]

Page 2
2.
(a). Using a suitable example, briefly explain the difference between a Hash Message
Authentication Code (HMAC) and a Hash code with respect to data integrity and data
authentication.
[5 marks]

(b). List three (3) basic security services provided by Pretty Good Privacy (PGP) e-mail
standard.
[3 marks]

(c). “An email can be considered as a postcard written using a pencil”. Do you agree with
this statement? State reasons.
[4 marks]

(d). A service protected by Kerberos obtains a Kerberos "ticket" before using that service.
(i). What is the role of the Ticket Granting Service (TGS) ticket?
(ii). Symmetric keys are used in Kerberos. Write down three (3) such keys used in
Kerberos.
(iii). Larger networks are divided into realms. State reasons for doing so.
[9 marks]

(e). What is the difference between the “Transport” mode and “Tunnel” mode in IPsec
protocol?
[4 marks]

3.
(a). Describe the term “Intrusion” with three real world examples.
[4 marks]

(b). Intrusion detection systems use several types of intrusion detection techniques to
detect malicious traffic transferring over the wire. Briefly explain two (2) of those
techniques and their advantages and disadvantages.
[6 marks]

(c). Briefly explain the advantages of Binary Logging over Plain Text Logging.
[3 marks]

(d). Security Incident and Event Management System (SIEM) is a technology that
aggregates the event data produced by security devices, network devices and system
applications etc. over a network. Discuss the key requirements that need to be
considered when you are evaluating such a solution?
[6 marks]

(e). It is important to remember that an IDS is only one of many tools in the security
professional’s arsenal against attacks and intrusions. As with any tool, all IDS have
their own limitations and challenges. Discuss three (3) limitations that IDS tools
encounter when analyzing intrusion patterns.
[6 marks]

Page 3
4.
(a). Describe what is meant by each of the following terms in the context of a security
solution for a network.
• Threat
• Vulnerability
• Risk
[3 marks]

(b). Describe why vulnerability assessment process is considered as a “predictable” and a


“repeatable” process.
[4 marks]

(c). What are the main phases in a vulnerability assessment methodology?


[5 marks]

(d). Imagine that you are a systems security specialist, hired to conduct a vulnerability
assessment in an organization called “TecDefence”. Describe how you are going to
apply a vulnerability assessment methodology to successfully complete this
assignment.
[10 marks]

(e). Discuss a technique that is available to defend against layer 2 attacks such as “ARP
Poisoning”?
[3 marks]

********

Page 4

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy