University of nottingham - computer security module, AUTUMN SEMESTER 2006-2007. Time allowed ONE Hour Candidates must not start writing their answers until told to do so Answer THREE out of four questions. No calculators are permitted in this examination. Dictionaries are not allowed with one exception. Those whose first language is not English may use a standard translation dictionary to translate between that language and english.
University of nottingham - computer security module, AUTUMN SEMESTER 2006-2007. Time allowed ONE Hour Candidates must not start writing their answers until told to do so Answer THREE out of four questions. No calculators are permitted in this examination. Dictionaries are not allowed with one exception. Those whose first language is not English may use a standard translation dictionary to translate between that language and english.
University of nottingham - computer security module, AUTUMN SEMESTER 2006-2007. Time allowed ONE Hour Candidates must not start writing their answers until told to do so Answer THREE out of four questions. No calculators are permitted in this examination. Dictionaries are not allowed with one exception. Those whose first language is not English may use a standard translation dictionary to translate between that language and english.
SCHOOL OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY
A LEVEL C MODULE, AUTUMN SEMESTER 2006-2007
COMPUTER SECURITY
Time allowed ONE Hour
Candidates must NOT start writing their answers until told to do so
Answer THREE out of FOUR questions
No calculators are permitted in this examination.
Dictionaries are not allowed with one exception. Those whose first language is not English may use a standard translation dictionary to translate between that language and English provided that neither language is the subject of this examination. Subject specific translation dictionaries are not permitted.
No electronic devices capable of storing and retrieving text, including electronic dictionaries, may be used.
DO NOT turn examination paper over until instructed to do so
G5CSEC-E1 G5CSEC-E1 Turn over 2
1. Answer the following questions about computer security.
(a) Briefly explain the main principles of security. [4 marks]
(b) With the aid of examples, briefly explain the four main classes of computer attacks. [10 marks]
(c) Discuss the relationship between vulnerability and threat. [3 marks]
(d) Differentiate the terms interception and interruption in the context of computer security. [3 marks]
2. Answer the following questions about computer security, authentication and encryption.
(a) Both national Intelligence agencies and hackers/crackers are adverse to risk, albeit in different ways. Explain the differences between them. [4 marks]
(b) Describe any two strategies normally used by an attacker to guess the password of a system. How would you protect the system from these attacks? [5 marks]
(c) Briefly describe the functions of any commercial biometric system in use. What are the false acceptance, false rejection and equal error rates for this system? [6 marks]
(d) Briefly describe the main concepts of public-key and secret-key encryption schemes. [3 marks]
(e) Give one advantage and one disadvantage of public-key encryption as compared to secret-key encryption [2 marks]
3. Answer the following questions about encryption and security applications.
(a) Briefly explain the concepts of digital signature in cryptography. [6 marks]
(b) Describe the operations performed by "PGP tool to send a message securely. [5 marks]
(c) List any three controls that could be applied to detect or prevent salami attacks. [3 marks]
(d) Describe the two different types of firewall, how they work and when they are used. [6 marks]
G5CSEC-E1 G5CSEC-E1 End 3
4. Answer the following questions about security applications, social aspect of security and implementation of security procedures.
(a) Describe how honey pots and burglar alarms work? [4 marks]
(b) Networks are increasingly managed remotely. Identify the security implications of remote network management and briefly describe the security mechanisms that are needed for secure network management. [6 marks]