CONFIDENTIAL CD/FEB 2023/CSC662

UNIVERSITI TEKNOLOGI MARA

FINAL EXAMINATION

COURSE COMPUTER SECURITY

COURSE CODE CSC662
EXAMINATION FEBRUARY 2023
TIME 3 HOURS

INSTRUCTIONS TO CANDIDATES

This question paper consists of two (2) parts: PART A (10 Questions)
PART B (2 Questions)

2. Answer ALL questions in the Answer Booklet. Start each answer on a new page.

3. Do not bring any material into the examination room unless permission is given by the
invigilator.

4. Please check to make sure that this examination pack consists of:

i) the Question Paper

ii) an Answer Booklet - provided by the Faculty

5. Answer ALL questions in English.

DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO

This examination paper consists of 6 printed pages
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 2 CD/FEB 2023/CSC662

PART A
Answer ALL questions

QUESTION 1
a) State TWO (2) types of user authentication in Windows Operating System.
(2 marks)

b) Identify and describe TWO (2) security components in Windows.

(6 marks)

QUESTION 2

The most fundamental lines of defense in Linux are authentication and access control.

a) List TWO (2) files containing information about user accounts.

(2 marks)

b) Explain the usage of salt in securing user passwords.

(6 marks)

QUESTION 3

In 2018, CyberSecurity Ventures predicted that there would be a ransomware attack every 11
seconds by 2022.

a) What is ransomware?
(2 marks)

b) Explain the ransomware in terms of,

i. What is the security component that the ransomware violates?

ii. What is the best defense mechanism against ransomware? Justify your answer.

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 3 CD/FEB 2023/CSC662

QUESTION 4
Digital watermarking is a process of embedding a piece of information or code into digital
objects.

a) State the computer security component and security mechanism that corresponds to
digital watermarking.
(2 marks)

b) Discuss THREE (3) digital watermarking applications that correspond to the above security
component.
(6 marks)

QUESTION 5
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) provide network security
at the Transport Layer of TCP/IP.

a) Explain the security mechanism used in SSL and TLS.

(2 marks)

b) Explain how HTTP over SSL and TSL (HTTPS) works.

(6 marks)

QUESTION 6

Wayne Enterprise Sdn Bhd want to implement Intrusion detection system as protection in
securing the network of an organization.

a) What can be detected by intrusion detection system?

(2 marks)

b) Briefly explain types of intrusion detection system (IDS).

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 4 CD/FEB 2023/CSC662

QUESTION 7

Stark Industries company wants to design and develop a secure but affordable
smartphone. To keep the development cost down, Stark company cannot use any biometric
sensors. Mr. Tony, the Security Engineer, proposes the smartphone uses three-factor
authentication by incorporating behavioral biometrics.

a) What is a behavioral biometric?

(2 marks)

b) Describe how to implement three-factor authentication as suggested by Mr. Tony.

(6 marks)

QUESTION 8

a) What is The Trusted Platform module (TPM)?

(2 marks)

b) The TPM provides a fundamental set of security features that have been defined by the
Trusted Computing Group (TCG). Describe THREE (3) basic features of security.
(6 marks)

QUESTION 9

a) As the internet grows, numerous legal issues had arisen. List TWO (2) areas of legal issue
that require the involvement of Cyberlaw.
(2 marks)

b) Based on ACM Code Of Ethics, a computing professional should accept and provide an
appropriate professional review and honor confidentiality. Explains these two codes of
ethics.

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 5 CD/FEB 2023/CSC662

QUESTION 10

Satoshi Nakamoto an anonymous author had published a paper entitiled "Bitcoin: A Peer-to-
Peer Electronic Cash System". This paper introduces Bitcoin, a type of online payments that
leverages blockchain technologies. This technology enables payments without going through
a financial institution.

a) Define blockchain technology.

(2 marks)

b) Discuss the THREE (3) security advantages of bitcoin over existing financial system?

(6 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 6 CD/FEB 2023/CSC662

PARTB
Answer ALL questions

QUESTION 1

Ali, Bedah, Cahya, and Dollah belong to the same group of users. Ali creates and owns a file,
GroupProject. He wants to allow the whole group except Cahya to read the file, and Bedah
can write to the file.

a) Explain how Ali can accomplish this access control policy in Windows operating system.
(5 marks)

b) Explain how Ali can accomplish this access control policy in UNIX/Linux operating system.
(5 marks)

QUESTION 2

For the two real-life scenarios below, you need to determine whether there is an ethical
element or not. Provides ONE (1) reason to justify your answer.

If your answer is yes, explain ONE (1) method to improve the security of the action. If your
answer is no, describe how to make it an ethical scenario.

a) Your manager asks you to log into the Human Resource Management system using his
user-id and password to retrieve some reports.
(5 marks)

b) Two personnel from Pejabat Pendaftar and Pejabat Bendahari share staff's personal and
private information through University's email system to resolve a salary issue.
(5 marks)

END OF QUESTION PAPER

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL