COMPUTER SECURITY MIDTERM EXAMINATION

QUESTION ONE (1)

a) Define the following term each carries 2 marks

I. Computer security
II. Risk
III. Vulnerability
IV. Threat
V. Attack

b) Summarise the differences between: viruses; worms; trojans and spyware. [12 Marks]

QUESTION TWO (2)

a) Analyse FOUR common myths about malware. [8 Marks]

b) State what is meant by the acronym 'DDoS'. [1 Mark]
c) Describe how a DDoS attack is performed. [5 Marks]
d) Describe the function of a firewall. [2 Marks]
e) Outline the process of ‘packet sniffing’. [3 Marks]

QUESTION THREE (3)

a) Explain what is meant by the term ‘SQL injection’. [2 Marks]

b) Explain TWO ways in which an SQL injection can be used to gain control of an account on a
website. [4 Marks]
c) Explain TWO ways to prevent ‘SQL injections’. [4 Marks]
d) Explain what an attack vector is. [2 Marks]
e) State what is meant by the term 'cross-site scripting'. [2 Marks]
f) Describe how cross-site scripting is performed. [5 Marks]

QUESTION FOUR

a) How intrusion detection systems (ADS) protect a computer system against attacks. [5
Marks]
b) Explain FIVE (5) symptoms of attack. [10 Marks]
c) List down any FIVE (5) consequences of successful attacks. [5 Marks]

QUESTION FIVE (5)

a) Explain any THREE (3) security risk exposed by vulnerability [6 Marks]

b) Explain how buffer overflow occurs [5 Marks]
c) Explain How Antivirus Works. [5 Marks]
d) What is different between Anti-spamware and Anti-spyware. [4 Marks]