SlideShare una empresa de Scribd logo

Security in Computing IT

Zairul Nizam
Zairul Nizam

Sample of Security and Computing IT exam paper.

Educación
1 de 2
Security in Computing and IT 1. Differentiate the following security terms with suitable examples: a. Confidentiality (1 Mark). b. Integrity (1 Mark). 2. Worms usually do a sweep scan technique to identify the potential victims to attack. in an IPv4 environment, how many potential victim addresses can be searched? (3 marks). 3. Decrypt the following cipher text using Caesar ciphering (with n=3 for rotation): "UHWXUA WR URPH" (3 marks). 4. Explain in detail an example in real-life whereby authentication using proof by knowledge and prrof by possession is implemented together. (5 marks). 5. Give an example of a Statistical Inference attack in a database. (3 Marks). 6. Briefly describe what the following figure illustrates: (4 Marks) Security Functionality Security 7. Differentiate between logic bomb and Trojan horse. Name one famous logic bomb and one famous trapdoor. (5 marks). 8. Below is an attack done by a hacker on a website's login page (the hacker keyed in the following in the username input box): SELECT * FROM customer WHERE username = ' ' OR 1' ' a. Explain what kind of attack is the hacker using (1 Mark). b. Assuming that the hacker's attack is successful, what is the outcome of the attack? (2 Marks). c. How can this kind of attack be prevented? (2 Marks).
Security in Computing and IT 9. You are required to implement an open source CRM system in your organization. The system is accessible via the Internet as well as internally. a. The management team requires you to implement a simple yet secure authentication mechanism to verify the identity of its users. Explain in detail your suggestion for the authentication mechanism. (4 Marks). b. The management team is also looking into the possibility of external affirmation to authenticate the legitimacy of the online communication with its suppliers. What would you suggest to make this possible? (4 marks). c. The backend database resides on a Linux platform; In order to save cost. However, the CEO of your organization is having trouble understanding how the access control mechanism works. Draw a simple access control matrix which consists of the following information in order to help the CEO understand how the mechanism works: i. The system administrator has all access control rights to the web server's configuration directory and customer table in the database. ii. The database administrator has all access control rights to the customer table in the database only. iii. Customers have read access to the customer table in the database only. (2 Marks). d. Another major concern of the management team is the fact that the system is accessible from the internet. They are very concerned with the following web application security risk (as determined by OWASP): cross-site scripting. Provide a brief security assessment for this risk. your assessment must include the following : brief description of the security risk, threat agents, attack vectors, security weakness, technical and prevention methods. (10 marks). 10. Briefly describe one memory protection method that an operating system should have (2 marks). 11. What is a Network Intrusion Detection System? (2 marks). 12. Briefly describe three Bluetooth vulnerabilities (3 Marks). 13. Mr. 'A' posted the following message on his Facebook Update section: "Working to troubleshoot a major software bug we just found." How can this information become a potential security and/or social threat? (3 Marks).

Recomendados

Web Server and Web Technology Exam paper
Web Server and Web Technology Exam paperWeb Server and Web Technology Exam paper
Web Server and Web Technology Exam paperZairul Nizam
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...DevDay.org
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
 
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...DevDay.org
 
2 secure systems design
2 secure systems design2 secure systems design
2 secure systems designdrewz lin
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 

Recomendados

Web Server and Web Technology Exam paper
Web Server and Web Technology Exam paperWeb Server and Web Technology Exam paper
Web Server and Web Technology Exam paperZairul Nizam
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...DevDay.org
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
 
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...DevDay.org
 
2 secure systems design
2 secure systems design2 secure systems design
2 secure systems designdrewz lin
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 
Dear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckDear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckPaula Januszkiewicz
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIMenggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIIsmail Fahmi
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 
BlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat Security Conference
 
Flashack
FlashackFlashack
Flashackn|u - The Open Security Community
 
7. 9589 1-pb
7. 9589 1-pb7. 9589 1-pb
7. 9589 1-pbIAESIJEECS
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Manich Koomsusi
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Brute Force Attack
Brute Force AttackBrute Force Attack
Brute Force AttackAhmad karawash
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTDevil's Cafe
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackVishal Kumar
 
SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfRoysLoudes
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 

Más contenido relacionado

La actualidad más candente

Dear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckDear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckPaula Januszkiewicz
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIMenggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIIsmail Fahmi
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 
BlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat Security Conference
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Manich Koomsusi
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTDevil's Cafe
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackVishal Kumar
 

La actualidad más candente (20)

Dear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckDear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality Check
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
 
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIMenggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
 
BlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural net
 
Flashack
FlashackFlashack
Flashack
 
7. 9589 1-pb
7. 9589 1-pb7. 9589 1-pb
7. 9589 1-pb
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Brute Force Attack
Brute Force AttackBrute Force Attack
Brute Force Attack
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory Enumeration
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injection
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENT
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrack
 

Similar a Security in Computing IT

SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfRoysLoudes
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick Letsfly web
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
CySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCCIEHOMER
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfHaris Chughtai
 
LNK Payload exploit in windows
LNK Payload exploit in windowsLNK Payload exploit in windows
LNK Payload exploit in windowsssuser1d7287
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3IJERA Editor
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 

Similar a Security in Computing IT (20)

SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdf
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
CySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdf
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
J0704055058
J0704055058J0704055058
J0704055058
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systems
 
Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
 
LNK Payload exploit in windows
LNK Payload exploit in windowsLNK Payload exploit in windows
LNK Payload exploit in windows
 
44641917 091011
44641917 09101144641917 091011
44641917 091011
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
Secure Software Engineering
Secure Software EngineeringSecure Software Engineering
Secure Software Engineering
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 

Último

How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 

Último (20)

How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 

Security in Computing IT

  • 1. Security in Computing and IT 1. Differentiate the following security terms with suitable examples: a. Confidentiality (1 Mark). b. Integrity (1 Mark). 2. Worms usually do a sweep scan technique to identify the potential victims to attack. in an IPv4 environment, how many potential victim addresses can be searched? (3 marks). 3. Decrypt the following cipher text using Caesar ciphering (with n=3 for rotation): "UHWXUA WR URPH" (3 marks). 4. Explain in detail an example in real-life whereby authentication using proof by knowledge and prrof by possession is implemented together. (5 marks). 5. Give an example of a Statistical Inference attack in a database. (3 Marks). 6. Briefly describe what the following figure illustrates: (4 Marks) Security Functionality Security 7. Differentiate between logic bomb and Trojan horse. Name one famous logic bomb and one famous trapdoor. (5 marks). 8. Below is an attack done by a hacker on a website's login page (the hacker keyed in the following in the username input box): SELECT * FROM customer WHERE username = ' ' OR 1' ' a. Explain what kind of attack is the hacker using (1 Mark). b. Assuming that the hacker's attack is successful, what is the outcome of the attack? (2 Marks). c. How can this kind of attack be prevented? (2 Marks).
  • 2. Security in Computing and IT 9. You are required to implement an open source CRM system in your organization. The system is accessible via the Internet as well as internally. a. The management team requires you to implement a simple yet secure authentication mechanism to verify the identity of its users. Explain in detail your suggestion for the authentication mechanism. (4 Marks). b. The management team is also looking into the possibility of external affirmation to authenticate the legitimacy of the online communication with its suppliers. What would you suggest to make this possible? (4 marks). c. The backend database resides on a Linux platform; In order to save cost. However, the CEO of your organization is having trouble understanding how the access control mechanism works. Draw a simple access control matrix which consists of the following information in order to help the CEO understand how the mechanism works: i. The system administrator has all access control rights to the web server's configuration directory and customer table in the database. ii. The database administrator has all access control rights to the customer table in the database only. iii. Customers have read access to the customer table in the database only. (2 Marks). d. Another major concern of the management team is the fact that the system is accessible from the internet. They are very concerned with the following web application security risk (as determined by OWASP): cross-site scripting. Provide a brief security assessment for this risk. your assessment must include the following : brief description of the security risk, threat agents, attack vectors, security weakness, technical and prevention methods. (10 marks). 10. Briefly describe one memory protection method that an operating system should have (2 marks). 11. What is a Network Intrusion Detection System? (2 marks). 12. Briefly describe three Bluetooth vulnerabilities (3 Marks). 13. Mr. 'A' posted the following message on his Facebook Update section: "Working to troubleshoot a major software bug we just found." How can this information become a potential security and/or social threat? (3 Marks).