Faculty of Information Technology
Philadelphia University
Department of CIS
F1
Lecturer : Dr. Hasan Al-Refai
Examination
Paper
Coordinator : Dr. Hasan Al-Refai
Internal Examiner: Dr.
Computer Network Security
Sections :-1
Final Exam
1st Semester of academic year 2014/2015
Date: Feb, 07, 2015
Time: 120 minutes
Information for Candidates
1. This examination paper contains Six questions, totaling 40 marks.
2. The marks for parts of questions are shown in round brackets.
Advice to Candidates
1. You should attempt all questions., 2. You should write your answers clearly.
Part I:
Objectives: Objectives: The aim of the question in this part is to evaluate your required minimal knowledge about the information
security in general.
Question 1: Choose the most appropriate answer of the following: (10 M, 1M each + 2 questions Bonus)
1. An attack that corrupts the ARP cache
a. DNS Poisoning
b. Spoofing
c. ARP Poisoning
d. Ping
2. A computer or an application program that routes incoming request to the correct server.
a. Proxy Server
b. Reverse Proxy
c. Remote Access
d. Router
3. An attack in which an attacker attempts to impersonate the user by using his session token.
a. Session Token
b. Session Cookie
c. Session Hijacking
d. SQL Injection
4. An attack that attempts to prevent a system from performing its normal functions.
a. DDoS
b. DNS
c. DoS
d. XSS
5. An attack that substitutes DNS addresses so that the computer is automatically redirected to another device.
a. spoofing
b.DNS poisoning
c. ARP Poisoning
d. ping
6. A device that can direct requests to different servers based on a variety of factors, such as the number of server
connections, the server's processor utilization, and overall performance of the server.
a. Load Balancer
b. Proxy Server
c. Router
d. C. delay
7. An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a
user can move from the root directory to other restricted directories.
a. Directory Traversal
b. HTTP Header
c. Zero Day Attacks
d. First-party Cookie
8. An attack involving using a third party to gain access rights.
a. Session Token
b. Attachments
c. Client-side Attack
d. Transitive Access
9. A(n) _____ attack attempts to consume network resources so that the devices cannot respond to legitimate requests.
a. system overflow
b. Denial of service
c. reverse ping
d. ARP spoofing
10. The difference between a replay attack and a man-in-the-middle attack is________.
a. Replay attacks are always faster
b. A replay attack makes a copy of the transmission before sending it to the recipient
c. A man-in-the-middle attack can be prevented yet a replay attack cannot
d. Replay attacks are no longer used today
11. Where does the TCP/IP host table name system for a local device store a symbolic name to Internet Protocol address
mappings?
a. On the Domain Name System (DNS) server
c. In the ARP cache
b. In a local hosts file
d. On a network file server
12. An attack that targets vulnerabilities in client applications that interact with a compromised server or processes
malicious data.
a. Client-side Attack
b. SYN Flood Attack
c. Zero Day Attacks
Question 2:
d. Smurf Attack
( 4 Marks)
Network administrator should be able to monitor network traffic. What are methods used for traffic monitoring?
Answer:
•
Traffic monitoring methods
–
Port mirroring
–
Network tap (test access point)
•
Separate device installed between two network devices
Question 3:
( 4 Marks)
Discuss the methods of firewall packet filtering.
Answer:
• Methods of firewall packet filtering
– Stateless packet filtering
• Inspects incoming packet and permits or denies based on conditions set by administrator
– Stateful packet filtering
• Keeps record of state of connection
Makes decisions based on connection and conditions
Question 4:
( 4 Marks)
What are the main advantages of load-balancing technology used in routers? How dose network security can benefits
from that?
Answer:
•
Advantages of load-balancing technology
–
Reduces probability of overloading a single server
–
Optimizes bandwidth of network computers
–
Reduces network downtime
•
Load balancing is achieved through software or hardware device (load balancer
•
Security advantages of load balancing
–
Can stop attacks directed at a server or application
–
Can detect and prevent denial-of-service attacks
–
Some can deny attackers information about the network
•
Hide HTTP error pages
•
Remove server identification headers from HTTP responses
Question 5:
What are the main proxy server advantages ?
( 3 Marks)
Answer:
•
Proxy server advantages
– Increased speed (requests served from the cache)
– Reduced costs (cache reduces bandwidth required)
– Improved management
• Block specific Web pages or sites
– Stronger security
• Intercept malware
• Hide client system’s IP address from the open Internet
Part II Familiar Problem Solving
Objective: The aim of the question in this part is to evaluate your required knowledge for solving problems in information security.
Question 6: Answer Both of the following:
( 9 Marks)
A) Sketch a scenario with full description to show how ARP poisoning works.
B) Discuss a special type of firewall that looks more deeply into packets that carry HTTP traffic.
Question 7: Answer Both of the following:
( 5 Marks)
( 4 Marks)
( 6 Marks, 3 M each + 2 M Bonus)
Sketch a scenario with full description to show how Denial of service attack can attempts to prevent system from
performing normal functions?
Good Luck