CUSTOMER_CODE
SMUDE
DIVISION_CODE
SMUDE
EVENT_CODE
OCTOBER15
ASSESSMENT_CODE BB0025_OCTOBER15
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
74058
QUESTION_TEXT
List and explain types of network policies.
SCHEME OF
EVALUATION
Network service access policy: 5 marks
• It is a high level policy defines those services to be allowed or
explicitly denied from the restricted network
• Includes everything from document shredders to virus scanners,
remote access to removable media tracking
• Firewall implements one of two network service access policies:
• Either allowing access to the internet from the site but allowing no
access to the site from the internet
• Allowing some access from the internet, but only to selected
systems such as information servers and e-mail servers
• At the highest level, the overall organizational policy might state
the following principles
• Information is vital to the economic well being of the organization
• Every cost-effective effort will be made to ensure the
confidentiality ,integrity,authenticity,availability and utility of the
organization’s information
• Protecting the confidentiality,integrity and availability of these
information resources is a priority and a job responsibility for all
employees at all levels of the company
• All information-processing facilities belonging to the organization
will be used for authorized purposes
Firewall design policy: 5 marks
• It is lower-level policy that describes how the firewall will actually
go about restricting the access and filtering the services as defined in
the network service access policy
• Firewalls generally implement one of the two basic design policies
• Permissive approach: Permit any service unless it is expressly
denied
• Restrictive approach: Deny any service unless it is expressly
permitted
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
74059
QUESTION_TEXT
Explain Electronic Cheque and its superiority over paper cheque.
SCHEME OF
EVALUATION
Electronic Cheque 2 marks
• It has all the features as a paper cheque.
• It functions as a message to the sender’s bank to transfer funds, the
message is given to the receiver, whoin turn endorses the cheque and
presents it to the bank to obtain funds
• Following two provides the electronic cheque for online payment
Financial Services Technology Corporation(FSTC) 3 marks
• Offers users a choice of payment instruments that allow to designate
an electronic cheque as a certified cheque.
• FSTC plans for electronic cheques including money transfer and
transactions involving the national automated clearing house
association for transferring funds between banks, business could use the
FSTC scheme to pay invoices from other businessers
Cyber Cash 3 marks
• Cyber cash will not serve as an intermediate party for processing
cheques, instead these functions will be handles directly by banks
• It does not provide multiple payment options
Superiority of electronic cheque over paper cheque2marks
• Customer can encrypt his/her account number with banks public key
there by not revealing account number to the web merchant
• Digital certificates can be used to authenticate the payer, payer’s
bank and bank account
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
102446
QUESTION_TEXT
Write a note on some security threats and solution and also discuss
message security.
SCHEME OF
EVALUATION
1.
Threat: Data Intercepted, read or modified illicitly
2.
Threat: False identity with an intention of fraud
3.
Threat: Unauthorized user on one network gains access to another
(4.5 marks)
Message Security
Encryption is a cryptographic technology to scramble the data with a key
so that no one can make sense of it while it’s being transmitted. When
data reaches its destination, the information unscrambled using same or
different key. There are two types of crypto-systems: secret key and
public key. In secret key cryptography also referred to as symmetric
cryptography, the same key is used for both encryption and decryption.
The most popular secret key crypto-system in use today is known as
DES, the Data Encryption Standard. IBM developed DES. In public key
cryptography, each user has a public key and a private key. The public
key is made public while the private key remains secret. Encryption is
performed with the public key while decryption is done with the private
key. The RSA public cryptosystem is the most popular form of public
key cryptography. RSA stands for Rivest, Shamir, Adleman the
inventors of RSA cryptosystem
(5.5 marks)
(4.5 + 5.5 = 10 marks)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
102447
Discuss Digital signature.
QUESTION_TEXT
Each message produces a random message digest using the conversion
formula. Private Key is used to encrypt that digest to obtain digital
signature. Or in other words encrypted message digest (private key is
used for encryption) called digital signature
(Hash function-> message digest) ---------------------- encrypt ------Digital Signature
SCHEME OF
EVALUATION
(2 marks)
Verification of digital signature
Say person X is sending the message to person Y
Steps:
To send the message (X sends to Y)
a.
Develop message digest for each message
b.
Encrypt the digest using X private key
c.
Combine the plain text with signature and send it to person Y
throughout internet
(1.5 marks)
To receive message
a.
Decry[t digital signature with X’s public key
b.
Calculate the message digest using hash function
c.
Compare the each message digest, calculated and decrypted
d.
If both message digest’s are same – then it Is authentic, if not
signature or message has been tampered
(2.5 marks)
Advantage: Unauthorized persons can access to the public key of the
person X but cannot have his (X) hash function, which makes the digital
signature authentic
(2 marks)
Disadvantage: As the body of the message is sent as plain text, privacy
is not maintained. To overcome this difficulty when privacy is
important, one could use symmetric algorithm for plain text.
(2 marks)
(2+1.5+2.5+2+2= 10 marks)