SECURING OPERATING SYSTEM
QUESTION ONE
a) Define operating system security.
b) What is a security policy and give relevant examples?
c) Briefly describe the following terms.
         i.     Authentication
        ii.     File integrity
        iii.    Threat Assessment
        iv.     Confidentiality
        v.      Security Analysis
QUESTION TWO
a) What do you understand by the term IT policy?
b) If you were appointed as an IT Manager for a commercial bank, why would you
   implement an IT policy?
c) What do you understand the term Access Control lists (ACLS) and compose an
   example?
d) Discuss the basic ways to authenticate a user.
QUESTION THREE
a) Differentiate between a web interface and a search engine.
b) As a website master, how can you ensure the security of a company’s web
   interface?
c) Explain the factors that you would consider for a good user web interface.
QUESTION FOUR
a) Why is SSH implemented on a network from a Windows pc?
b) What’s the difference between Symmetric and Asymmetric encryption?
c) You see a user logging in as root to perform basic functions. Is this a problem?
                                             1
d) If you were going to break into a database-based website, how would you do it?
                                          2
QUESTION FIVE
a) With a well detailed diagrammatic illustration, discuss how you would secure a Local
   Area Network from internet attacks.
b) Describe the CIA triangle architecture
QUESTION SIX
a) Discuss the major roles of an operating system and their applicability.
b) List the attack techniques of an operating system and describe the mitigation
   measures.
QUESTION SEVEN
a) Define the term encryption
b) The definition above is among the security tools in the current emerging
   technologies. Discuss the advantages and disadvantages of applying such a
   technique.
c) Describe the five logical techniques of securing Operating systems.
QUESTION EIGHT
a) Discuss the major webserver security threats and their counter measures.
QUESTION NINE
a) Explain at least four requirements for computer protection and security mechanism.
b) Discuss ways of protecting web Interfaces.
QUESTION TEN
a) Write short notes on the following security measure levels
     i.    Physical
     ii.   Human
                                            3
    iii.      Operating system
    iv.       Networking
b) Explain the program threats in operating system
c) Explain the system and network threats in OS
QUESTION ELEVEN
a) Differentiate between a Firewall and Intrusion Detection System (IDS)
b) Explain the following types of firewall
     i.       Packet Filtering
     ii.      Application Gateways/Proxies
    iii.      Circuit Level Gateway
QUESTION TWELVE
a) Discuss the term ACL
b) Implementing ACLs is a security measure in an organization, discuss
c) Write brief notes on the user rights
QUESTION THIRTEEN
a) Differentiate between Symmetric and Asymmetric (Public Key) encryption
b) Explain the following concepts: Man In the Middle attack, Kerberos
c) Encrypt the following plan text “WELL DONE” Key: 3
d) In Substitution Cipher Method each letter of the plain text is substituted (replaced)
   with a different letter given in the cipher to create the cypher text. The cypher text
   “OAZH HLEOLEXL ZH LEXKMVOLJ” was created using the table below, decrypt
   the cypher text.
           Plain    C    D       E    H      I       N   P      R       S      T      Y
           Cypher   X    J       L    A      Z       E   V      K       H      O      M