COUNCIL OF COMMUNITY COLLEGES OF JAMAICA

Theory Test #1
Academic Year (AY) 2017-2018, Semester II

Course Code: CSYS1102 Duration: 1 Week

Course Name: Introduction to Computer Security Coursework weight: 10%

Instructions: This is an individual test; this test consists of 15 questions with 3 pages. Ensure, where
applicable, that you select the letter that corresponds to your answer for the question. Use the
RESPONSE SHEET provided (click: HERE), to indicate your responses for submission to
each question. You are also required to type and enter your identification number on the
response sheet –a response sheet without identification number will be discarded. Save and
eMail your response sheet for submission to: [email protected]

1. The security approach that is best regarded as resilient is:

1. Passive Layered Approach
2. Passive Perimeter Approach
3. Proactive Perimeter Approach
D. Proactive Layered Approach [2 marks]

2. CIA, with respect to computer security, best refers to:

1. Confidentiality, Integrity and Affordability
2. Connectivity, Integrity and Affordability
3. Confidentiality, Integrity, Availability
D. Connectivity, Integrity and Availability [1 mark]

3. A client repeatedly sees the message “This site can’t be reached” after attempting to login to their inbox
to retrieve an email.
Claim: A worm is on the client’s network, preventing the client from successfully logging in to
retrieve their email.
Reason: Worm programs usually bombard computer network with fake traffic, preventing
legitimate services from being successfully accessed.
1. The claim is true, and the reason provides support for the claim
2. The claim is false, and reason does not support the claim
3. The claim is true; but the reason does not support the claim
D. The claim is false; but the reason provides supports for the claim [3 marks]

4. A computer virus is best described as:

1. any program that is downloaded to your system without your permission
2. a program that overflows memory with data
3. any program that causes harm to your system
4. any program that can change your operating system’s system files
1. iii only
2. i, iii, and iv only
3. ii and iv only
D. ii, iii and iv only [2 marks]
Page 1 of 3
 COUNCIL OF COMMUNITY COLLEGES OF JAMAICA
Theory Test #1
Academic Year (AY) 2017-2018, Semester II

5. All of the following are traits of a computer virus, EXCEPT? A computer virus:
1. periodically collects and transfers user information to other computer systems
2. replicates itself, with little or no human intervention
3. undermines the correct functioning of the computer’s operating system
D. infects other devices and operating systems, without human intervention [2 marks]

6. The managers at the Dirt-Cheap-Goods Wholesale have downloaded, and are using a freeware
application to keep track of their store’s inventory. If the application uses heaps and stacks to store and
process data that is being entered online by the store’s suppliers, which of the following attacks will MOST
LIKELY cause loss of data?
1. SQL injection
2. Buffer overflows
3. Rootkits
D. Cross-site scripting [2 marks]

The following is a list of terms used to refer to types of computer/network threats. Use the list of terms
to answer questions 7 and 8. A response may be used one or more times, or not at all.

1. DNS Cache Poisoning

2. Cross Site Scripting
3. Denial of Service Attack
4. Session Hijacking

7. Recently, customers of the Dirt-Cheap-Goods website have had their credit card information
compromised after attempting to pay online for their orders. After being interviewed by the website’s security
personnel, it was also discovered that the customers’ web browsers had Java script enabled.
Which of the following would MOST LIKELY be used to obtain the customers’ credit card
information? [3 marks]

8. Your computer software engineering firm has just launched its application which provides cloud
computing services. As the lead programmer for the application, you have publicly advertised the
product as being resilient to all types of computer network threats. Which of the following is MOST
LIKELY to pose a threat to your firm’s application? [3 marks]

9. The website security personnel at Dirt-Cheap-Goods discovered that a computer using an unknown IP
address was used to modify the company’s list of clients, suppliers, and goods. If the managers are adamant
that the website personnel implements security mechanisms that is cost effective, a ___ will achieve this
while guaranteeing data protection.
1. Passive Layered Approach
2. Proactive Layered Approach
3. Passive Perimeter Approach
D. Proactive Perimeter Approach [1 mark]
Page 2 of 3
 COUNCIL OF COMMUNITY COLLEGES OF JAMAICA
Theory Test #1
Academic Year (AY) 2017-2018, Semester II

10. Which of the following can make administration of computer systems/networks efficient, but can also be
used to deliver or perform malicious attack?
1. Botnet
2. Logic bomb
3. Rootkit
D. Trojan horse [1 mark]

11. Read the following sentence and determine which phrase makes it FALSE.

A sneaker is an employed person who legally breaks into a system; a sneaker’s goal is to
A B

assess security vulnerabilities and exploit security deficiencies of a system.

C D [1 mark]

12. A __ attack is possible if, due to poor programming by developers, a hacker is able to store more than 8
bytes of data into a 8-byte variable, whereby taking advantage of the software’s vulnerability.
1. Buffer overflow
2. SQL injection
3. Cross-site scripting
D. Logic bomb [2 marks]

Read and use the following scenario to answer questions 13 and 14.

“A malicious program has been found and analyzed. The result showed that
JavaScript was used to crash a computer – the program sent random data to a
separate service on the same computer, each time a web browser was accessed.”

13. A __ is the name for the type of attack that has occurred.
1. DoS attack
2. Buffer overflow
3. Cross-site scripting
D. SQL injection [2 marks]

14. Claim: A Trojan horse could have been used to deliver the malicious program on the computer.
Reason: Bombarding the computer’s services with random data could only be achieved by a
program that is benign and trusted.
1. The claim is true; but the reason does not support the claim
2. The claim is false, and reason does not support the claim
3. The claim is true, and the reason provides support for the claim
D. The claim is false; but the reason provides supports for the claim [2 marks]

15. Session hijacking is one type of threat to today’s computer network. Describe briefly how a computer
network user can identify ANY OTHER FOUR types of computer network threats. [8 marks]

[Total: 35 marks]
Page 3 of 3