cloud exam

Question 1

Compare and contrast the DES and AES encryption algorithms in terms of maximum possible number of unique keys, plaintext block size, and number of cipher rounds.

Answer 1

AES is more secure than DES because it has larger key sizes, larger block sizes, and a greater number of rounds. DES has a smaller key size, a fixed block size of 64 bits, and uses 16 rounds. AES has variable key sizes of 128, 192, or 256 bits, a variable block size of 128 bits, and uses 10 to 14 rounds depending on the key size.

Question 2

Explain how an email can be made ‘non-refutable’

Answer 2

Emails can be made non-refutable by using a digital signature, which is a mathematical technique used to verify the authenticity and integrity of digital messages. The sender of the email signs the message with their private key, which can be verified by the recipient using the sender’s public key. This ensures that the message has not been tampered with and was indeed sent by the claimed sender.

Question 3

. List the main variables/parameters associated with any implementation of a Fiestel Cipher

Answer 3

Variables/parameters of a Fiestel Cipher include:
Block size
Key size
Number of rounds
Subkey generation algorithm
Feistel function
Round function
S-boxes

Question 4

. Describe the difference between diffusion and confusion in terms of cryptography.

Answer 4

Diffusion refers to the process of spreading the influence of a single plaintext bit across many ciphertext bits. Confusion refers to the process of hiding the relationship between the plaintext and the key. Together, they provide the high level of security needed for modern encryption algorithms.

Question 5

Describe the difference between an unconditionally secure cipher and a computationally secure cipher.

Answer 5

Unconditionally secure ciphers provide perfect secrecy and are impossible to break even with infinite computing power, while computationally secure ciphers provide high-level security against attacks, but not perfect secrecy and could be broken if an attacker has unlimited computing power.

Question 6

Describe what is meant when an encryption algorithm is said to exhibit a ‘strong avalanche effect’

Answer 6

Strong avalanche effect means a small change in plaintext or key results in a significant and unpredictable change in ciphertext, making it hard for attackers to find patterns or relationships between input and output, providing a high level of security.

Question 7

. Briefly explain why asymmetric encryption won’t replace symmetric encryption for all network security.

Answer 7

Asymmetric encryption is slower and requires more processing power than symmetric encryption, and is not practical for encrypting large amounts of data. Symmetric encryption is faster and more efficient for encrypting large amounts of data, while asymmetric encryption is better suited for tasks like key exchange and digital signatures. Thus, asymmetric encryption cannot replace symmetric encryption for all network security.

Question 8

Explain why using one-time key encryption is said to be the strongest method of encryption

Answer 8

One-time pad encryption provides perfect secrecy, making it unbreakable and the strongest method of encryption. However, it is only practical for encrypting small amounts of data and requires a secret key that must be kept secure.

Question 9

Describe what a digital signature is and briefly explain how one is constructed. (6 marks)

Answer 9

A digital signature is a mathematical technique that verifies the authenticity and integrity of digital messages. It is constructed using a hash function and a public key encryption algorithm such as RSA or DSA. The sender encrypts the hash value with their private key and the recipient verifies it using the sender’s public key.

Question 10

Briefly explain how secure a computationally secure cipher actually is.

Answer 10

A computationally secure cipher provides a high level of security against current computing resources but is not unbreakable. Security depends on the key size and encryption algorithm.

Question 11

Using a diagram and an example, briefly describe NAT and how it makes a network more secure.

Answer 11

NAT (Network Address Translation) is a technique that modifies IP addresses in transit across a network. It maps private IP addresses to a public IP address to allow a network to use a single public IP address to communicate with the internet. This makes a network more secure by hiding the private IP addresses of devices on the network from the internet, making it more difficult for attackers to directly target devices on the network.

Question 12

Discuss 5 drawbacks of IPv4 and how IPv6 addresses those drawbacks. (10 marks)

Answer 12

IPv4 has limited address space, lacks built-in security, has complex network management, fragmentation issues, and requires manual configuration. IPv6 solves these issues with a larger address space, built-in security, hierarchical structure, avoidance of fragmentation, and auto-configuration features.

Question 13

State the FIVE requirements that a public key cryptosystem must fulfil in order to be considered a secure algorithm

Answer 13

confidentiality
integrity
authencitiy
non-repudiation
key management

Question 14

Briefly describe THREE of the major flaws in WEP’s encryption mechanism. (10 marks)

Answer 14

Three major flaws in WEP’s encryption mechanism are:
Weak key generation: WEP uses a weak key generation process that allows attackers to easily predict and reproduce the key, making it vulnerable to attacks.
Reuse of initialization vectors (IVs): WEP uses the same IVs for multiple packets, which can allow attackers to collect enough packets to crack the encryption key.
Lack of message integrity: WEP does not provide message integrity, allowing attackers to modify the message without being detected.

Question 15

List the security threats categorised by the STRIDE model. (6 marks)

Answer 15

The STRIDE model categorizes security threats as follows:
Spoofing: an attacker pretends to be someone else to gain access to information or systems.
Tampering: an attacker alters data in transit or storage to manipulate system behavior.
Repudiation: an attacker denies involvement in an action or transaction.
Information disclosure: an attacker gains access to or discloses sensitive information.
Denial of service: an attacker disrupts normal system operation by overwhelming it with requests.
Elevation of privilege: an attacker gains unauthorized access to system resources or privileges.

Question 16

List NINE potential confidentiality concerns associated with moving corporate data from a corporation’s own on-premises local network to a public Cloud. (9 marks)

Answer 16

Here are nine potential confidentiality concerns associated with moving corporate data from a corporation’s own on-premises local network to a public cloud:
Unauthorized access to data by cloud service provider staff.
Data leakage due to misconfiguration of cloud services.
Insider threats from employees of the cloud service provider.
Insecure data storage in the cloud.
Insufficient data encryption and key management in transit and at rest.
Lack of control over data backup and recovery in the cloud.
Cloud service provider’s lack of transparency on security practices.
Legal and regulatory compliance issues.
Loss of physical control over data storage and processing.

Question 17

Outline FIVE additional security concerns to consider when using mobile phones for confidential business computing rather than using an in-house LANconnected corporate PC. (10 marks)

Answer 17

Here are five additional security concerns to consider when using mobile phones for confidential business computing rather than using an in-house LAN-connected corporate PC:
Loss or theft of mobile devices, which can result in unauthorized access to corporate data.
Insecure communication channels, which can make it easier for attackers to intercept data.
Limited control over mobile device security settings and configurations.
Insecure mobile applications that can lead to data breaches and other security incidents.
The potential for malware and other malicious software to compromise the security of mobile devices and the data they contain.

Question 18

Outline the important differences between the following types of firewall: packet filtering; stateful packet filtering; application proxy; and circuit-level gateway. (14 marks)

Answer 18

Packet filtering: Examines packets based on source/destination IP address, port numbers, and protocol type. Simple, but vulnerable to IP spoofing and DoS attacks.
Stateful packet filtering: Filters packets based on their state in a connection, maintaining information about past connections to determine which packets are legitimate. More secure than packet filtering.
Application proxy: Acts as a intermediary between clients and servers, only allowing authorized connections to specific applications. Offers a higher level of security than stateful packet filtering.
Circuit-level gateway: Applies security mechanisms to transmission control protocol (TCP) connections, providing a proxy for TCP sessions. Offers greater security than packet filtering, but not as secure as application proxy.

Question 19

List SIX examples of intrusion attack. (6 marks) 4

Answer 19

Password guessing: An attacker attempts to gain access to a system by guessing passwords.
Denial-of-service (DoS) attacks: An attacker overloads a system with requests, making it unavailable to users.
Port scanning: An attacker scans a network to identify open ports and vulnerabilities.
Man-in-the-middle attacks: An attacker intercepts communication between two parties to eavesdrop, modify or inject data.
SQL injection: An attacker injects malicious code into SQL statements to access or modify sensitive data.
Cross-site scripting (XSS): An attacker injects malicious code into a web page viewed by other users to steal sensitive data or hijack sessions.

Question 20

Explain why ssapkram would be a poor choice for a user’s password? (5 marks)

Answer 20

“Ssapkram” would be a poor choice for a user’s password because it is a simple word that can be easily guessed or hacked by attackers using brute-force methods. It lacks complexity, length, and randomness, which are essential for strong passwords.

Question 21

Contrast anomaly detection with signature detection. (02 marks)

Answer 21

Anomaly detection compares network behavior to established baselines to detect anomalies, while signature detection uses pre-defined patterns or signatures to identify known threats.

Question 22

What are the four common entry points to a network where sensors should be placed? (08 marks)

Answer 22

Network perimeter
Internal network segments
Wireless access points
Remote access points

Question 23

. Describe at least 3 entry points using a diagram

Answer 23

Remote Access
between Branch and main
between subnets

Question 24

2d. If a firewall is used to protect the network, which side of the firewall that the sensors could be placed ? (04marks)

Answer 24

Outside firewall: Monitor incoming traffic.
Inside firewall: Monitor internal traffic.
Both sides: Comprehensive monitoring.

Question 25

2a. Explain the importance of digital signatures and describe in detail how they work. (08 marks)

Answer 25

Digital signatures are important for verifying the authenticity and integrity of digital documents or messages. They work by using public key cryptography to create a hash value of the message or document and encrypting it with the sender’s private key. This creates a unique signature that can be verified by anyone who has access to the sender’s public key. If the signature is valid, it indicates that the message or document has not been altered and was sent by the claimed sender. Digital signatures provide a secure and efficient way to ensure that digital communications are trustworthy and tamper-proof.

Question 26

2b. Briefly describe FOUR of the requirements that a public key cryptosystem must fulfil in order to be considered a secure algorithm. (08 marks)

Answer 26

1. Confidentiality: The algorithm must be able to encrypt messages in a way that only the intended recipient can decrypt them.
2. Authentication: The algorithm must be able to verify the identity of the sender of a message or document.
3. Integrity: The algorithm must be able to ensure that messages or documents have not been altered or tampered with during transmission.
4. Non-repudiation: The algorithm must provide proof that a message or document was sent by a particular sender and cannot be denied later.

Question 27

Explain why TKIP was suggested as a possible interim replacement for WEP even though AES (Advanced Encryption Standard) was known to be a stronger encryption method. (04 marks)

Answer 27

TKIP was suggested as an interim replacement for WEP because it could be implemented on existing hardware without requiring hardware upgrades, whereas AES required more powerful hardware. Additionally, TKIP was designed to be backwards-compatible with WEP, making it easier to deploy in existing networks. While AES was known to be a stronger encryption method, it was not feasible for some organizations to upgrade their hardware to support it at the time.

Question 28

List 5 information that an NIDPS typically logs

Answer 28

1. Source and destination IP addresses
2. Port numbers
3. Timestamps
4. Protocol type
5. Severity level of the alert or event

Question 29

2d. Briefly explain why the integrity mechanism associated with AES-CCMP (Advanced Encryption Standard – Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is considered a particularly strong one. (05 marks)

Answer 29

AES-CCMP uses a strong integrity mechanism, the Cipher Block Chaining Message Authentication Code (CBC-MAC), which combines encryption with authentication. This provides both data confidentiality and integrity, making it more robust than weaker integrity mechanisms.

Question 30

3a. What is a firewall? List 2 things that a firewall cannot protect. (03 marks)

Answer 30

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Two things that a firewall cannot protect are:
Insider threats
Social engineering attacks

Question 31

3b. Define Stateless Packet Filtering (04 marks)

Answer 31

Stateless packet filtering is a type of firewall that examines each incoming packet and compares it to a set of predefined rules to determine whether to allow or block it. It does not maintain any information about previous packets or connections, making it less secure than stateful packet filtering.

Question 32

3c. What are the most common features of IP protocol headers that stateless packet filters base their filtering decisions on? What type of attack are stateless packet filters particularly vulnerable to? (08 marks)

Answer 32

Stateless packet filters base their filtering decisions on the most common features of IP protocol headers, such as source/destination IP address, source/destination port numbers, and protocol type. Stateless packet filters are particularly vulnerable to IP spoofing attacks, where an attacker spoofs the source IP address of a packet to bypass the filter and gain access to the network.

Question 33

3a. List SIX examples of intrusion attack (06 marks)

Answer 33

Brute force attacks
Distributed Denial of Service (DDoS)
Man-in-the-Middle (MitM) attacks
SQL injection
Cross-Site Scripting (XSS)
Phishing
Zero-day exploits
Malware infection
Privilege escalation
Password attacks (dictionary, rainbow tables)

Question 34

3b. State what information is used by a typical packet filtering firewall (04 marks)

Answer 34

source and destination IP
source and destination port
protocol type

Question 35

3c. Briefly describe what a circuit-level gateway is and describe how it works (07 marks)

Answer 35

A circuit-level gateway is a type of firewall that works at the session layer of the OSI model to create a virtual circuit between the client and the server. The gateway checks each connection request and creates a session if it is valid. Once the session is established, the gateway passes traffic between the client and server without further inspection. Circuit-level gateways do not examine the content of the traffic, making them faster than other types of firewalls but also less secure.

Question 36

3d. Outline the important differences between the following types of firewall: packet filtering; stateful packet filtering; application proxy; and circuit-level gateway (08 marks)

Answer 36

1. Packet filtering: Filters traffic based on the source/destination IP addresses, port numbers, and protocol type in the packet header.
2. Stateful packet filtering: Filters traffic like packet filtering, but also keeps track of the state of network connections to determine whether incoming packets are part of an existing connection or a new one.
3. Application proxy: Acts as a intermediary between the client and server, intercepting and filtering application-level traffic.
4. Circuit-level gateway: Creates a virtual circuit between the client and server and passes traffic between them without further inspection.

Question 37

4a. What are 5 essential Characteristics of Cloud Computing? (05 marks)

Answer 37

On-demand self-service
Broad network access
Resource pooling
Scalability
Measured service
Cost efficient
Flexibility

Question 38

4b. List the Deployment models of Cloud Computing. (03 marks)

Answer 38

Public cloud: Services offered over the internet to multiple customers by third-party providers, with resources shared among customers. Cost-effective and easily scalable.

Private cloud: Services and infrastructure dedicated to a single organization, offering more control and privacy. Can be hosted on-premises or by a third party.

Hybrid cloud: A combination of public and private clouds, allowing organizations to leverage the benefits of both while balancing cost, control, and security.

Community cloud: A shared infrastructure for a specific community of users with common interests or requirements. Can be managed by the community or a third-party provider.

Question 39

4c. List 7 risks of Cloud computing (07 marks)

Answer 39

Data breaches
Data loss
Insider threats
Insecure APIs
Account hijacking
Vendor lock-in
Legal issues
DoS attacks
Insecure encryption

Question 40

i. Describe the role and processes that takes place at the data owner, user, client, and cloud server.

Answer 40

. In this encryption scheme, the data owner is responsible for encrypting the database before storing it in the cloud. The user accesses the database through the client software, which encrypts and decrypts the data on the fly. The client also manages the encryption keys and is responsible for securely transmitting the encrypted data to and from the cloud server. The cloud server stores the encrypted data but has no access to the encryption keys or the unencrypted data.

Question 41

Explain briefly why this solution by itself is inflexible, and how the functionality can be improved using an unencrypted index value. (02 marks)

Answer 41

. The solution is inflexible because it does not allow for efficient searching or querying of the encrypted data. To improve functionality, an unencrypted index value can be added to the encrypted data, which allows for more efficient searching and querying without compromising the security of the data.

Question 42

4b. List the types of Cloud Computing service models. Briefly describe them. (03 marks)

Answer 42

Infrastructure as a Service (IaaS): Provides virtualized computing resources over the internet, such as virtual machines, storage, and networking. Users have control over their infrastructure but don’t need to manage physical hardware.

Platform as a Service (PaaS): Offers a development environment for building, testing, and deploying applications. Users can focus on creating applications without worrying about the underlying infrastructure.

Software as a Service (SaaS): Delivers software applications over the internet on a subscription basis. Users access applications through a web browser, with the service provider managing the underlying infrastructure and software updates.

Question 43

4c. What are the advantages and disadvantages of cloud computing? (04 marks)

Answer 43

Advantages:

Cost savings: No need to invest in and maintain on-premises hardware.
Scalability: Easily adjust resources based on demand.
Flexibility: Access services from anywhere with an internet connection.
Automatic updates: Service providers manage software updates and security patches.
Disadvantages:

Security risks: Data breaches and vulnerabilities due to shared infrastructure.
Downtime: Dependence on the service provider’s infrastructure and network.
Vendor lock-in: Difficulties in migrating between providers.
Limited control: Less control over infrastructure compared to on-premises solutions.

Question 44

4e. List NINE potential confidentiality concerns associated with moving corporate data from a corporation’s own on-premises local network to a public Cloud. (09 marks)

Answer 44

Data breaches: Unauthorized access to sensitive data.
Insider threats: Malicious actions from employees or service provider staff.
Data leakage: Accidental exposure of sensitive data.
Inadequate encryption: Weak or improperly implemented encryption methods.
Data residency: Data stored in jurisdictions with different privacy regulations.
Unauthorized access: Weak access controls allowing unauthorized users to view data.
Vendor lock-in: Difficulty migrating data to a different service provider.
Multi-tenancy: Shared resources increasing the risk of data exposure.
Legal and compliance issues: Ensuring compliance with industry regulations.
Data loss: Accidental deletion or corruption of data.
Data interception: Data intercepted during transmission between on-premises and cloud environments.
Misconfigurations: Insecure settings leading to data exposure or breaches.