CONFIDENTIAL CS/MEI 2021/ITT320

UNIVERSITI TEKNOLOGI MARA

ONLINE QUIZ

COURSE : INTRODUCTION TO COMPUTER SECURITY

COURSE CODE : ITT320
DATE : MEI 2021
TIME : 2 HOURS

NAME: MUHAMMAD DANISH HAKIM BIN ABDUL HAKIMI

MATRIC NO: 2019245438

LECTURER: Sir Hafizan

PART A (15 MARKS)

1. A person who uses scripts and programs written by others to perform his intrusion is
labelled as _________.

A. cracker

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 2 CS/MEI 2021/ITT320

B. hacker
C. phreak
D. script kiddie

2. Which of the following does not reflex what a WHITE HAT hacker is?

A. A person who enjoys exploring the details of programmable systems and how to
stretch their capabilities.
B. A person who programs enthusiastically and is good at programming quickly.
C. A person who enjoys the intellectual challenge of creatively overcoming or
circumventing limitations.
D. A person who enjoys discovering vulnerabilities and directly posts them for full
disclosures.

3. The term __________refers to a person who has a keen interest in telephones and
telephones systems.

A. Script kiddies
B. Hacker
C. Cracker
D. Phreaks

4. Which of the following is the most basic security activity?

A. Authentication
B. Firewalls
C. Password protection
D. Auditing

5. Rose just installed a new search engine on her laptop. Now whenever she searches the
Internet, she gets several pop‐up windows directing her to websites to buy products.
What does Rose have?

A. Phishing
B. Spyware
C. Adware
D. Trojan horse

• The victim will wait for connection to be establish.

• While the victim server is waiting, attacker will send another spoofed
syn packet continuously.

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 3 CS/MEI 2021/ITT320

6. This statement above is referring to _________.

A. UDP flood
B. ICMP flood
C. SYN flood
D. Smurf Attack

7. The ____________ flag contains a carefully constructed cookie, generated a hash that
contains the IP address, port number, and other information from the client machine
requesting the connection. (three-way handshake process).

A. ACK
B. SYN-ACK
C. SYN
D. ACK-SYN

8. The only real safeguard against Ping of Death is to ensure that all ___________ and
_________ are routinely patched. This attack relies on vulnerabilities in the way a
particular operating systems or application handles abnormally large TCP packets.

A. Operating systems, hardware

B. Hardware, anti-virus
C. Operating systems, software
D. Operating systems, anti-virus

9. What is the name for the Denial of Service (DoS) attack that Utilizes the ICMP, which in
the early stage it will sent the package to everyone in the network, and when they want
to reply back they will eventually be sent it to a fake destination (the victim IP address)?

A. SYN flood
B. Smurf attack
C. Ping of death
D. Distributed Denial of Service

10. ___________ seek to avoid SYN floods by changing the way the server allocates
memory for any given connection request. Instead of allocating a complete connection
object, the server is altered so that it only allocates a small-record.

A. SYN Cookies
B. Micro Blocks
C. SYN Blocks
D. RST Blocks

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 4 CS/MEI 2021/ITT320

11. What are the rules that can be used in setting-up the “screening” firewalls?

A. protocol type, source port, destination port, source IP address, destination IP

address
B. source IP address, destination IP address, protocol version, source port, destination
port
C. Inbound rules
D. Outbound rules

12. Why is a Stateful Inspection (SPI) firewall more resistant to flooding attacks?
A. It automatically blocks large traffic from a single IP
B. It requires user authentication
C. It examines each packet in the context of previous packets
D. It examines each packet in the context of next packets

13. State what are the similarities of the characteristics between Application Gateway
firewall and Circuit Level Gateway firewall?
A. Both implement virtual circuit as the proxy
B. Both requires user authentication
C. Both firewalls are a cheap solution to setup
D. Both firewalls enable administrators to specify what applications to be allowed to
run in the network

• Instead of configure the firewall in the operating system itself, this

firewall gives another layer of simple protection at the first line of
defense.

• Mostly, it uses only a simple packet filtering approach and it is very easy

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

 CONFIDENTIAL 5 CS/MEI 2021/ITT320

to configure.

• Suitable for novice administrators

14. The statement above best to describe about _________ firewall:

A. Network host-based
B. Router-based
C. Single home
D. Dual home

15. A Device that can hide the the internal IP addresses is known as _________ .

A. Screened host
B. Bastion firewall
C. Proxy server
D. Proxy router

ANSWER (PART A):

1 A 6 C 11 A
2 A 7 C 12 C
3 D 8 D 13 B
4 A 9 B 14 B
5 C 10 B 15 B

5. PART B (15 MARKS)

QUESTION 1

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 6 CS/MEI 2021/ITT320

a) In configuring a network, they are a few parameters to be identified. Briefly explain

hybrid approach and state the most desirable hybrid approach?

(2 marks)

Answer:

Hybrid approach is combination of multiple security paradigms like combining perimeter

security approach and layered security approach.

b) There are two perspectives in relation to security, they are:

I. First Perspective : There is no real threat

[Link] Perspective : All hackers are experts and out to break into my network

State what is the Difference between the first perspective and second perspective.

(3 marks)
Answer:

For the first perspective different with second:

-Fosters a laissez-faire attitude toward security but second perspective take this as a
crucial situation

-security measures are not put in place until after a breach has occurred but second
perspective already prepared security

-this approach must be avoided at all costs and second perspective is the only one
that we need to approach.

QUESTION 2

Denial of service attack is a most common type of attack, because it is easy to execute.
Even a surveillance with minimal skill also able to perform it. As a network administrator

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

 CONFIDENTIAL 7 CS/MEI 2021/ITT320

it is our task to ensure our network is in the utmost security.

a) State TWO (2) ways that we can do to protect against Smurf Attack.
(3 marks)
Answer:

-configure firewall to disallow incoming the protocols

-maintain virus protection on all clients on network
-use proxy server

b) Discuss why Stateful Packet Inspection (SPI) firewall is one of the easiest ways to
stop a SYN flood attack.

(2 marks)

Answer:

Because it aware of context of packets and makes them less susceptible to flood
attacks since it knows if packet is part of a larger stream and SPI can recognizes
whether source IP is within the firewall

QUESTION 3

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

 CONFIDENTIAL 8 CS/MEI 2021/ITT320

a) Circuit gateway firewall be told that to be more secure compare to application

gateway firewall. Describe in detail what is the advantages of the. Circuit gateway
firewall.

(3 marks)
Answer:

-typicallly implemented on high-end equipment

-virtual circuit is used to pass bytes between client and proxy server
-external users only see the proxy IP not the internal client IP address

b) As the technology advance, the new specification of firewall emerges to support with
the latest needs in the network field. Briefly discuss what is a Hybrid firewall and how
it is operating.
(2 marks)

Answer:

Hybrid firewalls are the combined of others firewall such as stateful packet inspection
(SPI) combined with circuit level gateways. They work together by combining their
abilities to become a more powerful firewall.

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 9 CS/MEI 2021/ITT320

END OF QUESTION PAPER

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL