computer forensic

MODULE TITLE: SECURITY AND FORENSICS
SCHOOL OF COMPUTER SCIENCE & ENGINEERING
EXAM PERIOD: MAY 2020
MODULE CODE: 6COSC002W – 6COSC008C
Question 1
a. A company wants to implement a centralized access control administration method for their
staff. One of their main essential requirements is for the staff to be able to access the system
remotely and while mobile. Which one you would recommend for them. Justify your answer.
(8 marks)
b. Explain how SSH key exchange works and discuss what it can potentially reveal if someone
is sniffing this communication exchange.
(10 marks)
c. What is the difference between intrusion detection system (IDS) and intrusion prevention
system (IPS). Give an example where each should be used.
(7 marks)
Question 2
a. Network level session hijacking attacks allow attackers to remotely take over sessions, usually
undetected. Explain how this attacks happens over a TCP connection and recommend a
solution to protect your network against it.
(12 marks)
b. Identify for each attack below whether it is an active attack or a passive attack. Justify your
answer and briefly recommend a countermeasure for these attacks.
1- Packet sniffing
2- Dictionary attack
(8 marks)
c. There are three different type of viruses, they are system infector, file infector and Data
infector. Explain how system infector works and briefly evaluate its threat level in comparison
with the others.
(5 marks)
©UNIVERSITY OF WESTMINSTER, 2020 2 of 4MODULE TITLE: SECURITY AND FORENSICS
SCHOOL OF COMPUTER SCIENCE & ENGINEERING
EXAM PERIOD: MAY 2020
MODULE CODE: 6COSC002W – 6COSC008C
Question 3
a. It is essential for network administrators to know what is happening in their network. Different security monitoring exist for networks and computer systems.
1- List the various security monitoring types and explain each of them briefly.
(6 marks)
2- What are the different log information you can capture. Identify which of those logs
information is essential to ensure accountability and which is essential to track application
use.
(3 marks)
b. A firewall is an integrated collection of security measures designed to prevent unauthorized
electronic access to a networked computer system. State the different type of firewalls, explaining each briefly.
(9 marks)
c. Security principles tends to follow one of the ten security principles widely used. Explain the
Least privilege and the Separation of privilege principles and give an example where each
should be used.
(7 marks)
©UNIVERSITY OF WESTMINSTER, 2020 3 of 4MODULE TITLE: SECURITY AND FORENSICS
SCHOOL OF COMPUTER SCIENCE & ENGINEERING
EXAM PERIOD: MAY 2020
MODULE CODE: 6COSC002W – 6COSC008C
Question 4
a. Digital evidence is fragile. It can easily be destroyed or tampered with. It is essential for
digital forensics analysts and investigators to handle evidence carefully. Identify what are
the fundamental rules on how to handle evidence.
(6 marks)
b. When it comes to network forensics, forensic analysts need to look within the sources of
Network-Based Evidence. There are many sources of network-based evidence in any environment. Discuss “Evidence in the air” evidence and how much forensics value they hold.
(8 marks)
c. Physical analysis is looking for things that may have been overlooked or are invisible to the
user.
1- Identify the important steps a forensics analyst must undertake to retrieve or access the
hidden and deleted files.
(4 marks)
2- Two important physical locations that should not be overlooked, swap file and unallocated
space. Explain each of those two and identify how they can be used.
(7 marks)
END OF EXAM
©UNIVERSITY OF WESTMINSTER, 2020 4 of
Order Now

Calculate a fair price for your paper

Such a cheap price for your free time and healthy sleep

1650 words
-
-
Place an order within a couple of minutes.
Get guaranteed assistance and 100% confidentiality.
Total price: $78
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?