32548-48730, Cybersecurity, Spring 2023

Final written exam information and Sample Exam questions

Final written exam Information:

The final written exam is 2.0-hour duration and will be held on Monday, 13th November 2023. The exam will be conducted by UTS Exam Unit and will be held online at UTS CANVAS. Please check your exam information at UTS Exam Timetable. This is the link published by UTS Exam as Exam TimeTable-Guide.https://www.uts.edu.au/current-students/managing-your-course/classes-and- assessment/exams/exam-timetable-guide

Also, check the announcement at CANVAS as well the information provided in Week-12, Class Revision slides. There will be Five main questions in the final written exam and each of them will have several sub questions. You must read all lecture notes, text and any reference materials provided to you in order to answer these questions. For each question, your answer should be short, concise and neatly presented. Below is a set of sample questions based on the topics we covered in this subject. Please work through them and get an understanding, the right way to answer and what you should write for each question. Remember, these are only sample questions. Also, practice the review questions for each lecture notes given to you.

Good Luck!!!

Sample Exam questions for 32548-48730, Cybersecurity

Question 1:

a. Briefly, explain how Cybersecurity is different from Network Security? How authorization is different from access control? [7 mark]

b. Mention four important techniques which can be applied to reduce the frequency of security incidents. [5 mark]

      c. How could the hackers breach integrity of data? [8 mark]

Question 2:

a. What concerns do business stakeholders have about Cyber risk?

b. Briefly explain the difference between Cyber risks and Cyber Governance. c. Explain how same site cookie may help preventing CSRF attack?

[6 mark] [7 mark] [7 mark]

Question 3:

a. Briefly explain different types of cookies used by web servers? For a given domain, feit.uts.edu.au,

explain who can set the cookie and how?

b. What is DoS attack? What are the general symptoms?

c. What is URL obfuscation? What security threats does it present?

[6 mark] [7 mark] [7 mark]

Question 4:

a. What information are required to verify certificates between the TLS client and server? What is certificate revocation? [8 mark]

b. What is version Rollback attack? Briefly explain the significance of Heartbeat protocol. [6 mark]

c. Briefly explain the methods to defend against session hijacking. How Botnet can be demonstrated as a

case for DDOS?

Question 5:

a. Briefly explain how TPM is helpful providing host security?

b. Explain the differences between anomaly-based IDS and signature-based IDS?

c. What is an insider attack? Briefly describe the defence mechanisms to protect against known insider

attacks.

Question 6:

a. Name the major data encryption and security protocols used by wireless networks?

b. State some of the major threats related to Wireless security.

c. Which is generally safer between a firewall with a “default deny” policy or a firewall with a “default allow “policy? Why? [7 mark]

[6 mark]

[8 mark] [6 mark]

[6 mark]

[8 mark] [5 mark]