Scribd
Upload
23 views

HNDSE 21.1F Software Security

Uploaded by

gunarathneisuri11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views

HNDSE 21.1F Software Security

Uploaded by

gunarathneisuri11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

NATIONAL INSTITUTE OF BUSINESS MANAGEMENT

School of Computing
Higher National Diploma in Software Engineering 21.1F
Software Security
Time allowed: Three hours 04th October 2022, 0900-1200h
INSTRUCTIONS TO CANDIDATES:

• This paper contains 5 questions. Answer ALL questions.


• The total marks obtainable for this examination is 100.
• This examination accounts 50% for the course assessments.
• This is a closed book examination.
• All calculators are not allowed.

1.
a. Explain the value of applying software security?

(4 Marks)
b. What is symmetric encryption?

(4 Marks)
c. What is DES?

(4 Marks)
d. Explain the drawbacks of DES?

(4 Marks)
e. Explain asymmetric encryption?
(4 Marks)

2.
a. What is database security?
(4 Marks)
b. What is Identity Theft?

(4 Marks)

c. What are the different levels of data security?


(4 Marks)

Page 1 of 3
d. What is mean by authentication?
(4 Marks)

e. What are the attacks of access control?


(4 Marks)

3.
a. What is the purpose of using “cookies” on web applications?
(5 Marks)
b. Explain different HTTP methods of REST protocol communication?
(5 Marks)
c. What are the 3 mechanisms of Data Validations?
(5 Marks)

d. What are the best practices which you can use for input validations? Explain your
answer based on a few scenarios.
(5 Marks)

4.
a. Explain the importance of having a clean code with 3 examples?
(4 Marks)
b. What is database security?
(4 Marks)

c. Write a simple regular expression to validate the below pattern (an SSN number)?
E.g, 423-56-3454 (4 Marks)

d. What is the purpose of using “session” on a web application? Provide an example

(4 Marks)
e. What are the different types of DOS attacks?

(4 Marks)

Page 2 of 3
5.
a. What is represented by the CIA in software security (or computer security)

(4 Marks)

b. Explain why implementing software security is challenging (2 reasons)

(4 Marks)

c. What is the main difference between passive and active attacks?

(4 Marks)

d. Prevention, Detection, and Recovery are the three means used to deal with
security attacks. Briefly explain each of these three means.
(4 Marks)

e. In detail explain why prevention is not sufficient, and why all these three should
be implemented in every software?
(4 Marks)

Page 3 of 3

You might also like