Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Component: 002
Duration: 2 hours
Page 1 of 3
[Attempt ANY 5 questions ONLY]
1 (a) List four attributes which a security tester should possess. (4 marks)
i. Hacker (3 marks)
ii. Penetration Tester (3 marks)
2 (a) What are TCP flags and why are they used? (3 marks)
(c) How is Internet Control Protocol (ICMP) used by security professional? Give an
example. (4 marks)
4 (a) Social engineers use many different tactics in their attempt to gain information from
unsuspected people. Using suitable examples describe each of the following common
tactics:
i. Urgency (2 marks)
ii. Quid pro quo (2 marks)
iii. Status quo (2 marks)
iv. Kindness (2 marks)
v. Position (2 marks)
5 (a) Using suitable examples distinguish between open ports, closed ports and filtered ports,
which are reported by scanning programs. (6 marks)
(c) Give one reason why security testers conduct enumeration. (2 marks)
Page 2 of 3
6 (a) Why are rootkits that infect a device’s firmware considered the biggest threat to any OS
(embedded or general-purpose)? (6 marks)
7 (a) What type of information can be gathered by wardriving? Provide three examples.
(6 marks)
8 (a) Give three reasons why embedded OSs are more likely to have unpatched security
vulnerabilities than general-purpose OSs? (6 marks)
[End of Paper]
Page 3 of 3