Network Security and Cryptography

5 September 2018

Marking Scheme
This marking scheme has been prepared as a guide only to markers. This is not a set of
model answers, or the exclusive answers to the questions, and there will frequently be
alternative responses which will provide a valid answer. Markers are advised that, unless a
question specifies that an answer be provided in a particular form, then an answer that is
correct (factually or in practical terms) must be given the available marks.

If there is doubt as to the correctness of an answer, the relevant NCC Education materials
should be the first authority.

Throughout the marking, please credit any valid alternative point.

Where markers award half marks in any part of a question, they should ensure
that the total mark recorded for the question is rounded up to a whole mark.
 Answer ALL questions

Marks
Question 1

a) Encryption is used to convert readable plain-text to cypher-text to ensure it is 2

obscured if it is intercepted. State the TWO (2) mechanisms used during this
process.

A key (1 mark) and an algorithm (1 mark)

b) The Feistel Cipher is a scheme used by almost all modern block ciphers. Explain 5
the FIVE (5) steps that are carried out in a Feistel Cipher.

Award a maximum of 5 marks for including any of the following:

▪ The input is broken into two equal size blocks, generally called left
(L) and right (R), which are then repeatedly cycled through the
algorithm.
▪ At each cycle, a function (f) is applied to the right block and the key,
and the result is XORed into the left block.
▪ The blocks are then swapped.
▪ The XORed result becomes the new right block and the unaltered
right block becomes the left block.
▪ The process is then repeated a number of times.

c) Explain what is meant by a brute force attack and state the best defence to 3
ensure an attack is not successful.

Award up to a maximum of 3 marks:

▪ A brute force attack tries every possible key (1 mark) until correct
translation of the encrypted text into plaintext is obtained (1 mark)
▪ Strong passwords (1 mark)

Total 10 Marks

Page 2 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 2

a) Public Key Encryption uses two keys. A public key and a private key. State how 2
these two keys are used during the encryption and decryption process.

Messages are encrypted with the recipient's public key (1 mark) and
can only be decrypted with the corresponding private key (1 mark)

b) Public Key Infrastructure (PKI) is a security architecture that has been introduced 3
to provide an increased level of confidence for exchanging information. There are
three main applications used in PKI. State the THREE (3) applications.

▪ Encryption/decryption: the sender encrypts a message with the

recipient’s public key. (1 mark)
▪ Digital signature (authentication): the sender “signs” the message
with its private key; a receiver can verify the identity of the sender
using sender’s public key. (1 mark)
▪ Key exchange: both sender and receiver cooperate to exchange a
(session) key. (1 mark)

c) There are several benefits to using PKI. State the FIVE (5) main benefits. 5

▪ Certainty regarding the quality of information transmitted

electronically (1 mark)
▪ Certainty of the source and destination of such information (1 mark)
▪ Assurance of the time and timing of such information (1 mark)
▪ Certainty of the privacy of such information (1 mark)
▪ Assurance that such information may be used as evidence in a court
of law (1 mark)

Total 10 Marks

Page 3 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 3

a) Below is a diagram of the TCP/IP model. Complete the corresponding diagram to 5

show how the OSI 7 layer model compares.

Application Application

Transport

Internet
Host-to-network
(Link/Physical/
Network Interface) Physical

Award 1 mark for each correctly named element placed in the correct
position within the diagram.

Application

Presentation

Session
Transport
Network

Data Link

Physical

b) Internet Protocol Security (IPSec) provides security at the IP layer for other 5
TCP/IP protocols and applications to use. One IPSec Core Protocol is the IPSec
Authentication Header (AH). State FOUR (4) actions the AH provides and
provide the full name for the other core protocol ESP.

Award 1 mark for any of the following points. Maximum of 4 marks.

▪ Provides authentication services
▪ Verifies the originator of a message
▪ Verifies that the data has not been changed on route
▪ Provides protection against replay attacks
Award 1 for ESP = Encapsulating Security Payload
Total 10 Marks

Page 4 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks

Question 4

a) A digital certificate issued by a public Certificate Authority will contain information 5

in the key usage field of the certificate. This means that the private key may be
used for specific purposes. State FIVE (5) specific purposes.

▪ digital signatures
▪ certificate signing
▪ encipher or decipher only
▪ key encipherment
▪ data encipherment

b) The data in a digital certificate usually conforms to the ITU (IETF) standard 5
X.509. The certificate includes specific information. State FIVE (5) pieces of
information that can be included.

Award 1 mark for each bullet point up to a max of 5 marks.

▪ the identity of the owner of the corresponding private key

▪ the length of the key
▪ the algorithm used by the key
▪ the associated hashing algorithm
▪ dates of validity of the certificate
▪ the actions that the key can be used for

Total 10 Marks

Page 5 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 5

a) A security vulnerability is a flaw or a weakness in a system or network that allows 3

an attack to harm the system or network in some way. State THREE (3) ways a
system or network can be attacked or harmed.

Award a maximum of 3 marks for including any of the following;

▪ Allowing an unauthorised user to access the system or network (1
mark)
▪ Causing a deterioration in the performance of the system or network
(1 mark)
▪ Damaging or altering the data held by a system or network (1 mark)

b) There are many ways in which a system or network can be vulnerable. State the 5
FIVE (5) elements that can cause a vulnerability.

▪ Software - flaws in new software, not tested sufficiently before

deployment (1 mark)
▪ Hardware – dust (1 mark)
▪ Organisation procedures – poor password policy, lack of audits (1
mark)
▪ Personnel – not training staff properly (1 mark)
▪ Physical environment – no physical access controls, risks from
flooding (1 mark)

c) State TWO (2) tools that can be used by a system administrator to test for 2
vulnerabilities.

Award 1 mark for each:

▪ Penetration testing
▪ Vulnerability scanners (accept Port Scanner)

Total 10 Marks

Page 6 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 6

a) The National Institute of Standards and Technology (NIST) sets out three 3
security objectives (FIPS199). State the THREE (3) objectives.
▪ Confidentiality: Preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy
and proprietary information.
▪ Integrity: Guarding against improper information modification or
destruction, including ensuring information non-repudiation and
authenticity.
▪ Availability: Ensuring timely and reliable access to and use of
information.

b) Provide THREE (3) ways to prevent unauthorised access to a system or network. 3

Award 1 mark for each bullet point up to a maximum of 3 marks:

▪ A plan that includes: (max 1 mark for stating ‘A plan’ or for one of the
following)
o Staff with key responsibilities
o Policies for system use
o Methods for dealing with security breaches
▪ Technology – software and hardware (1 mark)
▪ User vigilance – acceptable use policies and training of staff (1 mark)

c) As a precautionary measure, data should be protected. State FOUR (4) ways to 4

protect data.

Award 1 mark for including any of the following, or a suitable alternative:

▪ Back up data - allows for data recovery in the event that data is
deleted or corrupted
▪ Have strong access control mechanisms
▪ Password protect documents
▪ Encrypt files
▪ Encrypt disks

Total 10 Marks

Page 7 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 7

a) Intrusion Detection Systems (IDS) can be used to help monitor a system or 3

network. State THREE (3) ways they provide protection.

Award 1 mark for each bullet point up to a maximum of 3 marks:

▪ Monitors network traffic for suspicious activity (1 mark)

▪ Alerts the network administrator if suspicious activity discovered (1
mark)
▪ May also respond to suspicious traffic by: (1 mark for either of the
following)
o blocking the user from accessing the network
o blocking the IP address from accessing the network
▪ Different types that use different methods to detect suspicious
activity (1 mark)

b) There are several types of IDS. State FOUR (4) types of IDS. 4

▪ Network based intrusion detection systems (NIDS) (1 mark)

▪ Host based intrusion detection systems (HIDS) (1 mark)
▪ IDS that look for signatures of known threats (1 mark)
▪ IDS that compare traffic patterns against a network baseline and look
for anomalies in the patterns (1 mark)

c) State THREE (3) disadvantages to using an IDS. 3

Award 1 mark for each bullet point up to a maximum of 3 marks:

▪ Can be prone to false alarms (1 mark)

▪ Must be correctly set up to recognize what is normal traffic on the
network (1 mark)
▪ Network administrators and users must: (1 mark for either of the
following)
o Understand the alerts
o Know the most effective course of action upon receiving an
alert

Total 10 Marks

Page 8 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 8

a) State what the acronym VPN stands for and explain what it is. 4

Virtual Private Network (1 mark)

1 mark for each of the following bullet points up to a max of 3 marks

▪ A private network that uses public telecommunication, such as the
Internet, instead of leased lines to communicate
▪ Remote network communication via the Internet
▪ Used by companies/organisations who want to communicate
confidentially
▪ Two parts:
o Protected or “inside” network
o “Outside” network or segment (less trustworthy)

b) Explain how a VPN uses the following: 4

▪ Connections
▪ Datagrams
▪ Firewalls
▪ Protocols

Award 1 mark for each of the following:

▪ Two connections - one is made to the Internet and the second is

made to the VPN (1 mark)
▪ Datagrams - contain data, destination and source information (1
mark)
▪ Firewalls - VPNs allow authorised users and data to pass through the
firewalls (1 mark)
▪ Protocols - protocols create the VPN tunnels that allow a private
connection over a public network (1 mark)

c) State TWO (2) of the main protocols used by a VPN. 2

Award 1 mark for any of the following (max 2 marks):

▪ IP Security (IPsec)
▪ Point-to-Point Tunneling Protocol (PPTP)
▪ Layer 2 Tunneling Protocol (L2TP)

Total 10 Marks

Page 9 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 9

a) When planning a wireless network you need to determine which WLAN 3

architecture to adopt. Architecture comes in two main categories:
▪ Standalone access points
▪ Centrally coordinated access points

Explain how the Standalone access point architecture operate, manage security
and configuration.

Award 1 mark for each bullet point up to a maximum of 3 marks:

▪ All access points operate independently (1 mark)

▪ Encryption/decryption at the access point (1 mark)
▪ Each access point has its own configuration file (1 mark)
▪ Large networks rely on a management application (1 mark)
▪ Network configuration is static and does not respond to changing
network conditions (1 mark)

b) State FIVE (5) aspects handled by a centralised controller in a Centrally 5

coordinated access point architecture.

Award 1 mark for each of the following, max 5 marks

▪ Roaming
▪ Authentication
▪ Encryption/decryption
▪ Load balancing
▪ RF monitoring
▪ Performance monitoring
▪ Location services

c) State TWO (2) benefits of using a Centrally coordinated access point 2

architecture.

Award 1 mark for each bullet point up to a maximum of 2 marks:

▪ Lower operational costs.

▪ Ease of deployment and management
▪ Greater availability
▪ Easier to respond to changes in the network performance
▪ Better return on investment
▪ Fast client roaming
▪ Better Quality-of-Service

Total 10 Marks

Page 10 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Question 10

a) Firewalls are one of the most common and effective security tools for a network. 3
State THREE (3) Traffic blocking rules that can be administered.

Award 1 mark for each of the following, max 3 marks

▪ Words or phrases
▪ Domain names
▪ IP addresses
▪ Ports
▪ Protocols (e.g. FTP)

b) Imagine you are the IT Manager for an organisation that has decided to use 7
remote access. You have been asked to outline the best practice security
measures the organisation will need to put in place. State SEVEN (7) security
measures you would advise the organisation will need.

Award 1 mark for each of the following, max 7 marks

▪ Firewalls
▪ Anti-virus software
▪ Updates and patches
▪ Security policies and procedures
▪ Staff training
▪ IDS
▪ Vulnerability scanning
▪ Separating web server, database server, etc.

Total 10 Marks

End of paper

Page 11 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Learning Outcomes matrix

Question Learning Outcomes Marker can differentiate

assessed between varying levels of
achievement
1 1 Yes
2 2 and 4 Yes
3 3 Yes
4 4 Yes
5 6 Yes
6 5 Yes
7 5 Yes
8 8 Yes
9 9 Yes
10 7 and 8 Yes

Page 12 of 13
Network Security and Cryptography © NCC Education Limited 2018
 Marks
Grade descriptors

Learning Outcome Pass Merit Distinction

Understand the Demonstrate Demonstrate Demonstrate highly
most common types adequate robust comprehensive
of cryptographic understanding of understanding of understanding of
algorithm common types of common types of common types of
cryptographic cryptographic cryptographic
algorithm algorithm algorithm
Understand the Demonstrate Demonstrate Demonstrate highly
Public-key adequate level of robust level of comprehensive level
Infrastructure understanding understanding of understanding
Understand security Demonstrate Demonstrate Demonstrate highly
protocols for adequate robust comprehensive
protecting data on understanding of understanding of understanding of
networks security protocols security protocols security protocols
Be able to digitally Demonstrate ability Demonstrate ability Demonstrate ability to
sign emails and files to perform the task to perform the task perform the task to
consistently well the highest standard
Understand Demonstrate Demonstrate Demonstrate highly
Vulnerability adequate level of robust level of comprehensive level
Assessments and understanding understanding of understanding
the weakness of
using passwords for
authentication
Be able to perform Demonstrate ability Demonstrate ability Demonstrate ability to
simple vulnerability to perform the task to perform the task perform the task to
assessments and consistently well the highest standard
password audits
Be able to configure Demonstrate Demonstrate Demonstrate highly
simple firewall adequate level of robust level of comprehensive level
architectures understanding and understanding and of understanding and
ability ability ability
Understand Virtual Demonstrate Demonstrate Demonstrate highly
Private Networks adequate level of robust level of comprehensive level
understanding understanding of understanding
Be able to deploy Demonstrate ability Demonstrate ability Demonstrate ability to
wireless security to perform the task to perform the task perform the task to
consistently well the highest standard

Page 13 of 13
Network Security and Cryptography © NCC Education Limited 2018