Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
5 September 2018
Marking Scheme
This marking scheme has been prepared as a guide only to markers. This is not a set of
model answers, or the exclusive answers to the questions, and there will frequently be
alternative responses which will provide a valid answer. Markers are advised that, unless a
question specifies that an answer be provided in a particular form, then an answer that is
correct (factually or in practical terms) must be given the available marks.
If there is doubt as to the correctness of an answer, the relevant NCC Education materials
should be the first authority.
Where markers award half marks in any part of a question, they should ensure
that the total mark recorded for the question is rounded up to a whole mark.
Answer ALL questions
Marks
Question 1
b) The Feistel Cipher is a scheme used by almost all modern block ciphers. Explain 5
the FIVE (5) steps that are carried out in a Feistel Cipher.
▪ The input is broken into two equal size blocks, generally called left
(L) and right (R), which are then repeatedly cycled through the
algorithm.
▪ At each cycle, a function (f) is applied to the right block and the key,
and the result is XORed into the left block.
▪ The blocks are then swapped.
▪ The XORed result becomes the new right block and the unaltered
right block becomes the left block.
▪ The process is then repeated a number of times.
c) Explain what is meant by a brute force attack and state the best defence to 3
ensure an attack is not successful.
▪ A brute force attack tries every possible key (1 mark) until correct
translation of the encrypted text into plaintext is obtained (1 mark)
▪ Strong passwords (1 mark)
Total 10 Marks
Page 2 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 2
a) Public Key Encryption uses two keys. A public key and a private key. State how 2
these two keys are used during the encryption and decryption process.
Messages are encrypted with the recipient's public key (1 mark) and
can only be decrypted with the corresponding private key (1 mark)
b) Public Key Infrastructure (PKI) is a security architecture that has been introduced 3
to provide an increased level of confidence for exchanging information. There are
three main applications used in PKI. State the THREE (3) applications.
c) There are several benefits to using PKI. State the FIVE (5) main benefits. 5
Total 10 Marks
Page 3 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 3
Application Application
Transport
Internet
Host-to-network
(Link/Physical/
Network Interface) Physical
Award 1 mark for each correctly named element placed in the correct
position within the diagram.
Application
Presentation
Session
Transport
Network
Data Link
Physical
b) Internet Protocol Security (IPSec) provides security at the IP layer for other 5
TCP/IP protocols and applications to use. One IPSec Core Protocol is the IPSec
Authentication Header (AH). State FOUR (4) actions the AH provides and
provide the full name for the other core protocol ESP.
Page 4 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 4
▪ digital signatures
▪ certificate signing
▪ encipher or decipher only
▪ key encipherment
▪ data encipherment
b) The data in a digital certificate usually conforms to the ITU (IETF) standard 5
X.509. The certificate includes specific information. State FIVE (5) pieces of
information that can be included.
Total 10 Marks
Page 5 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 5
b) There are many ways in which a system or network can be vulnerable. State the 5
FIVE (5) elements that can cause a vulnerability.
c) State TWO (2) tools that can be used by a system administrator to test for 2
vulnerabilities.
▪ Penetration testing
▪ Vulnerability scanners (accept Port Scanner)
Total 10 Marks
Page 6 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 6
a) The National Institute of Standards and Technology (NIST) sets out three 3
security objectives (FIPS199). State the THREE (3) objectives.
▪ Confidentiality: Preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy
and proprietary information.
▪ Integrity: Guarding against improper information modification or
destruction, including ensuring information non-repudiation and
authenticity.
▪ Availability: Ensuring timely and reliable access to and use of
information.
▪ A plan that includes: (max 1 mark for stating ‘A plan’ or for one of the
following)
o Staff with key responsibilities
o Policies for system use
o Methods for dealing with security breaches
▪ Technology – software and hardware (1 mark)
▪ User vigilance – acceptable use policies and training of staff (1 mark)
▪ Back up data - allows for data recovery in the event that data is
deleted or corrupted
▪ Have strong access control mechanisms
▪ Password protect documents
▪ Encrypt files
▪ Encrypt disks
Total 10 Marks
Page 7 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 7
b) There are several types of IDS. State FOUR (4) types of IDS. 4
Total 10 Marks
Page 8 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 8
a) State what the acronym VPN stands for and explain what it is. 4
▪ IP Security (IPsec)
▪ Point-to-Point Tunneling Protocol (PPTP)
▪ Layer 2 Tunneling Protocol (L2TP)
Total 10 Marks
Page 9 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 9
Explain how the Standalone access point architecture operate, manage security
and configuration.
Total 10 Marks
Page 10 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Question 10
a) Firewalls are one of the most common and effective security tools for a network. 3
State THREE (3) Traffic blocking rules that can be administered.
▪ Words or phrases
▪ Domain names
▪ IP addresses
▪ Ports
▪ Protocols (e.g. FTP)
b) Imagine you are the IT Manager for an organisation that has decided to use 7
remote access. You have been asked to outline the best practice security
measures the organisation will need to put in place. State SEVEN (7) security
measures you would advise the organisation will need.
Total 10 Marks
End of paper
Page 11 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Learning Outcomes matrix
Page 12 of 13
Network Security and Cryptography © NCC Education Limited 2018
Marks
Grade descriptors
Page 13 of 13
Network Security and Cryptography © NCC Education Limited 2018