Assessment item 5 – Final Exam
Value: 50%
Due Date: To be advised
Duration (including Reading, Writing and Technology Allowance): 2 hrs writing + 10 min reading + 15 min tech allow
Exam Type: Online exam
Submission method options: Interact2 Invigilated: Yes
EXAM PENALTIES
Exam Penalties
The penalty for late submission of an exam will only apply to exam options (such as EASTS) that do not include an auto-submit function. It will be a deduction of the maximum marks allocated for the exam equal, in percentage terms, to the extent of the late submission. The extent of the late submission will be determined with reference to the duration of the exam, including all allowances.
Example 1.
An exam with 120 minutes (2 hours) of writing time, 10 minutes of reading time and a 30 minute technology allowance is an exam of 160 minutes duration. If a student submits after 200 minutes, the 40 minutes of excess time represents 25% of the total duration and they would therefore be deducted 25% of the maximum marks available for the subject.
Example 2.
An exam with 2 days (48 hours) of writing time. If a student submits after 60 hours, the 12 hours of excess time represents 25% of the total duration and they would therefore be deducted 25% of the maximum marks available for the subject.
An example of the calculation would be: Maximum marks allocated = 50
Penalty for being 25% in excess of the total duration = 12.5 marks (so, a score of 40/50 becomes 27.5/50 and a score of 25/50 becomes 12.5/50).
Note that the penalties for late submission of an online exam are different to the standard penalties for late submission of an assessment task covered in the Assessment Information section below.
REQUIREMENTS
Your exam will be an open book, time-limited online exam with invigilation conducted by CSU staff via Zoom. You will need access to a webcam and microphone. The exam will be timetabled as per normal and you will be notified of your scheduled time via the exams office. The exam questions will be available from an interact 2 test within your interact 2 site. The link to your exam within Interact 2 will become active at the time specified in the exam timetable. Once you have completed your exam, you will submit your answers to the online test as per the details below. Detailed information about online proctored exams is available from the following link:
https://www.csu.edu.au/current-students/learning-resources/information-planning/exams/online- invigilated
What you can have in your online Zoom exam One desktop computer or laptop.
Working built-in or external webcam and microphone. Photo ID.
More than one browser opened to sit your exam.
Other documents/applications opened on your computer/laptop. Have a bottle of water.
Prepare a sufficient number of blank A4 pages to plan answers and work through questions. Books and notes.
Only use the chat function in Zoom to let your invigilator know if you’re having any technical problems or need to use the bathroom. Chat with other students will be disabled.
What to remove from your desk and exam room before your exam
Computing devices other than a calculator and the device used to sit your exam. Mobile phones or other electronic communication devices (including smart glasses). iPads, tablets and MP3 music/media devices.
Watches of any kind, including standard watches, smartwatches, hybrid watches and fitness trackers. Briefcases, bags, attaché cases, shopping bags, backpacks or similar.
The time allocated to complete the exam is 10 minutes reading time + 2 hours writing time + 15 minutes technology allowance. The technology allowance gives you extra time to deal with the different test conditions (e.g., making allowances for typing speed, slow internet, etc.). You are allowed to answer questions in your test for the whole allocated time. The test will be automatically submitted when that time is up. It is your responsibility to ensure that questions are completed by that stage.
Multiple choice questions will be randomised.
Text-based questions can be typed directly into the allocated text field in the i2 test. You can NOT handwrite answers and cannot upload external files.
The exam will disable copy/paste and spell checker.
Academic integrity is important (https://www.csu.edu.au/current-students/learning-resources/build- your-skills/academic-integrity). Thus various checks will be used to look for academic misconduct. Written answers will be processed by turnitin to look for similarities to web sources and other students’ submissions. Uploaded files will be compared for similarities. IP addresses will be recorded to detect collusion and impersonation. You may be interviewed to explain why you answered questions in certain ways. Penalties for academic misconduct are severe. Also, people who make money from academic misconduct do often resort to blackmail to make more money from their victims.
The sample exam is a guide to the style and format of your final exam. Additionally, there will be an example test to help you become familiar with how the i2 test system works.
The examination consists of:
10 Multiple Choice Questions 8 Short answer questions.
Sample Exam paper:
Charles Sturt University
School of Computing and Mathematics Examination Exams Session XX, 20XX ITC578 Dark Web [Sample Exam format]
WRITING TIME: 2 hours plus 10 minutes reading time and 15 minutes technology allowance.
Writing is permitted during the reading time
NUMBER OF QUESTIONS: Part A – 10 Multiple Choice Questions
Part B – 8 Short answer questions
VALUE: 50%
PART A: MULTIPLE CHOICE (10 marks)
Instructions:
• For each question, select the single best response from the options given.
• There is no negative marking for incorrect answer. Attempt all questions. All questions have equal value (1 mark each).
1. The international standard for rating the security of a computer system is called:
a. The Common Criteria
b. The Universal Criteria
c. The Trusted Evaluation Criteria
d. The Orange Book Standard
2. Which of the following types of the password is the most secure against eavesdropping?
a. A one-time password
b. A password that has been hashed
c. A password that has been randomly generated
d. A password that contains a mixture of upper and lower case letters, and digits
3. Techniques used for deciphering a message without any knowledge of the enciphering details is called –
a. blind deciphering
b. cryptanalysis
c. transposition
d. steganography
4. “Release of message contents to any person or process not possessing the appropriate cryptographic key” is a called –
a. sequence modification attack
b. disclosure attack
c. source repudiation attack
d. content modification attack
5. Which mechanism assures that a received packet was in fact transmitted by the party identified as the source in the packet header and assures that the packet has not been altered in transit.
a. Security
b. key management
c. authentication
d. confidentiality
6. Which approach is unsuitable for a connectionless type of application because it requires the overhead of a handshake before any connectionless transmission, effectively negating the chief characteristic of a connectionless transaction.
a. Replay
b. timestamp
c. challenge-response
d. backward reply
7. Which one of the following is a secret entry point into a program that allows someone who is aware of it to gain access without going through the usual security access procedures?
a. backdoor
b. Multipartite
c. hatch
d. Trojan horse
8. Which one of the following attacks makes computer systems inaccessible by flooding servers, networks, or even end-user systems with useless traffic so that legitimate users can no longer gain access to those resources?
a. PWC
b. Backdoor
c. DDoS
d. Flooder
9. What antivirus programs are memory resident programs that identify a virus by its actions rather than its structure in an infected program?
a. Second-generation
b. First-generation
c. Fourth-generation
d. Third-generation
10. The most promising approach to improved password security is-
a. computer-generated passwords
b. a reactive password checking strategy
c. user education
d. a proactive password checker
PART B: SHORT ANSWER (40 marks)
Instructions:
• Attempt all questions, each question has an equal value (5 marks each).
1. Describe with example the main differences between Cyberwar and cybercrime.
2. Briefly describe, with an example, the malicious software. What is the role of encryption in the operation of a virus?
3. Explain why does PGP generate a signature before applying compression and encrypt the message after applying compression.
4. Explain how address-based authentication works. Is this a secure authentication technique? Why or why not?
5. Describe the different classes of digital certificates and their uses.
6. Briefly describe, with an example, the malicious software. What is the role of encryption in the operation of a virus?
7. What is extortion? How do criminals engage in online extortion?
8. Explain the difference between the traditional and contemporary methods used by organized crime groups.
END OF EXAMINATION
MARKING CRITERIA AND STANDARDS
Marks will be awarded based on:
• appropriate application of facts, principles and concepts;
• an accurate expression of ideas;
• the correctness of answers;
• inclusion of appropriate figure(s), if applicable; and
• the use of appropriate techniques.
The following marking rubric will be the guideline for marking.
MCQ (Multiple choice questions)
All questions are worth equal marks and each question is worth 1 mark.
Short Answer Questions
Criteria HD DI CR PS
Demonstrate Demonstrate an Demonstrate an Demonstrate an Demonstrate an
an ability to ability to ability to ability to analyse, ability to analyse,
analyse, analyse, reason analyse, reason reason and discuss reason and discuss
reason and and discuss the and discuss the the concepts to most concepts to
discuss the concepts to draw concepts to draw draw justified draw justified
concepts justified justified conclusions that conclusions that
learned in the conclusions that conclusions that are generally are generally
subject (This are logically are logically logically logically supported
includes supported by supported by supported by by examples and
content from examples and examples and examples and best best practice. The
online best practice. best practice. practice. The answers are
meetings, Answers The answers are answers are partially structured
textbook succinctly logically generally logically into loosely-linked
chapters, integrate and structured to structured to rudimentary
modules, link information create a cohesive create a sentences to create
readings and into a cohesive and coherent comprehensive, a comprehensive,
forum and coherent piece of analysis mainly descriptive descriptive piece
discussions) piece of analysis that consistently piece of analysis. of analysis. Some
and consistently use correct Some use of use of correct
use correct security correct security security
security terminologies and sophisticated language. terminologies. terminologies. terminologies.