Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
13 views9 pages

Software Vulnerability

The document provides detailed answers for a mid-semester exam on Secure Software Design and Enterprise Computing, covering software vulnerabilities, DHCP, and directory services like Active Directory and DNS. It explains software vulnerabilities, their identification methods, and the role of DHCP in simplifying IP address management. Additionally, it outlines the functions of Active Directory for centralized management and the steps for installing and configuring a DNS server in a corporate environment.

Uploaded by

rozaseyoum26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views9 pages

Software Vulnerability

The document provides detailed answers for a mid-semester exam on Secure Software Design and Enterprise Computing, covering software vulnerabilities, DHCP, and directory services like Active Directory and DNS. It explains software vulnerabilities, their identification methods, and the role of DHCP in simplifying IP address management. Additionally, it outlines the functions of Active Directory for centralized management and the steps for installing and configuring a DNS server in a corporate environment.

Uploaded by

rozaseyoum26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Here is a detailed answer for Q2 (total 10 marks) from your Secure Software

Design and Enterprise Computing mid-semester exam:

---

Q2 (a) What are software vulnerabilities? How are they identified? (2 marks)

Definition:

A software vulnerability is a flaw, weakness, or misconfiguration in software


code or logic that can be exploited by attackers to compromise system
security.

Common Vulnerabilities:

SQL Injection

Cross-Site Scripting (XSS)

Buffer Overflows

Broken Authentication

Insecure Deserialization

Identification Methods:
1. Static Application Security Testing (SAST):

Scans source code without running it.

Detects code-level issues early in development.

Example tools: SonarQube, Fortify.

2. Dynamic Application Security Testing (DAST):

Analyzes a running application.

Finds runtime issues such as XSS, CSRF.

Tools: OWASP ZAP, Burp Suite.

3. Software Composition Analysis (SCA):

Identifies known vulnerabilities in open-source libraries.

Tools: Snyk, Black Duck.


4. Penetration Testing:

Manual or automated simulation of real attacks to find exploitable flaws.

5. Manual Code Reviews:

Security experts inspect source code for design flaws or insecure logic.

---

Q2 (b) What is DHCP and how does it simplify IP address management in


large networks? (3 marks)

Definition:

DHCP (Dynamic Host Configuration Protocol) is a network protocol used to


automatically assign IP addresses and other network configuration details
(e.g., subnet mask, gateway, DNS) to devices in a network.

How it Works:
1. Client Broadcasts Request: When a device joins a network, it sends a
DHCPDISCOVER request.

2. DHCP Server Responds: Offers an IP address with a DHCPOFFER.

3. Client Accepts: Sends a DHCPREQUEST.

4. Server Confirms: Sends a DHCPACK with assigned IP and configuration.

Advantages in Large Networks:

Automated IP Management: Reduces manual configuration effort.

Avoids IP Conflicts: Tracks and assigns unique IPs.

IP Leasing: Frees up unused IPs by assigning them temporarily.

Scalability: Handles thousands of devices without admin intervention.


Example: In a university campus, DHCP assigns IPs to all student laptops
without manual setup.

---

Q2 (c) (Option 1): Explain a directory service and how does Active Directory
facilitate centralized management in an enterprise network? (5 marks)

What is a Directory Service?

A directory service is a network service that stores, organizes, and provides


access to information about users, computers, and other resources.

Active Directory (AD):

AD is Microsoft’s directory service that enables:

Centralized Authentication: Users log in from any system using a single


account.

Resource Management: Admins manage computers, printers, folders, etc.

Group Policy Management: Enforces security and operational policies (e.g.,


password strength, software restrictions).

Hierarchy: Organizes resources into domains, trees, and forests.


Key Features:

User and Group Management

Organizational Units (OUs) for delegation

Access Control with ACLs

LDAP Protocol support

Example Scenario:

In a corporate office, AD:

Allows HR staff to access HR systems only.

IT admins can reset passwords and manage software deployment for all
departments.

Automatically locks out users after failed login attempts.

---
OR

Q2 (c) (Option 2): Describe the process of installing and configuring a DNS
server in a corporate environment. What key settings need to be defined? (5
marks)

What is DNS?

DNS (Domain Name System) translates human-readable domain names (like


intranet.company.com) to IP addresses.

Installation Steps:

1. Install DNS Server Role: On Windows Server (via Server Manager) or Linux
(e.g., BIND).

2. Create DNS Zones:

Forward Lookup Zone: Resolves domain names to IPs.

Reverse Lookup Zone: Resolves IPs to domain names.

3. Define DNS Records:

A (Address) Record: Maps a domain to an IP.


MX (Mail Exchange): Points to mail servers.

CNAME (Alias): Maps one domain name to another.

4. Configure Forwarders: Use external DNS for queries not in internal zone.

5. Enable Logging and Security: Set ACLs and logging for audit.

Key Settings to Define:

Primary or Secondary Role

Zone Transfer Permissions

Time-to-Live (TTL) Values

Dynamic Updates

Root Hints or Forwarders


Example Use in Company:

Employees can access finance.company.com without memorizing IPs. DNS


also helps configure internal email and domain-based logins.

---

Let me know if you'd like a diagram or example configuration for DHCP, AD,
or DNS.

You might also like