December 28, 2022

TUESDAY: 6 December 2022. Afternoon Paper. Time Allowed: 2 hours. Answer ALL questions by indicating the letter (A, B, C or D) that represents the correct answer. This paper is made up of fifty (50) Multiple Choice Questions. Each question is allocated two (2) marks. 1. Which of the following is a tool that inspects an application code to estimate the way it behaves while running? A. Dynamic analysis B. Static analysis C. Scanning analysis D. Maintenance analysis 2. During network security penetration testing, the results of the penetration test are compiled into a report detailing all of the following EXCEPT: A. None sensitive data that was accessed B. Specific vulnerabilities that were exploited C. Sensitive data that was accessed D. The amount of time the pen tester was able to remain in the system undetected 3. The motivation of internal threat that involves stealing information for another organisation is referred to as? A. Fraud B. Sabotage C. Espionage D. Revenge 4. The physical control that requires employees to tap their ID pass on a reader that will unlock the gate and allow them to pass through is referred to as? A. Turnstiles B. Electronic Doors C. Mantraps D. Security Guards 5. Employees in an organisation can contribute to data breaches in the following ways EXCEPT: A. Using unauthorised devices B. Improper access control C. Using unauthorised software D. Spoofing or sniffing 6. Which of the following is NOT a penetration testing method? A. External testing B. Triple blind testing C. Internal testing D. Blind testing 7. The type of cyber security attack where attackers access someone else’s computer for mining cryptocurrency is referred to as? A. Cryptojacking B. Cryptocurrency C. Insider threat D. Man in the middle attack 8. Which of the following is NOT a precautionary measure to be undertaken to prevent cyber-attacks? A. Frequent changing of passwords B. Regularly updating operating systems and applications C. Not opening emails from unknown senders D. Using single factor authentication 9. Which of the following is a BEST practice to protect against an insider attack? A. Protect non-critical assets B. Enforce policies C. Increase volatility D. Promote non-culture changes 10. An attack on confidentiality where the attacker gains access to an asset is referred to as? A. Modification B. Interception C. Interruption D. Fabrication 11. Which of the following is a type of passive attack? A. Denial of service B. Release of message contents C. Spoofing D. Sniffing 12. A cyber security attack that involves the creation of a false stream or modification of the data stream is referred to as? A. Active attack B. Passive attack C. Cryptographic attack D. Encryption 13. The type of cryptography that involves a pair of keys known as a public key and a private key which are associated with an entity that needs to authenticate its identity electronically is referred to as? A. Private key cryptography B. Universal key cryptography C. Public key cryptography D. Decryption key cryptography 14. The DES (Data Encryption Standard) cipher follows the fiestal structure. Which of the following properties are NOT shown by the fiestal structure? A. The plain text is converted into a matrix form first B. The input text is divided into two parts: one being left half and another one being right half. C. The input text is divided into two parts: one being left half and another one being right half. D. Swapping of the left and right halves are performed after each round. 15. The kind of symmetrical encryption algorithm where a set of bits is encoded with a specific secret key in electronic data blocks is referred to as? A. Stream algorithm B. Block algorithm C. Symmetrical algorithm D. Fixed algorithm 16. All of the following should be included in a network testing plan EXCEPT? A. Definition of test objectives B. Testing approach. C. Testing tools. D. Testing personnel 17. The type of network testing that describes how you can test that every possible client platform can operate with every possible server platform is referred to as? A. Functional testing B. Configuration testing C. Concurrency testing D. Peak load testing 18. Which of the following is the fourth stage to be executed when creating a network test plan? A. Analyze the product. B. Design the Test Strategy. C. Define Test Criteria. D. Resource Planning. 19. Which of the following is NOT a cyber essential control in network security? A. Patch management B. Firewall C. Digital certificate D. Access control 20. For a password based authentication, an organisation should: A. Protect against brute force password guessing B. Set a minimum password length of at least eight characters C. Change passwords promptly when the user knows or suspects they have been compromised D. Implement digital certificates to protect passwords 21. A type of attack where a perpetrator first investigates the intended victim to gather necessary background information such as potential points of entry and weak security protocols is referred to as? A. Man in the middle attack B. Social engineering C. Spoofing D. Sniffing 22. A cyber security methodology that combines best practices and technology to prevent the exposure of sensitive information outside of an organisation is referred to as? A. Email security B. Sandboxing C. Intrusion prevention system D. Data loss prevention 23. Robust network security will protect against all of the following EXCEPT A. Worms B. Viruses C. Intrusion D. Spyware 24. A social engineering attack technique where the attacker uses a false promise to lure users into a trap that steals their personal information is referred to as? A. Baiting B. Scareware C. Pretexting D. Phishing 25. Which of the following is NOT a network security policy objective? A. To determines policy enforcement B. To lay out the architecture of the organisation’s network security environment C. To keep malicious users out D. To enable users to access data 26. The activity of verifying the identity of a user is referred to as? A. Identification B. Authentication C. Verification D. Validation 27.

TUESDAY: 6 December 2022. Morning Paper. Time Allowed: 2 hours. Answer ALL questions by indicating the letter (A, B, C or D) that represents the correct answer. This paper is made up of fifty (50) Multiple Choice Questions. Each question is allocated two (2) marks. 1. Different servers provide different services. Servers are dedicated, meaning they are created to do one thing and cannot change. Which of the following is NOT a type of a server? A. File server B. Desktop server C. Print server D. Web server (2 marks) 2. Windows Deployment Service is a server role that gives administrators the ability to deploy Windows operating systems remotely. Which one of the following is NOT an advantage of Windows Deployment Services? A. WDS-based installation is easy and efficient due to network-based installation B. WDS-based installation reduces the cost and complexity of installation C. There is no support for mixed environments deployment D. There is support for both server and client computers installation (2 marks) 3. Which of the following is the current trend for acquiring web pages’ storage space? A. Donation B. Buying disks C. Leasing D. Recycling disks (2 marks) 4. Choose the server resource that requires redundancy for better performance. A. Network interface B. Screen C. Mouse D. Keyboard (2 marks) 5. What factor is NOT considered when selecting a server class hardware for a big organisation? A. Compatibility B. Speed C. Warranty D. User friendliness (2 marks) 6. Which network transmission would be the LEAST suitable to use in a server connection? A. Fiber B. Coaxial cable C. Twisted pair cable D. Blue tooth (2 marks) 7. When SCSI disks are used in high end PCs and servers, the controller maintains a list of _________ on the disk that is initialized during ________ formatting which sets aside spare sectors not visible to the operating system. (2 marks) A. Destroyed blocks, high level B. Bad blocks, partitioning C. Bad blocks, low level D. Destroyed blocks, partitioning 8. Securing a firewall is the vital first step to ensure only authorized administrators have access to it. This can be achieved through the carrying out the following EXCEPT? A. Update with the latest firmware B. Deleting, disabling, or renaming default accounts and changing default passwords C. Enabling the Simple Network Management Protocol (SNMP), which collects and organizes information about devices on IP networks. D. Restricting outgoing and incoming network traffic for specific applications or the Transmission Control Protocol (TCP) (2 marks) 9. Which of the following is always unique to a computer regardless of time and place? A. MAC address B. IP address C. Serial number D. Computer name (2 marks) 10. Which of the following is NOT a benefit of disk defragmentation in a server? A. Improves overall server performance B. Reduces chances of losing files C. Improves disk Speed D. Makes a disk last longer (2 marks) 11. In networking, a protocol is a standardized set of rules for formatting and processing data. Protocols enable computers to communicate with one another. Choose a protocol that is used to secure servers in a network. A. TCP/IP B. SSL C. UDP D. SMB (2 marks) 12. The server protocol ports are also divided into TCP ports and UDP ports. Which one of the following is NOT a type of a TCP port? A. FTP B. TELNET C. DNS D. SMTP (2 marks) 13. Which of the following is NOT a type of a disk quota? A. Access B. Usage C. Block D. File (2 marks) 14. Which of the following statements is TRUE about user authentication? A. Ability to perform a task as a user B. Authentication is a privilege C. It deters a user from doing some actions D. Checks whether one is what he claims to be. (2 marks) 15. Which of the following action is carried out by a privileged user during printer management? A. Printing B. Installation C. Loading paper D. Repairing a printer (2 marks) 16. Which of the following actions constitutes system recovery? A. Copying files B. Restoring a system C. Copying changes not in a full backup D. Removing old unwanted files. (2 marks) 17. A quick “picture” of a server including its files, software and settings at a particular point in time that is instant, and preserve a point in time state of the server is called? A. Rollback B. Backup C. Snapshot D. Virtual machine (2 marks) 18. A virtual machine can be viewed as? A. Client computer B. The main network server C. A mirror copy of a server D. Implementation of a hardware in software (2 marks) 19. Which of the following is the use of a network tester tool? A. Check computers in a network B. Check if a cable is correctly clipped C. Check if a network card is working properly D. Test storage spaces (2 marks) 20. The following are some of the advantages of Hyper-V in Windows Server EXCEPT? A. It simplifies the procedures involved in setting up test labs. B. You can reduce the number of physical servers that must be deployed in the server room, thereby saving space and power requirements. C. Security is reduced because server virtualization increases exposure of virtual servers that contain sensitive information. D. Hyper-V leverages other server components such as failover clustering to improve server availability. (2 marks) 21. Jacob, a system admin used the command arp -a to manage a network on a server. What is the purpose of the command? A. To show computers physical address B. Renew all computer IP address C. To send a giant packet in the network D. To restart the network (2 marks) 22. Which statement below BEST describes a system virtual machine? A. A machine with only a CPU virtualized B. The main machine hosting the virtual machine C. A machine with only the memory virtualized D. A machine fully virtualized on a physical machine (2 marks) 23. You have a Server named server1. Which cmdlet should you use

MONDAY: 5 December 2022. Afternoon Paper. Time Allowed: 3 hours. Answer ALL questions. This paper has two sections. SECTION I has twenty (20) short response questions. Each question is allocated two (2) marks. SECTION II has three (3) practical questions of sixty (60) marks. Marks allocated to each question are shown at the end of the question. Required Resources: Windows Server 2016/2019/2022 image Oracle Virtual box Linux/Windows computer SECTION I (40 MARKS) 1. An institution has a policy in place to undertake a full backup every Sunday. Every other day of the week, staff members are required to back up only the changes since the last full backup. State the name of the backup type to be used for Thursday. (2 marks) 2. The installation feature in network operating system that provides a minimal environment for running specific server roles such as reduction of the maintenance and management requirements is known as: (2 marks) 3. What is name given to the network operating system tool intended to duplicate, test and deliver new installation based on an established installation? (2 marks) 4. A consortium that has been operational for a good number of years have requested you to setup 10 servers and 20 workstations. Windows deployment services are used whenever a new workstation is setup. Advise on the tool to be used to automate installation with little human interaction. (2 marks) 5. Group policy has been used to manage users and computers in Active Directory Domain Services (AD DS) running on network operating system. State what you would use to view the effect of applied group policy on individual computer. (2 marks) 6. A user account is an identity created for a person in a computer or computing system. You are required to grant a set of users permissions to a specific folder. State the group in which the user accounts should be placed. (2 marks) 7. A computer network for a Law firm contains Active Directory domain named lawfirm.com. The Active Directory Recycle bin is enabled for lawfirm.com. A support technician accidentally deletes a user account named learnedfriend1. You need to restore the learnedfriend1 account. Write down the appropriate tool that should be used. (2 marks) 8. State the command utility that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). (2 marks) 9. State the name given to a security feature in Network operating system to prevent unauthorised changes to the operating system. (2 marks) 10. Write down the protocol that uses an arbitrary authentication method, such as certificates, smart cards, or credentials on network operating system. (2 marks) 11. Which settings of a Network operating system (NOS) can be configured on a log file server for data collected to ensure the contents are automatically deleted when the file reaches 100MB in size? (2 marks) 12. An in-depth analysis on a network showed it contained a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently. Which tool can be used on the server to view the amount of memory and processor resources used by each of the virtual machine? (2 marks) 13. Which feature that is used to control the types of files users can save and generate notifications when users attempt to save unauthorised files in a network operating system? (2 marks) 14. State the tool that could be used to track all connections to shared resources on a Network operating system? (2 marks) 15. The policy setting which when enabled ensures file access, modification and deletion can be tracked in the event log is referred to as? (2 marks) 16. Indicate the tool in network operating system that can be used by administrators to examine the way system programs are running and their effect on performance. (2 marks) 17. The administrative tool which provides a view of all organisational units, domains and sites across an enterprise is called____________________. (2 marks) 18. Which command utility can be used to create Network Access Protection event to trace log files in client computer? (2 marks) 19. What is the name given to the tool used to mount a Network operating system image from Virtual Hard Disk (VHD) file? (2 marks) 20. State the name of the graphical user interface (GUI) tool with scope pane on left used to navigate Active Directory namespace. (2 marks) SECTION II (60 MARKS) INSTRUCTIONS Install Oracle virtual box and Window server image to your computer and answer the following questions: Required Resources: Windows server 2016/2019/2022 Image Oracle Virtual box Linux/Windows computer Create a word processing document named “Task Manager” and use it to save your answers to questions 1 to 5. 21. Task manager, which is regarded as a system monitor is very common with the Network operating system. It assists in giving information about computer performance and running software. Required: Using task manager of your Network operating system: 1. Capture a screenshot of statuses that are running and stopped. (4 marks) 2. Display the current CPU utilisation. (3 marks) 3. Display the streams of instructions currently running. (3 marks) 4. Click on the memory chart and display the following: Total physical memory (MB). (2 marks) Total available memory. (2 marks) 5. Click on the Ethernet chart and display the following: Link speed. (2 marks) Network Connection. (2 marks) IPv4 address in use. (2 marks) Capture and save screenshots to show how you have performed the above task. Upload “Task Manager” document. (Total: 20 marks) 22. Create a word processing document named “Memory Usage” and use it to save your answers to questions 1 to 5 below: With the help of task manager, perform the following: 1.  Click on Memory heading and state the effect exhibited on the columns. (4 marks) 2. Display the memory usage to be in percentage values. (4 marks) 3. State the way memory usage in Percent values could be useful to a system

MONDAY: 5 December 2022. Morning Paper. Time Allowed: 3 hours. Answer ALL questions. This paper has two sections. SECTION I has twenty (20) short response questions of two (2) marks each. SECTION II has three (3) practical questions of sixty (60) marks. Marks allocated to each question are shown at the end of the question. Required Resources: A computer Internet connection Simulator such as Wireshark Packet tracer/GNS3 SECTION I (40 MARKS) 1. What is the name given to a circuit board, installed in a computer that provides a dedicated network connection to a computer? (2 marks) 2. The arrangement of network devices and nodes to form a physical structure is known to as? (2 marks) 3. Miss Kerrow, an intern has been instructed to setup a network for newly formed Procurement department. What will be the name given for all computers connected to the network that participate directly in network communication? (2 marks) 4. The network media that is used to transmit data when encoded as pulses of light is referred to as? (2 marks) 5. What is the name of the network utility used by Internet Control Message Protocol (ICMP) to report back information on network connectivity and the speed of data relay between a host and a destination computer? (2 marks) 6. A type of communication that sends a message to a group of host destination simultaneously is known as? (2 marks) 7. Which type of a network has dedicated high-speed network that makes storage devices accessible to servers by attaching storage directly to an operating system? (2 marks) 8. The process that is used to place one message inside another message from Host A to Host B is known as? (2 marks) 9. Mr. Lido a newly hired network administrator was troubleshooting connectivity issues on a workstation. With the use of a tester, the administrator was able to notice the signals generated by the server Network Interface Card (NIC) are distorted. Which layer of the OSI Model would this error be categorised? (2 marks) 10. What is the name given to a cable that is used to connect a Host serial port to a Router console port? (2 marks) 11. The measure of capacity of a network medium to carry and move data between two points on the network over a specific period of time is known as? (2 marks) 12. The deterioration of the network signals as it travels along copper cabling is referred to as? (2 marks) 13. Mrs. Lehma a network administrator for a corporation decided to create subnets out of 192.168.10.0/24 using /27 mask. What would be the equal-sized subnet created? (2 marks) 14. ___________lists the destination physical address, VLAN ID and port number associated with a given address. (2 marks) 15. The prefix length is the number of consecutive 1s in the subnet mask. What is the prefix length notation for the subnet mask 255.255.255.252? (2 marks) 16. The process that allows a network technician identify the network address from the IP address and the network mask is referred to as? (2 marks) 17. The method used in a TCP/IP network to create a connection between a local host/client and server is called? (2 marks) 18. Which port number in a segment header is used to keep track of multiple conversations between devices? (2 marks) 19. What is the standard communication protocol used for the transfer of computer files from a server to a client on a computer network? (2 marks) 20. The following are advantages of a certain type of network: Reduces amount physical wires required. Reduces the value of ownership. Easier to add or remove workstation Provides high rate thanks to small area coverage Identify this type of network as used in computer networks. (2 marks) SECTION II (60 MARKS) Required Resources Internet Connection Computer (PC/laptop) Simulator such as Wireshark 21. Use the diagram shown below to correctly order the wire colors to a TIA/EIA cable pinout of T568A and T568B standard where appropriate. Required: List the cable pinout for Ethernet Straight-through. (8 marks) List the cable pinout for Ethernet Crossover (8 marks) State application usage using appropriate examples for Ethernet straight-through and Crossover cables. (4 marks) (Total: 20 Marks) 22. Create a word document named “Topology” and use it to save answers to questions (i) to (vi) below: Using appropriate simulator, configure the topology as shown below: Console into the switch and perform the following: Capture a screenshot showing appropriate name for the switch. (2 marks) Set a warning banner shown below: (4 marks) Capture a screenshot to demonstrate how you have performed the above task. Capture a screenshot displaying unicast IPv4 addresses as shown in the table. (4 marks) Capture a screenshot showing the way to disable DNS lookup. (4 marks) Capture a screenshot displaying Configuration of encrypted privileged execution password. (4 marks) Capture a screenshot showing connectivity between PC-A and SW-A. (2 marks) Upload Topology document. (Total: 20 Marks) 23. Write a word document named “Connectivity” and use it to save answers to Questions 1 to 3 below: Using appropriate simulator, set up a topology as shown below: Required: 1. Capture a screenshot showing connectivity to the following websites using command prompt/terminal of the PC: www.google.com (3 marks) www.gmail.com (3 marks) www.facebook.com (3 marks) Device Interface IP Address Subnet Mask SW-A VLAN 192.168.10.1 255.255.255.0 PC-A NIC 192.168.10.2 255.255.255.0 2. Using a simulator such as Wireshark, list the source mac address of the following sites: www.google.com (3 marks) www.gmail.com (3 marks) www.facebook.com (3 marks)   3. Highlight the two command utilities used to provide the network latency information. (2 marks) Upload connectivity document. (Total: 20 Marks)

COMPUTER NETWORKING DECEMBER 2022 PAST PAPER – Click to view NETWORK OPERATING SYSTEMS DECEMBER 2022 PAST PAPER – Click to view WINDOWS SERVER ROLES AND FEATURES DECEMBER 2022 PAST PAPER – Click to view NETWORK SECURITY DECEMBER 2022 PAST PAPER – Click to view NETWORK TROUBLESHOOTING DECEMBER 2022 PAST PAPER – Click to view NETWORK SETUP DECEMBER 2022 PAST PAPER – Click to view SERVER MAINTENANCE DECEMBER 2022 PAST PAPER – Click to view

TUESDAY: 6 December 2022. Afternoon Paper. Time Allowed: 3 hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Do NOT write anything on this paper. QUESTION ONE MINESWIPE CORPORATIONS LIMITED (MSL) Mineswipe Corporation Limited (MSL) is a software programming company that was incorporated in Kenya in the year 2005. The company has 10 branches across the country with its headquarter based in Nairobi. The board of directors meet quarterly unless there is an urgent matter to be deliberated on hence calling of a special board meeting. Until the year 2015, the company had been profitable and commanded over 40% of the software programming market share in the country. For a long period of time, the company was an original equipment manufacturer (OEM) for ten leading IT companies. However, the situation has since changed, the company’s revenues have been dwindling and premium customers have been shifting to other programming companies. The market share has since hit an all-time low of 10% and the best talent has been leaving in droves. During a recent board of directors meeting, the chairman, who was recently elected to the position and who is a computer programming expert was concerned about the affairs of the company. He was worried that if the situation was not tamed with the urgency it deserved, the company would collapse. He convinced his colleagues to hire a consultant to assess the company’s position and recommend a turnaround strategy. The board hired Moshiat Kush, a renowned corporate governance auditor and provided him with the terms of reference for his task. While the management knew the challenges facing the company, the board of directors did not involve them in their revival plans. The management was not involved in the recruitment of the consultant although they were expected to assist and work with him. After a few weeks, Moshiat Kush delivered his findings to the Chair of the board as per the terms of reference (TORs). A couple of issues highlighted by the consultant included: • The size of the board was small, there were only three directors including the chairman. • The board committees were not properly structured and were constituted on an ad hoc basis. • The board lacked diversity. • Poor product costing. • There was no clarity between the roles of the board and those of the management. • The company did not have a corporate secretary. • The company had been regularly cited for non-compliance with statutory obligations. The Chair of the board was alarmed by the findings. He engaged the company’s Chief Executive Officer (CEO) to discuss the report. The CEO however was in agreement of the content of Moshiat Kush report including the findings. He told the Chair of the board that the company failed to take care of the group dynamics and division of roles which resulted to overlaps and roles confusion. These overlaps affected delivery of service and performance of the employees. New employees and directors were also not effectively recruited and on boarded. He also added that the management and employees felt left out from decision making hence did not feel like they had any stake in the company. This largely contributed to talent flight. After the discussion with the CEO, the Chair promised to table the matters raised during the subsequent board meeting so that a resolution could be passed to help turn around the company. Required: 1. The size of MSL board was small, there were only three directors including the chairman. Assess FIVE challenges that the organisation may have encountered due to a small board size. (10 marks) 2. Evaluate FIVE different types of diversity that MSL board could have sought while recruiting its directors. (10 marks) 3. In the preliminary recommendations, a corporate secretary was to be hired immediately by MSL. Summarise FIVE roles that the corporate secretary would be performing. (10 marks) 4. According to the CEO of MSL, group dynamics affected the company’s performance. Evaluate FIVE stages that are involved in development of teams. (10 marks) (Total: 40 marks) QUESTION TWO 1. Maisha Limited adopts a unitary board structure. Identify FIVE features of a unitary board structure. (5 marks) 2. A newly formed company is looking to fill up director positions on its board. Assess FIVE necessary components in determining the structure of a board. (5 marks) 3. Organisational politics are self-serving behaviors that employees use to increase the probability of obtaining positive outcomes in organisations. With regard to the above statement, outline FIVE elements of organisational politics. (5 marks) (Total: 15 marks) QUESTION THREE 1. Conducting regular board meetings is a good practice in good corporate governance. Based on the above statement, analyse FIVE characteristics of effective board meetings. (5 marks) 2. Cognitive biases result from the brain’s efforts to simplify the incredibly complex world in which people live. With reference to the above statement, appraise FIVE common cognitive biases. (5 marks) 3. Explain FIVE ways through which stakeholders could build trust through conversations. (5 marks) (Total: 15 marks) QUESTION FOUR 1. Self-regulation is an important component in corporate governance. Assess FIVE components of self-regulation. (5 marks) 2. Explain FIVE benefits of low power distance cultural dimension to an organisation’s board. (5 marks) 3. Evaluate FIVE flaws that hinder effectiveness of decision making at board meetings. (5 marks) (Total: 15 marks) QUESTION FIVE 1. Ethical dilemmas are commonplace in society but can negatively impact the business of a company. In view of the above statement, explain FIVE ethical dilemmas that company directors may face. (5 marks) 2.Outline FIVE types of information that should be provided to newly recruited board members. (5 marks) 3. Board evaluations are used to assess and report on individual directors and the whole board. Evaluate FIVE areas of focus in board evaluation. (5 marks) (Total: 15 marks)

TUESDAY: 6 December 2022. Morning Paper. Time Allowed: 3 hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Do NOT write anything on this paper. QUESTION ONE GARI ENGINEERING SYSTEMS LIMITED (GSML) Gari Engineering Systems Limited (GSML) is a water drilling, installation and purification company providing comprehensive water solutions. The company was incorporated in Kenya in year 2010 and has operations in various countries in East Africa. The initial founders of the company were all former employees of Katsmil Limited. The tenure of the directors of GSML Board varies from two years to five years with an option of one term renewal. Since 2018, the company has been diversifying its service-offering to non-water related operations including real estate, transport services and sewerage treatment. This has necessitated mergers, acquisitions and takeovers in order to provide the GSML with latest technology, capital and expertise for it to excel in new operations. The company has been of late undertaking high value capital and labour intensive projects which regularly overrun their completion dates. Despite the various mergers, acquisitions and takeovers, the company still has capital challenges and seven years ago, it was forced to raise funds through a corporate bond. The bond issue was undersubscribed and realised Sh.2 billion, Sh.1 billion less than the expected amount. Owing to the huge projects, many of which were being done simultaneously, the funds were not adequate and many projects were not completed satisfactorily. In early 2019, GSML entered into a strategic partnership with BbaHt Finance Pvty (BFP), an equity firm from South Africa that injected a huge chunk of funds into GSML. The board of directors of GSML was confident that the injected funds would help in completing all the ongoing projects and still have a surplus that could enable the company embark on new projects. According to GSML Finance Director, Sh.5 billion was provided by BFP to GSML in exchange for equity. It was agreed that BFP have a 30% of stake of GSML. According to valuation done during the bond issue, the market value of the 30% stake was Sh.7 billion and not Sh.5 billion. Despite the injection of fresh capital into the company, the overall performance of the company did not improve as expected. This was largely attributed to poor performance of some branches. The poor performance of these branches was caused by various factors among them an unstable political situation, erratic weather and other environmental factors, economic factors as well as mismanagement. Before GSML entered into the strategic alliance with BFP, its finance cost was very high. The company was highly geared and depleted most of the money intended for the projects. It utilised most of the inflows to repay debts. The strategic alliance, though attractive to the eye, was a poisoned chalice. Shareholders felt short-changed since they lost value in the transaction. The directors also did not consult shareholders before the alliance was arranged. A forensic investigation later revealed that BFP was owned by the directors of GSML and yet a conflict of interest was not declared by the directors in the conflict of interest register. In view of the foregoing, shareholders demanded for an extraordinary meeting with the sole aim of dismissing the directors. It was argued that the directors should be personally held to account for issuing shares at a highly discounted rate. Shareholders were also of the general view that there was poor leadership, selfishness and poor corporate governance which had resulted to the deterioration of financial position and performance of the company. There was consensus that a consultant who had expertise in corporate secretarial practice be hired to undertake a governance and compliance audit of GSML. All shareholders were eager to get the audit report within a short time and hoped their assertions would be supported. The engagement letter was expected to be issued as soon as possible to facilitate commencement of the exercise. The task was enormous given the operations of the company. However, as a good audit practice; audit sampling was expected to be undertaken. Required: 1. You have been engaged as the Corporate Secretary to carry out the governance and compliance audit for GSML. Describe FIVE provisions you would recommended in the constitutive documents of GSML to ensure that the shareholders are protected from the arbitrary powers of the board of directors. (10 marks) 2. The consultant was expected to undertake governance audit sampling. Explain FIVE benefits the consultant would gain by performing governance audit sampling. (10 marks) 3. Examine FIVE methods that the consultant might follow to gather governance audit evidence for GSML. (10 marks) 4. Shareholders were eager to get the governance audit report. Describe FIVE disclosures in the GSML governance audit report that are of interest to shareholders. (10 marks) (Total: 40 marks) QUESTION TWO 1. List THREE sources of audit criteria that are used in governance auditing. (3 marks) 2. Highlight FOUR professional responsibilities of a peer reviewer in governance audit process. (4 marks) 3. Discuss FOUR parameters that are evaluated in a governance audit. (8 marks) (Total: 15 marks) QUESTION THREE 1. Highlight THREE ways a governance auditor could reduce exposure to liability under an audit. (3 marks) 2. State FOUR roles of a compliance officer in relation to governance and compliance audit. (4 marks) 3. Discuss FOUR issues that should be addressed in the audit engagement letter. (8 marks) (Total: 15 marks) QUESTION FOUR 1. Identify TWO types of governance and compliance audits. (2 marks) 2.  Summarise FIVE uses of governance audit working papers. (5 marks) 3. Evaluate FOUR techniques a governance auditor might use to ensure the effectiveness of a governance audit. (8 marks) (Total: 15 marks) QUESTION FIVE 1.  Highlight THREE ways in which governance awards promote good corporate governance. (3 marks) 2. Illustrate FOUR post governance audit review procedures. (4 marks) 3. Describe FOUR roles of Information and Communication Technology (ICT) in the conduct of a governance and compliance audit. (8 marks) (Total: 15 marks)

MONDAY: 5 December 2022. Afternoon Paper. Time Allowed: 3 hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Show ALL your workings. Do NOT write anything on this paper. QUESTION ONE 1. Highlight THREE advantages of issuing shares through private placement. (3 marks) 2. Describe THREE circumstances under which a firm might find it appropriate to use retained earnings as a source of finance. (6 marks) 3. Magharibi limited is evaluating a change in its credit policy. Presently, 70% of sales are on credit. The gross profit margin is 20%. The following information relates to the company: Required: Change in gross profit. (3 marks) Change in collection expenses. (3 marks) Change in average accounts receivable. (3 marks) Using the results in 3 above, advise the management whether or not to change the current credit policy if the borrowing rate is 16% per annum. (2 marks) (Total: 20 marks) QUESTION TWO 1.  Examine THREE ethical issues facing financial managers. (6 marks) 2. Highlight FOUR arguments in favour of wealth maximisation objective. (4 marks) 3. The following information relates to Upendo Technologies Ltd: Required: Determine the following: Earnings per share (EPS). (2 marks) Dividend per share (DPS). (2 marks) The intrinsic value of a share using Walter’s model. (3 marks) Whether the company’s dividend pay-out ratio is optimal using Walter’s model. (3 marks) (Total: 20 marks) QUESTION THREE 1. Outline FOUR reasons for time preference for money. (4 marks) 2. Explain THREE characteristics of capital investment decisions. (6 marks) 3. Arthur Kiplangat holds a 5-year, 12%, Sh.1,000 debenture par value. Determine the value of the above debenture. (4 marks) 4. The following details relate to a capital project in Furaha Ltd: Initial cash outlay Sh.104,000,000 Annual net operating cash flow (after tax) Sh.33,600,000 Useful life of project 6 years Minimum required rate of return 16% Required: Assess the suitability of the capital project using the following methods: Net present value (NPV). (2 marks) Internal rate of return (IRR). (4 marks) (Total: 20 marks) QUESTION FOUR 1. Describe FOUR benefits that might accrue to a company by having its shares quoted in the securities exchange. (4 marks) 2. Explain TWO ways in which a company could issue new shares to its existing shareholders. (4 marks) 3. Describe TWO costs associated with disclosure of financial statements information. (4 marks) 4. The management of Makadilio Ltd. has decided to prepare a cash budget. The following projections and other information are drawn from their balances: 1. The opening cash balance on 1 February 2023 is expected to be Sh.30,000,000. 2. The projected sales are as follows: Sh. “000” December 2022                     80,000 January 2023                        90,000 February 2023                      75,000 March 2023                           75,000 April 2023                              80,000 3. Analysis of books shows that accounts receivables are settled as follows: 60% within the month of sale 25% the month following 15% the month following (second month after the month of sale) 4. Projected purchases were as follows: Sh. “000” January 2023                     60,000 February 2023                   55,000 March 2023                        45,000 April 2023                           55,000 5. All purchases are on credit and past experience shows that 90% are settled on the month of purchase and the balance settled the month after. 6. Wages are Sh.15 million per month and overhead of Sh.20 million per month (including Sh.5 million depreciation) are settled monthly. 7. Taxation of Sh.8 million has to be settled in March 2023 and the company will receive settlement of an assurance claim of Sh.25 million in April 2023. Required Prepare a cash budget for the month of February, March and April 2023. (8 marks) (Total: 20 marks) QUESTION FIVE 1. Examine TWO reasons why a company may prefer debt capital to equity capital. (4 marks) 2. Discuss THREE importance of capital budgeting to a company. (6 marks) 3. Simon Nyaga intends to save a certain amount of money every year for five years in a bank paying 10% interest annually in order to raise college fee of Sh.5,000,000 for his daughter. Required: Determine the annual deposit that Simon Nyaga makes. (3 marks) Janet Pendo has acquired a 20-month auto loan of Sh.6,000,000 at an annual interest rate of 12%. Required: Determine the amount of monthly loan repayments that Janet Pendo makes. (3 marks) 4. The following information relates to product K produced and sold by Poka Limited. Sh. Selling price                             12,000 Variable cost per unit             8,000 Fixed costs per annum         20,000,000 Required: Determine the following: Break-even point in shillings. (2 marks) Number of units to be produced and sold in order to achieve a profit of Sh.30,000,000. (2 marks) (Total: 20 marks)

MONDAY: 5 December 2022. Morning Paper. Time Allowed: 3 hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Do NOT write anything on this paper. QUESTION ONE MICHEZO ACCESSORIES LIMITED (MAL) Michezo Accessories Limited (MAL) was incorporated in the year 2008 as a sports equipment business in Nairobi, Kenya. It is the largest retail and wholesale dealer in East Africa specialising in sports, promotional items and camping equipment. MAL deals in goods, equipment and apparels of reputable international brands in almost all sporting activities. It was started by Bruce Okello with a lean staff establishment and a skeleton organisation structure. Bruce’s vision was to create high-quality and stylishly designed clothing and equipment for sporting activities. He built up a design team, but outsourced manufacturing to low-cost producers, primarily in China. Rather than selling through existing retailers, Bruce opted to open his own stores all over the East African region. The idea was to staff the stores with employees who were themselves passionate about body fitness and could act as ambassadors for healthy living through sports. The first retail store quickly became a runaway success and other stores soon followed suit. In the year 2008 the company went public using the capital raised to accelerate its expansion plans. By the year 2013, MAL had over 210 stores in the East African region, sales in excess of Sh.1 billion, and a market capitalisation of over Sh.4 billion. In the year 2018, Zuena Aero was hired as the CEO of MAL after the lapse of the term of the immediate former CEO. She had spent 20 years at Maisha Limited, a fast-moving consumer goods company, overseeing retail operations. She had a wealth of experience in strategic planning and she had a reputation for turning around companies. She immediately introduced differentiation as a business-level strategy at MAL. She was fully aware that the strategy would always give a company a competitive advantage. Getting the product right was undoubtedly a central part of her strategy. Zuena ensured uniqueness in the company`s products. The fitness-inspired athletic wear was well designed, stylish, comfortable, and used the best technical fabrics. An equally important part of the strategy was to only stock a limited supply of an item. New colours and seasonal items kept the product offerings feeling fresh and outstanding. The goal was to sell sporting gear at a premium price, and to condition customers to buy when they saw it, rather than wait, because if they do, it would soon be “out of stock.” Over the years, the strategy has worked; MAL never holds sales, and its items sell for a premium price. MAL continues to hire employees who are passionate about fitness. Part of the induction process involves taking new hires to fitness lessons. Seventy per cent of store managers are internal hires who started on the sales floor and grew up the ranks. Store managers are given an imprest of Sh.300,000 to repaint their stores twice a year. The look and interior design of each store is completely up to its manager’s discretion. Each store is also allocated Sh.2 million annually to spend on corporate social responsibility activities. Employees are trained to eavesdrop on customers` complaints and compliments. Clothes folding tables are placed near the fitting rooms rather than in a back room so that employees can overhear conversations about their products. In every store there is a suggestion box for customers to drop their complaints or compliments. These are sent back to headquarters for analysis and action planning. This feedback is then incorporated into the product design process. The CEO is hands on and she physically visits stores randomly to confirm the authenticity of the daily reports that she gets from the enterprise resource planning system. She believes that software-generated data can give a company a false sense of security about the customers. She personally spends hours each week in stores observing how customers shop, listening to their complaints, and then using their feedback to tweak product development efforts Despite the company’s focus on providing quality, it has not all been plain sailing for MAL. In the year 2020, Covid-19 pandemic hit businesses hard and MAL was heavily affected. Sales plummeted and revenues dwindled. Zuena Aero convinced the management to act fast and take their business online. The results were evident in a span of six months. A balanced score card was used to measure performance and establish whether taking the business online had paid dividends. The balanced score card was the choice tool since it would reveal measures in most aspects of the business. Compared to the same time in the year 2019, all the four measures showed a growth rate of 25% and above. Most observers in the media and financial community believe that with Zuena Aero as the CEO, the company will continue its growth trajectory for many years to come. Required: 1.  Discuss FIVE corporate social responsibility activities that MAL stores could spend the Sh.2 million awarded. (10 marks) 2. Balanced Score Card tool was used to measure performance at MAL. Define this tool. (2 marks) Examine the FOUR metrics of Balanced Score Card tool identified in (b) (i) above. (8 marks) 3. Analyse FIVE external factors that might affect business at MAL. (10 marks) 4. Evaluate FIVE benefits that could accrue to MAL from the business level strategy that was introduced by Zuena Aero. (10 marks) (Total: 40 marks) QUESTION TWO 1. Describe FIVE advantages of using gap analysis in organisational performance measurement. (5 marks) 2. Evaluate FIVE steps involved in strategic management process. (5 marks) 3. A mission statement influences corporate performance since it incorporates the basic business purpose and the reason for its existence. In view of the above statement, explain the influence of mission statement on performance. (5 marks) (Total: 15 marks) QUESTION THREE 1. Examine FIVE limitations of Michael Porter’s five forces of competitive advantage. (5 marks) 2. Controlling is one of the critical functions of

TUESDAY: 6 December 2022. Afternoon Paper. Time Allowed: 3 hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Do NOT write anything on this paper. QUESTION ONE 1. Outline TWO factors to consider while pricing a consulting assignment. (2 marks) 2. Examine FOUR elements of the micro level analysis in social networking theory. (8 marks) 3. Enumerate FIVE distinctions between advisory and consultancy. (10 marks) (Total: 20 marks) QUESTION TWO 1. Highlight FOUR benefits of monitoring and evaluating a consultancy assignment. (4 marks) 2.“The criteria normally used to define whether management consulting is a profession covers a range of aspects”. In the context of the above statement, assess any FOUR of these aspects. (8 marks) 3. Identify EIGHT constructive criticism guidelines followed by a consultant during a coaching engagement. (8 marks) (Total: 20 marks) QUESTION THREE 1. Highlight FOUR elements of a popular report in research. (4 marks) 2. Consensus building is built on the idea of local engagement and is useful in settling complicated multiparty disputes. With reference to the above statement, examine FOUR forms of consensus building. (8 marks) 3. Citing FOUR reasons, explain why in a consultancy engagement, the client’s involvement in action planning should be more active than in the diagnostic phase. (8 marks) (Total: 20 marks) QUESTION FOUR 1. In hypothesis testing the main question is whether to accept the null hypothesis or not to accept the null hypothesis. Examine FIVE steps involved in the exercise. (5 marks) 2. Analyse FIVE benefits that could accrue to a client in a typical management consulting assignment. (5 marks) 3. Evaluate FIVE assumptions of the Medical (Doctor–Patient) Approach in consulting. (10 marks) (Total: 20 marks) QUESTION FIVE 1. Explain FOUR classifications of research. (8 marks) 2. During client discovery, the consultant dives below the client organisation’s surface to gather details on the facts that the client has provided, test hypotheses and probe deep into whatever problems the organisation is facing. Appraise FIVE goals that cold be achieved during this phase. (5 marks) 3. Assess SEVEN external factors that could affect a consulting firm strategy. (7 marks) (Total: 20 marks)

TUESDAY: 6 December 2022. Morning Paper. Time Allowed: 3 hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Do NOT write anything on this paper. QUESTION ONE LONG PIPELINE LTD (LPL) The lucrative nature of oil business and a thriving siphoning syndicate could be at the centre of many job losses at management level at Long Pipeline Ltd (LPL) in the recent past. The struggle to control the multi-million-dollar State agency which handles the core energy stocks for the country has made LPL to have a record four Managing Directors in three years. Festo Kinde, the Managing Director (MD) of LPL, has had a tough time defending tender awards and dealing with controversies involving business rivalries and political power plays since the company does not have key policies to guide it. The company has failed to develop a risk policy despite being involved in a volatile business. The latest case of mysterious fuel losses at LPL systems disguised as “pipeline losses” has pitted him against oil marketers displeased with the volumes being lost, which they believe is stolen and sold in the same market they intend to sell their products. Insiders say his action to suspend one stock analyst caused a stir in the inner circle of the staff at the core of the siphoning syndicate. This circle is willing to go to any length to protect its interests. Those familiar with the affairs point to political intrigues involving push-and-pull between two factions of the ruling party, each keen on controlling the giant organisation. None of the Managing Directors at the firm has had a smooth exit. Festo Kinde’s predecessor, Janet Moguina, held the position for less than one year before she was sent on compulsory leave and her position advertised under unclear circumstances. Before then, LPL had suspended another MD, Peter Salas, who was later charged with abuse of office including irregularly awarding a Sh.29 million contract for the installation of auto-transformers. Preceding Peter Salas was Charles Mwadime who was fired by the board in the year 2018 on grounds of nepotism and abuse of office. To calm the latest jitters, Festo Kinde released a memo last Wednesday assuring the staff that all was well save for the investigations on the suspended staff. The memo was worded as follows: “Management’s attention has been drawn to reports appearing in sections of the print media to the effect that there is panic amongst staff owing to the investigations following theft of fuel in the organisation. In this regard, management wishes to inform staff that so far, only one member of staff (name withheld), a Stock Control Analyst, was suspended from duty for in-depth investigations to be carried out.” The suspended member of staff is suspected to have accessed the advances table in the system and advanced Kam Ochiel 300,000 litres of petroleum without authorisation. A number of job losses at LPL have left the organisation with many bitter ex-workers who hold sensitive information on illegal deals, further deepening woes within the company. Required: 1. Managing Directors were not lasting long at LPL. With reference to stewardship theory, explain FIVE fundamental values the previous MDs may have lacked. (10 marks) 2.To minimise controversies involving business rivalries, power plays and fuel losses, LPL should develop a risk appetite framework. Explain FIVE considerations to make the framework effective. (10 marks) 3. Analyse FIVE ethical issues that might have affected LPL staff and board of directors. (10 marks) 4. Suggest FIVE possible reasons why good corporate governance practices are necessary for companies like LPL. (10 marks) (Total 40 marks) QUESTION TWO 1. Examine FOUR roles of the nomination committee in Board appointments. (4 marks) 2. Policy Governance is a comprehensive set of integrated principles that, when consistently applied, allows governing boards to realise owner-accountable organisations. Analyse FIVE of these principles. (5 marks) 3. Summarise SIX recommendations of the Cadbury Report on good corporate governance. (6 marks) (Total: 15 marks) QUESTION THREE 1. According to the Code of Corporate Governance Practices for Issuers of Securities to the public, 2015, the Board of a listed company is expected to establish clear roles and responsibilities in discharging its fiduciary duties. Evaluate SEVEN of these duties. (7 marks) 2. Assess FOUR causes of principal-agent problems in organisations. (8 marks) (Total: 15 marks) QUESTION FOUR 1. Highlight FIVE roles of the board of directors. (5 marks) 2. The interests of current shareholders should be protected from cases of abuse by future management. Such protection can be achieved through shareholder agreement. Describe FIVE elements of such an agreement. (5 marks) 3.In the course of executing its mandate, the Board of Directors is expected to undertake risk management. Explain FIVE benefits of regular risk reporting. (5 marks) (Total: 15 marks) QUESTION FIVE 1. Evaluate FIVE drawbacks of undertaking Corporate Social Responsibility. (5 marks) 2. Illustrate FIVE criticisms of Carver’s governance board model. (5 marks) 3. Explain FIVE benefits of developing a compliance programme. (5 marks) (Total: 15 marks)

WEDNESDAY: 7 December 2022. Afternoon Paper. Time Allowed: 3 hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Do NOT write anything on this paper. QUESTION ONE 1. Explain FIVE roles of financial markets in a developing country. (5 marks) 2. Highlight FIVE distinctions between money markets and capital markets. (5 marks) 3. Assess the roles of FIVE financial regulators in the financial eco-system of your country. (10 marks) (Total: 20 marks) QUESTION TWO The securities market provides a platform to link lenders, borrowers and productive sectors of the economy. In the context of financial markets: 1. Highlight FIVE characteristics of a securities market. (5 marks) 2. Explain FIVE instruments for raising capital in the securities market. (5 marks) 3. Examine FIVE functions of a securities market. (10 marks) (Total: 20 marks) QUESTION THREE 1. Outline FIVE strategies of minimising insider trading. (5 marks) 2. Describe FIVE advantages of automated trading systems (ATS) in financial markets. (5 marks) 3. Assess FIVE players that drive the development of the capital markets in your country. (10 marks) (Total: 20 marks) QUESTION FOUR 1. Financial markets and other specialised institutions play a prominent role in many economies. Governments around the globe have therefore deemed it necessary to regulate certain aspects of these markets and institutions. With reference to the above statement, explain FIVE forms of government regulations on financial markets and specialised institutions in your country. (5 marks) 2. Explain FIVE functions undertaken by investment banks which are distinct from those of securities brokerage firms in the securities market. (5 marks) 3.  Describe FIVE duties imposed by law on the trustees of a pension scheme. (10 marks) (Total: 20 marks) QUESTION FIVE 1.  Identify FIVE methods that could be adopted by a country to deal with money laundering. (5 marks) 2. Explain FIVE arguments in support of offshore banking. (5 marks) 3. Examine FIVE functions of the Central Depository and Settlement Corporation (CDSC) or a similar institution in your country. (10 marks) (Total: 20 marks)