You are on page 1of 4

Information and network Security

10CS835

QUESTION BANK
UNIT1: Introduction to Information Security
1. What is security and explain multiple layers of security in an organization with diagram. ?(10
Marks) (Dec 2012) (June 2013)(Dec 2013)(June 2014)
2. List critical characteristics of information and explain in brief any five of them. (10 marks)
(Dec 2012) (June 2013) (8 marks) (Dec 2013) (Dec 2014)
3. What are the policies present in NSTISSC security model. (8 marks) (Dec 2012) (June 2013)
(10 marks ) (Dec 2014)
4. What are approaches to information security implementation? Explain. (top down and bottom
up approaches) (10 marks) (June 2013) (Dec 2013) ( 5 marks) (Dec 2014)
5. Explain the Security System Development Life Cycle. (8 marks) (June 2014)
6. List and briefly explain Information Security Terminologies.(8 marks)( June 2013)(Dec 2013)
(5 marks) (Dec 2014)
7. Explain security system development life cycle. (7 marks)(Dec 2014)
8. Enlist the salient features drawbacks of ISO17799/BS 7799 security model. (6 marks)(June
2013)(Dec 2013)(Dec 2014)

UNIT2: Planning for Security


1. Why shaping an information security policy is difficult?(3 marks)(Dec 2014)
2. What is policy? How it can and should be used? Explain. (5 marks) (Dec 2012) (June 2013)
(10 marks ) (June 2014)
3. With a block diagram, explain how policies, standards, practices, procedures and guidelines
are related.(7 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)
4. Define security policy. Briefly discuss
2013)(Dec 2013) (5 marks) (Dec 2014)

three types of security policies.(8 marks)( June

5. Explain information security blueprint and its major components. (7 marks)(Dec 2014)
6. Briefly describe management, operational and technical controls and explain when each
would be applied as part of a security framework? (10 marks) (June 2013) (Dec 2013) ( 5
marks) (Dec 2014)
7. Explain information security architecture. (7 marks)(Dec 2014)(10 marks) (June 2014)(Dec
2013)
8. Describe the major steps in Plan_do_check_act method of information security management
system.(10 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)
9. Illustrate with diagram how information is under attack from variety of sources with reference
to the spheres of security. (10 marks) (Dec 2012) (June 2013) (8 marks) (Dec 2013) (Dec
2014)

Dept. of CSE, SJBIT

Page 1

Information and network Security

10CS835

UNIT 3: Security Technology


1.

Define and identify the various types of firewalls. (10 marks) (Dec 2012) (June 2013) (8
marks) (Dec 2013) (Dec 2014)

2.

Describe how the various types of firewalls interact with the network traffic at various levels
of the OSI model. (7 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)

3.

Identify and describe the two categories of intrusion detection systems. (10 marks) (June
2013) (Dec 2013) ( 5 marks) (Dec 2014)

4.

According to the NISTs documentation on industry best practices, what are the six reasons to
acquire and use IDS? Explain(7 marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)

5.

Explain the features of NIDS. List merits and demerits of the same. (3 marks)(Dec 2014) .(7
marks) (Dec 2012) (June 2013)

6.

Explain the features of HIDS. List merits and demerits of the same. (3 marks)(Dec 2014) .(7
marks) (Dec 2012) (June 2013)

7.

Discuss scanning, analysis tools, and content filters. (10 marks) (Dec 2012) (June2013) (8
marks) (Dec 2013) (Dec 2014)

8.

Discuss the process of encryption and define key terms. (10 marks) (Dec 2014)

UNIT 4:

Cryptography

1. What are the fundamental differences between symmetric and asymmetric encryption. (6
marks) (June 2013)(Dec 2013)
2. Explain the different categories of attackers on the cryptosystem.(8 marks)( June 2013)(Dec
2013) (5 marks) (Dec 2014)
3. Define the following terms i) algorithm ii) Key iii) Plaintext iv) steganography v) Work factor
vi) key space. (10 marks) (June 2013) (Dec 2013) ( 5 marks) (Dec 2014)
4. Describe the terms: authentication, integrity, privacy, authorization and non- repudiation. (5
marks) (Dec 2012) (June 2013) (10 marks ) (June 2014)
5. Discuss the man-in-the-middle attack. ?(7 marks) (June 2013)(Dec 2013)(10 marks)(Dec
2014)

Dept. of CSE, SJBIT

Page 2

Information and network Security

10CS835

UNIT 5 : Authentication Applications


1. Discuss active security attacks.(10 marks)(Dec 2012)(7 marks)( Dec2013)
2. Describe briefly the security attacks and specific security mechanismz covered by X.800. (5
marks)(Jun 2013)(7 marks) (Dec 2013)
3. Describe the authentication procedures covered by X.809.(10 marks)(Jun 2014)
4. Explain the general x. 509 public key certificate.(6 marks)( Dec 2013)(8 marks)(Dec 2014)
5. Compare active and passive attacks.(5 marks)(Jun 2013)(10 marks)(Jun 2013)(6 marks)(Dec
2014)
6. Explain Kerberos version 4 message exchanges.(10 marks) (Dec 2012)(6 marks Dec 2014)
7. List out differences between Kerberos version 4 and version 5.(10 marks)(Jun 2013)

UNIT 6 : Electronic Mail Security


1. Explain the PGP message generation and reception processes. .(5 marks)(Jun 2013)(10
marks)(Jun 2013) (7 marks)( Dec2013)
2. Describe the steps involved in providing aythentication and confidentiality by PGP. (10
marks)(Dec 2012) (6 marks)(Dec 2014)
3. Discuss limitations of SMTP/RFC 822 and how MIME overcomes these limitations. (6 marks
Dec 2014)
4. Explain different MIME content types. (5 marks)(Jun 2013)(7 marks) (Dec 2013) (10 marks)
(Dec 2012)
5. Explain S/MIME certificate processing method. (10 marks)(Jun 2013)

UNIT 7: IP Security
1. Mention the application of IPsec. (10 marks) (June 2013) (Dec 2013) ( 5 marks) (Dec 2014)
2. Explain the security association selections that determine a security policy database entry.( 6
marks)( Dec 2013)(8 marks)(Dec 2014)
3. Describe SA parameters and SA selectors in detail.(5 marks)( June 2013)(10 marks) (Dec
2013)(June 2014)
Dept. of CSE, SJBIT

Page 3

Information and network Security

10CS835

4. Explain IPsec and ESP format. (5 marks)(Jun 2013)(10 marks) (Dec 2013)
5. Describe Transport tunnel modes used for IPsec AH authentication bringing out their scope
relevant to IPV4. (3 marks)(Dec 2014) .(19 marks) (Jun 2012) (June 2013)
6. Mention important features of Oakley algorithm. (10 marks) (June 2013) (Dec 2013)

UNIT 8:

Web Security

1. Explain the parameters that define session state and connection state in SSL. (7 marks)(
Dec2013)
2. Discuss SSL protocol stack. (10 marks)(Dec 2012)
3. What are the services provided by SSL record protocol?( 10 marks) (Dec 2012)(6 marks Dec
2014)
4. Describe the SET participants.(05 Marks)
5. Explain SSL handshake protocol with a neat diagram. (5 marks)(Jun 2013)(7 marks) (Dec
2013)
6. Explain the construction of dual signature in SET. Also show its verification by the merchant
and the bank. (10 marks)(10)(Jun 2013)
7. List out the key features of secure electronic transaction and explain in detail. .(5 marks)(Jun
2013)(10 marks)(Jun 2013)(6 marks)(Dec 2014)

Dept. of CSE, SJBIT

Page 4