INFORMATION SECUURITY

IT2042 INFORMATION SEC RITY

KINGS
DEPARTMENT
DEPARTME T OF COMPUTER SCIENCE AND ENGINEERING
ENGINE ING

IT2 2 INFORMATION SECURITY

Branc / Year / Sem

Staff me : NALAYINI P & AMBIKA

QUESTION BANK
Acade ic Year
INFORMATION SECURITY

JNTU
Kings World Team
College of Enginee ng Page 1
 Follow Your Syllabus

SYLLABUS

UNIT I FUNDAMENTALS 9
History, What is Information Security?, Critical Characteristics of Information, NSTISSC Security
Model, Components of an Information System, Securing the Components, Balancing Security and
Access, The SDLC, The Security SDLC

UNIT II SECURITY INVESTIGATION 9

Need for Security, Business Needs, Threats, Attacks, Legal, Ethical and Professional Issues

UNIT III SECURITY ANALYSIS 9

Risk Management: Identifying and Assessing Risk, Assessing and Controlling Risk

UNIT IV LOGICAL DESIGN 9

Blueprint for Security, Information Security Poicy, Standards and Practices, ISO 17799/BS 7799,
NIST Models, VISA International Security Model, Design of Security Architecture, Planning for
Continuity

UNIT V PHYSICAL DESIGN 9

Security Technology, IDS, Scanning and Analysis Tools, Cryptography, Access Control Devices,
Physical Security, Security and Personnel

TOTAL: 45 PERIODS
TEXT BOOK:
1. Michael E Whitman and Herbert J Mattord, Principles of Information Security, Vikas
Publishing House, New Delhi, 2003

REFERENCES:
1. Micki Krause, Harold F. Tipton, Handbook of Information Security Management, Vol 1-3 CRC
Press LLC, 2004.
2. Stuart Mc Clure, Joel Scrambray, George Kurtz, Hacking Exposed, Tata McGraw- Hill, 2003
3. Matt Bishop, Computer Security Art and Science, Pearson/PHI, 2002.

JNTU World Team Page 2

 Follow Your Syllabus

Unit 1

2 Marks

1. What is information security?

2. What is C.I.A?

3. Write a note on the history of information security

4. What is Rand Report R-609?

5. What is the scope of computer security?

6. What is Security?

7. Define Physical security

8. Define Personal Security

9. Define Operations security

10. Define Communications security

11. Define Network security

12. Define Information security

13. What are the critical characteristics of information?

14. What is NSTISSC Security model?

15. What are the components of an information system?

16. What is meant by balancing Security and Access?

17. What are the approaches used for implementing information security?

18. What is SDLC?

19. Explain different phases of SDLC

20. What is Security SDLC?

21. How information security is viewed as a social science?

22. What are the information security roles to be played by various professionals in a

typical organization?
JNTU World Team Page 3
 Follow Your Syllabus

23. What are the three types of data ownwership and their responsibilities?

24. What is the difference between a threat agent and a threat?

25. What is the difference between vulnerability and exposure?

26. What is attack?

27. What is hacking?

28. What is security blue print?

29. What is MULTICS?

30.What is ARPANET?

31.Define E-mail spoofing

16 Marks

1) Explain the four important functions, the information security performs in an organization

2) What are dual homed host firewalls? Explain

3) What are deliberate acts of Espionage or tresspass. Give examples.

4) What deliberate software attacks?

5) Explain in detail the different types of cryptanalytic attacks

6) Enumerate different types of attacks on computer based systems.

7) What are different US laws and International laws on computer based crimes?

8) Explain in detail the Legal, Ethical and Professional issues during the security investigation

9) What are threats? Explain the different categories of threat

10) What is the code of ethics to be adhered to by the information security personnel stipulated by
different professional organizations?

11) What is Intellectual property? How it can be protected?

12) Who are Hackers? Explain its levels

13) Explain the attack replication vectors

14) Discuss in detail the forces of Nature affecting information security

JNTU World Team Page 4

 Follow Your Syllabus

15) Explain deliberate software attacks

Unit 2

2 Marks

1) What are the four important functions, the information security performs in an
organization?

2) What are threats?

3) What are the different categories of threat? Give Examples.

4) What are different acts of Human error or failure?

5) How human error can be prevented?

6) What is Intellectual property?

7) How Intellectual property can be protected?

8) What is deliberate acts of espionage or trespass?

9) Who are Hackers? What are the two hacker levels?

10) What is information extortion?

11) What is deliberate acts of sabotage and vandalism?

12) What is Cyber terrorism?

13) What are the deliberate acts of theft?

14) What are deliberate software attacks?

15) What are the forces of Nature affecting information security?

16) What are technical hardware failures or errors?

17) What are technical software failures or errors?

18) What is technological obsolescence?

19) What is an attack?

20) What is a malicious code?

21) Define Virus

JNTU World Team Page 5

 Follow Your Syllabus

22) Define Hoaxes

23) What is Distributed Denial-of-service (DDoS)?

24) What is Back Door?

25) Define Dictionary attack

26) What are the various forms of attacks.

27) What are the attack replication vectors?

28) What is Denial-of-service (DoS) ?

29) Define Spoofing

30) Define Man-in-the-Middle

16 Marks

1) Explain the four important functions, the information security performs in an organization

2) What are dual homed host firewalls? Explain

3) What are deliberate acts of Espionage or tresspass. Give examples.

4) What deliberate software attacks?

5) Explain in detail the different types of cryptanalytic attacks

6) Enumerate different types of attacks on computer based systems.

7) What are different US laws and International laws on computer based crimes?

8) Explain in detail the Legal, Ethical and Professional issues during the security investigation

9) What are threats? Explain the different categories of threat

10) What is the code of ethics to be adhered to by the information security personnel stipulated
by different professional organizations?

11) What is Intellectual property? How it can be protected?

12) Who are Hackers? Explain its levels

13) Explain the attack replication vectors

14) Discuss in detail the forces of Nature affecting information security

JNTU World Team Page 6

 Follow Your Syllabus

15) Explain deliberate software attacks

Unit 3

2 Marks

1. What is risk management?

2. What the roles to be played by the communities of interest to manage the risks an
organization encounters?

Information Technology

3. What is the process of Risk Identification?

4. What are asset identification and valuation.

5. What is Asset Information for People?

6. What are Hardware, Software, and Network Asset Identification?

7. What are Asset Information for Procedures?

8. What are the Asset Information for Data?

9. How information assets are classified?

10. Define the process of Information asset valuation.

11. What are the Questions to assist in developing the criteria to be used for asset
valuation?

12. Define data classification and management.

13. What are security clearances?

14. Explain the process of threat identification?

15. How to identify and Prioritize Threats?

18. What is Risk assessment?

16. What are the different threats faced by an information system in an Organization?

17. What is Vulnerability Identification?

19. Mention the Risk Identification Estimate Factors

JNTU World Team Page 7

 Follow Your Syllabus

20. Give an example of Risk determination.

21. What is residual risk?

22. What is access control?

23. What are the different types of Access Controls?

24. What is the goal of documenting results of the risk assessment?

25. Mention the strategies to control the vulnerable risks.

26. What are the different risk control strategies?

27. Write short notes on Incidence Response Plan

28. Define Disaster Recovery Plan

29. Define Business Continuity Plan

30. What are different categories of controls?

16 Marks

1. What is risk management? State the methods of identifying and assessing risk management

2. Discuss in detail the process of assessing and controlling risk management issues

3. What is risk management? Why is the identification of risks by listing assets and vulnerabilities
is so important in the risk management process?

4. Explain in detail different risk control strategies

5. Explain asset identification and valuation

6. Explain in detail the three types of Security policies (EISP,ISSP and sysSP).

7. What is Information Security Blue print? Explain its salient features.

8. Explain the roles to be played by the communities of interest to manage the risks an
organization encounters

9. Explain the process of Risk assessment

10. Explain briefly the plans adopted for mitigation of risks

11. Explain how the risk controls are effectively maintained in an organization

JNTU World Team Page 8

 Follow Your Syllabus

13) Write short notes on a) Incidence Response Plan b)Disaster Recovery Plan c)Business
continuity plan

12. Explain in detail the process of asset identification for different categories

13. Explain the process of Information asset valuation

14. Discuss briefly data classification and management

15. Explain the process of threat identification?

16. Explain the process of vulnerability identification and assessment for different threats faced by
an information security system

Unit 4

2 Marks

1. What is a policy?

2. What are the three types of security policies?

3. What is Security Program Policy?

4. Define Issue-Specific Security Policy (ISSP)

5. What are ACL Policies?

6. What is Information Security Blueprint?

7. Define ISO 17799/BS 7799 Standards and their drawbacks

8. Mention the Drawbacks of ISO 17799/BS 7799

9. What are the objectives of ISO 17799?

10. What is the alternate Security Models available other than ISO 17799/BS 7799?

11. List the management controls of NIST SP 800-26

12. Mention the Operational Controls of NIST SP 800-26

13. What are the Technical Controls of NIST 800-26?

14. What is Sphere of protection?

15. What is Defense in Depth?

JNTU World Team Page 9

 Follow Your Syllabus

16. What is Security perimeter?

17. What are the key technological components used for security implementation?

18. What is Systems-Specific Policy (SysSP)?

19. What is the importance of blueprint?

20. What are the approaches of ISSP?

16 Marks

1. What are ISO 7799 and BS7799? Explain their different sections and salient features.

2. Explain salient features of NIST security models.

3. Explain with diagrams the design of security architecture.

4. Explain how information security policy is implemented as procedure

5. What are the three types of security policies? Explain

6. Compare and contrast the ISO 17700 wit BS 7799 NIST security model

7. Explain the NIST security model

8. List the styles of security architecture models. Discuss them in detail

9. Explain NIST SP 800-14

10. Explain Sphere of protection with a neat sketch

11. Explain the key technological components used for security implementation

12. Write short notes on

i. Defense in depth ii. Security perimeter

13. Write short notes on

i. Incident Response plan(IRP)

ii. Disaster Recovery Plan

iii. Business Continuity Plan

14. What is Business Impact Analysis? Explain different stages of BIA in detail.

15. Explain Key technology component

JNTU World Team Page 10
 Follow Your Syllabus

Unit 5

2 Marks

1. What are firewalls?

2. Explain different generations of firewalls.

3. Mention the functions of first generation firewall

4. What are the restrictions of first generation firewall?

5. What is the advantage of Second Generation firewalls?

6. Define stateful inspection firewall

7. What is the disadvantage of third generation firewalls?

8. What is the function of Fifth Generation firewall?

9. How firewalls are categorized by processing mode?

10. What is the drawback of packet-filtering router?

11. What are Screened-Host Firewall Systems

12. What is the use of an Application proxy?

13. What are dual homed host firewalls?

14. What is the use of NAT?

15. What are Screened-Subnet Firewalls?

16. What are the factors to be considered while selecting a right firewall?

17. What are Sock Servers?

18. What are the recommended practices in designing firewalls?

19. What are intrusion detection systems(IDS)?

20. What are different types of IDSs?

21. Define NIDS

22. What is HIDS?

JNTU World Team Page 11

 Follow Your Syllabus

23. What is the use of HIDS?

24. What is Application-based IDS?

25. What is Signature-based IDS?

26. What is LFM?

27. What are Honey Pots?

29. What are Honey Nets?

30. What are Padded Cell Systems?

31. What are the advantages and disadvantages of using honey pot or padded cell
approach?

32. What are foot printing and finger printing?

33. What are Vulnerability Scanners?

34. Define Packet Sniffers

35. What is Cryptography?.

36. What is Cryptoanalysis?

37. Define Encryption

38. Define Decryption

39. What is Public Key Infrastructure (PKI)?

40. What are the PKI Benefits

41. How E-mail systems are secured?

42. What are the seven major sources of physical loss?

43. What is a Secure Facility?

44. What are the controls used in a Secure Facility?

45. What are the functions of Chief Information Security officer?

16 Marks

1. Explain in detail

JNTU World Team Page 12

 Follow Your Syllabus

i. Firewalls categorized by processing mode

ii. Different generations of firewall

2. Explain in detail different firewall architectures (OR) Write short notes on

iii. Packet filtering Routers

iv. Screened Host fire wall

v. Screened subnet firewalls (with DMZ)

3. What are the factors to be considered in selecting a right firewall?

4. Explain how firewalls are configured and managed?

5. Outline some of the best practices for firewall use.

6. What are fire wall rules? Explain different fire wall rule sets.

7. What is intrusion Detection System(IDS)? Explain different reasons for using IDS and different
terminologies associated with IDS.

8. What are different types of Intrusion Detection Systems available? Explain with diagrams

9. Write short notes on

vi. Network-based IDS

vii. Host-based IDS

viii. Application-based IDS

ix. Signature-based IDS

10. What are Honey pots,Honey Nets and Padded cell systems? Explain each.

11. What is Attacking Protocol? Explain a) Foot printing and b) Finger printing.

12. What are the purposes of Scanning and Analysis tools? Who will be using these tools?
Explain the functioning of few of these tools.

13. What is cryptography? Define various encryption terms used.

14. What is RSA algorithm? Explain different steps>

15. What are different possible attacks on crypto systems?

JNTU World Team Page 13

 Follow Your Syllabus

16. List and describe four categories of locks?

17. Explain with a diagram different positions in Information security.

18. What are the functions of a)CISO,b) Information Security Manager, and c)Security Technician

19. How the credentials of Information Security Personnels are assessed?

20. What are the certifications the Information Security Personnels should aquire for fitting into
their roles?

UNITWISE IMPORTANT QUESTIONS

UNIT I
1. Explain in detail about software development life cycle process
2. What is SDLC? Illustrate the security of SDLC
3. Explain in detail about components of information system.
4. Discuss in detail NSTISSC security model
UNIT II
1. Discuss in detail the Legal , Ethical and Professionalism issues during security
investigation
2. Explain in detail the different types of cryptanalytic attacks.
3. Explain in detail about different type of threats
4. Explain in detail about legal issues during security investigation?
UNIT III
1. Explain in detail about Risk Control strategy
2. What is risk Management?.State the methods of identifying and assessing risk
management
3. Explain in detail about Risk Control Cycle
4. Explain in detail about Risk handling decision points
5. Explain in detail Cost Benefit Analysis and Exposure Factor
UNIT IV
1. List the styles of architecture security models .Discuss them in detail
2. Briefly explain the NIST SECURITY MODEL
3. Explain in detail about designing of security architecture

JNTU World Team Page 14

 Follow Your Syllabus

4. Explain in detail about planning for continuity.

UNIT V
1. Explain in detail about IDS and its types.
2. Write short notes on scanning and analysis tools used during design
3. Write notes on the control devices used in security design
4. What is cryptography?.Discuss the authentication models used in cryptography.
5. What is intrusion detection system?.Explain its types in detail.

JNTU World Team Page 15