Model Question paper

Section – 1
1 a. Which is the security protocol applied at layer 3 of the OSI
stack? What are its benefits.
Ans:- SSL:
 Secure socket layer is a protocol form establishing secure link between
the network computers.
 Its next version is TLS
 By using this SSL your information is a private when is sent to the SSL &
its success TLS or protocol for establishing authenticated & encrypted
links between network computers.
Benefits:-
 SSL protocol sensitive information. The information that is sent on
internet is passed from computer to get to the destination server.
 SSL affirms your business identify & improves customer trust.
 Better search engine ranking.
 SSL helps you satisfy PCI/DSS requirement.
 It helps to serve website & users from a range of attack.
b. What is the need of defense in depth for a network?
Ans:-Defense-in-depth security architecture is based on controls that
are designed to protect the Physical technical & administration
aspects of your network. Physical controls- These controls
include security measure that prevents physical access to IT
system Such as security guards or locked doors.
A defense -in-depth strategy ask a security-in-depth strategy.
Refers to a cybersecurity approaches that use multiple layers
defense helps security organization reduces vulnerability ,contain
threats & mitigate risk.
2 a. How do you apply Microsoft secure SDLC in each stages of
 Software development?
Ans:- Five Stages of SDLC
1.Requriments:-In this early phase requirements for new features
are collected from various stakeholder Its important to identify
any security consideration for functional requirements being
gathered for the new release.
2.Design:-This phase is essential phase of the software development
Life cycle. the list of requirements that you develop in the
Definition phase is used to make design choice In the design phase
One or more design are created to achieve the project results.
3.Development:-The SDLC is a structured process that enables the
Production of high-quality ,low-cost software in the shortest
Possible production time. The goal of the SDLC is to producer
Superior software that meets and exceeds all customer
Expectation & demands.
4.Verification:-It is the process of checking that a software achieves
Its goal without any bugs It is the process to ensure whether the
Products that is development is right or not. It verifies whether the
Development product fulfills the requirements that we have.
5.maintance & Evolution:-The maintains phase of SDLC occurs after
The product is in full operation maintenance of software can
Include software upgrades. repairs & fixs of the software if it breaks
Software application often need to be upgrade or integrated with
New system the customer deploys.
b. Your creating new password for your online banking how will you
Strengthen your password elaborate?
Ans:- I will create a strengthen then new password for online banking
Following the steps :
 Give a one character
 Give a one capital letter
 Give a one small character
 Then give a one special character
 Give a one digit
Then length of the password should be minimum eight character
 Don’t use the continuous number
 Don’t use the continuous character
 Don’t use the your birth date
 Don’t use the your mobile number

Section -2
3 a. let p=191 & q=2.Alice picks x=42 & B picks y=33.compute the shared
secret between Alice & bob using Diffie-Hellman key exchange protocol.
Ans:-x = qx mod p
242 mod 191
= (210 mod 191) (210 mod 191) (210 mod 191) (210 mod 191) (22 mod 191)
= (69*69*69*69*4) mod 191
=(177*177*4) mod 191
=(5*4) mod 191
xa=20
Bob y=qy mod 191
=233 mod 191
=(210 mod 191) (210 mod 191) (210 mod 191) (23 mod 191)
=(64*69*69*8) mod 191
(180*8) mod 191
Y b=103
Now calculate the secret key
Alice ka= yxb mod p
=10342 mod 191
=(10310 mod 191) (10310 mod 191) (10310 mod 191) (10310 mod 191)
(1032 mod 191)
=(160*160*160*160*140) mod 191
=(6*6*104) mod 191
=115
Bob kb = Xya mod p
=2033 mod 191
=(2010 mod 191) (2010 mod 191) (2010 mod 191) (203 mod 191)
=(5*5*5*169) mod 191
=21125 mod 191
=115
The share secret key between Alice & bob is=115
b. Find Euler totient function :

Φ (255)

Φ(n) = n 𝝅(1-1/p)
=255(1-1/3) (1-1/5) (1-1/17)
=255 *2/3* 4/5* 16/17
=2*4*16
=128
Φ (256)
Φ (n) = pn - pn-1
=28 - 28-1
=256 -128
=128
Φ(n) 256(1-1/2)
=256*1/2
=128
4 a. Give an implementation of RSA algorithm that uses primes p=5 & q=11. If
the encryption key is 27.what is the decryption key?
Ans:- 1. Select two prime numbers p&q p=5 q=11
2. calculate n n=p*q
n=5*11
n=55
3.calculate Φ(n) (p-1) (q-1)
Φ(n)= (5-1) (11-1)
Φ(n)=4*10
Φ(n)=40
4.Encryption key is 27
5.cipher text(encryption)
C=me mod n
= (7,(55,27))
Cipher text is 3
6.plain text(decryption)
M=cd mod n
=(55,-29))
Plain text is 7
b .What is the final digit & two final digit of 310000?
Ans:-=
=24,34 = 10000= 1 mod 100
= Φ(100) = 23 , 53 = 1000
= Φ(1000) = 1000(1-1/2) (1-1/2)
=100(1/2)*(4/3) = 10000
(3400)25 = 10000
= 1 mod 1000
= 1-1 /1000*100001
=201

Section-3
5 a. Describe stages and life cycle of incident management.
Ans:- The Five stages to be followed in an incident management.
1.Incident Identification:-
* The first step is the life of an incident is incident management
* Sources of incident reporting include walk-ups, self-services
Phones calls emails supports chats and automated notices such
As network monitoring software or system scanning utilities.
2.Incident Categorization:-
Incident can be categorization and sub-categorized based on the
Area of IT or business that the incident causes a disruption in like
Network, hardware etc.
3.Incident Prioritization:-
* The priority of an incident can be determined as a function of its
Impact & urgency using a priority matrix.
*The impact of an incident denotes the degree of damage the
Issues will cause to the user or business.

4.Incident response:-
Once the incident has been identified categorized & prioritized it can be
assigned to be right person also known as the incident owner who typically has
to respond to the issue.

5. Incident resolution & Closure:-

* An incident is considered resolved when the technician has
Come up with a temporary workaround or a permanent
Solution for the issue.
*An incident can be closed once the issue is resolved and the
User acknowledges the resolution and is satisfied with it.

b. What is the need of Dynamic file analysis?

 Dynamic code analysis tools can help them achieve this with easy
debugging of running threats & process.
 Dynamic analysis tools also help illuminate performed problems &
memory usage issue & memory leaks.
 Dynamic Analysis testing will ditect the file to the application works well,
convexly it will reveal errors indicating that an application Doesn’t works
as intended files of project.
 Developers are under tremendous pressure to deliver clean application
faster
6 a. Create a threat model for a social media web application at
Design time?
Ans:- * Identity security objectives clear objective help you to
Focus the threat modeling activity and determine how
Much effort to spend on subsequent steps
*Create an application overview
*Decompose your application
*Identity threats
*Identity vulnerabilities.
b. Describe shared responsibility model in cloud?
Ans:- The shared responsibility model is a security and compliance
Framework that outline the responsibility of cloud service
Providers & customers for security every aspect of the cloud
Environment including hardware, infrastructure, endpoint
Data configuration, setting ,operating system Network.

Section – 4
 7 a. How do you final vulnerability in your cloud based web
Application? What are common vulnerability.
Ans:-
 Rapid vulnerability detection, security health analytics & web security
scanner detector generates vulnerability finding that are available in
security command line.
 When they are enabled in security command center integrated services
like VM manger also generate vulnerability finding.
Common vulnerability:-
 Insecure direct object refences
 Cross site request coregency
 Insecure cryptographic storage
 Failure to restrict URL access
 Insufficient transport layer protection.

b. Illustrate setting up multifactor authentication on any global

public cloud system.
Ans:-
 Sign in to Microsoft 365 admin center with global Admin credentials.
 In the left chose show all & under admin center chose azure active
directory.
 In the azure active directory admin center choose azure active directory
properties.
 At the button of the page choose manage security defaults.
 Choose yes to enables security defaults & then choose save.

8 a. Highlight deprecated unsafe function in common

programming language.

Ans:- Python:- python has a pair of very dangerous function

Exec & eval .Both are very similar in terms of what
They do process the strings passed to them as python
Code, exec expects the strings to be a statements
Which it will execute & not return a value.
Java:- Improper use of the java native interface can
Render java application vulnerability to security flaws
Occurs when a java application user JNI to call code
Written in another programming language.
C:-
 *gets
*strcat
*strcpy
*sprint
b .What is the need of static code analysis .Static code analysis
tools .explain with example.
Ans:-
 It can evaluate all the code in an application increasing code quality.
 Automated tools are user prone to human error
 It can be done in an offline development environment.
Tools:-
 SonarQube
 Coverity
 PMN
 Lint
 Veracode
 PUS-studio
SonarQube:-
 An open sources tool to measure & analyze to quality of sources code
 Supports over 20 different languages.
 SonarQube offers reports on duplicate code coding standards, unit
tests, code coverage ,code complexity, commands, bugs & security
recommendations.

Section -5
9 a. Illustrate lifecycle of security incident management?
Ans:-
 Preparation:-
Incident Preparation is a continuous cycle that consider an update view of
threat risks & hazards.
 Identification:-
One of the most important steps in the incident response process is the
detection phase detection also called identification.
 Containment:-
Containment is a methodology where by access to information, files System or
network is controlled view access point
 Eradiation:-
It is a critical face in the incident response process
  Recovery:-
It is a process of restoring & returning effected system & devices back in to
your business environment.
 Lessons Learned:-
The final stage of the incident management is to review the incident to identify
opportunities for improvement.

b. Design a sample cyber security dashboard for reporting to top

management.
Ans:-
 Security Incident :- This Section display the number of security
incident that have occurred over a specific period of time such
as the past month the data can be presented in a graph or chat
format.

 Vulnerability: This section display the number of vulnerability

that have been identified & are yet to be patched.

 Patch management :- This section display the percentage of

system that have been patched with in specific of time.

 Network traffic:- This section display the total amount of

network traffic including incoming & outgoing traffic over a
specific period of time.

 Security Compliance:- This section display the percentage of

system that are compliant with security policies & regulations.

 Threat Intelligence:- This section display the latest known

threat intelligence such as new threats & vulnerability as well
any relevant mitigation strategies.

10 a. Identify use case of how changes or configurations in IT

System impact security configuration resulting in cyber
 Risk exposure?
Ans:- One example of how change or configuration in IT
system can impact security configuration & result in cyber risk
exposure in when a company updates its software or hardware
system without properly testing the capability of those updates
with their existing security measure. This can be lead to
vulnerability in the system that can be explained by
cybercriminals ,potentially resulting in a data breach or other
security incident another example in when a company changes
its network configuration. Such as by adding new device or
changing access controls without properly assessing the
potential security risks & implementing appropriate safeguards
this can also results in increased cyber risk exposure.

b. Give two KRI example each for the following domains.

a. patch management
b. Anti-virus management
Ans:-
a. patch management:
 Deploying of all security patches for all operating system or IT
assets.
 Uploading of OS master or golden image.
 Definition of the priority of vulnerability remediation
 Verification of the success of a deployed patch or remediation
solution.
 Definition of SLAs for detecting analyzing & patching.

b. Anti-virus management:
 Application patch latency.
 Number of successful & unsuccessful logins
 No of virus blocked
 Number of SPAM emails blocked system usage time of day
logins
 No of phishing attempts.
 CYBER SECURITY (20CS54I )FEB 2023

V SEMESTER DIPLOMA EXAMINATION JAN/FEB-2023

SCHEME OF VALUATION
CYBER SECURITY
SUB CODE : 20C54I, V SEM
Marks Total
Q. no DESCRIPTION
distribution marks
SECTION I
a Layer identification + any 4 types + advantage 2+4+4 10
1
b Device protection + Data protection 5+5 10
OR
a Explanation of five 5x2 10
2
b List of stages + Explanation of each stages 3+7 10
SECTION II
a Algorithm + example steps 6+8 14
3
b Hashing + Digital signature 3+3 6
OR
a Calculating decryption key + MSG encrypt and decrypt 8+6 14
4
b solving problem 3+3 6
SECTION III
a Diagram + explanation 4+6 10
5
b Responsibility (customer+cloud provider)+ Advantages 4+3+3 10
OR
a Diagram + explanation 6+4 10
6
b Blue team + Red team 5 +5 10
SECTION IV
a Steps to find vulnerability + common vulnerability(any six) 4+6 10
7
b Benefits + tools 5+5 10
OR
a Responsibility (customer + cloud provider) 5+5 10
8
b Need of DCA + Stage identification 8+2 10
SECTION V
a Diagram + explanation 4+6 10
9
b Importance + types +Features 3+3+4 10
OR
a Patch management + Antivirus management 5+5 10
10
b List + Explanation 4+6 10

Page 1 | 26
CYBER SECURITY (20CS54I )FEB 2023

V semester Diploma Examination Jan-2023

CYBER SECURITY 20CS54I
Model answers

NOTE: All model answers are general specific to subject, if any answers are relevant
please give marks.

Q1. (a) At which layer of OSI stack firewall will be placed? Give the types and
advantages of firewall in cyber security?

Ans: Network layer where firewall will be placed in OSI stack.

Different Types of Firewalls in Cyber Security

Firewall in Cyber Security: Types, Advantages & Components (knowledgehut.com)

1. Packet-filtering Firewalls

A packet-filtering firewall is a type of firewall that can obstruct network traffic IP protocol, a
port number, and an IP address. It applies a set of rules, which are based on the contents of IP
and transport header fields on each packet. Upon receiving and analysing the outcome, the
packet-filtering firewall decides whether to forward or discard the packet.

2. Proxy Service Firewalls

Proxy service firewalls are systems that filter messages at the application layer to improve
network security. You can think of it as an intermediary between your internal network and
outside servers. By analysing incoming traffic with stateful and deep packet inspection
technology, they are more secure than traditional firewalls.

3. Stateful Multilayer Inspection (SMLI) Firewalls

Page 2 | 26
CYBER SECURITY (20CS54I )FEB 2023

Stateful Multilayer Inspection firewalls keep track of connections and provide standard
firewall capabilities. Traffic is filtered based on state, port, and protocol, as well as
administrator-defined rules and contexts. A prior connection and packets from a current
connection are used in this process.

4. Unified Threat Management (UTM) Firewalls

SMLI firewalls work in conjunction with intrusion prevention and antivirus software to form
a unified threat management firewall. UTM may include additional services such as cloud
management.

5. Next-generation Firewalls (NGFW)

Compared to packet-filtering and stateful inspection firewalls, next-generation firewalls are

more sophisticated. Unlike standard packet filters, they perform a more thorough inspection
of packets, examining not just packet headers but also their contents and sources. As security,
threats evolve and become more sophisticated, NGFWs are able to block them.

6. Network Address Translation (NAT) Firewalls

As a result, NAT firewalls are capable of assessing internet traffic and blocking unsolicited
communications, so they only accept inbound web traffic from devices on your private
network.

7. Virtual Firewalls

In cloud-based systems, both private and public, virtual firewalls serve as security appliances.
Internet traffic is assessed and managed using this type of firewall, whether it is over a
physical or virtual network.

Advantages of Using Firewalls

What Is Firewall: Types, How Does It Work & Advantages | Simplilearn
The advantages of using firewalls.

● It provides enhanced security and privacy from vulnerable services. It prevents

unauthorized users from accessing a private network that is connected to the internet.
● Firewalls provide faster response time and can handle more traffic loads.
● A firewall allows you to easily handle and update the security protocols from a single
authorized device.
● It safeguards your network from phishing attacks.

Q 1.b) You have purchased a laptop for your business purpose then what measures
shall you take to protect your device and data.
Data Security Best Practices: 10 Methods to Protect Your Data | Ekran System
1. Encryption — prevents unauthorized parties from reading your data.

Page 3 | 26
CYBER SECURITY (20CS54I )FEB 2023

2. Masking — suppresses or anonymizes high-value data by replacing sensitive information

with random characters. You can also substitute data with a low-value representative token;
this method is called tokenization.
3. Data erasure — involves cleaning your repository in case stored data is no longer used or
active.
4. Data resilience — involves full, differential, and incremental backups of your critical
data. Storing your valuable data in different locations helps to make it recoverable and
resilient to different cybersecurity threats.

Basic Security Measures You have to Take to Protect Your Digital Assets and Devices -
InfosecTrain
1. Secure the company Wi-Fi and stay up to date: Firstly, you must update your
software frequently because the old versions cannot prevent new hacking methods.
You must adhere to Wi-Fi security best practices to protect your digital assets. Ensure
your router is kept in a physically safe position, change the network name, ensure the
firewall is enabled, and regularly update the firmware and software.

2. Maintain a Data Backup: Data Backup is a process of copying the data files and
storing them in a different location. We can restore the files whenever we want. Data
Backup is very important: assume your system were crashed, or assume your system
was locked by some ransomware that is when you can use the backed up data.

3. Two-step verification: In the world of cyber-crimes, hoping that a password can save
your data is nothing but your innocence. There are many social engineering
techniques where a cybercriminal can easily get the credentials of your social media
accounts, your bank accounts, or any other private accounts. So the only solution to
escape the attacks is to have two-step verification. This is nothing but using an OTP to
login into your accounts. This method is helpful because you will receive the OTP to
your mobile (physical device), which an attacker cannot access. Even if the attacker
knows your credentials, he cannot log in to your account until they have the OTP.

4. Limit Access: Restricting access to digital assets and systems reduces the risk of loss
or theft. Limiting access is a crucial step in protecting digital assets. Make sure that
only those workers who need to use digital assets and systems have access to them.
Authorized users of these systems should follow data security best practices,
including password protection and authentication while utilizing personal devices and
other risk factors.

5. Cyber Insurance: Cyber insurance is kind of similar to regular insurance. For

example, take health insurance. This health insurance can compensate for the money
when you are ill. You can pay your medical bills with health insurance. Similarly,
Cyber Insurance can compensate for the costs of your data loss and investigations of
cyberattacks.

Page 4 | 26
CYBER SECURITY (20CS54I )FEB 2023

6. Document Protocols: Create a calendar and set timelines for activities like backups,
upgrades, and software reviews using an ongoing schedule and calendar. Make a list
of your company’s current protocols, and make sure to update them as required in the
future. Guidelines for digital asset management should be viewed as a dynamic
document that changes and evolves as content, applications, and programs mature and
evolve.

Q2. (a) Describe the way hackers collect information from intended users/organization.

Methodology followed by the Hackers

Methodology followed by the Hackers - GeeksforGeeks

Different types of methodologies:

1. Reconnaissance
Reconnaissance is the process of gathering information about the target system. Finding
vulnerabilities in the computer system or the methods that are left vulnerable is part of the
process. If the hacker is able to get access to the system, he or she will continue the
hacking procedure. The hacker has a lot of knowledge at the end of the reconnaissance
phase, which he can use to build a promising attack on the target system.

2. Scanning
Before launching an attack, the hacker wants to determine whether the system is
operational, which apps are in use, and what versions of those programs are in use.
Scanning entails looking for all open and closed ports in order to locate a backdoor into
the system. It entails getting the target’s IP address, user accounts, and other information.
The information acquired during the reconnaissance phase is utilized to inspect the
network using tools such as port scanners. N-map is a popular, powerful, and freely
available scanning tool.

3. Gaining Control
The information obtained in the previous two phases is utilized to enter and take control
of the target system over the network or physically in this phase of the hacking method.
This stage is often referred to as ―Owning the System.‖

4. Maintaining Access
After acquiring access to the system in the previous stage, the hacker keeps the access for

Page 5 | 26
CYBER SECURITY (20CS54I )FEB 2023

future attacks and makes changes to the system so that no other security personnel or
hacker can acquire access to the compromised system. The attacked system is referred to
as the ―Zombie System‖ in this case.

5. Log Clearing
It is the method of erasing any remaining log files or other sorts of evidence on the
hacked system that could lead to the hacker’s capture. Penetration testing is one of the
instruments in ethical hacking approaches that can be used to catch a hacker.

Q2. (b) Think that you are the security manager for your project team, how do you
apply secure SDLC in each stage of project development.

Microsoft SDL consists of seven components including five core phases and two supporting
security activities. The five core phases are requirements, design, implementation,
verification, and release. Each of these phases contains mandatory checks and approvals to
ensure all security and privacy requirements and best practices are properly addressed. The
two supporting security activities, training and response are conducted before and after the
core phases respectively to ensure they're properly implemented, and software remains secure
after deployment.

Training
All Microsoft employees are required to complete general security awareness training and
specific training appropriate to their role.

Requirements
Every product, service, and feature Microsoft develops starts with clearly defined security
and privacy requirements; they're the foundation of secure applications and inform their
design. Development teams define these requirements based on factors such as the type of
data the product will handle, known threats, best practices, regulations and industry
requirements, and lessons learned from previous incidents. Once defined, the requirements
are clearly defined, documented, and tracked.

Page 6 | 26
CYBER SECURITY (20CS54I )FEB 2023

Design
Once the security, privacy, and functional requirements have been defined, the design of the
software can begin. As a part of the design process, threat models are created to help identify,
categorize, and rate potential threats according to risk. Threat models must be maintained and
updated throughout the lifecycle of each product as changes are made to the software.

Implementation
Implementation begins with developers writing code according to the plan they created in the
previous two phases. Microsoft provides developers with a suite of secure development tools
to effectively implement all the security, privacy, and function requirements of the software
they design. These tools include compilers, secure development environments, and built-in
security checks.

Verification Testing
Before any written code can be released, several checks and approvals are required to verify
that the code conforms to SDL, meets design requirements, and is free of coding errors.
Various automated checks are also required and are built into the commit pipeline to analyse
code during check-in and when builds are compiled.

Release
After passing all required security tests and reviews, builds aren't immediately released to all
customers. Builds are systematically and gradually released to larger and larger groups,
referred to as rings, in what is called a safe deployment process (SDP).

Response
All Microsoft services are extensively logged and monitored after release, identifying
potential security incidents using a centralized proprietary near-real-time monitoring system

Q3. (a) Let p=23 and q=5 Alice picks x=4 and Bob picks y=3, compute the shared
secrete key between Alice and Bob using Daffy Hellman key exchange protocol
Algorithm

ALGORITHM:

1. Key = (YA) XBmod q -> this is the same as calculated by B

2. Global Public Elements

● q: q is a prime number
● a: a < q and α is the primitive root of q
3. Key generation for user A

● Select a Private key XA Here, XA <q

Now, Calculation of Public key YA YA = aXA mod q
4. Key generation for user B
Page 7 | 26
CYBER SECURITY (20CS54I )FEB 2023

● Select a Private key XB Here, XB <q

● Now, Calculation of Public key YB YB = aXb mod q
5. Calculation of Secret Key by A

● key =(YB)XA mod q

6. Calculation of Secret Key by B

● key =(YA)XB mod q

Example
1. Alice and Bob both use public numbers P = 23, G = 5
2. Alice selected private key a = 4, and Bob selected b = 3 as the private key
3. Both Alice and bob now calculate the value of x and y as follows:

● Alice: x = (54 mod 23) = 4

● Bob: y = (53 mod 23) = 10
4. Now, both Alice and Bob exchange public numbers with each other.
5. Alice and Bob now calculate the symmetric keys

● Alice: ka = ya mod p = 104 mod 23 = 18

● Bob: kb = xb mod p = 43 mod 23 = 18
6. 18 is the shared secret key.

Q3. (b) Give the importance of the following I. Hashing II. Digital signature

I) Importance of Hashing

Hashing gives a more secure and adjustable method of retrieving data compared to any other
data structure. It is quicker than searching for lists and arrays. In the very range, Hashing can
recover data in 1.5 probes, anything that is saved in a tree. Hashing, unlike other data
structures, doesn’t define the speed. A balance between time and space has to be maintained
while hashing.

II) Importance of a Digital Signature

A digital signature is required to ensure that the data or message being sent is legitimate. It is
more trustworthy than receiving plaintext. Data integrity, message authentication, and
message non-repudiation are all provided by digital signature. When the user verifies the
digital signature using a public key that has been supplied by the originator, it helps to offer
message authentication and ensures that the message is authentic and does not contain
malware.

Page 8 | 26
CYBER SECURITY (20CS54I )FEB 2023

Q4. (a) Given the implementation of RSA P=53 Q=59 if encryption key is 3, what is the
decryption key? Encrypt and decrypt the message ‘6’ using above keys.

Generating encryption key (Public Key):

1. Select two prime no's. Suppose P = 53 and Q = 59.
2. Now First part of the Public key: n = P*Q = 3127.
3. We also need a small exponent say e : But e Must be an integer. Not be a factor of
n. 1 < e < Φ(n), Given it to be equal to 3.
4. Our Public Key is made of n and e ( n = 3127 and e = 3)

Generating decryption key (Private Key):

5. We need to calculate Φ(n) : Such that Φ(n) = (P-1)(Q-1) so, Φ(n) = 3016
6. Now calculate Private Key, d :
d = (k*Φ(n) + 1) / e for some integer k
For k = 2,
value of decryption key d is 2011.

Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)
Now we will encrypt ‘6’ :
1. Given the message: 6
2. Encrypted Data c = 6e mod n.
C = 6 3 mod 3127
Thus, our Encrypted Data comes out to be 216

3. Now we will decrypt 216 :

4. Decrypted Data = cd mod n.
E = 216 2011 mod 3127
Thus our Decrypted Data comes out to be 6.

Q.4.b) Find the GCD for the following:

(i)gcd(108,144)
(ii)gcd(360,210)

(i)gcd(108,144)
1. Find the prime factorization of 108
108 = 2 × 2 × 3 × 3 × 3
2. Find the prime factorization of 144
144 = 2 × 2 × 2 × 2 × 3 × 3
3. To find the GCD, multiply all the prime factors common to both numbers:
Therefore, GCD = 2 × 2 × 3 × 3
GCD = 36

(ii) gcd(360,210)
1. Find the prime factorization of 360
360 = 2 × 2 × 2 × 3 × 3 × 5
Page 9 | 26
CYBER SECURITY (20CS54I )FEB 2023

2. Find the prime factorization of 210

210 = 2 × 3 × 5 × 7
3. To find the GCD, multiply all the prime factors common to both numbers:
Therefore, GCD = 2 × 3 × 5
GCD = 30
Q5. (a) Describe the life cycle of Vulnerability Management.

The Vulnerability Management Life Cycle is intended to allow organizations to identify

computer system security weaknesses; prioritize assets; assess, report, and remediate the
weaknesses; and verify that they have been eliminated.
Steps in the Vulnerability Management Life Cycle
The following diagram illustrates the steps in the Vulnerability Management Life Cycle.

The steps in the Vulnerability Management Life Cycle are described below.

1. Discover: Inventory all assets across the network and identify host details including
operating system and open services to identify vulnerabilities. Develop a network
baseline. Identify security vulnerabilities on a regular automated schedule.
2. Prioritize Assets: Categorize assets into groups or business units, and assign a
business value to asset groups based on their criticality to your business operation.
3. Assess: Determine a baseline risk profile so you can eliminate risks based on asset
criticality, vulnerability threat, and asset classification.
4. Report: Measure the level of business risk associated with your assets according to
your security policies. Document a security plan, monitor suspicious activity, and
describe known vulnerabilities.
5. Remediate: Prioritize and fix vulnerabilities in order according to business risk.
Establish controls and demonstrate progress.
6. Verify: Verify that threats have been eliminated through follow-up audits.

What is the Shared Responsibility Model? | CrowdStrike

Q5. (b) Describe the shared Responsibility Model in cloud with advantages.

The Shared Responsibility Model is a security and compliance framework that outlines the
responsibilities of cloud service providers (CSPs) and customers for securing every aspect
Page 10 | 26
CYBER SECURITY (20CS54I )FEB 2023

of the cloud environment, including hardware, infrastructure, endpoints, data, configurations,

settings, operating system (OS), network controls and access rights

Direct Control

While the Shared Responsibility Model is based on the idea that two or more parties play a
role in ensuring security of distinct elements within the public cloud environment, it is
important to note that the customer and CSP do not share responsibility for the same asset.
Rather, the CSP or the customer has full and complete responsibility for the security of all
assets under their direct control, regardless of the service model type.

Customers are typically also responsible for:

● Identity Access and Management (IAM)

● User security and credentials
● Endpoint security
● Network security
● Security of workloads and containers
● Configurations
● APIs and middleware
● Code

Cloud Service Providers (CSPs)—such as Amazon, Microsoft or Google—are responsible

for areas for which they possess direct control. This typically includes security of:

● The physical layer and all associated hardware and infrastructure

● The virtualization layer
● Network controls and provider services
● Facilities that run cloud resources

Shared Responsibility Model Advantages

While a shared security model is complex and requires careful consideration and coordination
between the CSP and customer, the approach offers several important benefits to users. These
include:

● Efficiency: Though the customer bears significant levels of responsibility under the
Shared Responsibility Model, some key aspects of security – such as security of
hardware, infrastructure and the virtualization layer – are almost always managed by
the CSP. In a traditional on-premises model, these aspects were managed by the
customer. The shift to the cloud frees up IT staff to refocus efforts on other tasks and

Page 11 | 26
 CYBER SECURITY (20CS54I )FEB 2023

needs, as well as dedicate available resources and investments to those areas for
which they bear responsibility.
● Enhanced protection: Cloud service providers are hyper focused on the security of
their cloud environment and typically dedicate significant resources to ensuring their
customers are fully protected. As part of the service agreement, CSPs conduct robust
monitoring and testing, as well as timely patching and updating.
● Expertise: CSPs often have a higher level of knowledge and expertise when it comes
to the emerging field of cloud security. When customers engage a cloud vendor, they
benefit from the partner organization’s experience, assets and resources.

Q6. (a) Create a Threat Model for Secure Online Banking.

Secure Online Banking Secure Online Banking - ThreatModeler

Threat model is for an application, which is intended to allow authenticated customers to
check their statements, update their profile information, or to transfer funds between financial
institutions. The application also includes a credit check for new users.

The threat model diagram shown below maps how users may navigate from the application
do icons on the diagram (represent home page through various use cases). Of particular
importance regarding secure online banking, we should note that several of the identified use
cases require data attackers consider high-value.

In particular:
● The Forgot Password use case requires the user’s username and email address;
● The Registration use case requests username, password, and certain personally identifying
information;
● The Login use case, of course, asks for the user’s username and password;

Page 12 | 26
 CYBER SECURITY (20CS54I )FEB 2023

● The Profile use case, in addition to other information, allows users to update their name and
address;
● The ACH Transfer use case may allow users to transfer funds to vendors or other
individuals; thus it asks for account and routing numbers, as well as the name and address of
the recipient;
● The Credit Verification process will require the users’ social security number, date of birth,
and personal identifying information.
In other words, this application processes all the data types financial institution hackers seek.
Providing secure online banking will make securing applications such as this, a priority for
the organization.

Q6. (b)Describe the responsibility of Red team and Blue team.

I Red team Red Team vs. Blue Team in Cybersecurity | Coursera

The National Institute of Standards and Technology (NIST) defines a red team as ―a group of
people authorized and organized to emulate a potential adversary’s attack or exploitation
capabilities against an enterprise’s security posture.‖ The red team plays the part of the
attacker or competitor with the intention of identifying vulnerabilities in a system.

Red team activities

● Social engineering
● Penetration testing
● Intercepting communication
● Card cloning
● Making recommendations to blue team for security improvements

Red team skills

● Software development: When you know how applications are built, you’re better able to
identify their possible weaknesses (as well as write your own programs to automate the attack
process).
● Penetration testing: Much of a red team’s job is to identify and try to exploit known
vulnerabilities on a network. This includes familiarity with vulnerability scanners.
● Social engineering: An organization’s biggest vulnerability is often its people rather than its
computer network. Social engineering tactics like phishing, baiting, and tailgating can
sometimes be the easiest way past security defenses.
● Threat intelligence and reverse engineering: Knowing what threats are out there—and how
to emulate them—can make you a more effective attacker.
● Creativity: Finding ways to beat a blue team’s defenses often requires creating new and
innovative forms of attack.

Page 13 | 26
 CYBER SECURITY (20CS54I )FEB 2023

II Blue team
NIST defines a blue team as ―the group responsible for defending an enterprise’s use of
information systems by maintaining its security posture against a group of mock attackers.‖ If
the red team is playing offense, the blue team is playing defense to protect an organization’s
critical assets.

Blue team activities

As a blue team member, it’s your job to analyze the current security posture of your
organization and take measures to address flaws and vulnerabilities. Playing for the blue team
also means monitoring for breaches and responding to them when they do occur. Some of
these tasks include:
● Digital footprint analysis
● DNS audits
● Installing and configuring firewalls and endpoint security software
● Monitoring network activity
● Using least-privilege access

Blue team skills

Defending a company against attack involves understanding what assets need to be protected
and how to best protect them. Here are some skills that could serve you well in a blue team
role:
● Risk assessment: Risk assessment helps you identify key assets that are most at risk for
exploitation so you can prioritize your resources to protect them.
● Threat intelligence: You’ll want to know what threats are out there so you can plan
appropriate defenses. Blue teams have to stay a step ahead of attackers.
● Hardening techniques: Recognizing weaknesses in your organization's security is only
helpful if you know the techniques for fixing them.
● Monitoring and detection systems: As a blue team professional, you’ll need to know how
to use packet sniffers, security and information event management (SIEM) software,
intrusion detection systems (IDS), and intrusion prevention systems (IPS).

Q7. (a) How do you find vulnerability in your android application? What are the
common vulnerabilities?

What Is Mobile Application Security and How Does It Work? | Synopsys

Page 14 | 26
CYBER SECURITY (20CS54I )FEB 2023

● Interacting with the application and understanding how it stores, receives, and
transmits data.
● Decrypting encrypted parts of the application.
● Decompiling the application and analysing the resulting code.
● Using static analysis to pinpoint security weaknesses in the decompiled code.
● Applying the understanding gained from reverse engineering and static analysis to
drive dynamic analysis and penetration testing.
● Utilizing dynamic analysis and penetration testing to evaluate the effectiveness of
security controls (e.g., authentication and authorization controls) that are used within
the application.

The OWASP Mobile Top 10 at a Glance

OWASP Mobile Top 10 - More Security for Mobile Applications | turingpoint

The OWASP Mobile Top 10 give you an overview of the ten most critical security
risks to your apps and web applications.
1. Improper Platform Usage
The first item among the OWASP top 10 is improper platform usage. Platforms such
as iOS, Android, or Windows Phone provide different capabilities and features that
you can use. If the app does not use an existing function or even uses it incorrectly,
this is called improper use. This can be, for example, a violation of published
guidelines that affects the security of the app.

2. Insecure Data Storage

Insecure data storage as well as unintentional data leaks also fall under the OWASP
Mobile Top Ten. Mobile application penetration testing tools help uncover such
grievances. However, it does not necessarily have to be your SQL database. Manifest
and log files, cookie storage or cloud synchronization can also be affected.

3. Insecure Communication
Your app transports data from point A to point B. If this transport is insecure, the risk
increases. Here, too, the main mobile application penetration testing tools will help
you. They support you in detecting faulty app-to-server or mobile-to-mobile
communication.

4. Insecure Authentication
Secure authentication adds another key security aspect to your OWASP Mobile
Security Checklist. In fact, there are many different ways that the app can provide
insecure authentication. A classic example is a back-end API service request that the
mobile app executes anonymously without relying on an access token.

Page 15 | 26
CYBER SECURITY (20CS54I )FEB 2023

5. Lack of Cryptography
The insecure use of cryptography can be observed in most app applications. This is
usually one of two problems: a fundamentally flawed process behind the encryption
mechanisms or the implementation of a weak algorithm.

6. Insecure Authorization
Unlike authentication, authorization deals with the verification of an identified person.
It verifies that the necessary authorizations are in place to perform certain actions. Of
course, the two are closely related - yet both items belong separately on the OWASP
Top 10 list

7. Poor Client Code Quality

This item of the OWASP Top 10 refers to an explicit programming language. All
vulnerabilities from code-level errors can provide attackers with a way inside. The
main risk lies in the need to make localized changes to the code. In particular,
insecure API usage or insecure language constructs are common problems that you
need to fix directly at the code level.

8. Code Manipulation
From a technical perspective, any code on a mobile device is vulnerable to tampering.
This is because the mobile code is running in a foreign environment. It is no longer
under the control of your organization. Therefore, there are numerous ways to modify
it at will.

9. Reverse Engineering
Attackers who want to understand how your app works can use reverse-engineering to
access all the information they need. Especially metadata, which is supposed to be a
relief for your programmers, is a high risk. Basically, if you can clearly understand
the string table of the binary or cross-functional analysis is possible, the app is
considered at risk.

10. Extraneous Functionality

Hidden backdoor functionality or internal security controls are a common problem in
mobile applications. The problem with them is that they are not only useful for
developers, but also for hackers. This allows them, for example, to disable 2-factor
authentication or change basic functionality.

Q7. (b) What are the essential benefits we can realize with the adoption of DevOps
principals, describe the sample tools used at various DevOps life cycle stages.

Benefits of DevOps
DevOps proponents describe several business and technical benefits, many of which can
result in happier customers. Some benefits of DevOps include:

Page 16 | 26
CYBER SECURITY (20CS54I )FEB 2023

● Faster, better product delivery

● Faster issue resolution and reduced complexity
● Greater scalability and availability
● More stable operating environments
● Better resource utilization
● Greater automation
● Greater visibility into system outcomes
● Greater innovation
The following shows a sample of tools used at various DevOps lifecycle stages.
● Plan. This phase helps define business value and requirements. Sample tools include
Jira or Git to help track known issues and perform project management.
● Code. This phase involves software design and the creation of software code. Sample
tools include GitHub, GitLab, Bitbucket, or Stash.
● Build. In this phase, you manage software builds and versions, and use automated tools
to help compile and package code for future release to production. You use source code
repositories or package repositories that also ―package‖ infrastructure needed for
product release. Sample tools include Docker, Ansible, Puppet, Chef, Gradle, Maven, or
JFrog Artifactory.
● Test. This phase involves continuous testing (manual or automated) to ensure optimal
code quality. Sample tools include JUnit, Codeception, Selenium, Vagrant, TestNG, or
BlazeMeter.
● Deploy. This phase can include tools that help manage, coordinate, schedule, and
automate product releases into production. Sample tools include Puppet, Chef, Ansible,
Jenkins, Kubernetes, OpenShift, OpenStack, Docker, or Jira.
● Operate. This phase manages software during production. Sample tools include
Ansible, Puppet, PowerShell, Chef, Salt, or Otter.
● Monitor. This phase involves identifying and collecting information about issues from a
specific software release in production. Sample tools include New Relic, Datadog,
Grafana, Wireshark, Splunk, Nagios, or Slack.

Q8. (a) Describe the shared Responsibility Model in cloud.

The Shared Responsibility Model is a security and compliance framework that outlines the
responsibilities of cloud service providers (CSPs) and customers for securing every aspect
of the cloud environment, including hardware, infrastructure, endpoints, data, configurations,
settings, operating system (OS), network controls and access rights

Direct Control

Page 17 | 26
CYBER SECURITY (20CS54I )FEB 2023

While the Shared Responsibility Model is based on the idea that two or more parties play a
role in ensuring security of distinct elements within the public cloud environment, it is
important to note that the customer and CSP do not share responsibility for the same asset.
Rather, the CSP or the customer has full and complete responsibility for the security of all
assets under their direct control, regardless of the service model type.

Customers are typically also responsible for:

● Identity Access and Management (IAM)

● User security and credentials
● Endpoint security
● Network security
● Security of workloads and containers
● Configurations
● APIs and middleware
● Code

Cloud Service Providers (CSPs)—such as Amazon, Microsoft or Google—are responsible

for areas for which they possess direct control. This typically includes security of:

● The physical layer and all associated hardware and infrastructure

● The virtualization layer
● Network controls and provider services
● Facilities that run cloud resources
Q8. (b) What is the need of Dynamic Code Analysis? Which stage of secure SDLC it is
applied?

This form of code analysis is essential, as it tests the code in real-life scenarios. Unexpected
errors caused by interaction with multiple application functions are hard, or even impossible
to find using static analysis. These errors only become obvious during the integration of
various components or interaction with the whole system on deployment. Therefore, a
dynamic analysis should be performed once the software is functionally complete.
Additionally, doing dynamic analysis will:

● Traditional pre-release security testing is no longer enough for modern web

application development
● Modern DAST automates application security testing and integrates it into agile
software development workflows
● Shifting left with accurate dynamic testing is the only way to build scalable web
application security and move towards DevSecOps

Page 18 | 26
CYBER SECURITY (20CS54I )FEB 2023

● Allow testers to perform application analysis without having access to the actual code.
● Reveal errors that can crash the program.
● Help testers ensure that the product/software works well.
● Help quality enhancement by taking into consideration any drawbacks.
● Require less expertise to perform; therefore, it is less expensive than static code
analysis. Static code analysis requires an expert in the language in which the
application has been developed.

Although security tests are carried out at every step, the fourth phase of the SDLC is the
testing-only phase where rigorous assessments and analyses, such as the Dynamic Code
Analysis, a kind of an Application Security Testing, also called the Open Web Application
Security Project, are carried out.

Q9. (a) Describe Android Application Security architecture.

Android architecture contains different number of components to support any android device
needs.
The main components of android architecture are following:-

● Applications
● Application Framework
● Android Runtime
● Platform Libraries
● Linux Kernel
Applications –
Applications is the top layer of android architecture. The pre-installed applications like home,
contacts, camera, gallery etc and third party applications downloaded from the play store like
chat applications, games etc. will be installed on this layer only.
It runs within the Android run time with the help of the classes and services provided by the
application framework.
Application framework –
Application Framework provides several important classes, which are used to create an
Android application. It provides a generic abstraction for hardware access and helps in
managing the user interface with application resources. It includes different types of services
activity manager, notification manager, view system, package manager etc. which are helpful
for the development of our application according to the prerequisite.
Application runtime –
Android Runtime environment is one of the most important part of Android. It contains
components like core libraries and the Dalvik virtual machine (DVM). Mainly, it provides the

Page 19 | 26
CYBER SECURITY (20CS54I )FEB 2023

base for the application framework and powers our application with the help of the core
libraries.
Platform libraries –
The Platform Libraries includes various C/C++ core libraries and Java based libraries such as
Media, Graphics, Surface Manager, OpenGL etc. to provide a support for android
development.

● Media library provides support to play and record audio and video formats.
● Surface manager responsible for managing access to the display subsystem.
● SGL and OpenGL both cross-language, cross-platform application program interface
(API) are used for 2D and 3D computer graphics.
● SQLite provides database support and FreeType provides font support.
● Web-Kit This open source web browser engine provides all the functionality to display
web content and to simplify page loading.
● SSL (Secure Sockets Layer) is security technology to establish an encrypted link
between a web server and a web browser.

Linux Kernel –
Linux Kernel is heart of the android architecture. It manages all the available drivers such as
display drivers, camera drivers, Bluetooth drivers, audio drivers, memory drivers, etc. which
are required during the runtime.
The Linux Kernel will provide an abstraction layer between the device hardware and the
other components of android architecture. It is responsible for management of memory,
power, devices etc.
The features of Linux kernel are:

● Security: The Linux kernel handles the security between the application and the system.
● Memory Management: It efficiently handles the memory management thereby
providing the freedom to develop our apps.
● Process Management: It manages the process well, allocates resources to processes
whenever they need them.
● Network Stack: It effectively handles the network communication.
● Driver Model: It ensures that the application works properly on the device and hardware
manufacturers responsible for building their drivers into the Linux build.
Pictorial representation of android architecture with several main components and their sub
components –

Page 20 | 26
CYBER SECURITY (20CS54I )FEB 2023

Q9. (b)Why Is WAF (Wireless Application Firewall) Security Important? Give its types
and features.
What is WAF | Types, Security & Features Explained | Imperva
1. WAFs are important for a growing number of organizations that offer products or
services online—this includes mobile app developers, social media providers, and
digital bankers.
2. A WAF can help you protect sensitive data, such as customer records and payment
card data, and prevent leakage.
3. WAF can help you meet compliance requirements such as PCI DSS (the Payment
Card Industry Data Security Standard), which applies to any organization handling
cardholder data and requires the installation of a firewall.
4. A WAF is thus an essential component of an organization’s security model.
5. It is important to have a WAF, but it is recommended you combine it with other
security measures, such as intrusion detection systems (IDS), intrusion prevention
systems (IPS), and traditional firewalls, to achieve a defense-in-depth security model.

Page 21 | 26
 CYBER SECURITY (20CS54I )FEB 2023

Types of Web Application Firewalls

● Network-based WAF—usually hardware-based, it is installed locally to minimize latency.

However, this is the most expensive type of WAF and necessitates storing and maintaining
physical equipment.
● Host-based WAF—can be fully integrated into the software of an application. This option is
cheaper than network-based WAFs and is more customizable, but it consumes extensive local
server resources, is complex to implement, and can be expensive to maintain. The machine
used to run a host-based WAF often needs to be hardened and customized, which can take
time and be costly.
● Cloud-based WAF—an affordable, easily implemented solution, which typically does not
require an upfront investment, with users paying a monthly or annual security-as-a-service
subscription. A cloud-based WAF can be regularly updated at no extra cost, and without any
effort on the part of the user.

Web application firewalls typically offer the following features and capabilities:

Attack signature Attack signatures are patterns that may indicate malicious
databases traffic, including request types, anomalous server
responses, and known malicious IP addresses. WAFs
used to rely predominantly on attack pattern databases
that were less effective against new or unknown attacks.

AI-powered Artificial intelligence algorithms enable

traffic pattern behavioural analysis of traffic patterns,
analysis using behavioural baselines for various
types of traffic to detect anomalies that
indicate an attack. This allows you to detect
attacks that don’t match known malicious
patterns.

Application This involves analyzing the structure of an application,

profiling including the typical requests, URLs, values, and
permitted data types. This allows the WAF to identify
and block potentially malicious requests.

Page 22 | 26
CYBER SECURITY (20CS54I )FEB 2023

Customization Operators can define the security rules applied to

application traffic. This allows organizations to
customize WAF behaviour according to their needs and
prevent the blocking of legitimate traffic.

Correlation These analyze incoming traffic and triage it with

engines known attack signatures, application profiling, AI
analysis, and custom rules to determine whether it
should be blocked.

DDoS protection You can integrate a cloud-based platform that protects

platforms against distributed denial of service (DDoS) attacks. If
the WAF detects a DDoS attack, it can transfer the
traffic to the DDoS protection platform, which can
handle a large volume of attacks.

Content delivery WAFs are deployed at the network edge, so a cloud-

networks (CDNs) hosted WAF can provide a CDN to cache the website
and improve its load time. The WAF deploys
the CDN on several points of presence (PoPs) that are
distributed globally, so users are served from the
closest PoP.

Q10. (a) Give two KRI examples each for the following domains:
a. Patch Management
b. Anti-virus management

a. Patch Management
Here are five Key Risk Indicators (KRIs) for patch management:
Time to Patch: This measures the time elapsed between the release of a security patch and
the completion of its installation across all systems. A long time to patch can indicate a lack
of efficiency in the patch management process and increase the risk of exploitation of known
vulnerabilities.

Percentage of Patched Systems: This measures the proportion of systems that have been
updated with the latest security patches. A low percentage of patched systems increases the
risk of exploitation of known vulnerabilities and can have serious consequences for the
security of an organization's assets.

Page 23 | 26
CYBER SECURITY (20CS54I )FEB 2023

Patch Failure Rate: This measures the rate at which patches fail to install correctly. High
patch failure rates can indicate issues with the patch management process, such as
compatibility problems, and can increase the risk of exploitation of known vulnerabilities.

Patch Compliance: This measures the extent to which the organization's patch management
policies and procedures are being followed. Low patch compliance can indicate a lack of
discipline in the patch management process and increase the risk of exploitation of known
vulnerabilities.

Number of Critical Patches: This measures the number of critical security patches that
have been released but not yet installed. A high number of uninstalled critical patches
increases the risk of exploitation of known vulnerabilities and can have serious consequences
for the security of an organization's assets.

b. Anti-virus management
Here are five Key Risk Indicators (KRIs) for Anti-virus management:
Time to Detection: This measures the time elapsed between the appearance of a new
malware threat and the detection of that threat by the anti-virus software. A long time to
detection can indicate a lack of efficiency in the anti-virus management process and increase
the risk of successful malware attacks.

Percentage of Malware-Infected Systems: This measures the proportion of systems that

have been infected with malware. A high percentage of infected systems can indicate a
failure of the anti-virus management process and increase the risk of data loss or theft.

False Positive Rate: This measures the rate at which the anti-virus software identifies
benign files as malware. High false positive rates can indicate that the anti-virus software is
overly aggressive and can cause productivity losses by blocking legitimate files.

Signature Update Compliance: This measures the extent to which anti-virus software is
updated with the latest malware definitions. Low update compliance can indicate a lack of
discipline in the anti-virus management process and increase the risk of successful malware
attacks.

Number of Undetected Threats: This measures the number of malware threats that have
been discovered but not yet detected by the anti-virus software. A high number of undetected
threats can indicate that the anti-virus management process is not effective and increase the
risk of successful malware attacks.

ITIL incident management process: 8 steps with examples (manageengine.com)

Q10. (b) Describe the IT Incident management life cycle/ Process flow.
The incident management process can be summarized as follows:
● Step 1: Incident logging.

Page 24 | 26
CYBER SECURITY (20CS54I )FEB 2023

● Step 2 : Incident categorization.

● Step 3 : Incident prioritization.
● Step 4 : Incident assignment.
● Step 5 : Task creation and management.
● Step 6 : SLA management and escalation.
● Step 7 : Incident resolution.
● Step 8 : Incident closure.

These processes may be simple or complex based on the type of incident; they also may
include several workflows and tasks in addition to the basic process described above.

Incident logging
An incident can be logged through phone calls, emails, SMS, web forms published on
the self-service portal or via live chat messages.

Incident categorization
Incidents can be categorized and sub-categorized based on the area of IT or business that the
incident causes a disruption in like network, hardware etc.

Incident prioritization
The priority of an incident can be determined as a function of its impact and urgency using a
priority matrix. The impact of an incident denotes the degree of damage the issue will cause
Page 25 | 26
CYBER SECURITY (20CS54I )FEB 2023

to the user or business. The urgency of an incident indicates the time within which the
incident should be resolved. Based on the priority, incidents can be categorized as:
Critical High Medium Low

Incident routing and assignment

Once the incident is categorized and prioritized, it gets automatically routed to a technician
with the relevant expertise.

Creating and managing tasks

Based on the complexity of the incident, it can broken down into sub-activities or tasks.
Tasks are typically created when an incident resolution requires the contribution of multiple
technicians from various departments.

SLA management and escalation

While the incident is being processed, the technician needs to ensure the SLA isn't breached.
An SLA is the acceptable time within which an incident needs response (response SLA) or
resolution (resolution SLA). SLAs can be assigned to incidents based on their parameters like
category, requester, impact, urgency etc.

Incident resolution
An incident is considered resolved when the technician has come up with a temporary
workaround or a permanent solution for the issue.

Incident closure
An incident can be closed once the issue is resolved and the user acknowledges the resolution
and is satisfied with it.

CERTIFICATE
This is to certify that all the model answers prepared by me for subject CYBER SECURITY
(20CS54I ) are as per the syllabus.

CHITRASHEKHARAIAH. Y
LECTURER CSE,
GPT RAICHUR-117

Page 26 | 26
CYBER SECURITY (20CS54I ) SEPT 2023

Makeup Examination-Sept.2023
V SEMESTER DIPLOMA EXAMINATION
SCHEME OF VALUATION
CYBER SECURITY
SUB CODE : 20CS54I, V SEM
Marks Total
Q. no DESCRIPTION
distribution marks
SECTION I
a Firewall+IPS 5+5 10
1
b Different methods+Explanation(Minimum 5 methods) 5+5 10
OR
a Explanation of any 5 5*2 10
2
b Layers + Vulnerabilities 5+5 10
SECTION II
a Calculating decryption key + Calculating n(φ) 5+5 10
3
b Euler Totient of each carries 2.5+ Finding GCD of each carries 2.5 5+5 10
OR
a Using Algorithm +Finding secret Key 3+7 10
4
b MAC+Digital Signature 5+5 10
SECTION III
a List types of Hardening+ Explanation 5+5 10
5
b Third party patch Management+Autopilot 5+5 10
OR
a Explanation of any 5 types of hardnening 5*2 10
6
b Difinition+Any four Models 2+8 10
SECTION IV
a Any 5 Differentiations 5*2 10
7
b Web Vulnerabilities 1*10 10
OR
a Explanation of any 5 best Practices 5*2 10
8
b Cloud Vulnerabilities 5*2 10
SECTION V
a Vulnerability Life cycle+Explain two types of Vulnerabilities 6+4 10
9
b Diagram + explanation 4+6 10
OR
a GRC Explanation+Benefits 5+5 10
10
b Definition +explanation+Challenges 2+3+5 10
CYBER SECURITY (20CS54I ) SEPT 2023

Makeup Examination-Sept.2023
V semester Diploma Examination
CYBER SECURITY 20CS54I
Model answers
NOTE: All model answers are general specific to subject, if any answers are relevant
please give marks.
SECTION-I
1 a. Describe how the following concepts secure our Network a). Firewall b). IPS. 10M

a). Firewall

A firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. It acts as a barrier
between a trusted internal network and untrusted external network, such as the Internet.
A firewall is one of the first lines of defence in preventing cyber-attacks. Naturally, this
presents an opportunity for penetration testers and threat actors alike, to attempt exploits
that would compromise a network’s security.
The firewall checks each incoming and outgoing network packet and compares it against
its set of security rules to determine whether to block or allow the packet to pass through
to its intended destination. The main purpose of a firewall is to prevent unauthorized
access to or from a private network while allowing authorized communications to pass
through.

Advantages of Using Firewalls

● It provides enhanced security and privacy from vulnerable services. It prevents
unauthorized users from accessing a private network that is connected to the internet.
CYBER SECURITY (20CS54I ) SEPT 2023

● Firewalls provide faster response time and can handle more traffic loads.

● A firewall allows you to easily handle and update the security protocols from a single
authorized device.

● It safeguards your network from phishing attacks

b)IPS
An Intrusion Prevention System (IPS) is a type of network security system that
monitors network traffic and actively blocks or stops malicious activity. Unlike an Intrusion
Detection System (IDS), which simply alerts administrators of a security breach, an IPS takes
proactive measures to prevent intrusions from occurring in the first place.
An IPS typically operates by analysing network traffic in real-time and comparing it against a
set of predefined security rules or signatures. If the system detects a potential threat, it will
take immediate action to prevent it from causing harm to the network or its systems. This can
involve blocking the offending traffic, resetting the connection, or even isolating the affected
system from the network. They must be powerful enough to scan a high volume of traffic
without slowing down network performance.
In computer science, IPS is considered a crucial component of an overall security strategy, as
it provides an additional layer of protection against threats that traditional firewalls may not
detect or be able to prevent.

1b Write about different methods of infiltration. 10M

Cybercriminals are constantly finding new and innovative ways to infiltrate company
networks and steal sensitive data.
CYBER SECURITY (20CS54I ) SEPT 2023

1.Social engineering: Social engineering refers to the manipulation of individuals to steal

sensitive information or perform actions that compromise a company's security.
• Pretexting This is when an attacker calls an individual and lies to them in an
attempt to gain access to privileged data. For example, pretending to need a person ‘s
personal or financial data in order to confirm their identity.
• Tailgating This is when an attacker quickly follows an authorized person into
a secure, physical location. Where an attacker follows an unaware user to gain access
to an area without authorization.
• Something for something (quid pro quo) This is when an attacker requests
personal information from a person in exchange for something, like a free gift.
• Denial-of-Service Denial-of-Service (DoS) attacks are a type of network
attack that is relatively simple to carry out, even by an unskilled attacker. A DoS
attack results in some sort of interruption of network service to users, devices or
applications.
• Distributed DoS A Distributed DoS (DDoS) attack is similar to a DoS attack
but originates from multiple, coordinated sources
• Man in The Middle: A MitM attack happens when a cybercriminal takes
control of a device without the user‘s knowledge. With this level of access, an
attacker can intercept and capture user information before it is sent to its intended
destination. These types of attacks are often used to steal financial information. There
are many types of malware that possess MitM attack capabilities.
2.Password attacks: Weak passwords are a common vulnerability exploited by hackers.
Entering a username and password is one of the most popular forms of authenticating to
a web site. Therefore, uncovering your password is an easy way for cybercriminals to
gain access to your most valuable information. Some of the common password security
attacks:
• Password Spraying: This technique attempts to gain access to a system by
spraying‘ a few commonly used passwords across a large number of accounts.
• Dictionary Attacks: A hacker systematically tries every word in a dictionary or
a list of commonly used words as a password in an attempt to break into a
password protected account.
• Brute Force Attacks: The simplest and most commonly used way of gaining
access to a password-protected site, brute-force attacks see an attacker using
CYBER SECURITY (20CS54I ) SEPT 2023

all possible combinations of letters, numbers and symbols in the password

space until they get it right.

3.Software vulnerabilities: Hackers can exploit vulnerabilities in software and applications

to gain unauthorized access to a system or to install malware.

4.Physical attacks: Physical attacks refer to the hacking of company systems through
physical means like stealing a laptop or connecting to a network port

5.Phishing attacks: Phishing attacks are a common tactic used by hackers to gain access to
an organization's network. They usually send emails or messages that appear to come from a
trusted source, like a bank, to trick employees into revealing sensitive information.

6.Malware: Malware is another common way hackers infiltrate organizations. Malware can
come in various forms, including viruses, Trojans, and ransomware.
OR
2 a. List and Explain different types of Malwares 10M
Malware, or malicious software, is any program or file that is intentionally harmful to a
computer, network or server. Malware can infect networks and devices and is designed to
harm those devices, networks and/or their users in some way.

Types of malware include the following:

• A virus is the most common type of malware that can execute itself and spread by
infecting other programs or files.

• A worm can self-replicate without a host program and typically spreads without any
interaction from the malware authors.

• A Trojan horse is designed to appear as a legitimate software program to gain access to a

system. Once activated following installation, Trojans can execute their malicious
functions.

• Spyware collects information and data on the device and user, as well as observes the
user's activity without their knowledge.

• Ransomware infects a user's system and encrypts its data. Cybercriminals then demand a
ransom payment from the victim in exchange for decrypting the system's data.

• A rootkit obtains administrator-level access to the victim's system. Once installed, the
program gives threat actors root or privileged access to the system.
CYBER SECURITY (20CS54I ) SEPT 2023

• A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an
infected computer system that enables threat actors to remotely access it without alerting
the user or the system's security programs.

• Adware tracks a user's browser and download history with the intent to display pop-up or
banner advertisements that lure the user into making a purchase. For example, an
advertiser might use cookies to track the webpages a user visits to better target
advertising.

• Keyloggers, also called system monitors, track nearly everything a user does on their
computer. This includes emails, opened webpages, programs and keystrokes.
2b .Illustrate different Vulnerabilities in 7 layers of OSI model. 10M
Attacks can happen at different levels of the network models with different protocols.

1. Sniffing (physical)
Back in the day when there was no remote home phone, you had to have multiple phones at
home anyone can remember the problems that had been occurred when two people wants to
speak on the phone someone else could grab another phone and hear the speeches. in the
context of network security when packets are not encrypted someone else could intrude to
your network and steal those packets with some sniffer applications that work on
CYBER SECURITY (20CS54I ) SEPT 2023

the physical layer of OSI model like Wireshark, Tcpdump, WinDump. some protocols that
work on this layer and can be sniffed are:
Examples of protocols that use physical layers include:
• Digital Subscriber Line.
• Integrated Services Digital Network.
• Infrared Data Association.
• Universal Serial Bus (USB.)
• Bluetooth.
• Ethernet.
2.SPOOFING (Data Link)
Spoofing is the act of a person or a program that successfully identifies itself which is from an
unknown source as being from a known, trusted source. Spoofing can apply to emails, phone
calls, and websites, or can be more technical, such as a computer spoofing an IP address,
Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
IP spoofing and ARP spoofing, in particular, may be used to leverage man-in-the-middle
attacks against hosts on a computer network. Spoofing attacks that take advantage of TCP/IP
suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or
by taking measures to verify the identity of the sender or recipient of a message.
3.man-in-the-middle (Network)
Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the
source or destination of a message, leaving them vulnerable cause an attacker secretly relays
and possibly alters the communications between two parties who believe that they are directly
communicating with each other.
4.Reconnaissance (Transport)
In the context of cybersecurity, reconnaissance is the practice of discovering and collecting
information about a system. One of the most common techniques involved with
reconnaissance is port scanning, which sends data to various TCP and UDP (user datagram
protocol) ports on a device and evaluates the response. Some common examples of
reconnaissance attacks include packet sniffing, ping sweeping, port scanning, phishing, social
engineering, and internet information queries.
5.Hijacking (Session)
Sometimes also known as cookie hijacking is the exploitation of a valid computer session to
gain unauthorized access to information or services in a computer system. In particular, it is
CYBER SECURITY (20CS54I ) SEPT 2023

used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has
particular relevance to web developers, as the HTTP cookies used to maintain a session on
many websites can be easily stolen by an attacker using an intermediary computer or with
access to the saved cookies on the victim’s computer. these explosions can be carried out by
these attacks
1. Cross-site scripting: XSS attacks enable attackers to inject client-side scripts
into web pages. It causes running codes, which is treated as trustworthy
because it appears to belong to the server, on the victim computer. It allows the
attacker to obtain a copy of the cookie or perform other operations.
2. Session side jacking: where the attacker uses packet sniffing to read network
traffic between two parties to steal the session cookie.
3. Malware and unwanted programs can use browser hijacking to steal a
browser’s cookie files without a user’s knowledge.
6.Phishing (presentation)
Phishing attacks are the practice of sending fraudulent messages that appear to come from a
trusted source. It is usually performed through email. The goal is to steal sensitive data like
credit card and login information or install malware on the victim’s machine. Phishing is a
common type of cyber-attack that everyone should learn about in order to protect themselves.
7.Exploit (Application)
An exploit is a program that takes advantage of a bug or vulnerability in other systems. the
cause vulnerability may be due to bad system configuration or a bug in a specific version of
software installed on the victim system. Many exploits are designed to provide super user -
level access to a victim system or are designed to cause DoS (denial of service)
or DDoS (distributed denial of service) attacks, in which attackers can bring down a website or
critical system without even using an exploit.
SECTION-II

3a Explain RSA algorithm. Using RSA solve p=13, q=17, e=35, d=? 10M
Find the product of two number
N=p*q
N=13*17
N=221
CALULATE n(φ)=(p-1)(q-1)
n(φ)= (13-1)(17-1)
n(φ)= 12*16
n(φ)=192
CYBER SECURITY (20CS54I ) SEPT 2023

Encryption Key e=35

Substitute the value for i till we get whole number for d from i=1,2,3…..etc
d = ((φ (n)*i)+1)/e for i=2 we got whole number
d=((192*2)+1)/35
d=11
Hence the decryption key is =11

3b .(i).Euler Totient Function. φ(360), φ(777) 5M

φ(360) φ(777)
=φ (2 *3 *5)
3 2
=φ (3*7*37)
=φ(4*6*4) =2*6*36
=24*4 =432
=96
(ii). GCD of two numbers .gcd(108,144), gcd(161,28) 5M
gcd(108,144)
108=22*32*3
144=22*22*32
Common factors on both the numbers are 2 2*32 ,hence the gcd(108,144)=36
gcd(161,28)
161=7*23
144=2*2*7
Common factors on both the numbers are 7.hence the gcd(161,28)=7
OR
4 a. Let p=23 and q=5 Alice picks x=4 and Bob picks y=3, Compute the shared secret between
Alice and Bob using Diffie-Hellman key exchange protocol. 10M
Formulas used in Diffie-Hellman key exchange protocol:
1. Key = (YA) XBmod p -> this is the same as calculated by B
2. Global Public Elements
p: p is a prime number. here in our example p=23
α: α < p and α is the primitive root of p. here in our example α =5
3. Key generation for user A

● Select a Private key XA Here, XA <p

Now, Calculation of Public key YA YA = aXA mod p
4. Key generation for user B

● Select a Private key XB Here, XB <q

● Now, Calculation of Public key YB YB = aXb mod q
5. Calculation of Secret Key by A

● key =(YB)XA mod p

CYBER SECURITY (20CS54I ) SEPT 2023

6. Calculation of Secret Key by B

● key =(YA)XB mod p

Example
1. Alice and Bob both use public numbers P = 23, q = 5
2. Alice selected private key a = 4, and Bob selected b = 3 as the private key
3. Both Alice and bob now calculate the value of x and y as follows:

● Alice: x = (54 mod 23) = 4

● Bob: y = (53 mod 23) = 10
4. Now, both Alice and Bob exchange public numbers with each other.
5. Alice and Bob now calculate the symmetric keys

● Alice: ka = ya mod p = 104 mod 23 = 18

● Bob: kb = xb mod p = 43 mod 23 = 18
18 is the shared secret key.

4b.Write a note on
a). MAC b). Digital Signature 10M
a) MAC
MAC stands for Message Authentication Code. MAC algorithm is a symmetric key
cryptographic technique to provide message authentication. For establishing MAC process,
the sender and receiver share a symmetric key K. Essentially, a MAC is an encrypted
checksum generated on the underlying message that is sent along with a message to ensure
message authentication. Here in MAC, sender and receiver share same key where sender
generates a fixed size output called Cryptographic checksum or Message
Authentication code and appends it to the original message. On receiver’s side, receiver
also generates the code and compares it with what he/she received thus ensuring the
originality of the message. These are components:

• Message
• Key
• MAC algorithm
• MAC value
CYBER SECURITY (20CS54I ) SEPT 2023

b) Digital Signature
• A digital signature is a cryptographic output used to verify the
authenticity of data.A digital signature algorithm consists of two
operations:
a signing operation, which uses a signing key to produce a signature over
raw data.
a verification operation, where the signature can be validated by a party
who has no knowledge of the signing key.
The main purposes of a digital signature are:
• verification of the integrity of the signed data.
• non-repudiation if the signer claims the signature is not authentic
• Digital signatures rely on asymmetric cryptography, also known as public
key cryptography. An asymmetric key consists of a public/private key
pair.The private key is used to create a signature, and the corresponding
public key is used to verify the signature.
CYBER SECURITY (20CS54I ) SEPT 2023

SECTION III
5 a Explain Hardening in Linux. 10M

Linux hardening refers to the process of securing a Linux operating system and reducing its
potential attack surface. This is achieved by implementing various security measures, such as
updating and patching the system, configuring secure permissions and users, disabling
unnecessary services, using firewalls and intrusion detection systems, and more. The goal of
Linux hardening is to minimize the risk of unauthorized access, theft of data, or other security
incidents by making the system less vulnerable to attacks.

Linux security hardening is a specialized procedure which must contain following guidelines:

1) Remove Unneeded Functionality: Uninstall unnecessary software and disable system

services that are not needed.

2) Minimize Open Ports and Other Network Vulnerabilities: Network-based attacks are
among the most common threats. To reduce your risk, identify open networkaccessi ble ports
and remove any corresponding processes that are not needed.

3) Review User Accounts and Authentication: User accounts and authentication should be
governed using a centralized control system such as Active Directory.

4) Review Service Accounts: System and service accounts should be reviewed and any that
are no longer required should be removed.

5) SSH Hardening for Linux and Unix

SSH (Secure Shell) hardening refers to the process of improving the security of an SSH
server in a Linux system. This involves implementing various measures to reduce the risk of
unauthorized access, theft of data, or other security incidents. Some common SSH hardening
practices include:

➢ Updating and patching the SSH server software to the latest version
➢ Disabling root login through SSH
➢ Using strong authentication methods, such as key-based authentication instead of
password authentication
➢ Configuring SSH to listen on a non-standard port, to reduce the risk of automated
attacks
CYBER SECURITY (20CS54I ) SEPT 2023

➢ Limiting the number of login attempts to prevent brute force attacks

➢ Disabling legacy protocols, such as Telnet, and using only secure protocols, such as
SSH
➢ Using public key infrastructure (PKI) to secure SSH communications
➢ Enabling logging and auditing to monitor and track SSH activity.
6) Kernel Hardening for Linux: SELinux modifies the Linux kernel to enforce mandatory
access controls, restricting how Linux processes can access files and programs. This
additional layer of restriction provides a fundamental protection mechanism against root kit
malware.

7) Embedded Linux Hardening: Embedded Linux provides a stripped-down operating system

for embedded devices or embedded systems, such as smart phones, smart TVs, set-top boxes
and broadband internet routers. For example, the open-source Android platform developed by
Google is optimized for smart phones and TVs. The functionality included in the operating
system varies widely depending upon the intended application.

8) Kali Linux Hardening: Kali Linux has been optimized to be the pen testers’ platf orm of
choice, so it has a wide range of security auditing and pen testing utilities.

5 b. Explain the following in Windows: a). Third Patch management b). Windows Autopilot. 10M

Third patch management:-

• Third-party patching (patch management) is the process of installing patches to third-
party applications, that are installed on your company's endpoints, to address bugs or
vulnerabilities in the software. Third-party patching is critical for the security of your
organization that prevents data breaches.
• Third-party patch management: Third-party patch management refers to the process
of managing and updating software applications from non-Microsoft sources. This
includes updating software applications such as web browsers, media players, and
productivity tools. Third-party patch management is important for keeping systems
secure and up-to-date, as many security vulnerabilities are often found in third-party
software.

Windows autopilot:-

Windows Autopilot is a collection of technologies used to set up and pre-configure

new devices, getting them ready for productive use.
CYBER SECURITY (20CS54I ) SEPT 2023

Windows Autopilot is a service provided by Microsoft that allows for the deployment,
reset, and repurposing of Windows 10 devices. Autopilot simplifies the device
provisioning process, enabling IT administrators to quickly and easily set up new devices
for use by their organizations. This includes personalizing the device, installing apps, and
applying policies and settings. With Autopilot, IT administrators can also manage the
device's life cycle, from initial deployment to end of life, ensuring that devices are always
secure, up-to-date, and fully functional.
OR

6 a. Explain the Software Development Life Cycle. 10M

SDLC is the acronym for software development life cycle. It is also called the software
development process. All the tasks required for developing and maintaining software. It
consists of a plan describing how to develop, maintain, replace and alter the specific
software. It is a process for planning, creating, testing, and information system. It is a
framework of describes the activity performed at each stage of software development. It is
a process used by a system analyst to develop an information system including
requirements, validation, training, and ownership

.
Stage-1:Requirement gathering
The feasibility report is positive towards the project and next phase start with gathering
requirement from the user. Engineer communicates with the client and end-users to know
their Idea and which features they want to software to include.
Stage-2: Software design
It is a process to transform user requirements into a suitable form. It helps programmers in
software coding. There is a need for more specific and detailed requirements in software.
The output of the process can directly be used in implementation in a programming
language. There are three design levels as follows.
CYBER SECURITY (20CS54I ) SEPT 2023

1. Architectural design
It is the highest abstract version of the system. In a software system, many components
interact with each other.
2. High-level design
It focuses on how the system along with all its components and its can be implemented
in form of modules.
3. Detailed design
It defines the logical structure of each module and its interface to communicate with
each module.
4. Stage-3: Developing Product
In this phase of SDLC, you will see how the product will be developed. It is one of the
crucial parts of SDLC, It is also called the Implementation phase.
Stage-4: Product Testing and Integration
In this phase, we will integrate the modules and will test the overall product by using
different testing techniques.
Stage-5 Deployment maintenance
Linux hardening refers to the process of securing a Linux operating system and reducing its
potential attack surface. This is achieved by implementing various security measures, such as
updating and patching the system, configuring secure permissions and users, disabling
unnecessary services, using firewalls and intrusion detection systems, and more. The goal of
Linux hardening is to minimize the risk of unauthorized access, theft of data, or other security.
In this phase, the actual deployment of the product, or you can say the final product will be
deployed, and also we will do maintenance of product for any future update and release of new
features.

6b. What is threat modelling? Explain different threat modelling methodologies. 10M
Threat modeling is a method of optimizing network security by locating vulnerabilities,
identifying objectives, and developing countermeasures to either prevent or mitigate the -
attacks against the system.
Threat Modeling effects of cyber Methodologies
1. STRIDE A methodology developed by Microsoft for threat modeling, it offers a mnemonic for
identifying security threats in six categories:
• Spoofing: An intruder posing as another user, component, or other system feature
that contains an identity in the modeled system.
CYBER SECURITY (20CS54I ) SEPT 2023

• Tampering: The altering of data within a system to achieve a malicious goal.

• Repudiation: The ability of an intruder to deny that they performed some
malicious activity, due to the absence of enough proof.
• Information Disclosure: Exposing protected data to a user that isn't authorized to
see it.
• Denial of Service: An adversary uses illegitimate means to exhaust services
needed to provide service to users.
• Elevation of Privilege: Allowing an intruder to execute commands and functions
that they aren't allowed to.

2. P.A.S.T.A This stands for Process for Attack Simulation and Threat Analysis, a seven-step,
risk-centric methodology. It offers a dynamic threat identification, enumeration, and scoring
process. Once experts create a detailed analysis of identified threats, developers can develop
an asset-centric mitigation strategy by analyzing the application through an attacker-centric
view.

3. OCTAVE The Operationally Critical Threat, Asset, and Vulnerability Evaluation

(OCTAVE) process is a risk-based strategic assessment and planning method. OCTAVE
focuses on assessing organizational risks only and does not address technological risks.
OCTAVE has three phases:

• Building asset-based threat profiles. (Organizational evaluation)

• Identifying infrastructure vulnerabilities. (Information infrastructure evaluation)

• Developing and planning a security strategy. (Evaluation of risks to the company's critical
assets and decision making.)

4. Trike Trike focuses on using threat models as a risk management tool. Threat models, based
on requirement models, establish the stakeholder-defined "acceptable" level of risk assigned
to each asset class. Requirements model analysis yields a threat model where threat s are
identified and given risk values. The completed threat model is then used to build a risk
model, factoring in actions, assets, roles, and calculated risk exposure.

5. VAST Standing for Visual, Agile, and Simple Threat modeling, it provides actionable ou t pu ts for
the specific needs of various stakeholders such as application architects and developers, cybersecu rit y
personnel, etc. VAST offers a unique application and infrastructure visualization plan so that the
creation and use of threat models don't require any specialized expertise in security subject matters.
CYBER SECURITY (20CS54I ) SEPT 2023

SECTION III

7. a. Illustrate static code analysis vs dynamic code analysis. 10M

SAST DAST

White box security testing Black box security testing

The tester has access to the underlying
framework, design, and implementation. The
application is tested from the inside out. This
type of testing represents the developer
approach.
Requires source code
SAST doesn’t require a deployed
application. It analyzes the sources code or
binary without executing the application.
The tester has no knowledge of the technologies
or frameworks that the application is built on.
The application is tested from the outside in.
This type of testing represents the hacker
approach.
Requires a running application
DAST doesn’t require source code or binaries. It
analyzes by executing the application.

Finds vulnerabilities earlier in the SDLC
The scan can be executed as soon as code is
deemed feature-complete.
Less expensive to fix vulnerabilities
Since vulnerabilities are found earlier in the
SDLC, it’s easier and faster to remediate them.
Findings can often be fixed before the code
enters the QA cycle.
Can’t discover run-time and environment-
related issues
Since the tool scans static code, it can’t discover
run- time vulnerabilities.
Typically supports all kinds of software
Examples include web applications, web
services, and thick clients.
Finds vulnerabilities toward the end of the
SDLC Vulnerabilities can be discovered after
the development cycle is complete.
More expensive to fix vulnerabilities
Since vulnerabilities are found toward the end of
the SDLC, remediation often gets pushed into the
next cycle. Critical vulnerabilities may be fixed as
an emergency release.
Can discover run-time and environment-
related issues
Since the tool uses dynamic analysis on an
application, it is able to find run-time
vulnerabilities.
Typically scans only apps like web
applications and web services
DAST is not useful for other types of software.

7 b. Explain top 10 OWSAP issues in Web Applications 10M

The OWASP Mobile Top 10 give you an overview of the ten most critical security risks to
your apps and web applications.
1. Improper Platform Usage The first item among the OWASP top 10 is improper platform
usage. Platforms such as iOS, Android, or Windows Phone provide different capabilities and
features that you can use. If the app does not use an existing function or even uses it
incorrectly, this is called improper use. This can be, for example, a violation of published
guidelines that affects the security of the app.
CYBER SECURITY (20CS54I ) SEPT 2023

2. Insecure Data Storage Insecure data storage as well as unintentional data leaks also fall
under the OWASP Mobile Top Ten. Mobile application penetration testing tools help
uncover such grievances. However, it does not necessarily have to be your SQL database.
Manifest and log files, cookie storage or cloud synchronization can also be affected.
3. Insecure Communication Your app transports data from point A to point B. If this
transport is insecure, the risk increases. Here, too, the main mobile application penetration
testing tools will help you. They support you in detecting faulty app-to-server or mobile-to-
mobile communication.
4. Insecure Authentication Secure authentication adds another key security aspect to your
OWASP Mobile Security Checklist. In fact, there are many different ways that t he app can
provide insecure authentication. A classic example is a back-end API service request that the
mobile app executes anonymously without relying on an access token.
5. Lack of Cryptography The insecure use of cryptography can be observed in most app
applications. This is usually one of two problems: a fundamentally flawed process behind the
encryption mechanisms or the implementation of a weak algorithm.
6. Insecure Authorization Unlike authentication, authorization deals with the verification of
an identified person. It verifies that the necessary authorizations are in place to perform
certain actions. Of course, the two are closely related - yet both items belong separately on
the OWASP Top 10 list
7. Poor Client Code Quality This item of the OWASP Top 10 refers to an explicit
programming language. All vulnerabilities from code-level errors can provide attackers with
a way inside. The main risk lies in the need to make localized changes to the code. In
particular, insecure API usage or insecure language constructs are common problems that you
need to fix directly at the code level.
8. Code Manipulation From a technical perspective, any code on a mobile device is
vulnerable to tampering. This is because the mobile code is running in a foreign environment.
It is no longer under the control of your organization. Therefore, there are numerous ways to
modify it at will.
9. Reverse Engineering Attackers who want to understand how your app works can use
reverse-engineering to access all the information they need. Especially metadata, which is
supposed to be a relief for your programmers, is a high risk. Basically, if you can clearly
understand the string table of the binary or cross-functional analysis is possible, the app is
considered at risk.
CYBER SECURITY (20CS54I ) SEPT 2023

10. Extraneous Functionality Hidden backdoor functionality or internal security controls

are a common problem in mobile applications. The problem with them is that they are not
only useful for developers, but also for hackers. This allows them, for example, to disable 2 -
factor authentication or change basic functionality.
OR
8. a. Explain IAM best practices. 10M
o IAM stands for Identity Access Management.
o IAM allows you to manage users and their level of access to the aws console.
o It is used to set users, permissions and roles. It allows you to grant access to the
different parts of the aws platform.
o AWS Identity and Access Management is a web service that enables Amazon Web
Services (AWS) customers to manage users and user permissions in AWS.
o With IAM, Organizations can centrally manage users, security credentials such as
access keys, and permissions that control which AWS resources users can access.
o Without IAM, Organizations with multiple users must either create multiple user
accounts, each with its own billing and subscriptions to AWS products or share an
account with a single security credential. Without IAM, you also don't have control
about the tasks that the users can do.
o IAM enables the organization to create multiple users, each with its own security
credentials, controlled and billed to a single aws account. IAM allows the user to do
only what they need to do as a part of the user's job.

IAM best practices

1. Adopt a Zero Trust Approach to Security

2. Identify and Protect High-Value Data
3. Enforce a Strong Password Policy
4. Use Multi-Factor Authentication (MFA)
5. Automate Workflows
6. Adopt The Principle of Least Privilege
7. Enforce Just-in-Time Access Where Appropriate
8. Leverage Both Role-Based Access Control and Attribute-Based Access Control Policies
9. Regularly Audit Access to Resources
10. Centralize Log Collection
CYBER SECURITY (20CS54I ) SEPT 2023

.b. Elaborate on Cloud Vulnerabilities 10M

Common cloud vulnerabilities are
1. Cloud Misconfiguration: Cloud misconfiguration is the the most common vulnerability in
organizations. Misconfigurations are often caused by a lack of knowledge of good practices or
lack of peer review from DevOps/infra team.
2. Identity and Access Management Unsecure identity and access management (IAM) is a
common vulnerability in cloud systems. it occurs when a user or service of your infrastructure has
access to resources they should not be able to access and/or do not need.
3. Public Data Storage This vulnerability occurs when a given data blob, like an S3 bucket or, an
SQL database, is partly or completely opened to the public to access via either read-only or both
read and write. DevOps team, sysadmins, and managers should follow some basic princi ples to
minimize the risk of public data storage misconfiguration.
4.Insecure APIs APIs are used in modern software development as microservices, application and
website backends. They must handle requests received from mobile devices, applications,
webpages and third parties. This is why having a secure API is critical to ensuring cyber threat
mitigation and to protect against unwanted traffic.
Some of the most malicious requests are:
• Code and query injection (SQL injection, command injection)
• Taking advantage of a bad access control
• Targeting a vulnerability due to an outdated component (software libraries, database engine,
runtime environments, etc.)
5.Lack of Visibility When companies are using thousands of instances of cloud services, it can be
easy to get lost in them or forget about some of those running instances. Lack of visibility of cloud
infrastructure is a major issue that can delay action on a threat and result in a data breach.
Managers, sysadmins and DevOps teams must take a proactive security approach.
6. Lack of Multi-factor Authentication Multi-factor authentication (MFA) is an authentication
method in which a user must present at least two forms of identification validation to access an
account or data.
7. Malicious Insiders Unauthorized access occurs when a user obtains access to some or all of the
company’s cloud resources. Malicious insiders can also access cloud resources via account
hijacking due to a successful phishing attack and/or weak credential security.
8.Distributed Denial-of-Service Attacks Distributed denial-of-service (DDoS) attacks are
malicious efforts to take down a web service such as a website. It works by flooding the server
CYBER SECURITY (20CS54I ) SEPT 2023

with requests from different sources. The goal is to make the server unresponsive to requests from
legitimate users.
SECTION V
9. a. Explain Vulnerability life cycle. Elaborate the types of Vulnerabilities. 10M
The Vulnerability Management Life Cycle is intended to allow organizations to identify
computer system security weaknesses; prioritize assets; assess, report, and remediate the
weaknesses; and verify that they have been eliminated.
The following diagram illustrates the steps in the Vulnerability Management Life Cycle.

The steps in the Vulnerability Management Life Cycle are described below.
1. Discover: Inventory all assets across the network and identify host details including
operating system and open services to identify vulnerabilities. Develop a network baseline.
Identify security vulnerabilities on a regular automated schedule.
2. Prioritize Assets: Categorize assets into groups or business units, and assign a business
value to asset groups based on their criticality to your business operation.
3. Assess: Determine a baseline risk profile so you can eliminate risks based on asset
criticality, vulnerability threat, and asset classification.
4. Report: Measure the level of business risk associated with your assets according to your
security policies. Document a security plan, monitor suspicious activity, and describe known
vulnerabilities.
5. Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish
controls and demonstrate progress.
6. Verify: Verify that threats have been eliminated through follow-up audits.
Types of Vulnerabilities are
CYBER SECURITY (20CS54I ) SEPT 2023

1. Hardware Vulnerability: A hardware vulnerability is a weakness which can used to

attack the system hardware through physically or remotely. For examples:
o Old version of systems or devices
o Unprotected storage
o Unencrypted devices, etc.
2. Network Vulnerability A weakness happen in network which can be hardware or
software.
For examples:
o Unprotected communication
o Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
o Misconfigured firewalls
3. Operating System Vulnerability
An operating system vulnerability is a loophole or flaw in your operating system that makes
it easier for cybercriminals to break in. An operating system is the main software that runs
your computer or device – common examples include Windows, MacOS, Android, and Linux
4.Application Vulnerability
Application vulnerabilities are weaknesses in an application that an attacker could exploit to
harm the security of the application. Vulnerabilities can be introduced into an application in
various ways, such as failures in the design, implementation, or configuration of an
application.
5.Human Vulnerabilities
People represent one of the main weaknesses of cybersecurity. In fact, human vulnerabilities
can cause much more damage and be more costly than any of the other vulnerability types on
this list. Even though advanced hacking skills and powerful malware bolster the capabilities
of a cyber attacker, it is, in the end, humans that represent the only un-patchable risk in
cybersecurity. Ex: Social engineering. Defined as the art of gaining access to data, systems,
or buildings by exploiting human psychology.
6.Process Vulnerabilities
Process vulnerabilities are unique as they are created by specific process controls or the lack
of them. Process controls can look different depending on the industry of the organization.
This type of vulnerability is certainly the hardest to define. Ex: If an employee followed a
process in place which allowed them to create and use a weak password.
CYBER SECURITY (20CS54I ) SEPT 2023

9 b. Explain Android Application Security architecture. 10M

Android architecture contains different number of components to support any android device
needs.
The main components of android architecture are following:-

● Applications
● Application Framework
● Android Runtime
● Platform Libraries
● Linux Kernel
Applications –
Applications is the top layer of android architecture. The pre-installed applications like home,
contacts, camera, gallery etc and third party applications downloaded from the play store like
chat applications, games etc. will be installed on this layer only.
It runs within the Android run time with the help of the classes and services provided by the
application framework.

Application framework –
Application Framework provides several important classes, which are used to create an
Android application. It provides a generic abstraction for hardware access and helps in
managing the user interface with application resources. It includes different types of services
activity manager, notification manager, view system, package manager etc. which are helpful
for the development of our application according to the prerequisite.

Application runtime –
Android Runtime environment is one of the most important part of Android. It contains
components like core libraries and the Dalvik virtual machine (DVM). Mainly, it provides the
base for the application framework and powers our application with the help of the core
libraries.

Platform libraries –
The Platform Libraries includes various C/C++ core libraries and Java based libraries such as
Media, Graphics, Surface Manager, OpenGL etc. to provide a support for android
development.

● Media library provides support to play and record audio and video formats.
● Surface manager responsible for managing access to the display subsystem.
CYBER SECURITY (20CS54I ) SEPT 2023

● SGL and OpenGL both cross-language, cross-platform application program interface

(API) are used for 2D and 3D computer graphics.
● SQLite provides database support and FreeType provides font support.
● Web-Kit This open source web browser engine provides all the functionality to display
web content and to simplify page loading.
● SSL (Secure Sockets Layer) is security technology to establish an encrypted link
between a web server and a web browser.

Linux Kernel –
Linux Kernel is heart of the android architecture. It manages all the available drivers such as
display drivers, camera drivers, Bluetooth drivers, audio drivers, memory drivers, etc. which
are required during the runtime.

The Linux Kernel will provide an abstraction layer between the device hardware and the
other components of android architecture. It is responsible for management of memory,
power, devices etc.

OR

10 a. Explain GRC in an company and its benefits. 10M

GRC stands for Governance, Risk Management, and Compliance. It refers to a set of
processes and technologies used by organizations to manage and monitor compliance with
legal and regulatory requirements, manage risks and ensure that the company is operating in
CYBER SECURITY (20CS54I ) SEPT 2023

an ethical and transparent manner.

Core GRC principles:

Governance: Ensuring that organizational activities support the organization's business goals.

Risk: The identification, classification and addressing of any risk associated with
organizational activities.

Compliance: Ensuring that an organization is meeting compliance with all legal and
regulatory requirements

The benefits of a strong GRC program in a company include:

• Improved Risk Management: By having a clear understanding of the risks facing

the company and implementing strategies to manage those risks, companies can
minimize potential harm and maximize opportunities.
• Increased Compliance: GRC helps ensure that the company is following all relevant
laws, regulations, and ethical standards, reducing the risk of fines, legal action and
reputational damage.
• Enhanced Transparency: A strong GRC program promotes transparency in the
company's operations and decision-making processes, which can increase trust among
stakeholders and enhance the company's reputation.
• Efficient Use of Resources: By streamlining processes and utilizing technology to
automate GRC activities, companies can reduce the time and cost associated with
managing risks and ensuring compliance.
• Improved Decision Making: By having a comprehensive understanding of the
company's risks and compliance obligations, companies can make better-informed
decisions that promote long-term success.

10.b. Illustrate the need of DevOps in Companies and its Security Challenges. 10M
DevOps is a software development practice that emphasizes collaboration and
communication between development and operations teams. The goal of DevOps is to
improve the speed and reliability of software delivery, as well as to increase the efficien cy
and responsiveness of the overall development process.
➢ DevOps security (DevSecOps) is an approach to cybersecurity that focuses on
application development and development operations (DevOps). It combines three
CYBER SECURITY (20CS54I ) SEPT 2023

phrases:
1. Development 2.Operations 3.Security

➢ The goal of DevOps security is to remove barriers between an organization’s

software development and its IT operations. Namely, it calls for speed and
intense, fast communication and collaboration. It is essentially a philosophy that
covers developers’ code and its subsequent need to work (and grow) properly
with the organization’s employees and customers.
➢ core of the DevOps security philosophy is continuous deployment.
Development and IT teams work closely and rapidly to add to and fix software.
This means, for example, adding new features and troubleshooting bugs so that
they can be continuously released in fast cycles without causing disruptions. It
enables teams, other employees, and customers to continue interacting with
software without interruption
Security challenges in DevOps include:

• Configuration management: ensuring the consistency and security of configurations

across multiple environments, from development to production.
• Continuous Integration and Continuous Deployment (CI/CD): securing the
pipeline and ensuring that only authorized changes are deployed to production.
• Infrastructure as Code (IaC): managing the security of infrastructure components
defined as code, such as cloud resources or containerized applications.
• Container security: securing the lifecycle of containers, from build to deployment
and runtime.
• Secrets management: securely storing and managing sensitive information, such as
passwords and access keys, in the DevOps environment.
• Compliance: ensuring that DevOps practices align with regulations and industry
standards, such as those related to data privacy and security
CYBER SECURITY (20CS54I ) SEPT 2023

CERTIFICATE
This is to certify that all the model answers prepared by me for subject CYBER SECURITY
(20CS54I ) are as per the syllabus.

SOWMYA C J
LECTURER
COMPUTER SCIENCE AND ENGINEERING
GOVERNMENT POLYTECHNIC
ARAKERE-157
 CYBER SECURITY (20CS54IT) DEC 2023

V semester Diploma Examination-Dec-2023

CYBER SECURITY 20CS54IT
Scheme of Valuation
Q. No Description of Questions Marks
Allotment
1a Definition of Cyber Security 2 marks
CIA Principles 4 marks
AAA Principles 4 marks
1b Definition and Listing 2+3 marks
Explaining any five malwares 1*5=5 marks
2a Purpose of Defense in depth and explaining four layers 2+ 2*4= 10
marks
2b Brief explanation or definition i) DOS and DDOS Attack 5 marks
ii) ON Path Attack 5 marks
3a Steps of RSA algorithm 5 marks
Solving problem 5 marks
3b Analyze and identification the need for Digital Signature. 2 Marks
Explanation the working concept of Digital Signature. 8 Marks

4a Purpose of PKI 2 Marks

Explaining Components of PKI 8 Marks
4b Solving totient functions 5 marks
Finding GCD 5 Marks
5a Explanation of Firewall 5 marks
Explanation of IDS 5 marks
5b Explaining all Phases of Microsoft SDL 10 marks
6a Third party patch management 5 marks
Bit locker drive Encryption 5 marks
6b Top 10 common web vulnerabilities 1 * 10= 10
Marks
7a Listing 1 marks
Explaining 3 Models 3*3 = 9 marks
7b Need of IAM 5 marks
Any 5 IAM best practices 5 marks
8a Listing 3 marks
Explaining 7 HTTP methods 1 * 7= 7
Marks
8b Diagram 4 Marks
Explanation 6 Marks
9a Any Four Objectives 4 marks
Life Cycle with diagram 6 marks
9b Definition 1 marks
Explanation of Risk Management 4 marks
Types of Risk 5 marks
10a Life cycle of vulnerability management 5 marks
Types of vulnerability 5 marks
10b DevOps definition and Explanation 2 + 8 marks
 CYBER SECURITY (20CS54IT) DEC 2023

Model Answers

NOTE: All model answers are general specific to subject, if any answers are relevant,
please give marks.

SECTION-1

1a. Define cyber security. Explain CIA and AAA security principles. 10M

Cyber Security is process or technique to protect internet connected systems

such as computer system, mobile devices, electronic systems, network, data from malicious
activity is known as Cyber Security.

Security principles

CIA (Confidentiality, Integrity, Availability)

The basic tenets of information security are confidentiality, integrity and availability.

1. Confidentiality:

The purpose of the confidentiality is to ensure that only those authorized users are allowed to
view or access the information. The purpose of the confidentiality is to avoid the
unauthorized person/ user. Confidentiality is achieved through Encryption.

2. Integrity:

The assurance that the data received are exactly same as sent by the authorized user. i.e. the
data contains no modification, no insertion, no deletion etc. Integrity is achieved by using
Hash code or Checksum.

3. Availability: This principle makes the information to be available and useful for its
authorized people always. It ensures that these accesses are not hindered by system malfunction
or cyber- attacks.

AAA(Authentication, Authorization, Accounting)

1.Authentication

The process by which it can be identified that the user, which wants to access the
network resources, valid or not by asking some credentials such as username and password.
 CYBER SECURITY (20CS54IT) DEC 2023

2. Authorization:

Once the authentication is successfully done, authorization can be used to determine which
resources are the user is allowed to access and what operations they can be performed.

3.Accounting

It provides means of monitoring and capturing the events done by the user while
accessing the network resources. It even monitors how long the user has access to the network.
The administrator can create an accounting method list to specify what should be accounted
for and to whom the accounting records should be sent.

1b. What is malware? List and explain any five types of malwares. 10M

Malware, or malicious software, is any program or file that is intentionally harmful to

a computer, network or server. Malware can infect networks and devices and is designed to
harm those devices, networks and/or their users in some way.

The following are the list of malwares: -

1. Spyware

2. Adware

3. Backdoor

4. Ransomware

5. Scareware

6. Rootkit

7. Virus

8. Trojan horse

9. Worm

 A virus is the most common type of malware that can execute itself and spread by
infecting other programs or files.
 A worm can self-replicate without a host program and typically spreads without any
interaction from the malware authors.
 CYBER SECURITY (20CS54IT) DEC 2023

 A Trojan horse is designed to appear as a legitimate software program to gain access to

a system. Once activated following installation, Trojans can execute their malicious
functions.
 Spyware collects information and data on the device and user, as well as observes the
user's activity without their knowledge.
 Ransomware infects a user's system and encrypts its data. Cybercriminals then demand
a ransom payment from the victim in exchange for decrypting the system's data.
 A rootkit obtains administrator-level access to the victim's system. Once installed, the
program gives threat actors root or privileged access to the system.
 A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an
infected computer system that enables threat actors to remotely access it without
alerting the user or the system's security programs.
 Adware tracks a user's browser and download history with the intent to display pop-up
or banner advertisements that lure the user into making a purchase. For example, an
advertiser might use cookies to track the webpages a user visits to better target
advertising.
 Scareware:This is a type of malware that uses 'scare ‘tactics to trick you into taking a
specific action. Scareware mainly consists of operating system style windows that
pop up to warn you that your system is at risk and needs to run a specific program for
it to return to normal operation.

OR

2a. Illustrate the purpose of defence in depth? Explain the layers of defence in depth. 10M
Defence in Depth (DiD) is an approach to cybersecurity in which a series of defensive
mechanisms are layered in order to protect valuable data and information. If one mechanism
fails, another steps up immediately to thwart an attack. This multi-layered approach with
intentional redundancies increases the security of a system as a whole and addresses many
different attack vectors. Defence in Depth is commonly referred to as the "castle approach"
because it mirrors the layered defences of a medieval castle.

Defence in Depth layer architecture

There four key layers of defence in depth include in the following:

Layer 1:Network Protection or Perimeter defence

Layer 2:Host defence

 CYBER SECURITY (20CS54IT) DEC 2023

Layer 3:Operating system and Application defence

Layer 4:Data/Information protection

 Layer 1:Network Protection or Perimeter defence

The Perimeter defence or Network protection can be achieved by using
firewalls, router, gateways, etc.
One of the most common type of attack at this layer is DoS attack

 Layer 2: Host defence

The next layer of protection is to protect the work station(Computer or

Host)Connected to the network

The HOST protection includes

 To protect against someone trying to attack from within the network

 To protect the data stored on work station from someone coming through
the firewall

Host protection can be achieve in following ways

 Formulate the user access policy

 By installing the antivirus software
 By installing personal firewall

 Layer 3: Operating system and Application Program defence

 The next layer of protection is to protect our operating system, application
server, web server, email server, etc.
 The operating system and application program protection can be achieved by
identifying and patching the vulnerability (weakness).

 Layer 4: Data/Information protection

Data or Information protection can be achieved by the means of data

encryption.

2b. Illustrate:

i. DOS and DDOS Attack

ii. ON path Attack
CYBER SECURITY (20CS54IT) DEC 2023

DOS and DDOS Attack

Denial-of-Service: DOS attack is the type of attack where an attacker sends enormous amount of
request at the rate which the server cannot handle. The following are the effects of DOS attacks

 Slowdown of response.
 Slowdown of server or Crash of server.
 Increase the level of traffic in the network
 Interrupts the other network services for the user
 Causes significant loss of time and money

Distributed DoS: A Distributed DoS (DDoS) attack is similar to a DoS attack but originates from
multiple, coordinated sources. For example:

 An attacker builds a network (botnet) of infected hosts called zombies, which are
controlled by handler systems.

 The zombie computers will constantly scan and infect more hosts, creating more and
more zombies.

 When ready, the hacker will instruct the handler systems to make the botnet of
zombies carry out a DDoS attack.

ON path Attack

On-path attackers intercept or modify communications between two devices, such as a

web browser and a web server, either to collect information from or to impersonate one of the
devices. This type of attack is also referred to as a man-in-the-middle or man-in-the-mobile
attack.

 Man in The Middle: A MitM attack happens when a cybercriminal takes control of a
device without the user‘s knowledge. With this level of access, an attacker can intercept
and capture user information before it is sent to its intended destination. These types of
attacks are often used to steal financial information. There are many types of malware that
possess MitM attack capabilities.
 Man In The Mobile: A variation of man-in-middle, MitMo is a type of attack used to
take control over a user‘s mobile device. When infected, the mobile device is instructed to
exfiltrate user-sensitive information and send it to the attackers. ZeuS is one example of a
 CYBER SECURITY (20CS54IT) DEC 2023

malware package with MitMo capabilities. It allows attackers to quietly capture two- step
verification SMS messages that are sent to users.

SECTION-II

3a. Write the steps of RSA-algorithm. Given p=17, q=11, e=7.Find the decryption key(d). 10M

Steps of RSA algorithm

1. Select two prime numbers p and q

2. Calculate n=p*q
3. Calculate φ(n)=(p-1)(q-1)
4. Select e such that GCD(φ(n),e))=1
5. Select d such that d * e mod φ(n) = 1
6. Public key Pu={e,n} anf private key Pr ={d, n}
7. Encryption: C= pow(M,e) mod n
8. Decryption: M=pow(C,d) mod n

Solution to the problem

1. Given p=17 and q=11

2. Calculate n=p*q,
n=17*11=187
3. Calculate φ(n)=(p-1)(q-1)
φ(n)=(17-1)(11-1)
φ(n)=16*10
φ(n)=160
4. Encryption key e=7
5. Find d, such that d*e mod n(φ)=1
Substitute the value k till get whole number for d from k=1,2,3…….etc
d=((φ(n)*k)+1)/e at k=1 we got whole number
d=((192*1)+1)/7
d=23
6. Hence the decryption key(d) is =23.

3b. Analyze & identify the need for digital signature. Explain the working principle of digital
signature 10M
CYBER SECURITY (20CS54IT) DEC 2023

Digital signatures

Digital signature is a cryptographic value that is calculated from the data and a secret
key known only by the signer.

In real world, the receiver of message needs assurance that the message belongs to the
sender and he should not be able to repudiate the origination of that message. Apart from
ability to provide non repudiation of the message, the digital signature also provides message
authentication and data integrity.

Digital signature uses the concept of public key encryption method. The below fig
explain the concept og digital signature.

Model of Digital Signature

Sender Side Receiver Side

Message (M) Sender’s Private Key

Digital signature
Private Digital Signature
Key Generation S + MOR Analyzer
Algorithm

Signature(S) Validate/ Not Validate

Explanation:

Sender uses digital signature generation algorithm that uses sender private key and the
message(M) to generate the Digital Signature(S).

Then the Sender appends the Digital Signature(S) to the Message(M) and transferred to the
Receiver.

The receiver uses Digital Signature Analyzer algorithm to validate the signature, it uses
sender’s public key to validate the signature. If the validation is successful, then the receiver
accepts the message.

4b. What is the purpose of Public key infrastructure(PKI),explain the different components of PKI.

Public Key Infrastructure(PKI)

CYBER SECURITY (20CS54IT) DEC 2023

PKI provides assurance of public key. It provides the identification of public

keys and their distribution. An anatomy of PKI comprises of the following
components.
 Public Key Certificate, commonly referred to as ”digital certificate‟.
 Certification Authority.
 Registration Authority.
 Certificate Management System.
Digital Certificate
 For analogy, a certificate can be considered as the ID card issued to the
person. People use ID cards such as a driver's license, passport to prove
their identity. A digital certificate does the same basic thing in the
electronic world, but with one difference.
 Digital Certificates are not only issued to people but they can be issued
to computers, software packages or anything else that need to prove the
identity in the electronic world.
The process of obtaining digital certificate by an entity is as shown

As shown in the illustration, the CA accepts the application from a client to

certify his public key. The CA, after duly verifying identity of client, issues a
digital certificate to that client.
Certifying Authority (CA)
As discussed above, the CA issues certificate to a client and assist other users to
verify the certificate. The CA takes responsibility for identifying correctly the identity of
the client asking for a certificate to be issued, and ensures that the information contained
within the certificate is correct and digitally signs it.
 CYBER SECURITY (20CS54IT) DEC 2023

Key Functions of CA
The key functions of a CA are as follows −
 Generating key pairs − The CA may generate a key pair independently or jointly
with the client.
 Issuing digital certificates − The CA could be thought of as the PKI equivalent of
a passport agency − the CA issues a certificate after client provides the credentials
to confirm his identity. The CA then signs the certificate to prevent modification
of the details contained in the certificate.
 Publishing Certificates − The CA need to publish certificates so that users can
find them. There are two ways of achieving this. One is to publish certificates
in the equivalent of an electronic telephone directory. The other is to send your
certificate out to those people you think might need it by one means or another.
 Verifying Certificates − The CA makes its public key available in environment to
assist verification of his signature on clients‟ digital certificate.
 Revocation of Certificates − At times, CA revokes the certificate issued due to
some reason such as compromise of private key by user or loss of trust in the client.
After revocation, CA maintains the list of all revoked certificate that is available to
the environment.
Registration Authority.
It receives the certification generation request from the client. It verify the
client identity and ask for the Certifying authority(CA) to generate digital certificate.

4b. Find: 10M

i. Euler totient function-φ(255),φ(256)
ii. Find GCD(360,210), GCD(136,260)
φ(255)
255=5*3*17
Here p1=5, p2=3, p3=17
φ(255)=φ(255)*((1-1)/p1) ((1-1)/p2) ((1-1)/p3))
φ(255)=255*(((1-1)/5) ((1-1)/3) ((1-1)/17) )
=255*((4/5)*(2/3)*(16/17))
=128
 CYBER SECURITY (20CS54IT) DEC 2023

φ(256)
256=28
Here p1=2
φ(256)=φ(256)*((1-1)/p1))
φ(256)=256*(((1-1)/2))
=256*(1/2)
=128
GCD(360,210)
1. 360 mod 210=150
2. 210 mod 150=60
3. 150 mod 60=30
4. 60 mod 30=00
Since remainder is 0, GCD(360,210)=30.
GCD(136,260)
1. 260 mod 136=124
2. 136 mod 124=12
3. 124 mod 12=4
4. 12 mod 4=00
Since remainder is 0, GCD(136,260)=4

SECTION-III
5a. Explain the following security devices in cyber security. 10M
i. Firewall
ii. IDS
i) Firewall
A Firewall can be defined as a special type of network security device that
monitors and filters incoming and outgoing network traffic.
It acts as a barrier between internal private network and public internet as shown in the
figure.
CYBER SECURITY (20CS54IT) DEC 2023

The primary purpose of the firewall is to allow non harmful traffic and to filter malicious
packets based on the predefined rule. The filtering rules is based on the information
contained in the network packets, such as
1. Source IP address: It is the address of the computer that generates packets.
2. Destination IP address: It is the address of the computer that receives the packet.
ii) IDS(Intrusion Detection System)
An Intrusion Detection System (IDS) is a system that monitors network traffic
for suspicious activity and issues alerts when such activity is discovered. It is a software
application that scans a network or a system for the harmful activity or policy breaching.
Any malicious venture or violation is normally reported either to an administrator or
collected centrally using a security information and event management (SIEM) system. A
SIEM system integrates outputs from multiple sources and uses alarm filtering
techniques to differentiate malicious activity from false alarms.
 CYBER SECURITY (20CS54IT) DEC 2023

The working of IDS is as shown below figure

An IDS monitors the network traffic for suspicious or malicious activity based on pre-
defined pattern or signature. When IDS detects an issue alerts the network administrator
to take action.
5b. Explain the different phases of Microsoft Secure SDLC. 10M
Microsoft SDL consists of seven components including five core phases and two
supporting security activities. The five core phases are requirements, design, implementation,
verification, and release. Each of these phases contains mandatory checks and approvals to
ensure all security and privacy requirements and best practices are properly addressed. The
two supporting security activities, training and response are conducted before and after the
core phases respectively to ensure they're properly implemented, and software remains secure
after deployment.
CYBER SECURITY (20CS54IT) DEC 2023

Training
All Microsoft employees are required to complete general security awareness training
and specific training appropriate to their role.
Requirements
Every product, service, and feature Microsoft develops starts with clearly defined
security and privacy requirements; they're the foundation of secure applications and
inform their design. Development teams define these requirements based on factors such
as the type of data the product will handle, known threats, best practices, regulations and
industry requirements, and lessons learned from previous incidents. Once defined, the
requirements are clearly defined, documented, and tracked.
Design
Once the security, privacy, and functional requirements have been defined, the design
of the software can begin. As a part of the design process, threat models are created to
help identify, categorize, and rate potential threats according to risk. Threat models must
be maintained and updated throughout the lifecycle of each product as changes are made
to the software.
Implementation
Implementation begins with developers writing code according to the plan they
created in the previous two phases. Microsoft provides developers with a suite of secure
development tools to effectively implement all the security, privacy, and function
requirements of the software they design. These tools include compilers, secure
development environments, and built-in security checks.
Verification Testing
Before any written code can be released, several checks and approvals are required to
verify that the code conforms to SDL, meets design requirements, and is free of coding
errors.
Various automated checks are also required and are built into the commit pipeline to
analyze code during check-in and when builds are compiled. The security checks used
at Microsoft fall in to the following categories.
1. Static code analysis
2. Binary analysis
3. Credential and secret scanner
 CYBER SECURITY (20CS54IT) DEC 2023

4. Encryption scanning
5. Fuzz testing.
Release
After passing all required security tests and reviews, builds aren't immediately
released to all customers. Builds are systematically and gradually released to larger and
larger groups, referred to as rings, in what is called a safe deployment process (SDP).
These rings can be defined as
 Ring 0: The development team is responsible for service
 Ring 1: All Microsoft employees
 Ring 2: User outside of Microsoft
 Ring 4: Worldwide release in sub-phase.
Response
All Microsoft services are extensively logged and monitored after release,
identifying potential security incidents using a centralized proprietary near-real-time
monitoring system.
OR
6a. Write a note on 10M
i. Third Party patch management
ii. Bit locker drive Encryption
Third Party patch management
Third-party patching or third-party patch management, is essentially the process of
deploying patch updates to third-party applications that have been installed on one or more of your
endpoints (e.g., servers, desktops, or laptops). Third-party patching addresses bugs or
vulnerabilities in the software that either affect its function or security. Patching software
vulnerabilities is a critical part of your overall IT security process that helps prevent exploitation
by hackers.
Third-party risk management (TPRM) is a form of risk management that focuses on
identifying and reducing risks relating to the use of third parties (sometimes referred to as vendors,
suppliers, partners, contractors, or service providers)
Why is Third-Party Risk Management Important?

While third-party risk isn’t a new concept, upticks in breaches across industries and a greater
reliance on outsourcing have brought the discipline into the forefront like never before. Disruptive
 CYBER SECURITY (20CS54IT) DEC 2023

events, have impacted almost every business and their third parties – no matter the size, location,
or industry. In addition, data breaches or cyber security incidents are common. In in 2021, the
impact that third parties have on business resilience was highlighted through outages and other
third-party incidents. Some of the ways you can be impacted are:

 Internal outages and lapses in operational capabilities

 External outages affecting areas across the supply chain

 Vendor outages that open your organization to supply chain vulnerabilities

 Operational shifts that affect data gathering, storage, and security

Bit locker drive Encryption

BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption

feature that is included with certain newer versions of Windows. BitLocker enables users to encrypt
everything on the drive Windows is installed on, protecting that data from theft or unauthorized
access.

Microsoft BitLocker improves file and system protections by mitigating unauthorized data
access. It uses the Advanced Encryption Standard algorithm with 128- or 256-bit keys. BitLocker
combines the on-disk encryption process and special key management techniques.

Although BitLocker first debuted with Windows Vista in 2007, beginning with Windows
10 version 1511, Microsoft updated BitLocker, introducing new encryption algorithms, new group
policy settings, new operating system (OS) drives and removable data drives. This update applies
to Windows 11, 10 and Server 2016 and above. BitLocker itself works on Pro, Enterprise and
Education editions of Windows.

6b. Illustrate OWASP top 10 common web vulnerabilities. 10M

Open Web Application Security(OWASP) is a non profit organization that has identified most
common vulnerabilities such as

1. Broken Access Control.

2. Cryptographic failures
3. Injection Attacks
4. Insecure Design
 CYBER SECURITY (20CS54IT) DEC 2023

5. Security Misconfiguration
6. Vulnerable and outdated components
7. Authentication Failures
8. Software and Integrity
9. Security logging and monitoring
10. Server side request forgery.

1. Broken Access Control: If the authentication access restriction are not properly implemented,
its easy for attackers to take whatever they want. With broken access control, unauthorized
user’s may have access to sensitive files and system.
2. Cryptographic failures: Common errors such as hardcoded passwords, outdated cryptographic
algorithms or weak cryptographic keys can result in exploring sensitive data.
3. Injection attacks: Injection attacks occurs when attackers found out vulnerabilities in the web
application the accept unrestricted data. Common type of injection attacks are SQL injection
and OS command injection.
4. Insecure Design: Which focus on the fundamental design flaws and ineffective control in the
software design.
5. Security Misconfiguration: It is the more common vulnerability that results of using default
configuration or displaying excessively descriptive message.
6. Vulnerable and outdated components: Modern applications are build using a large number of
third party libraries and Open Source frame work for developing web applications. The
attackers may find the vulnerabilities in these libraries and framework to launch the attack.
7. Authentication Failures: Authentication failure occurs when an application depends on weak
authentication process or fails to properly validate authentication information, for example an
application lacks in multifactor authentication may vulnerable to attack.
8. Software and Integrity failure: The tools used to build on manage or deploy software are also
the sources of attack.
9. Security logging and monitoring failure: Having adequate logging and monitoring is essential
in both detecting security attacks and limiting the damage.
10. Server Side request Forgery: It can exists when a web application does not properly validate
the URL provided by a user when fetching a resource located in that URL.
11.
 CYBER SECURITY (20CS54IT) DEC 2023

SECTION-IV
7a. Differentiate between the different categories of cloud delivery models. 10M
The Cloud Computing Service Delivery Models.
 Infrastructure as a Service(IaaS)
 Platform as a Service(PaaS)
 Software as a Service(SaaS)
Infrastructure as a Service(IaaS)
IaaS is a cloud delivery model that delivers the computer infrastructure to support various
operations.
Typically IaaS provides the infrastructure such as networking equipments, devices, database
and web servers. It is also known as Hardware as a Service.
Platform as a Service(PaaS)
PaaS is a cloud delivery model that delivers platform and environment to the software
developers to build applications and services.
PaaS services are hosted in the cloud and accesses by the user via their web browser.
PaaS fress the user from having to install hardware or software to develop and run the new
applications.
Here the consumer does not manage or control infrastructure including network, servers, OS
or Storage.
Software as a Service(SaaS): SaaS is a cloud delivery model that delivers the services and
applications over the internet. Instead of installing and maintaining software, the user access
it via internet through their browser, it frees the user from the complex software and hardware
management.
Most SaaS applications can be run directly from a web browser without any downloads or
installation required.
SaaS is also known as Web based software, on demand software or hosted software.

7b. What is the need of Identity and Access Management(IAM)?Explain any five IAM best practices.
10M

Identity and Access Management (IAM) has become an essential element of

security plans for many organizations. To reap the most security benefits, it is imperative that
companies ensure that their IAM tools and processes are set up correctly. In this article, we
CYBER SECURITY (20CS54IT) DEC 2023

will share 11 identity and access management best practices your company should adopt to
establish a strong security posture. By the end of this article, you’ll know the next steps to
take to incorporate IAM best practices into your security strategy.

1. Adopt a Zero Trust Approach to Security

Many companies have applications, platforms, and tools that are designed with
implicit trust features. Implicit trust means that if users have access to your network or log in
to a tool, the system “remembers” them and doesn’t always prompt the user to verify their
identity again. These lax access permissions can pose a major risk to your organization’s
security stance if an unauthorized entity gains access to your system via a remembered
credential.

2. Identify and Protect High-Value Data

Protecting your most valuable data involves limiting who can access it as much as
possible—but, to limit access, you first need to know where your most valuable data is stored
and how it is used.

3. Enforce a Strong Password Policy

Your IAM technologies are only as strong as the identity management best
practices and policies that support them. If your team is leveraging single sign-on (SSO)
tools, it’s critical that each user’s password is strong, unique, and difficult to guess to support
password and IAM best practices. Passwords must be complex enough to deter cyberattacks,
frequently changed, and not used for multiple sign-on requirements.

4. Use Multi-Factor Authentication (MFA)

User authentication is an essential component of effective identity and access

management best practices. After all, if you can’t guarantee a user is who they claim to be,
you may be putting your data at risk and unintentionally allowing access to an unauthorized
user.

MFA tools often use a combination of these methods to authenticate identity:

 Biometric authentication (e.g., fingerprints or facial recognition)

 Possession authentication (e.g., sending a one-time password to a user’s personal
device)
 Knowledge authentication (e.g., answering security questions)
 CYBER SECURITY (20CS54IT) DEC 2023

 User location or time data

5. Automate Workflows

IAM tools offer IT teams many opportunities to use automation to make your
organization more secure. Automation reduces manual errors, streamlines workflows, and
supports compliance and governance needs.

OR

8a. List and explain HTTP methods. 10M

HTTP methods: The HTTP method indicates the what action to be perform by the Server.
These method names are case sensitive and they must be used in uppercase.

The various HTTP methods on:

 GET Method
 HEAD Method
 POST Method
 PUT Method
 DELETE Method
 CONNECT Method
 OPTION Method
 TRACE Method

GET Method:

A GET request retrieves data from a web server by specifying parameters in the URL
portion of the request. This is the main method used for document retrieval.

HEAD Method:
The HEAD method is functionally similar to GET, except that the server replies with
are status line and Header section only.

POST Method:

The POST method is used when you want to send some data to the server, for
example, file update, form data, etc using HTML forms.

PUT Method:

The PUT method is used to request the server to store the included entity-body at a
location specified by the given URL.
 CYBER SECURITY (20CS54IT) DEC 2023

DELETE Method:

The DELETE method is used to request the server to delete a file at a location
specified by the given URL.

CONNECT Method:

The CONNECT method is used by the client to establish a network connection to a

web server over HTTP.

OPTIONS Method:

The OPTIONS method is used by the client to find out the HTTP methods and other
options supported by a web server. The client can specify a URL for the OPTIONS method,
or an asterisk (*) to refer to the entire server.

TRACE Method:

The TRACE method is used to echo the contents of an HTTP Request back to the
requester which can be used for debugging purpose at the time of development.

8b. Explain Android application security architecture. 10M

Android architecture contains different number of components to support any android device
needs.
The main components of android architecture are following:-

 Applications
 Application Framework
 Android Runtime
 Platform Libraries
CYBER SECURITY (20CS54IT) DEC 2023

 Linux Kernel

Applications –
Applications is the top layer of android architecture. The pre-installed applications like
home, contacts, camera, gallery etc and third party applications downloaded from the play store
like chat applications, games etc. will be installed on this layer only.
It runs within the Android run time with the help of the classes and services provided by the
application framework.

Application framework –
Application Framework provides several important classes, which are used to create an
Android application. It provides a generic abstraction for hardware access and helps in
managing the user interface with application resources. It includes different types of services
activity manager, notification manager, view system, package manager etc. which are helpful
for the development of our application according to the prerequisite.

Application runtime –
Android Runtime environment is one of the most important part of Android. It contains
components like core libraries and the Dalvik virtual machine (DVM). Mainly, it provides the
base for the application framework and powers our application with the help of the core
libraries.

Platform libraries –
The Platform Libraries includes various C/C++ core libraries and Java based libraries such
as Media, Graphics, Surface Manager, OpenGL etc. to provide a support for android
development.
 CYBER SECURITY (20CS54IT) DEC 2023

● Media library provides support to play and record audio and video formats.
● Surface manager responsible for managing access to the display subsystem.
● SGL and OpenGL both cross-language, cross-platform application program interface
(API) are used for 2D and 3D computer graphics.
● SQLite provides database support and FreeType provides font support.
● Web-Kit This open source web browser engine provides all the functionality to display
web content and to simplify page loading.
● SSL (Secure Sockets Layer) is security technology to establish an encrypted link between
a web server and a web browser.
Linux Kernel –
Linux Kernel is heart of the android architecture. It manages all the available drivers
such as display drivers, camera drivers, Bluetooth drivers, audio drivers, memory drivers, etc.
which are required during the runtime.

The Linux Kernel will provide an abstraction layer between the device hardware and the other
components of android architecture. It is responsible for management of memory, power,
devices etc.

SECTION-V

9a. What are the objectives of Incident Management? Explain the life cycle of Incident Management.
10M

The objectives of the Incident Management process are to:

1) Ensure that standardized methods and procedures are used for efficient and prompt
response, analysis, documentation, ongoing management and reporting of incidents

2) Increase visibility and communication of incidents to business and IT support staff

3) Enhance business perception of IT through use of a professional approach in

quickly resolving and communicating incidents when they occur

4) Align Incident Management activities and priorities with those of the business

5) Maintain user satisfaction with the quality of IT services

Life Cycle of Incident Management

Incident Management is responsible for managing the life cycle of incidents, from
creation to closure.
 CYBER SECURITY (20CS54IT) DEC 2023

The Incident Management process or Life Cycle of Incident Management has many
states, and each is important to the success of the process and the quality of service delivered.

The different states can be represented in a diagram as follows:

1) New indicates that the service desk has received the incident but has not assigned it to an
agent.
2) Assigned means that an incident has been assigned to an individual service desk agent.
3) In progress indicates that an incident has been assigned to an agent but has not
beenresolved.Theagentisactivelyworkingwiththeusertodiagnoseandresolvetheincident.
4) On hold or pending status indicates that the incident requires some information or
response from the user or from a third party. The incident is placed “on hold” so that SLA
response deadlines are not exceeded while waiting for a response from the user or vendor.
5) Resolved means that the service desk has confirmed that the incident is resolved and that
the user’s service has restored to the SLA levels.
6) Closed indicates that the incident is resolved and that no further actions can be taken.

9b. Define GRC. Explain Enterprise Risk Management and identify the different types of risk faced
by the Enterprise. 10M

Governance
Governance is the set of policies, rules, or frameworks that a company uses to achieve
its business goals. It defines the responsibilities of key stakeholders, such as the board of
directors and senior management.
Risk
 CYBER SECURITY (20CS54IT) DEC 2023

A possible event that could cause harm or loss or make it more difficult to achieve
objectives.
Compliance
Compliance is the act of following rules, laws, and regulations.It applies to legal and
regulatory requirements set by industrial bodies and also for internal corporate policies.

Enterprise Risk Management(ERM):

 Enterprise risk management(ERM) is a methodology that looks at risk
management strategically from the perspective of the entire organization.
 Enterprise risk management involves understanding, analyzing, and
addressing risk to ensure organizations achieve their objectives.
 The procedure where a company can identify, prioritize, and evaluate risk and use their
existing resources to reduce the impact.

 Step 1: Find the risk

Step 2: Explore the risk
Step 3: Risk evaluation
Step 4: Risk treatment
Step5: Risk monitoring
Types of risk faced by an enterprise
1. Operational Risks:

Operational risk is defined as a type of risk that arises from the day-to-day operations
of an organization. It is the potential for loss that comes from faulty or absent internal
procedures, people, and systems, as well as external events.
2. Strategic risk
Refers to the internal and external events that may make it difficult, or
 CYBER SECURITY (20CS54IT) DEC 2023

even impossible, for an organization to achieve their objectives and strategic

goals.
3. Credit risk
Is the possibility of a loss happening due to a borrower's failure to repay
a loan or to satisfy contractual obligations.
4. Reputational risk:
Reputational risk is a threat or danger to the good name or standing of a business
or entity.
5. Market risks
Market risk involves the risk of changing conditions in the specific marketplace
in which a company competes for business.

6. Cyber risks
Cyber security risks relate to the loss of confidentiality, integrity, or availability
of information, data, or information systems
7. Legal risk
Risk occur due to negligence of following rules and lows related to governance
8. Regulatory risk
Risk occurs due to changing the rules and regulations, which affect the business.
OR
10a. Explain:

i. Life cycle of vulnerability management 5M

ii. Types of Vulnerability 5M

The Vulnerability Management Life Cycle is intended to allow organizations to identify

computer system security weaknesses; prioritize assets; assess, report, and remediate the
weaknesses; and verify that they have been eliminated.
The following diagram illustrates the steps in the Vulnerability Management Life Cycle.
CYBER SECURITY (20CS54IT) DEC 2023

The steps in the Vulnerability Management Life Cycle are described below.
1. Discover: Inventory all assets across the network and identify host details including
operating system and open services to identify vulnerabilities. Develop a network baseline.
Identify security vulnerabilities on a regular automated schedule.
2. Prioritize Assets: Categorize assets into groups or business units, and assign a business
value to asset groups based on their criticality to your business operation.
3. Assess: Determine a baseline risk profile so you can eliminate risks based on asset criticality,
vulnerability threat, and asset classification.
4. Report: Measure the level of business risk associated with your assets according to your
security policies. Document a security plan, monitor suspicious activity, and describe known
vulnerabilities.
5. Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish
controls and demonstrate progress.
6. Verify: Verify that threats have been eliminated through follow-up audits.
Types of Vulnerabilities are
Types of vulnerabilities
1. Hardware Vulnerability: A hardware vulnerability is a weakness which can used to attack
the system hardware through physically or remotely. For examples:
o Old version of systems or devices
o Unprotected storage
o Unencrypted devices, etc.
2. Network Vulnerability A weakness happen in network which can be hardware or software.
For examples:
o Unprotected communication
 CYBER SECURITY (20CS54IT) DEC 2023

o Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)

o Misconfigured firewalls
3. Operating System Vulnerability
An operating system vulnerability is a loophole or flaw in your operating system that makes it
easier for cybercriminals to break in. An operating system is the main software that runs your
computer or device – common examples include Windows, MacOS, Android, and Linux
4.Application Vulnerability
Application vulnerabilities are weaknesses in an application that an attacker could exploit to
harm the security of the application. Vulnerabilities can be introduced into an application in
various ways, such as failures in the design, implementation, or configuration of an application.
5.Human Vulnerabilities
People represent one of the main weaknesses of cybersecurity. In fact, human vulnerabilities
can cause much more damage and be more costly than any of the other vulnerability types on
this list. Even though advanced hacking skills and powerful malware bolster the capabilities of
a cyber attacker, it is, in the end, humans that represent the only un-patchable risk in
cybersecurity. Ex: Social engineering. Defined as the art of gaining access to data, systems, or
buildings by exploiting human psychology.
6.Process Vulnerabilities
Process vulnerabilities are unique as they are created by specific process controls or the lack
of them. Process controls can look different depending on the industry of the organization. This
type of vulnerability is certainly the hardest to define. Ex: If an employee followed a process
in place which allowed them to create and use a weak password.

10b. What are DevOps? Explain its security challenges and its core principles. 10M
DevOps is a software development practice that emphasizes collaboration and
communication between development and operations teams. The goal of DevOps is to improve
the speed and reliability of software delivery, as well as to increase the efficiency and
responsiveness of the overall development process.
 DevOps security (DevSec Ops) is an approach to cyber security that focuses on
application development and development operations (DevOps). It combines three
phrases:
CYBER SECURITY (20CS54IT) DEC 2023

1. Development2.Operations3.Security

 The goal of DevOps security is to remove barriers between an organization’s

software development and its IT operations. Namely, it calls for speed and
intense, fast communication and collaboration. It is essentially a philosophy that
covers developers’ code and its subsequent need to work(and grow) properly with
the organization’s employees and customers.
 core of the DevOps security philosophy is continuous deployment. Development
and IT teams work closely and rapidly to add to and fix software. This means, for
example, adding new features and troubleshooting bugs so that they can be
continuously released in fast cycles without causing disruptions. It enable steams,
otheremployees,andcustomerstocontinueinteractingwithsoftwarewithoutinterrup
tion
Security challenges in DevOps include:

 Configuration management: ensuring the consistency and security of configurations

across multiple environments, from development to production.
 Continuous Integration and Continuous Deployment (CI/CD): securing the
pipeline and ensuring that only authorized changes are deployed to production.
 Infrastructure as Code (IaC): managing the security of infrastructure components
defined as code, such as cloud resources or containerized applications.
 Container security: securing the lifecycle of containers, from build to deployment
and runtime.
 Secrets management: securely storing and managing sensitive information, such as
passwords and access keys, in the DevOps environment.
 Compliance: ensuring that DevOps practices align with regulations and industry
standards, such as those related to data privacy and security
CYBER SECURITY (20CS54IT) DEC 2023

Understand the Core Principles and Patterns behind DevOps:

Collaboration
The key premise behind DevOps is collaboration. Development and operations
teams coalesce into
afunctionalteamthatcommunicates,sharesfeedback,andcollaboratesthroughouttheen
tiredevelopment and deployment cycle. Often, this means development and
operations teams merge into a single team that works across the entire application
life cycle.
Automation
An essential practice of DevOps is to automate as much of the software development
lifecycle as possible. This gives developers more time to write code and develop
new features. Automation is a key element of a CI/CD pipeline and helps to reduce
human errors and increase team productivity. With automated processes, teams
achieve continuous improvement with short iteration times, which allows them to
quickly respond to customer feedback.
Continuous Improvement
Continuous improvement was established as a staple of agile practices, as well as
lean manufacturing and Improvement. It’s the practice of focusing on
experimentation, minimizing waste, and optimizing for speed, cost, and ease of
delivery. Continuous improvement is also tied to continuous delivery, allowing
DevOps teams to continuously push updates that improve the efficiency of software
systems. The constant pipeline of new releases means teams consistently push code
changes that eliminate waste, improve development efficiency, and bring more
customer value.

Certified that the model answers prepared by me for code 20CS54IT are from the
prescribed text/webpages and model answers and scheme of valuation prepared my
me are correct.

[M G Rangaswamy]
Senior Grade Lecturer/CS, Gpt,Turuvekere
1. Who are hackers? Explain different types of hackers? Illustrate different hacking
methodology.
2. Elaborate the three dimensions of McCumber Cube.
3. How do you apply secure SDLC in each stage of software development?
4. Illustrate the importance of a). Hashing b). Digital Signature.
5. List and Explain different types of Malwares.
6. Illustrate the Vulnerability in different layer in OSI model.
7. Explain security principles – CIA and AAA.
8. What are the challenges in Cyber Security.
9. Write about different methods of infiltration.
10. Explain RSA algorithm. Using RSA solve p=5, q=11, key=27 , d=?
11. Elaborate Diffie-Hellman algorithm.
12. Euler Totient Function (100,256,165,16,72)
13. GCD of two numbers (256,145, 160, 70, 5, 11)
14. Explain Wireless security issues in Cellular network, Wi-Fi, LAN system, RFID
systems.
15. Explain the following Windows: a). Third Patch management b). Windows
Autopilot.
16. Explain Linux Hardening.
17. Explain SSH Hardening in Linux.
18. Explain Linux enhancements and infrastructure. OR Explain SE Linux & App Armor.
19. Explain Repositories in Linux. OR Explain Package Management in linux.
20. Illustrate linux operating system Vulnerability.
21. Explain Network Security Concepts a). Firewall b). IDS c). IPS.
22. What is IAST? Explain its advantages over SAST and DAST.
23. Explain the Software Development Life Cycle.
24. Illustrate static code analysis vs dynamci code analysis.
25. Explain RASP and Web application firewall(WAP).
26. What is threat modeling? Explain different threat modeling methodologies.
27. Explain different types of Cloud Models. Illustrate IaaS, SaaS and PaaS.
28. How Shared Responsibility Model is useful in Cloud Service. Explain it.
29. Explain Identity Access management(IAM) benefits.
30. Explain IAM best practices.
31. Explain security principles in Cloud.
32. Explain top 10 OWSAP issues in Web Applications. OR Explain issues in Web
Vulnerability.
33. Explain top 10 OWSAP issues in Mobile Applications. OR Explain top 10 OWSAP
in Mobile Vulnerability.
34. Explain issues in Cloud Services. OR Explain Cloud Vulnerabilities. OR
Explain Cloud misconfigurations.
35. Define Incident management. Explain the procedure followed during Incident
management and different states briefly
36. Explain Patch management that takes place during the software fixes.
37. Explain Vulnerability life cycle. Elaborate the types of vulnerabilities.
38. Explain GRC in an company and its benefits.
39. Explain ERM and types of risk faced by enterprise.
40. Explain DevOps and Security Challenges.
41. Elaborate Core Principles and Patterns of DevOps.
42. Explain CI/CD in DevOps.
43. How IT services are managed using ITIL Process. Explain it.
44. Explain how data is protected in cloud using Secrets Management.
45. Explain Android Mobile OS architecture vs iOS Mobile OS.
46. Explain SIEM.
47. Give two KRI examples each for the following domains: a). Patch Management
b). Anti-virus management c). Change Management
48. Design a sample cyber security dashboard for reporting to top management.
49. Explain docker and docker files.
50. Define Metrics. Explain type of Metrics. OR Explain Security Metrics from
OWASP.
1) How to write a useful Project status report? Document the need of Project status report.
2) What is an Integrated Development Environment and why do we need it?
3) Why do you need Threat Traceability Matrix? Describe how to create a traceability matrix.
4) How do you identify software dependencies? Outline the software dependency relations.
5) Draw the Data Flow Diagram for the College Library Website.
6) Create a Threat Model for a social media Web Application at Design Time
7) What is the need of Dynamic File analysis?
8) Describe Stages and life cycle of incident management
9) How threat Modelling helps in application security?
10) Describe different types of application security controls?
11) Describe functional and non functional security requirements. List out the areas to be
covered while providing security requirements for an application.
12) Identify the elements to be considered while preparing risk profile for an application. What
is included in a risk profile? Mention the Steps to perform a project risk assessment.
13) What is the need of static code analysis; explain any two static code analysis tools.
14) Describe the advantages and disadvantages of the Agile software Development Model
15) How does a secure SDLC work?
 Week-8 Question bank
1) Explain how vulnerability assessment different from penetration testing.
2) Explain types and benefits of penetration testing.
3) Describe ethics and goals of penetration testing.
4) Demonstrate Att@ck matrix with its different key points.
5) Describe how to use different HTTP methods.
6) Explain HTTP request and response phases in communication concept.
7) Explain how cookies are different than sessions.
8) How do you find vulnerability in your web application? What are the web common
vulnerabilities?
9) How do you find vulnerability in your cloud based web application? What are the common
vulnerabilities?
10) Demonstrate how to use Shodan for open source intelligence.
11) Demonstrate how to use Google dorking for open source intelligence.
12) Explain subdomain enumerations and asset monitoring.
 Week-9 Question bank
1) Describe Mobile Application Security Testing with different types of mobile applications.
2) Explain android mobile OS with its features?
3) Explain how IoS mobile security architecture works.
4) Demonstrate Analyzing Android Application Certificates and Signatures with different
schemes.
5) Describe how to Analyze the Android Manifest file.
6) Explain OWASP Mobile Security Top 10 and its Preventive Measures.
7) Explain Mobile Security Exploitation in the following cases:
 Exploiting Insecure Data Storage
 Exploiting Insecure Cryptographic Implementations
 Exploiting Data Leakage Vulnerabilities
 Week-6 Question bank
1) Describe ASVS in application security along with different levels.
2) Explain SAST in application security with example.
3) Explain DAST in application security with example.
4) What is IAST? Describe advantages of IAST on SAST and DAST.
5) What is manual penetration testing? Explain its types.
6) What is RASP? Explain benefits of RASP?
7) Demonstrate web application firewall along with tool.
8) Elaborate on Standard Operating Procedure for Operations.
9) Explain Secure Provisioning, deployment and decommissioning
10) Introduce and explain OWASP SAMM – to attain software assurance maturity.
11) Define Metrics, Type of Metrics (Operations, Efficiency, Quality etc). Example
Application Security Metrics from OWASP.