Reg.

No:

Question Paper Code:

Sona College of Technology, Salem -5.

(Autonomous)
Advanced Diploma / Certificate Examinations – Feb – 2023
First Semester
Course code/Name: __________________________
Department:_____________
(Regulation – 2022)

Time: 3 Hours Maximum Mark: 100

PART – A (10 x 2 = 20 Marks)

Mark

1. What is VPN? How it is useful in securing critical infrastructure? 2

Which operating system has full control over the security paradigm? Justify your
2. 2
answer with suitable examples.
3. Why risk management is recommended in organization? 2
4. How will you define the security of an application? Discuss its types. 2
5. Is there any difference lies between a threat and an attack? Justify your answer. 2
6. Discuss about any one security service standard. 2
7. Compare authentication and authorization process with a simple example. 2
8. List out the factors that influences the cost of a data breach 2
Provide a use case of your choice where security tokens, cards and certificates
9. 2
can be used.
10. What are the types of access control techniques? Provide an example for each. 2

Answer ALL questions

PART – B (5 x 16 = 80 Marks)
 Long answer type questions
 Questions shall be asked within the syllabus content.
 Avoid taking all questions only from the first/last half of the unit.
 Except for Analytical /Problematical courses all the questions should have
subdivisions
 Subdivisions shall have the weightage of 7/8/9 marks.
Mark

11. (a) (i) Explain any 4 Knowledge Areas (KA) that are followed in industry to
8
avoid security compromises.
(ii) Draw the network security model and discuss about its components. 8
(OR)
(b) (i) Discuss about CIA triad and elaborate how it is used in securing the
8
data of an organization.
(ii) Explain the types of attacks and its mitigation strategies. 8

1
12. (a) (i) Clipkart is a popular online shopping company that would like to
extend its service across India. The company is planning to develop
an online platform and looking for developers. Assume yourself as a 8
security expert and provide the security considerations required for
building the application.
(ii) Prepare a mitigation plan for the above scenario and discuss its
8
merits.
(OR)
(b) (i) ABC is a e - newspaper company that would like to invest in an
offline software that can be used to prepare its e-content. Assume
yourself as a security expert and provide the security considerations 8
required for building the offline application.
[NOTE: Consider Linux & Windows as the preferred OS]
(ii) Prepare a risk management plan for the above scenario and discuss its
8
merits.

13. (a) (i) Explain the process of audit in terms of security and list out its
8
outcomes
(ii) Elaborate the types of smart cards and provide a suitable example
8
where smart card outperforms other mechanisms.
(OR)
(b) (i) Explain the best practices that are recommended in the view of
8
passwords and list out its drawback over PIN
(ii) Elaborate the necessity of certificates in the online applications. 8

14. (a) (i) What is CER and how it is calculated? Discuss about the errors and
8
its influence in the overall efficiency of the system.
(ii) Elucidate the difference between the types of access control. 8
(OR)
(b) (i) Explain the concept of firewall and how it protects the information
8
with a suitable example of your choice.
(ii) Elaborate the necessity of security policies and its impact. 8

15. (a) (i) Does OS have impact on the Security considerations of an

8
application? Justify your answer with a suitable use case.
(ii) Who is SAM? What are the responsibilities of SAM? 8
(OR)
(b) (i) What is a privilege ring? List out the level of privilege and its
8
significance.
(ii) Explain the procedure of making UAC and its impacts in the security
8
requirement.

**********************************