CW3551-DATA AND INFORMATION SECURITY

UNIT I - INRODUCTION

TWO MARKS

1) How shall you interpret Information Security?

2) Name he multiple layers of security that a successful organization should have in its place to

Protect its operations.

3) Define Information Security.

4) List the characteristics of CIA triangle.

5) Give the critical characteristics of Information.

6) Discuss the bottom up approach and top down approach.

7) Differentiate direct and indirect attacks.

8) Give a short note on E-mail spoofing.

9) What are the measures required to protect confidentiality of information?

10) Show with the help of a diagram about the components of information Security

11) How shall you design the computer as the subject and object of the attack?

12) Assess the importance of a C.I.A triangle

13) Create a diagram for Information Security Implementation.

14) State the responsibilities of Data Owners, Data custodians and Data users.

15) Examine if the C.I.A. triangle is incomplete, why is it so commonly used in security?

16) Describe a Security Team in an organization. Should the approach to security be technical or

Managerial?

17) What is the use of methodology in the implementation of Information Security?

18) Compare Vulnerability and Exposure

19) Classify the three components of the C.I.A Triangle. What are they used for?

20) Information Security is which of the following: An Art or Science or both? Justify your
Answer.

BIG QUESTIONS

1) Evaluate who decides how and when data in an organization will be used or controlled? Who

is responsible for seeing that these wishes are carried out?

2) Generalize which members of an organization are involved in the security system

Development life cycle? Who leads the process?

3) Formulate any methodology, why it important in the implementation of information security?

How does a methodology improve the process?

4) Assess the importance of infrastructure protection (assuring the security of utility services)

And how that is related to the enhancement of information security?

5) Discuss the steps common to both the systems development life cycle and the security

Systems life cycle.

6) Analyze the critical characteristics of information. How are they used in the study of computer

Security?

7) i).Infer about Information Security Project Team.

ii) Analyze the methodology important in the implementation of information security? How

Does a methodology improve the process?

8) What are the six components of an information system? Which are most directly affected by

The study of computer security?

9) i)Illustrate the different types of instruction set architecture in detail.

ii) Examine the basic instruction types with examples

10) Describe the Security Systems Development Life Cycle.

11) i)Compose the roles of Information Security Project Team.

ii) Design the steps unique to the security systems development life cycle in all the phases of

SSDLC model.

12) Illustrate briefly about SDLC waterfall methodology and its relation in respect to information

Security.

13) Evaluate the various components of Information Security that a successful organization must

Have.

14) i)List the various components of an information system and tell about them.

ii) List the history of Information Security.

15) i).What is NSTISSC Security Model?

ii).Describe in detail about the top down approach and the bottom up approach with the help

of a diagram.

UNIT II – SECURITY INVESTIGATION

TWO MARKS

1) Show with the help of points the 4 important functions for an organization based on the

Information security

2) Analyze the assets in the organization that requires protection.

3) Construct with the help of a table any 4 threats with its examples.

4) Examine the meaning of the sentence “data in motion and data at rest”.

5) What is meant by the term “Information Extortion”?

6) Give the definition of software piracy.

7) Illustrate the technical mechanisms that have been used to enforce copyright laws.

8) Analyze the major differences between a Threat and an Attack.

9) Express the logic behind using a licence agreement window and the use of online registration

Process to combat piracy

10) Discuss about malware.

11) Name the most common methods of virus transmission.

12) Formulate which management groups are responsible for implementing information security

to protect the organization’s ability to function.

13) Evaluate the measures that individuals can take to protect themselves from shoulder surfing

14) Define the meaning of the term ‘Electronic Theft’.

15) Express about the password attacks.

16) State the various types of malware? How do worms differ from viruses? Do Trojan horses

Carry viruses or worms?

17) Interpret the following terms: Macro Virus & Boot Virus

18) Analyze about commonplace security principles.

19) List any five attacks that is used against controlled systems.

20) What is the difference between a denial-of-service attack and a distributed denial-of-service

Attack? Which is more dangerous? Why?

BIG QUESTIONS

1) How has the perception of the hacker changed over recent years? Compose the profile of a

Hacker today.

2) Evaluate which management groups are responsible for implementing information security to

Protect the organization’s ability to function?

3) Summarize how does technological obsolescence constitute a threat to information security?

How can an organization protect against it?

4) Generalize how the intellectual property owned by an organization usually have value? If so,

How can attackers threaten that value?

5) Illustrate which management groups are responsible for implementing information security to

Protect the organization’s ability to function.

6) Point out why data the most important asset an organization possesses? What other assets in

The organization requires protection?

7) Analyze whether information security a management problem? What can management do that

Technology cannot?

8) How will you develop management groups that are responsible for implementing information

Security to protect the organization’s ability to function ?

9) Illustrate the methods does a social engineering hacker use to gain information about a user’s

Login id and password? How would this method differ if it were targeted towards an

Administrator’s assistant versus a data-entry clerk?

10) i) State the types of password attacks.

ii) Tell the three ways in which an authorization can be handled.

11) i)List the Computer Security Hybrid Policies.

ii) Describe the types of Computer Security.

12) i)Explain Integrity Policies.

ii) Assess the Secure Software Development.

UNIT III – DIGITAL SIGNATURE AND AUTHENTICATION

TWO MARKS

1) List the properties of digital signature

2) Explain the types of attacks.

3) List the forgeries done by attacker to break the break the digital signature

4) What is meant by primitive root?

5) Given two integers A=3 and M=11, identify the modular multiplicative inverse of A under

Modulo M.

6) Identify the primitive roots of a prime number q=7.

7) Compare RSA approach and DSA approach.

8) Explain Kerberos TGS.

9) List the characteristics of user certificate generated by CA.

10) Explain different authentication mechanisms.

11) Discuss the three threats that may occur in a workstation.

12) List the requirements for Kerberos.

13) Explain the Key distribution center.

14) Explain the principles of Kerberos.

15) List the requirements that are not satisfied by version 2 of X.509 certificate.

16) List the categories of certificate extensions.

BIG QUESTIONS

1) Explain Elgamal Digital Encryption Scheme.

2) Explain NIST Digital Signature Algorithm.

3) Explain Elliptic curve Digital Signature Algorithm.

4) Explain Schnorr Digital Encryption Scheme.

5) Outline RSA-PSS Digital signature algorithm.

6) Outline the working of X.509 certificate along with its format.

7) Explain briefly about Kerberos.

8) Explain the categories of certificate extensions in X.509 certificates.

UNIT IV EMAIL AND IP SECURITY

TWO MARKS

1) Discuss about the purpose of padding field in ESP.

2) Explain the usage of Mail Submission Agent.

3) Explain “must” and “should” terminology in S/MIME.

4) List the IPSec services.

5) Explain the usage of usage of Message Transfer Agent.

6) Describe replay attack.

7) Explain the advantages of using Authentication header?

8) Explain the applications of IPV6.

9) What is POP3?

10) Explain the two additional fields in payload of ESP.

11) List the IPSec services.

12) What is PGP?

13) Explain the steps for preparing signed Data.

BIG QUESTIONS

1) Explain S/MIME operational descriptions, message content types and enhanced security

Services.

2) Explain AH protocol with its format and modes.

3) Illustrate email architecture and explain its protocols.

4) Explain the various IPSec components with a neat architecture diagram. Also explain the
IPSec modes.

5) Explain all the fields in Authentication Header with its two modes.

6) Illustrate the ESP along with its modes.

UNIT V WEB SECURITY

TWO MARKS

1) Compare Passive and Active web security attacks.

2) List the parameters of connection state in TLS.

3) List the parameters of session state in TLS.

4) Explain SET protocol.

5) Discuss how the TLSV1.3 differs from its previous version?

6) Compare TLS connection and TLS Session.

7) Explain change cipher spec protocol.

8) Explain the ways of classifying web security threats

9) Explain S-HTTP.

10) Explain the use of Heartbeat protocol.

11) What is chosen-plaintext attack?

12) Explain 2012 CRIME.

13) List any 5 alert messages.

14) Explain the purpose of alert protocol.

15) Outline the final step of TLS Record protocol.

BIG QUESTIONS

1) Explain the following protocols

i) TLS record protocol

ii) Heartbeat protocol

2) i) Explain the secure socket layer and working of SSL protocol.

ii) Explain the categories of web security threats that affects the integrity, authenticity,

Confidentiality and availability and explain its consequences and countermeasures.

3) Outline Transport level security architecture and explain its protocols.

4) Explain the protocols for securing internet communication, email and web transactions.

5) Explain the working of Handshake protocol.

6) You are developing a mobile application where users can chat securely with one another. The

Application will send messages over the internet, and you want to ensure that these messages
remain

Private and unaltered during transit. Describe how you would apply Transport Level Security
(TLS) in

Your application to protect the messages. Discuss how the two layers of protocols in TLS
architecture

Would participate in establishing and maintaining this secure communication.