REG.NO.

SCHOOL OF COMPUTER SCIENCE & ENGG

Digital Assignment SLOT: B2
WINTER SEMESTER 2024-2025
---------------------------------------------------------------------------------------------------------------------------------------
Programme Name & Branch : BTech –
Course Code and Course Name : Information Security-BCSE317L
Class Number(s) : VL2024250506629
Due date :05/04/2025
: Maximum Marks: 10
General instruction(s): Answer All Questions
Hand written Notebook

1. a) A company’s HR department receives an email from what appears to be

a trusted job recruitment agency. The email contains an attachment labelled
"Candidate Resume.zip", which some employees download and open. Shortly
after, multiple systems start experiencing slow performance, and unauthorized
transactions are noticed in financial records.

Question: What type of cyber threat is this? How should the company respond
to prevent further damage, and what security awareness measures can be
implemented? (5 Marks)

b) What are the different types of malicious code, and how do they impact
computer systems and networks? Provide examples of real-world incidents
involving malicious code attacks. (5 Marks)

2. A multinational corporation allows employees to access internal resources

remotely. To enhance security, the IT team implements multi-factor
authentication (MFA) using a combination of passwords and one-time
passcodes (OTPs) sent via email. However, several employees report that their
accounts are being accessed by unauthorized users despite enabling MFA.
Question:
What potential weaknesses exist in this authentication setup? How can the
organization improve its authentication protocol to prevent unauthorized
access?(10 Marks)

Page 1 of 2
 REG.NO.:

SCHOOL OF COMPUTER SCIENCE & ENGG

Digital Assignment SLOT: B2
WINTER SEMESTER 2024-2025
---------------------------------------------------------------------------------------------------------------------------------------

3. A company's server hosts confidential project files. Employees log in using

individual accounts to access required documents. However, an IT security
audit finds that some employees have accessed files outside their job roles,
and unauthorized users have attempted to modify critical system files.
Question:
How can a Reference Monitor help ensure secure access control in the
operating system? Explain its role in enforcing security policies and draw a
diagram illustrating how it interacts with users, system resources, and access
control mechanisms.(10 Marks)

4. A financial institution is experiencing frequent security threats, including

unauthorized access and phishing attacks. The IT team decides to implement a
firewall but is unsure which type to choose.
Question:
Explain the role of a firewall in network security and describe different types
such as Packet Filtering, Stateful Inspection, Proxy Firewall, and Next-
Generation Firewall. Recommend the most suitable firewall for this scenario
with justification and draw a diagram.(10 Marks)

5. A university portal allows students to check their grades by entering their

student ID on a web page. However, a student discovers that by entering special
characters and SQL commands, they can view other students' grades as well.
Question:
What type of attack is this? Explain how SQL Injection works and suggest
security measures to prevent it. Draw a diagram to illustrate the attack
process.(10Marks)

Page 2 of 2