2 MARKS

1. What is CIA triad? Explain its significance.

Answer: The CIA triad stands for Confidentiality, Integrity, and Availability. It is fundamental
to information security, ensuring data is private, accurate, and accessible to authorized
users.

2. What are the primary categories of security attacks?

Answer: The two main categories are Passive Attacks (e.g., eavesdropping) and Active
Attacks (e.g., modification, denial of service).

3. What is the difference between mono-alphabetic cipher and poly-alphabetic cipher?

Answer: Mono-alphabetic ciphers use a single substitution pattern, while poly-alphabetic

ciphers use multiple patterns, making them harder to break.

4. Differentiate between keyed and keyless transposition ciphers.

Answer: Keyed transposition uses a key for rearrangement, while keyless transposition
follows a fixed pattern without using a key.

5. List the various AES parameters.

Answer: AES parameters include block size (128 bits), key sizes (128, 192, or 256 bits), and
rounds (10, 12, or 14) depending on the key length.
6. What are the differences between RC5 and RSA?

Answer: RC5 is a symmetric key algorithm for fast encryption, while RSA is an asymmetric
key algorithm for secure data transmission.

7. What is the main purpose of HMAC in cryptography?

Answer: HMAC (Hash-Based Message Authentication Code) provides data integrity and
authenticity by combining a hash function with a secret key.

8. What is the main function of Kerberos and digital certificate?

Answer: Kerberos provides network authentication services, while digital certificates are
used for identity verification in secure communications.

9. What are the phases in the lifecycle of a virus?

Answer: The lifecycle includes dormant, propagation, triggering, and execution phases.

10. What is the difference between worm and a virus in terms of activation and
propagation?

Answer: A worm self-replicates without host programs, while a virus requires a host to
propagate and activate.

11. What is a backdoor?

Answer: A backdoor is a hidden method that bypasses normal authentication to access a

system or network.
12. What is the primary purpose of a rootkit?

Answer: Rootkits enable stealthy control over a system by hiding malicious activities from
the operating system.

13. What is a primary feature of a VPN in transport level security?

Answer: A VPN provides data encryption and secure tunnels, ensuring safe data transfer
over public networks.

14. Why is web security essential for online communication?

Answer: Web security prevents unauthorized access, ensuring data privacy, integrity, and
trust in online communications.

15. How does HTTPS ensure secure communication?

Answer: HTTPS uses SSL/TLS protocols to encrypt data, ensuring that information
exchanged remains confidential.

16. Which cryptographic methods are used by S/MIME to ensure confidentiality of emails?

Answer: S/MIME uses public key encryption for confidentiality and digital signatures for
authentication.
17. What are the security levels in SNMP?

Answer: SNMP security levels include noAuthNoPriv (no authentication or encryption),

authNoPriv (authentication only), and authPriv (authentication with encryption).

18. What are principal elements in NAC?

Answer: The principal elements in NAC are authentication, authorization, and compliance
for controlling network access.

19. How does IEEE 802.1X support NAC enforcement?

Answer: IEEE 802.1X authenticates devices before they access the network, helping to
enforce network access control.

20. What are the steps required to implement NAC?

Answer: Steps include defining policies, installing NAC solutions, integrating

authentication, and continuous monitoring for compliance.

21. Explain statistical anomaly-based IDS.

Answer: This type of IDS detects intrusions by identifying deviations from a statistical
baseline of normal network activity.

22. List various firewall design principles.

Answer: Firewall design principles include packet filtering, proxy services, stateful
inspection, and access control policies.
23. How does the service control characteristic of a firewall facilitate site's access
management and security policy implementation?

Answer: Service control filters traffic based on services, enforcing security policies by
allowing only permitted services to pass.

24. How does a packet filtering firewall work?

Answer: A packet filtering firewall inspects packets against a set of rules and blocks or
allows traffic based on source, destination, and protocol.

3 MARKS

Here are more detailed answers, each suitable for a three-mark question:

1. How would you apply the CIA triad to secure a university’s student information
system?

Answer: Applying the CIA triad to a university’s student information system involves:

Confidentiality: Encrypt student records and use role-based access control, so only
authorized personnel can view sensitive data.

Integrity: Implement checksums and digital signatures to ensure that records are not
altered without authorization. Regular data audits can also detect any unauthorized
changes.

Availability: Ensure the system is always accessible to students and staff by maintaining
redundant servers, regular backups, and implementing measures to prevent DoS attacks.
 2. How do different security mechanisms help mitigate security threats?

Answer: Security mechanisms mitigate threats in various ways:

Firewalls control network traffic by blocking unauthorized access based on security rules,
thus preventing external attacks.

Encryption protects data confidentiality in storage and transit, making data unreadable
without the proper decryption keys.

Intrusion Detection Systems (IDS) and antivirus software monitor for suspicious behavior,
detect malware, and mitigate potential security breaches.

3. Compare the Playfair cipher with the Vigenère cipher in terms of complexity and
security.

Answer: The Playfair cipher encrypts messages using digraphs (pairs of letters), making it
harder to decipher than mono-alphabetic ciphers but still vulnerable to pattern-based
attacks. In contrast, the Vigenère cipher is polyalphabetic, making it more secure against
frequency analysis because each letter can map to multiple letters, depending on the key.
However, the Vigenère cipher can still be broken with advanced frequency analysis, while
Playfair’s digraph structure adds a modest complexity layer.
 4. Analyze the advantages and limitations of steganography as a security technique
compared to traditional encryption methods.

Answer: Steganography hides the existence of communication, providing privacy through

concealment rather than encryption, which can attract attention. Its advantages include
reduced suspicion and ability to bypass some security filters. However, steganography
lacks the robust confidentiality and integrity checks of encryption, making it more
susceptible to detection if suspected. Unlike encryption, steganography does not secure
data if detected, making it less reliable in high-security scenarios.

5. How would you apply the Cipher Block Chaining (CBC) mode of operation to encrypt
a plaintext message using the Data Encryption Standard (DES)?

Answer: In CBC mode, each plaintext block is XORed with the previous ciphertext block
before encryption. To apply CBC with DES:

Start by initializing the process with an Initialization Vector (IV) for the first block to
randomize output.

Encrypt the resulting block using DES, then use the output as the “chaining” input for the
next block.

Repeat this for each plaintext block to ensure that identical blocks result in different
ciphertext, enhancing security by introducing dependence on prior blocks.

6. How does the strength of the RSA algorithm depend on the choice of prime numbers
used in key generation?

Answer: RSA’s security is based on the difficulty of factoring large prime products. Using
large, randomly generated prime numbers makes it computationally infeasible to derive the
private key from the public key, as no efficient method for factoring exists for such
numbers. Small or predictable primes weaken security, as they are easier to factor. Hence,
choosing large, distinct primes that are not close in value strengthens RSA, making it
resistant to brute-force and factorization attacks.
 7. Compare the security and performance of SHA-256 and SHA-512.

Answer: SHA-512 provides stronger security due to its larger bit size (512 bits vs. 256 bits in
SHA-256), making it more resistant to collision and brute-force attacks. However, SHA-512
is slower and more computationally intensive, which can impact performance, especially
on devices with limited processing power. SHA-256 offers a good balance of security and
efficiency, widely used for general applications, while SHA-512 is favored in contexts
demanding higher security.

8. Analyze the strengths and weaknesses of the Kerberos protocol in terms of security
and usability.

Answer: Kerberos provides strong authentication and encryption based on symmetric key
cryptography, preventing unauthorized access. Its ticket-granting mechanism allows
secure and efficient repeated access to services without reauthentication. However,
Kerberos requires time-synchronization across systems and has complex management
requirements. If a central key distribution server (KDC) is compromised, the entire system
is at risk, and its dependency on passwords for initial access can be a vulnerability if
passwords are weak.

9. How would you differentiate between a virus, worm, and Trojan horse based on their
behaviors and infection mechanisms?

Answer: A virus requires a host file and spreads when the infected file is executed,
modifying legitimate programs. A worm is self-replicating, spreading across networks
without needing a host, often leading to network slowdowns. A Trojan horse disguises itself
as legitimate software but contains malicious code, allowing unauthorized access. Unlike
viruses and worms, Trojans do not replicate automatically but rely on user action for
activation.
 10. Analyze the methods used by attack agents to steal sensitive information from a
victim’s system.

Answer: Attack agents use various methods to steal information, such as:

Keyloggers to capture keystrokes and obtain sensitive data like passwords.

Phishing attacks trick users into revealing credentials or installing malware.

Spyware monitors user activity and transmits data without permission. Rootkits hide
malware presence, allowing persistent access, while packet sniffers intercept data in
transit, exposing sensitive information like login details.

11. How can keyloggers and trapdoors be used in combination to compromise system
security?

Answer: Keyloggers and trapdoors together pose a significant threat. Keyloggers capture
user credentials and sensitive data, which attackers can exploit to gain unauthorized
access. Trapdoors are hidden code that bypasses normal authentication, allowing
attackers to install keyloggers or other malware without detection. Once inside, attackers
can escalate access and exfiltrate data, maintaining control with minimal user awareness.

12. Explain how a computer can become a “zombie” in a botnet used for Distributed
Denial of Service (DDoS) attacks.

Answer: A computer becomes a “zombie” when malware (like a Trojan or worm) infects it,
allowing remote attackers to control it without the user’s knowledge. Attackers group these
infected machines into a botnet and command them to simultaneously send traffic to a
target system, overwhelming it and causing a DDoS attack. The sheer volume of requests
from thousands of zombie computers exhausts the target’s resources, making it
inaccessible to legitimate users.
 13. Analyze the differences between AH (Authentication Header) and ESP
(Encapsulating Security Payload) in IPSec.

Answer: AH provides data integrity and authentication of the entire IP packet, excluding
certain mutable fields. It does not provide encryption, so it cannot protect data
confidentiality. ESP, on the other hand, offers data encryption, integrity, and optional
authentication, making it suitable for securing data privacy in addition to integrity. ESP is
often used over AH when both encryption and integrity are required for secure
communications.

14. Evaluate the growing importance of VPNs in ensuring security in an era of

widespread remote work and mobile access.

Answer: VPNs have become essential as they create secure, encrypted tunnels over the
internet, protecting data from interception in remote and mobile work settings. VPNs mask
IP addresses, help maintain privacy, and enforce access control, allowing organizations to
securely extend their networks. However, VPN reliance has also highlighted issues like
performance degradation, potential vulnerabilities in VPN infrastructure, and challenges
with scaling for large, distributed workforces.

15. How can an SSL certificate be used in ensuring secure browsing?

Answer: SSL certificates enable secure, encrypted connections between users’ browsers
and websites, protecting data from eavesdropping. They verify a website’s authenticity by
binding the certificate to the organization’s public key, preventing impersonation. When a
browser detects a valid SSL certificate, it displays a padlock icon or HTTPS, indicating a
secure session, reassuring users and protecting sensitive information, such as login
credentials and payment details.
 16. Analyze the role of digital certificates in S/MIME for ensuring the authenticity and
confidentiality of email messages.

Answer: In S/MIME, digital certificates provide authentication by verifying sender identity,

ensuring recipients know the sender’s legitimacy. They also enable encryption using public
key cryptography, protecting the email content from unauthorized access. Recipients can
decrypt messages only with the sender’s public key, achieving confidentiality. This dual use
of certificates strengthens security by verifying sender identity and protecting sensitive
message content from interception.

17. How does SNMPv3 improve upon earlier versions of SNMP (v1 and v2) in terms of
security?

Answer: SNMPv3 significantly enhances security by introducing authentication and

encryption. Unlike SNMPv1 and v2, which transmit data in plaintext, SNMPv3 supports
secure user-based authentication and data encryption, protecting against unauthorized
access and eavesdropping. It also provides message integrity, which verifies that messages
have not been altered in transit, making SNMPv3 far more suitable for secure network
management.

18. How do the principal elements of NAC contribute to identifying and mitigating
potential security threats posed by endpoints?

Answer: The principal elements of NAC (Network Access Control)—authentication,

authorization, and compliance—are essential for managing endpoint security.
Authentication ensures that only verified users and devices access the network, reducing
unauthorized access risk. Authorization assigns permissions based on user roles, limiting
access to sensitive resources. Compliance checks that endpoints meet security policies,
such as up-to-date antivirus and patches, identifying and isolating devices with
vulnerabilities before they can pose a threat.
 19. Analyze the differences between the main NAC enforcement methods.

Answer: NAC enforcement methods include pre-admission, post-admission, and agent-

based/agentless approaches. Pre-admission enforcement checks endpoint compliance
before granting network access, effectively blocking untrusted devices. Post-admission
enforcement allows initial access but continuously monitors for compliance violations.
Agent-based methods use software on endpoints for deep compliance checks, while
agentless solutions use network-based scans, which are easier to deploy but less
comprehensive.

20. How would you implement Network Access Control (NAC) to manage and secure
employee-owned devices in a Bring Your Own Device (BYOD) environment?

Answer: Implementing NAC in BYOD involves setting policies for personal devices. First,
enforce pre-admission checks to confirm that devices have updated security software.
Next, segment network access, limiting BYOD devices to specific zones, reducing risk to
sensitive resources. Additionally, monitor devices post-admission for policy adherence.
Lastly, use agentless solutions to accommodate a range of device types without requiring
additional software installation on employee devices.

21. Explain the various approaches that are used for intrusion detection.

Answer: Intrusion detection methods include signature-based, anomaly-based, and hybrid

approaches. Signature-based detection matches patterns against known attack
signatures, effective for known threats but weak against new ones. Anomaly-based
detection builds a baseline of normal behavior and flags deviations, useful for identifying
unknown threats. Hybrid approaches combine both methods to improve detection
accuracy, balancing the strengths of signature and anomaly detection for comprehensive
threat coverage.
 22. What challenges might arise from poorly designed rules using Access and Deny?

Answer: Poorly designed access and deny rules can lead to security gaps if unauthorized
access is inadvertently permitted. They may also result in overly restrictive policies,
blocking legitimate traffic and disrupting operations. Complex or conflicting rules increase
the risk of configuration errors, making management difficult and potentially allowing
malicious actors to bypass security. Proper rule design requires clear policy objectives and
testing to balance security with usability.

23. Analyze the characteristics of a firewall that operates at different layers of the OSI
model.

Answer: Firewalls operating at different OSI layers offer various security capabilities.
Network layer firewalls (Layer 3) control IP addresses and ports, providing basic filtering.
Transport layer firewalls (Layer 4) add control over protocols like TCP and UDP, enhancing
filtering accuracy. Application layer firewalls (Layer 7) inspect traffic content for specific
application data, detecting threats within applications like HTTP or SMTP, making them
effective against application-specific attacks.

24. Evaluate the significance of application layer firewalls in protecting against

application-specific threats.

Answer: Application layer firewalls are crucial for defending against threats targeting
applications, such as SQL injection and cross-site scripting (XSS), by examining the
content within data packets. Unlike lower-layer firewalls, they understand application
protocols, providing precise filtering and blocking malicious requests. However, they can
introduce latency and require significant processing power, which may impact
performance, particularly in high-traffic environments. Their advanced protection justifies
these trade-offs in sensitive applications.