CYBER SECURITY (20CS54IT) DEC 2023

V semester Diploma Examination-Dec-2023

CYBER SECURITY 20CS54IT
Scheme of Valuation
Q. No Description of Questions Marks
Allotment
1a Definition of Cyber Security 2 marks
CIA Principles 4 marks
AAA Principles 4 marks
1b Definition and Listing 2+3 marks
Explaining any five malwares 1*5=5 marks
2a Purpose of Defense in depth and explaining four layers 2+ 2*4= 10
marks
2b Brief explanation or definition i) DOS and DDOS Attack 5 marks
ii) ON Path Attack 5 marks
3a Steps of RSA algorithm 5 marks
Solving problem 5 marks
3b Analyze and identification the need for Digital Signature. 2 Marks
Explanation the working concept of Digital Signature. 8 Marks

4a Purpose of PKI 2 Marks

Explaining Components of PKI 8 Marks
4b Solving totient functions 5 marks
Finding GCD 5 Marks
5a Explanation of Firewall 5 marks
Explanation of IDS 5 marks
5b Explaining all Phases of Microsoft SDL 10 marks
6a Third party patch management 5 marks
Bit locker drive Encryption 5 marks
6b Top 10 common web vulnerabilities 1 * 10= 10
Marks
7a Listing 1 marks
Explaining 3 Models 3*3 = 9 marks
7b Need of IAM 5 marks
Any 5 IAM best practices 5 marks
8a Listing 3 marks
Explaining 7 HTTP methods 1 * 7= 7
Marks
8b Diagram 4 Marks
Explanation 6 Marks
9a Any Four Objectives 4 marks
Life Cycle with diagram 6 marks
9b Definition 1 marks
Explanation of Risk Management 4 marks
Types of Risk 5 marks
10a Life cycle of vulnerability management 5 marks
Types of vulnerability 5 marks
 CYBER SECURITY (20CS54IT) DEC 2023

10b DevOps definition and Explanation 2 + 8 marks

Model Answers

NOTE: All model answers are general specific to subject, if any answers are relevant,
please give marks.

SECTION-1

1a. Define cyber security. Explain CIA and AAA security principles. 10M

Cyber Security is process or technique to protect internet connected systems

such as computer system, mobile devices, electronic systems, network, data from malicious
activity is known as Cyber Security.

Security principles

CIA (Confidentiality, Integrity, Availability)

The basic tenets of information security are confidentiality, integrity and availability.

1. Confidentiality:

The purpose of the confidentiality is to ensure that only those authorized users are allowed to
view or access the information. The purpose of the confidentiality is to avoid the
unauthorized person/ user. Confidentiality is achieved through Encryption.

2. Integrity:

The assurance that the data received are exactly same as sent by the authorized user. i.e. the
data contains no modification, no insertion, no deletion etc. Integrity is achieved by using
Hash code or Checksum.

3. Availability: This principle makes the information to be available and useful for its
authorized people always. It ensures that these accesses are not hindered by system
malfunction or cyber- attacks.

AAA(Authentication, Authorization, Accounting)

1.Authentication

The process by which it can be identified that the user, which wants to access the
network resources, valid or not by asking some credentials such as username and password.
 CYBER SECURITY (20CS54IT) DEC 2023

2. Authorization:

Once the authentication is successfully done, authorization can be used to determine which
resources are the user is allowed to access and what operations they can be performed.

3.Accounting

It provides means of monitoring and capturing the events done by the user while
accessing the network resources. It even monitors how long the user has access to the
network. The administrator can create an accounting method list to specify what should be
accounted for and to whom the accounting records should be sent.

1b. What is malware? List and explain any five types of malwares. 10M

Malware, or malicious software, is any program or file that is intentionally harmful to

a computer, network or server. Malware can infect networks and devices and is designed to
harm those devices, networks and/or their users in some way.

The following are the list of malwares: -

1. Spyware

2. Adware

3. Backdoor

4. Ransomware

5. Scareware

6. Rootkit

7. Virus

8. Trojan horse

9. Worm

● A virus is the most common type of malware that can execute itself and spread by
infecting other programs or files.
● A worm can self-replicate without a host program and typically spreads without any
interaction from the malware authors.
 CYBER SECURITY (20CS54IT) DEC 2023

● A Trojan horse is designed to appear as a legitimate software program to gain access to

a system. Once activated following installation, Trojans can execute their malicious
functions.
● Spyware collects information and data on the device and user, as well as observes the
user's activity without their knowledge.
● Ransomware infects a user's system and encrypts its data. Cybercriminals then
demand a ransom payment from the victim in exchange for decrypting the system's
data.
● A rootkit obtains administrator-level access to the victim's system. Once installed, the
program gives threat actors root or privileged access to the system.
● A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an
infected computer system that enables threat actors to remotely access it without
alerting the user or the system's security programs.
● Adware tracks a user's browser and download history with the intent to display pop-up
or banner advertisements that lure the user into making a purchase. For example, an
advertiser might use cookies to track the webpages a user visits to better target
advertising.
● Scareware:This is a type of malware that uses 'scare ‘tactics to trick you into taking a
specific action. Scareware mainly consists of operating system style windows that
pop up to warn you that your system is at risk and needs to run a specific program for
it to return to normal operation.

OR

2a. Illustrate the purpose of defence in depth? Explain the layers of defence in depth. 10M

Defence in Depth (DiD) is an approach to cybersecurity in which a series of defensive

mechanisms are layered in order to protect valuable data and information. If one mechanism
fails, another steps up immediately to thwart an attack. This multi-layered approach with
intentional redundancies increases the security of a system as a whole and addresses many
different attack vectors. Defence in Depth is commonly referred to as the "castle approach"
because it mirrors the layered defences of a medieval castle.

Defence in Depth layer architecture

There four key layers of defence in depth include in the following:

CYBER SECURITY (20CS54IT) DEC 2023

Layer 1:Network Protection or Perimeter defence

Layer 2:Host defence

Layer 3:Operating system and Application defence

Layer 4:Data/Information protection

● Layer 1:Network Protection or Perimeter defence

The Perimeter defence or Network protection can be achieved by using
firewalls, router, gateways, etc.
One of the most common type of attack at this layer is DoS attack

● Layer 2: Host defence

The next layer of protection is to protect the work station(Computer or

Host)Connected to the network

The HOST protection includes

● To protect against someone trying to attack from within the network

● To protect the data stored on work station from someone coming through
the firewall

Host protection can be achieve in following ways

⮚ Formulate the user access policy

⮚ By installing the antivirus software

⮚ By installing personal firewall

● Layer 3: Operating system and Application Program defence

● The next layer of protection is to protect our operating system, application
server, web server, email server, etc.
● The operating system and application program protection can be achieved by
identifying and patching the vulnerability (weakness).

● Layer 4: Data/Information protection

 CYBER SECURITY (20CS54IT) DEC 2023

Data or Information protection can be achieved by the means of data

encryption.

2b. Illustrate:

i. DOS and DDOS Attack

ii. ON path Attack

DOS and DDOS Attack

Denial-of-Service: DOS attack is the type of attack where an attacker sends enormous amount of
request at the rate which the server cannot handle. The following are the effects of DOS attacks

● Slowdown of response.
● Slowdown of server or Crash of server.
● Increase the level of traffic in the network
● Interrupts the other network services for the user
● Causes significant loss of time and money

Distributed DoS: A Distributed DoS (DDoS) attack is similar to a DoS attack but originates
from multiple, coordinated sources. For example:

● An attacker builds a network (botnet) of infected hosts called zombies, which are
controlled by handler systems.

● The zombie computers will constantly scan and infect more hosts, creating more and
more zombies.

● When ready, the hacker will instruct the handler systems to make the botnet of
zombies carry out a DDoS attack.

ON path Attack

On-path attackers intercept or modify communications between two devices, such as a

web browser and a web server, either to collect information from or to impersonate one of the
devices. This type of attack is also referred to as a man-in-the-middle or man-in-the-mobile
attack.

● Man in The Middle: A MitM attack happens when a cybercriminal takes control of a
device without the user‘s knowledge. With this level of access, an attacker can intercept
and capture user information before it is sent to its intended destination. These types of
CYBER SECURITY (20CS54IT) DEC 2023

attacks are often used to steal financial information. There are many types of malware that
possess MitM attack capabilities.
● Man In The Mobile: A variation of man-in-middle, MitMo is a type of attack used to
take control over a user‘s mobile device. When infected, the mobile device is instructed to
exfiltrate user-sensitive information and send it to the attackers. ZeuS is one example of a
malware package with MitMo capabilities. It allows attackers to quietly capture two- step
verification SMS messages that are sent to users.

SECTION-II

3a. Write the steps of RSA-algorithm. Given p=17, q=11, e=7.Find the decryption key(d).
10M

Steps of RSA algorithm

1. Select two prime numbers p and q

2. Calculate n=p*q
3. Calculate φ(n)=(p-1)(q-1)
4. Select e such that GCD(φ(n),e))=1
5. Select d such that d * e mod φ(n) = 1
6. Public key Pu={e,n} anf private key Pr ={d, n}
7. Encryption: C= pow(M,e) mod n
8. Decryption: M=pow(C,d) mod n

Solution to the problem

1. Given p=17 and q=11

2. Calculate n=p*q,
n=17*11=187
3. Calculate φ(n)=(p-1)(q-1)
φ(n)=(17-1)(11-1)
φ(n)=16*10
φ(n)=160
4. Encryption key e=7
5. Find d, such that d*e mod n(φ)=1
Substitute the value k till get whole number for d from k=1,2,3…….etc
d=((φ(n)*k)+1)/e at k=1 we got whole number
 CYBER SECURITY (20CS54IT) DEC 2023

d=((192*1)+1)/7
d=23
6. Hence the decryption key(d) is =23.

3b. Analyze & identify the need for digital signature. Explain the working principle of digital
signature 10M

Digital signatures

Digital signature is a cryptographic value that is calculated from the data and a secret
key known only by the signer.

In real world, the receiver of message needs assurance that the message belongs to the
sender and he should not be able to repudiate the origination of that message. Apart from
ability to provide non repudiation of the message, the digital signature also provides message
authentication and data integrity.

Digital signature uses the concept of public key encryption method. The below fig
explain the concept og digital signature.

Model of Digital Signature

OR

Explanation:

Sender uses digital signature generation algorithm that uses sender private key and the
message(M) to generate the Digital Signature(S).

Then the Sender appends the Digital Signature(S) to the Message(M) and transferred to the
Receiver.
CYBER SECURITY (20CS54IT) DEC 2023

The receiver uses Digital Signature Analyzer algorithm to validate the signature, it uses
sender’s public key to validate the signature. If the validation is successful, then the receiver
accepts the message.

4b. What is the purpose of Public key infrastructure(PKI),explain the different components of PKI.

Public Key Infrastructure(PKI)

PKI provides assurance of public key. It provides the identification of public keys and
their distribution. An anatomy of PKI comprises of the following components.
● Public Key Certificate, commonly referred to as ”digital certificate‟.
● Certification Authority.
● Registration Authority.
● Certificate Management System.
Digital Certificate
● For analogy, a certificate can be considered as the ID card issued to the person.
People use ID cards such as a driver's license, passport to prove their identity. A
digital certificate does the same basic thing in the electronic world, but with one
difference.
● Digital Certificates are not only issued to people but they can be issued to
computers, software packages or anything else that need to prove the identity in the
electronic world.
The process of obtaining digital certificate by an entity is as shown

As shown in the illustration, the CA accepts the application from a client to certify his
public key. The CA, after duly verifying identity of client, issues a digital certificate to that
client.
 CYBER SECURITY (20CS54IT) DEC 2023

Certifying Authority (CA)

As discussed above, the CA issues certificate to a client and assist other users to
verify the certificate. The CA takes responsibility for identifying correctly the identity of
the client asking for a certificate to be issued, and ensures that the information contained
within the certificate is correct and digitally signs it.
Key Functions of CA
The key functions of a CA are as follows −
● Generating key pairs − The CA may generate a key pair independently or jointly
with the client.
● Issuing digital certificates − The CA could be thought of as the PKI equivalent of
a passport agency − the CA issues a certificate after client provides the credentials
to confirm his identity. The CA then signs the certificate to prevent modification
of the details contained in the certificate.
● Publishing Certificates − The CA need to publish certificates so that users can
find them. There are two ways of achieving this. One is to publish certificates
in the equivalent of an electronic telephone directory. The other is to send your
certificate out to those people you think might need it by one means or another.
● Verifying Certificates − The CA makes its public key available in environment to
assist verification of his signature on clients‟ digital certificate.
● Revocation of Certificates − At times, CA revokes the certificate issued due to
some reason such as compromise of private key by user or loss of trust in the client.
After revocation, CA maintains the list of all revoked certificate that is available to
the environment.
Registration Authority.
It receives the certification generation request from the client. It verify the client
identity and ask for the Certifying authority(CA) to generate digital certificate.

4b. Find:
10M
i. Euler totient function-φ(255),φ(256)
ii. Find GCD(360,210), GCD(136,260)
φ(255)
 CYBER SECURITY (20CS54IT) DEC 2023

255=5*3*17
Here p1=5, p2=3, p3=17
φ(255)=φ(255)*((1-1)/p1) ((1-1)/p2) ((1-1)/p3))
φ(255)=255*(((1-1)/5) ((1-1)/3) ((1-1)/17) )
=255*((4/5)*(2/3)*(16/17))
=128
φ(256)
256=28
Here p1=2
φ(256)=φ(256)*((1-1)/p1))
φ(256)=256*(((1-1)/2))
=256*(1/2)
=128
GCD(360,210)
1. 360 mod 210=150
2. 210 mod 150=60
3. 150 mod 60=30
4. 60 mod 30=00
Since remainder is 0, GCD(360,210)=30.
GCD(136,260)
1. 260 mod 136=124
2. 136 mod 124=12
3. 124 mod 12=4
4. 12 mod 4=00
Since remainder is 0, GCD(136,260)=4

SECTION-III
5a. Explain the following security devices in cyber security. 10M
i. Firewall
ii. IDS
i) Firewall
CYBER SECURITY (20CS54IT) DEC 2023

A Firewall can be defined as a special type of network security device that

monitors and filters incoming and outgoing network traffic.
It acts as a barrier between internal private network and public internet as shown in the
figure.

The primary purpose of the firewall is to allow non harmful traffic and to filter malicious packets
based on the predefined rule. The filtering rules is based on the information contained in the
network packets, such as
1. Source IP address: It is the address of the computer that generates packets.
2. Destination IP address: It is the address of the computer that receives the packet.
ii) IDS(Intrusion Detection System)
An Intrusion Detection System (IDS) is a system that monitors network traffic for
suspicious activity and issues alerts when such activity is discovered. It is a software application
that scans a network or a system for the harmful activity or policy breaching. Any malicious
venture or violation is normally reported either to an administrator or collected centrally using a
security information and event management (SIEM) system. A SIEM system integrates outputs
from multiple sources and uses alarm filtering techniques to differentiate malicious activity from
false alarms.
The working of IDS is as shown below figure
 CYBER SECURITY (20CS54IT) DEC 2023

An IDS monitors the network traffic for suspicious or malicious activity based on pre-defined
pattern or signature. When IDS detects an issue alerts the network administrator to take action.
5b. Explain the different phases of Microsoft Secure SDLC. 10M
Microsoft SDL consists of seven components including five core phases and two
supporting security activities. The five core phases are requirements, design,
implementation, verification, and release. Each of these phases contains mandatory checks
and approvals to ensure all security and privacy requirements and best practices are properly
addressed. The two supporting security activities, training and response are conducted
before and after the core phases respectively to ensure they're properly implemented, and
software remains secure after deployment.

Training
All Microsoft employees are required to complete general security awareness
training and specific training appropriate to their role.
Requirements
Every product, service, and feature Microsoft develops starts with clearly defined
security and privacy requirements; they're the foundation of secure applications and
inform their design. Development teams define these requirements based on factors
such as the type of data the product will handle, known threats, best practices,
regulations and industry requirements, and lessons learned from previous incidents.
Once defined, the requirements are clearly defined, documented, and tracked.
Design
CYBER SECURITY (20CS54IT) DEC 2023

Once the security, privacy, and functional requirements have been defined, the
design of the software can begin. As a part of the design process, threat models are
created to help identify, categorize, and rate potential threats according to risk. Threat
models must be maintained and updated throughout the lifecycle of each product as
changes are made to the software.
Implementation
Implementation begins with developers writing code according to the plan they
created in the previous two phases. Microsoft provides developers with a suite of
secure development tools to effectively implement all the security, privacy, and
function requirements of the software they design. These tools include compilers,
secure development environments, and built-in security checks.
Verification Testing
Before any written code can be released, several checks and approvals are required
to verify that the code conforms to SDL, meets design requirements, and is free of
coding errors.
Various automated checks are also required and are built into the commit pipeline to
analyze code during check-in and when builds are compiled. The security checks used
at Microsoft fall in to the following categories.
1. Static code analysis
2. Binary analysis
3. Credential and secret scanner
4. Encryption scanning
5. Fuzz testing.
Release
After passing all required security tests and reviews, builds aren't immediately
released to all customers. Builds are systematically and gradually released to larger and
larger groups, referred to as rings, in what is called a safe deployment process (SDP).
These rings can be defined as
● Ring 0: The development team is responsible for service
● Ring 1: All Microsoft employees
● Ring 2: User outside of Microsoft
● Ring 4: Worldwide release in sub-phase.
 CYBER SECURITY (20CS54IT) DEC 2023

Response
All Microsoft services are extensively logged and monitored after release,
identifying potential security incidents using a centralized proprietary near-real-time
monitoring system.
OR
6a. Write a note on 10M
i. Third Party patch management
ii. Bit locker drive Encryption
Third Party patch management
Third-party patching or third-party patch management, is essentially the process of
deploying patch updates to third-party applications that have been installed on one or more of
your endpoints (e.g., servers, desktops, or laptops). Third-party patching addresses bugs or
vulnerabilities in the software that either affect its function or security. Patching software
vulnerabilities is a critical part of your overall IT security process that helps prevent exploitation
by hackers.
Third-party risk management (TPRM) is a form of risk management that focuses on
identifying and reducing risks relating to the use of third parties (sometimes referred to as
vendors, suppliers, partners, contractors, or service providers)
Why is Third-Party Risk Management Important?

While third-party risk isn’t a new concept, upticks in breaches across industries and a greater
reliance on outsourcing have brought the discipline into the forefront like never before.
Disruptive events, have impacted almost every business and their third parties – no matter the
size, location, or industry. In addition, data breaches or cyber security incidents are common. In
in 2021, the impact that third parties have on business resilience was highlighted through outages
and other third-party incidents. Some of the ways you can be impacted are:

● Internal outages and lapses in operational capabilities

● External outages affecting areas across the supply chain

● Vendor outages that open your organization to supply chain vulnerabilities

● Operational shifts that affect data gathering, storage, and security

Bit locker drive Encryption

 CYBER SECURITY (20CS54IT) DEC 2023

BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and

encryption feature that is included with certain newer versions of Windows. BitLocker enables
users to encrypt everything on the drive Windows is installed on, protecting that data from theft
or unauthorized access.

Microsoft BitLocker improves file and system protections by mitigating unauthorized data
access. It uses the Advanced Encryption Standard algorithm with 128- or 256-bit keys. BitLocker
combines the on-disk encryption process and special key management techniques.

Although BitLocker first debuted with Windows Vista in 2007, beginning with Windows
10 version 1511, Microsoft updated BitLocker, introducing new encryption algorithms, new
group policy settings, new operating system (OS) drives and removable data drives. This update
applies to Windows 11, 10 and Server 2016 and above. BitLocker itself works on Pro, Enterprise
and Education editions of Windows.

6b. Illustrate OWASP top 10 common web vulnerabilities. 10M

Open Web Application Security(OWASP) is a non profit organization that has identified most
common vulnerabilities such as

1. Broken Access Control.

2. Cryptographic failures
3. Injection Attacks
4. Insecure Design
5. Security Misconfiguration
6. Vulnerable and outdated components
7. Authentication Failures
8. Software and Integrity
9. Security logging and monitoring
10. Server side request forgery.

1. Broken Access Control: If the authentication access restriction are not properly implemented,
its easy for attackers to take whatever they want. With broken access control, unauthorized
user’s may have access to sensitive files and system.
 CYBER SECURITY (20CS54IT) DEC 2023

2. Cryptographic failures: Common errors such as hardcoded passwords, outdated cryptographic

algorithms or weak cryptographic keys can result in exploring sensitive data.
3. Injection attacks: Injection attacks occurs when attackers found out vulnerabilities in the web
application the accept unrestricted data. Common type of injection attacks are SQL injection
and OS command injection.
4. Insecure Design: Which focus on the fundamental design flaws and ineffective control in the
software design.
5. Security Misconfiguration: It is the more common vulnerability that results of using default
configuration or displaying excessively descriptive message.
6. Vulnerable and outdated components: Modern applications are build using a large number of
third party libraries and Open Source frame work for developing web applications. The
attackers may find the vulnerabilities in these libraries and framework to launch the attack.
7. Authentication Failures: Authentication failure occurs when an application depends on weak
authentication process or fails to properly validate authentication information, for example an
application lacks in multifactor authentication may vulnerable to attack.
8. Software and Integrity failure: The tools used to build on manage or deploy software are also
the sources of attack.
9. Security logging and monitoring failure: Having adequate logging and monitoring is essential
in both detecting security attacks and limiting the damage.
10. Server Side request Forgery: It can exists when a web application does not properly validate
the URL provided by a user when fetching a resource located in that URL.
11.

SECTION-IV
7a. Differentiate between the different categories of cloud delivery models. 10M
The Cloud Computing Service Delivery Models.
● Infrastructure as a Service(IaaS)
● Platform as a Service(PaaS)
● Software as a Service(SaaS)
Infrastructure as a Service(IaaS)
IaaS is a cloud delivery model that delivers the computer infrastructure to support various
operations.
 CYBER SECURITY (20CS54IT) DEC 2023

Typically IaaS provides the infrastructure such as networking equipments, devices, database
and web servers. It is also known as Hardware as a Service.
Platform as a Service(PaaS)
PaaS is a cloud delivery model that delivers platform and environment to the software
developers to build applications and services.
PaaS services are hosted in the cloud and accesses by the user via their web browser.
PaaS fress the user from having to install hardware or software to develop and run the new
applications.
Here the consumer does not manage or control infrastructure including network, servers, OS
or Storage.
Software as a Service(SaaS): SaaS is a cloud delivery model that delivers the services and
applications over the internet. Instead of installing and maintaining software, the user access
it via internet through their browser, it frees the user from the complex software and hardware
management.
Most SaaS applications can be run directly from a web browser without any downloads or
installation required.
SaaS is also known as Web based software, on demand software or hosted software.

7b. What is the need of Identity and Access Management(IAM)?Explain any five IAM best practices.

10M

Identity and Access Management (IAM) has become an essential element of

security plans for many organizations. To reap the most security benefits, it is imperative that
companies ensure that their IAM tools and processes are set up correctly. In this article, we
will share 11 identity and access management best practices your company should adopt to
establish a strong security posture. By the end of this article, you’ll know the next steps to
take to incorporate IAM best practices into your security strategy.

1. Adopt a Zero Trust Approach to Security

Many companies have applications, platforms, and tools that are designed with
implicit trust features. Implicit trust means that if users have access to your network or log in
to a tool, the system “remembers” them and doesn’t always prompt the user to verify their
identity again. These lax access permissions can pose a major risk to your organization’s
 CYBER SECURITY (20CS54IT) DEC 2023

security stance if an unauthorized entity gains access to your system via a remembered
credential.

2. Identify and Protect High-Value Data

Protecting your most valuable data involves limiting who can access it as much as
possible—but, to limit access, you first need to know where your most valuable data is stored
and how it is used.

3. Enforce a Strong Password Policy

Your IAM technologies are only as strong as the identity management best
practices and policies that support them. If your team is leveraging single sign-on (SSO)
tools, it’s critical that each user’s password is strong, unique, and difficult to guess to support
password and IAM best practices. Passwords must be complex enough to deter cyberattacks,
frequently changed, and not used for multiple sign-on requirements.

4. Use Multi-Factor Authentication (MFA)

User authentication is an essential component of effective identity and access

management best practices. After all, if you can’t guarantee a user is who they claim to be,
you may be putting your data at risk and unintentionally allowing access to an unauthorized
user.

MFA tools often use a combination of these methods to authenticate identity:

● Biometric authentication (e.g., fingerprints or facial recognition)

● Possession authentication (e.g., sending a one-time password to a user’s personal
device)
● Knowledge authentication (e.g., answering security questions)
● User location or time data

5. Automate Workflows

IAM tools offer IT teams many opportunities to use automation to make your
organization more secure. Automation reduces manual errors, streamlines workflows, and
supports compliance and governance needs.

OR

8a. List and explain HTTP methods. 10M

CYBER SECURITY (20CS54IT) DEC 2023

HTTP methods: The HTTP method indicates the what action to be perform by the Server.
These method names are case sensitive and they must be used in uppercase.

The various HTTP methods on:

● GET Method
● HEAD Method
● POST Method
● PUT Method
● DELETE Method
● CONNECT Method
● OPTION Method
● TRACE Method
GET Method:

A GET request retrieves data from a web server by specifying parameters in the URL
portion of the request. This is the main method used for document retrieval.

HEAD Method:
The HEAD method is functionally similar to GET, except that the server replies with
are status line and Header section only.

POST Method:

The POST method is used when you want to send some data to the server, for
example, file update, form data, etc using HTML forms.

PUT Method:

The PUT method is used to request the server to store the included entity-body at a
location specified by the given URL.

DELETE Method:

The DELETE method is used to request the server to delete a file at a location
specified by the given URL.

CONNECT Method:

The CONNECT method is used by the client to establish a network connection to a

web server over HTTP.

OPTIONS Method:
 CYBER SECURITY (20CS54IT) DEC 2023

The OPTIONS method is used by the client to find out the HTTP methods and other
options supported by a web server. The client can specify a URL for the OPTIONS method,
or an asterisk (*) to refer to the entire server.

TRACE Method:

The TRACE method is used to echo the contents of an HTTP Request back to the
requester which can be used for debugging purpose at the time of development.

8b. Explain Android application security architecture. 10M

Android architecture contains different number of components to support any android device
needs.
The main components of android architecture are following:-

● Applications
● Application Framework
● Android Runtime
● Platform Libraries
● Linux Kernel

Applications –
Applications is the top layer of android architecture. The pre-installed applications like
home, contacts, camera, gallery etc and third party applications downloaded from the play
store like chat applications, games etc. will be installed on this layer only.
CYBER SECURITY (20CS54IT) DEC 2023

It runs within the Android run time with the help of the classes and services provided by the
application framework.

Application framework –
Application Framework provides several important classes, which are used to create an
Android application. It provides a generic abstraction for hardware access and helps in
managing the user interface with application resources. It includes different types of services
activity manager, notification manager, view system, package manager etc. which are helpful
for the development of our application according to the prerequisite.

Application runtime –
Android Runtime environment is one of the most important part of Android. It contains
components like core libraries and the Dalvik virtual machine (DVM). Mainly, it provides the
base for the application framework and powers our application with the help of the core
libraries.

Platform libraries –
The Platform Libraries includes various C/C++ core libraries and Java based libraries
such as Media, Graphics, Surface Manager, OpenGL etc. to provide a support for android
development.

● Media library provides support to play and record audio and video formats.
● Surface manager responsible for managing access to the display subsystem.
● SGL and OpenGL both cross-language, cross-platform application program interface
(API) are used for 2D and 3D computer graphics.
● SQLite provides database support and FreeType provides font support.
● Web-Kit This open source web browser engine provides all the functionality to display
web content and to simplify page loading.
● SSL (Secure Sockets Layer) is security technology to establish an encrypted link
between a web server and a web browser.
Linux Kernel –
Linux Kernel is heart of the android architecture. It manages all the available drivers
such as display drivers, camera drivers, Bluetooth drivers, audio drivers, memory drivers, etc.
which are required during the runtime.
 CYBER SECURITY (20CS54IT) DEC 2023

The Linux Kernel will provide an abstraction layer between the device hardware and the
other components of android architecture. It is responsible for management of memory,
power, devices etc.

SECTION-V

9a. What are the objectives of Incident Management? Explain the life cycle of Incident Management.
10M

The objectives of the Incident Management process are to:

1) Ensure that standardized methods and procedures are used for efficient and prompt
response, analysis, documentation, ongoing management and reporting of incidents

2) Increase visibility and communication of incidents to business and IT support staff

3) Enhance business perception of IT through use of a professional approach in

quickly resolving and communicating incidents when they occur

4) Align Incident Management activities and priorities with those of the business

5) Maintain user satisfaction with the quality of IT services

Life Cycle of Incident Management

Incident Management is responsible for managing the life cycle of incidents, from
creation to closure.
The Incident Management process or Life Cycle of Incident Management has many
states, and each is important to the success of the process and the quality of service
delivered.

The different states can be represented in a diagram as follows:

 CYBER SECURITY (20CS54IT) DEC 2023

1) New indicates that the service desk has received the incident but has not assigned it to
an agent.
2) Assigned means that an incident has been assigned to an individual service desk agent.
3) In progress indicates that an incident has been assigned to an agent but has not
beenresolved.Theagentisactivelyworkingwiththeusertodiagnoseandresolvetheincident.
4) On hold or pending status indicates that the incident requires some information or
response from the user or from a third party. The incident is placed “on hold” so that
SLA response deadlines are not exceeded while waiting for a response from the user or
vendor.
5) Resolved means that the service desk has confirmed that the incident is resolved and
that the user’s service has restored to the SLA levels.
6) Closed indicates that the incident is resolved and that no further actions can be taken.

9b. Define GRC. Explain Enterprise Risk Management and identify the different types of risk faced
by the Enterprise. 10M

Governance
Governance is the set of policies, rules, or frameworks that a company uses to achieve
its business goals. It defines the responsibilities of key stakeholders, such as the board of
directors and senior management.
Risk
A possible event that could cause harm or loss or make it more difficult to achieve
objectives.
Compliance
Compliance is the act of following rules, laws, and regulations.It applies to legal and
regulatory requirements set by industrial bodies and also for internal corporate policies.

Enterprise Risk Management(ERM):

● Enterprise risk management(ERM) is a methodology that looks at risk
management strategically from the perspective of the entire organization.
● Enterprise risk management involves understanding, analyzing, and
addressing risk to ensure organizations achieve their objectives.
● The procedure where a company can identify, prioritize, and evaluate risk and use
their existing resources to reduce the impact.
 CYBER SECURITY (20CS54IT) DEC 2023

● Step 1: Find the risk

Step 2: Explore the risk
Step 3: Risk evaluation
Step 4: Risk treatment
Step5: Risk monitoring
Types of risk faced by an enterprise
1. Operational Risks:

Operational risk is defined as a type of risk that arises from the day-to-day
operations of an organization. It is the potential for loss that comes from faulty or absent
internal procedures, people, and systems, as well as external events.
2. Strategic risk
Refers to the internal and external events that may make it difficult, or
even impossible, for an organization to achieve their objectives and strategic
goals.
3. Credit risk
Is the possibility of a loss happening due to a borrower's failure to repay
a loan or to satisfy contractual obligations.
4. Reputational risk:
Reputational risk is a threat or danger to the good name or standing of a
business or entity.
5. Market risks
Market risk involves the risk of changing conditions in the specific marketplace
in which a company competes for business.

6. Cyber risks
Cyber security risks relate to the loss of confidentiality, integrity, or availability
of information, data, or information systems
7. Legal risk
Risk occur due to negligence of following rules and lows related to
governance
8. Regulatory risk
Risk occurs due to changing the rules and regulations, which affect the business.
OR
10a. Explain:

i. Life cycle of vulnerability management 5M

 CYBER SECURITY (20CS54IT) DEC 2023

ii. Types of Vulnerability 5M

The Vulnerability Management Life Cycle is intended to allow organizations to

identify computer system security weaknesses; prioritize assets; assess, report, and remediate
the weaknesses; and verify that they have been eliminated.
The following diagram illustrates the steps in the Vulnerability Management Life Cycle.

The steps in the Vulnerability Management Life Cycle are described below.
1. Discover: Inventory all assets across the network and identify host details including
operating system and open services to identify vulnerabilities. Develop a network baseline.
Identify security vulnerabilities on a regular automated schedule.
2. Prioritize Assets: Categorize assets into groups or business units, and assign a business
value to asset groups based on their criticality to your business operation.
3. Assess: Determine a baseline risk profile so you can eliminate risks based on asset
criticality, vulnerability threat, and asset classification.
4. Report: Measure the level of business risk associated with your assets according to your
security policies. Document a security plan, monitor suspicious activity, and describe known
vulnerabilities.
5. Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish
controls and demonstrate progress.
6. Verify: Verify that threats have been eliminated through follow-up audits.
Types of Vulnerabilities are
Types of vulnerabilities
1. Hardware Vulnerability: A hardware vulnerability is a weakness which can used to attack
the system hardware through physically or remotely. For examples:
 CYBER SECURITY (20CS54IT) DEC 2023

o Old version of systems or devices

o Unprotected storage
o Unencrypted devices, etc.
2. Network Vulnerability A weakness happen in network which can be hardware or
software.
For examples:
o Unprotected communication
o Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
o Misconfigured firewalls
3. Operating System Vulnerability
An operating system vulnerability is a loophole or flaw in your operating system that makes
it easier for cybercriminals to break in. An operating system is the main software that runs
your computer or device – common examples include Windows, MacOS, Android, and Linux
4.Application Vulnerability
Application vulnerabilities are weaknesses in an application that an attacker could exploit to
harm the security of the application. Vulnerabilities can be introduced into an application in
various ways, such as failures in the design, implementation, or configuration of an
application.
5.Human Vulnerabilities
People represent one of the main weaknesses of cybersecurity. In fact, human vulnerabilities
can cause much more damage and be more costly than any of the other vulnerability types on
this list. Even though advanced hacking skills and powerful malware bolster the capabilities
of a cyber attacker, it is, in the end, humans that represent the only un-patchable risk in
cybersecurity. Ex: Social engineering. Defined as the art of gaining access to data, systems, or
buildings by exploiting human psychology.
6.Process Vulnerabilities
Process vulnerabilities are unique as they are created by specific process controls or the lack
of them. Process controls can look different depending on the industry of the organization.
This type of vulnerability is certainly the hardest to define. Ex: If an employee followed a
process in place which allowed them to create and use a weak password.

10b. What are DevOps? Explain its security challenges and its core principles. 10M
CYBER SECURITY (20CS54IT) DEC 2023

DevOps is a software development practice that emphasizes collaboration and

communication between development and operations teams. The goal of DevOps is to
improve the speed and reliability of software delivery, as well as to increase the efficiency
and responsiveness of the overall development process.

⮚ DevOps security (DevSec Ops) is an approach to cyber security that focuses on

application development and development operations (DevOps). It combines three

phrases:
1. Development2.Operations3.Security

⮚ The goal of DevOps security is to remove barriers between an organization’s

software development and its IT operations. Namely, it calls for speed and
intense, fast communication and collaboration. It is essentially a philosophy that
covers developers’ code and its subsequent need to work(and grow) properly
with the organization’s employees and customers.

⮚ core of the DevOps security philosophy is continuous deployment.

Development and IT teams work closely and rapidly to add to and fix software.
This means, for example, adding new features and troubleshooting bugs so that
they can be continuously released in fast cycles without causing disruptions. It
enable steams,
otheremployees,andcustomerstocontinueinteractingwithsoftwarewithoutinterrup
tion
Security challenges in DevOps include:

● Configuration management: ensuring the consistency and security of configurations

across multiple environments, from development to production.
CYBER SECURITY (20CS54IT) DEC 2023

● Continuous Integration and Continuous Deployment (CI/CD): securing the

pipeline and ensuring that only authorized changes are deployed to production.
● Infrastructure as Code (IaC): managing the security of infrastructure components
defined as code, such as cloud resources or containerized applications.
● Container security: securing the lifecycle of containers, from build to deployment
and runtime.
● Secrets management: securely storing and managing sensitive information, such as
passwords and access keys, in the DevOps environment.
● Compliance: ensuring that DevOps practices align with regulations and industry
standards, such as those related to data privacy and security

Understand the Core Principles and Patterns behind DevOps:

Collaboration
The key premise behind DevOps is collaboration. Development and operations
teams coalesce into
afunctionalteamthatcommunicates,sharesfeedback,andcollaboratesthroughouttheen
tiredevelopment and deployment cycle. Often, this means development and
operations teams merge into a single team that works across the entire application
life cycle.
Automation
An essential practice of DevOps is to automate as much of the software
development lifecycle as possible. This gives developers more time to write code
and develop new features. Automation is a key element of a CI/CD pipeline and
helps to reduce human errors and increase team productivity. With automated
processes, teams achieve continuous improvement with short iteration times,
which allows them to quickly respond to customer feedback.
Continuous Improvement
Continuous improvement was established as a staple of agile practices, as well as
lean manufacturing and Improvement. It’s the practice of focusing on
experimentation, minimizing waste, and optimizing for speed, cost, and ease of
delivery. Continuous improvement is also tied to continuous delivery, allowing
DevOps teams to continuously push updates that improve the efficiency of
software systems. The constant pipeline of new releases means teams consistently
CYBER SECURITY (20CS54IT) DEC 2023

push code changes that eliminate waste, improve development efficiency, and
bring more customer value.

Certified that the model answers prepared by me for code 20CS54IT are from the
prescribed text/webpages and model answers and scheme of valuation prepared
my me are correct.

[M G Rangaswamy]
Senior Grade Lecturer/CS,
Gpt,Turuvekere