DMI COLLEGE OF ENGINEERING

(An Autonomous Institution)

DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE
SUBJECT CODE - SUBJECT NAME
UNIT I -INTRODUCTION
PART A (2 Marks) (K1/K2 ONLY)
Q.NO Questions CO NO BT
1 Define Information Security in simple terms. CO1 K1
2 What is Security? CO1 K1
Name the multiple layers of security that a successful
3 CO1 K1
organization should have in its place to protect its operations.
Classify the three key components of the CIA Triad in
4 CO1 K2
Information Security.
5 List the characteristics of Information Security? CO1 K1
6 What is UDP Packet Spoofing? CO1 K1
7 Give a short note on E-mail spoofing. CO1 K2
What are the measures to protect the confidentiality of
8 CO1 K1
information?
9 List out the importance of a C.I.A triangle CO1 K1
10 Identify the components of information system? CO1 K1
11 List out the functions of Locks & Keys? CO1 K1
12 Define Network Security. CO1 K1
13 Differentiate Direct and Indirect attacks. CO1 K2
14 What does SDLC stand for in information systems? CO1 K1
15 Define methodology? CO1 K1
16 What are the phases of SDLC Waterfall method? CO1 K1
17 What is enterprise Information Security Policy? CO1 K1
18 Compare Vulnerability and Exposure CO1 K2
19 List out the functions of Information Security? CO1 K1
20 What is PKI? CO1 K1
21 What is the use of Digital Certificates? CO1 K1
22 What is Firewall? CO1 K1
23 What is meant by Attacks? CO1 K1
24 What are appliances? CO1 K1
What is Security? What are the security layers, a successful
25 CO1 K1
organization should have?
PART B (13 Marks) (K2 AND ABOVE)
Q.NO Questions CO NO BT
1 Analyse the Critical Characteristics of Information CO1 K4
2 Examine the Components of an Information System CO1 K3
3 Explain the stages of SDLC in detail. CO1 K2
4 Explain the SecuritySDLC in detail CO1 K2
5 Explain the functions of an Information security organization CO1 K2
6 Describe the NSTISSC Security Model in detail CO1 K2
 7 Discuss about Balancing security and Access CO1 K2
(i) Explain breifly about Information Security and Goals of
8 Information Security. CO1 K4
(ii) Infer about Information Security Project Team.
Illustrate Briefly about SDLC Waterfall Methodology and Its
9 CO1 K2
Relation in Respect to Information Security.
(i) List the Various Components of an Information System and
10 tell about them. CO1 K2
(ii) List the History of Information Security.
PART C (15 Marks) (K4/K5 ONLY)
Q.NO Questions CO NO BT
1 Evaluate the Critical Characteristics of Information. CO1 K4
Analyse the Methodology Important in the Implementation of
2 Information Security? How Does a Methodology Improve the CO1 K4
Process?
Given a scenario where an organization's sensitive data is
compromised despite having multiple security measures in
place, explain how the key concepts of information security
3 (such as confidentiality, integrity, availability, risk CO1 K4
management, etc.) might have been overlooked or inadequately
applied. In your answer, assess how these concepts interrelate
and evaluate the potential consequences of their misapplication.
Evaluate who Decides how and when Data in an Organization
4 will be Used or Controlled? Who is Responsible for seeing that CO1 K4
these Wishes are Carried Out?
Formulate any Methodology, why it Important in the
5 Implementation of Information Security? How does a CO1 K4
Methodology Improve the Process?
DMI COLLEGE OF ENGINEERING
(An Autonomous Institution)
 DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE
CW3551 - DATA AND INFORMATION SECURITY
UNIT II -SECURITY INVESTIGATION
PART A (2 Marks) (K1/K2 ONLY)
Q.NO Questions CO NO BT
1 Define Threat? CO1 K1
2 List out the Hackers? CO1 K1
3 Name the levels of Hackers CO1 K1
4 What are Script Kiddies? CO1 K1
5 What is meant by Phreaker? CO1 K1
6 What is Malicious Code? CO1 K1
7 List the types of Viruses CO1 K1
8 What are Trojan Horses? CO1 K1
9 What is meant by Polymorphic Threat? CO1 K1
10 Define Intellectual Property CO1 K1
11 Define Vulnerability CO1 K1
12 What are the Attack Replication Vectors? CO1 K1
13 What is a Brute Force Attack? CO1 K2
14 What are Sniffers? CO1 K1
15 Give the definition of Social Engineering CO1 K2
16 Differentiate Private & Public Laws CO1 K2
17 List out the Fundamental Principles of HIPAA CO1 K1
18 What is meant by the term “Information Extortion”? CO1 K1
19 What is Deterrence? CO1 K1
20 What are the Forces of Nature Affecting Information Security? CO1 K1
21 Discuss about Malware CO1 K2
22 What are Technical Software Failures or Errors? CO1 K1
23 Differentiate Threat and Attack CO1 K2
24 What is Technological Obsolescence? CO1 K1
25 Name the most Common Methods of Virus Transmission CO1 K1
PART B (13 Marks) (K2 AND ABOVE)
Q.NO Questions CO NO BT
1 Explain the Categories of Threat in detail CO1 K4
2 Discuss the Different Types of Attacks in detail? CO1 K2
3 Analyse General Computer Crime Laws. CO1 K4
4 Explain Ethical Concepts in Information Security. CO1 K4
Discuss the differences between confidentiality, integrity, and
5 CO1 K2
hybrid policies.
(i) Explain Integrity Policies.
(ii) How will you Develop Management Groups that are
6 CO1 K4
Responsible for Implementing Information Security to Protect
the Organization’s Ability to Function?
7 Differentiate between Security Policies, Confidentiality CO1 K2
Policies, Integrity Policies, and Hybrid Policies. Provide
 Examples.
(i) State the types of Password Attacks.
8 (ii) Tell the Three ways in which an Authorization can be CO1 K3
Handled.
9 Provide an Overview of Computer Security Principles. CO1 K3
(i) List the Computer Security Hybrid Policies.
10 CO1 K2
(ii) Describe the types of Computer Security.
PART C (15 Marks) (K4/K5 ONLY)
Q.NO Questions CO NO BT
Propose a framework for addressing legal, ethical, and
professional issues in [specific domain, e.g., technology,
1 CO1 K5
business, etc.], integrating relevant guidelines, best practices,
and standards to ensure responsible conduct.
2 Analyze about Access Control Matrix. CO1 K4
Given the complexities of organizational security, how would
you design a comprehensive Security Policy that addresses
3 CO1 K5
emerging threats while balancing regulatory compliance and
operational needs?
Summarize how does Technological Obsolescence Constitute a
4 Threat to Information Security? How can an Organization CO1 K4
Protect against it
Evaluate which Management Groups are Responsible for
5 Implementing Information Security to Protect the CO1 K4
Organization’s Ability to Function?

DMI COLLEGE OF ENGINEERING

(An Autonomous Institution)
DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE
CW3551 - DATA AND INFORMATION SECURITY
 UNIT III - DIGITAL SIGNATURE AND AUTHENTICATION
PART A (2 Marks) (K1/K2 ONLY)
Q.NO Questions CO NO BT
1 List the properties of Digital Signature CO3 K1
2 What is meant by Primitive Root? CO3 K1
Given two integers A=3 and M=11, identify the modular
3 CO3 K1
multiplicative inverse of A under modulo M.
4 Conclude the primitive roots of a prime number q=7. CO3 K2
5 Compare RSA approach and DSA approach. CO3 K2
6 List the Characteristics of User Certificate generated by CA. CO3 K1
7 What is meant by Kerberos TGS? CO3 K1
8 List the Characteristics of User Certificate generated by CA. CO3 K1
9 What is meant by Key Distribution Centre? CO3 K1
10 List the Different Authentication Mechanisms. CO3 K1
List the Requirements that are not satisfied by version 2 of
11 CO3 K1
X.509 Certificate.
12 Define the Principles of Kerberos. CO3 K1
13 What is meant by MAC? CO3 K1
14 List the Categories of Certificate Extensions. CO3 K1
15 Define Mutual Trust. CO3 K1
16 Give the ways of Key Distribution. CO3 K2
17 List the Requirements for Kerberos. CO3 K1
18 What are the Types of Plans in Mitigation Strategy? CO3 K1
19 What is a Hot Site? CO3 K1
20 List out the Three Threats that may occur in a Workstation. CO3 K1
21 What is the Public Key Certificate? CO3 K1
22 Differentiate Preventive and Detective controls. CO3 K2
23 Define Authentications. CO3 K1
24 What is Digital Signature? CO3 K1
25 What is Risk Assessment? CO3 K1
PART B (13 Marks) (K2 AND ABOVE)
Q.NO Questions CO NO BT
1 Explain about Digital Signature Schemes and their variants. CO1 K2
2 Discuss about Authentication Function. CO1 K2
3 Discuss about RSA Signature Schemes. CO1 K2
4 Explain briefly about X.509 Directory Services. CO1 K2
5 Explain NIST Digital Signature Algorithm. CO1 K2
6 Discuss briefly about MAC. CO1 K2
7 Explain Elliptic curve Digital Signature Algorithm. CO1 K2
8 Explain briefly about Digital Signature Standard. CO1 K2
Explain the categories of certificate extensions in X.509
9 CO1 K2
certificates.
10 Outline RSA-PSS Digital Signature Algorithm. CO1 K2
PART C (15 Marks) (K4/K5 ONLY)
Q.NO Questions CO NO BT
Analyze the concept of Authentication and evaluate the
1 CO1 K4
different protocols used for it.
How do modern authentication systems ensure the integrity and
non-repudiation of digital transactions while meeting diverse
2 application requirements, such as secure identity verification CO1 K5
(e.g., X.509 certificates) and robust authentication protocols
like Kerberos?
Classify Digital Signature Algorithm and show how Signing
3 and Verification is done using DSS. Provide Example for the CO1 K4
same.
Break down the steps involved in the Schnorr digital signature
4 scheme and examine how each step contributes to the CO1 K4
authentication process.
5 Analyze and discuss about Kerberos. CO1 K4

DMI COLLEGE OF ENGINEERING

(An Autonomous Institution)
DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE
CW3551 - DATA AND INFORMATION SECURITY
 UNIT IV - E-MAIL AND IP SECURITY
PART A (2 Marks) (K1/K2 ONLY)
Q.NO Questions CO NO BT
1 What does PGP stand for in email security? CO1 K1
2 Define S/MIME in the context of email security. CO1 K1
3 What is the primary function of encryption in email security? CO1 K1
Explain the difference between symmetric and asymmetric
4 CO1 K2
encryption in PGP.
5 What role does the public key play in PGP? CO1 K1
6 Define the term "digital signature" in PGP. CO1 K1
7 How does PGP ensure message integrity? CO1 K2
8 Explain how key management is handled in PGP. CO1 K2
9 List the main components of PGP. CO1 K1
10 What is a trust model in the context of email security? CO1 K1
11 Describe how a hierarchical trust model works in S/MIME. CO1 K1
12 How does S/MIME differ from PGP in terms of trust models? CO1 K2
What is the purpose of key management in email security
13 CO1 K1
systems?
List the operational steps involved in sending an encrypted
14 CO1 K1
email using PGP.
What are the main operational differences between PGP and
15 CO1 K1
S/MIME?
16 Identify the key exchange method used in S/MIME. CO1 K1
17 What is the function of a certificate authority (CA) in S/MIME? CO1 K1
18 Define IPSec. CO1 K1
19 How does IPSec enhance IP communication security? CO1 K2
20 What are the two main protocols used by IPSec? CO1 K1
Differentiate Authentication Header (AH) and Encapsulating
21 CO1 K2
Security Payload (ESP) in IPSec.
22 What are the two IPSec modes? CO1 K1
23 Define the term "security association" in IPSec. CO1 K1
24 How is key management handled in IPSec? CO1 K2
25 Describe the tunnel mode of IPSec and its usage scenario. CO1 K1
PART B (13 Marks) (K2 AND ABOVE)
Q.NO Questions CO NO BT
Compare the architecture of PGP and S/MIME. How do these
1 systems differ in terms of key management, trust models, and CO1 K2
encryption techniques?
Explain the process of sending and receiving a secure email
using PGP. What roles do encryption, digital signatures, and
2 CO1 K2
key management play in ensuring the confidentiality, integrity,
and authenticity of the message?
Compare the functionality of Authentication Header (AH) and
3 Encapsulating Security Payload (ESP) in IPSec. In what CO1 K2
scenarios would you use each protocol, and why?
 Explain the operational workflow of key management in PGP.
How are keys generated, distributed, and revoked? What
4 CO1 K2
mechanisms are in place to ensure the integrity of key
exchange?
Explain the difference between tunnel mode and transport mode
5 in IPSec. Provide examples of when each mode would be CO1 K2
appropriate in securing IP communications.
Describe the key management process in IPSec. How do
protocols such as IKE (Internet Key Exchange) facilitate secure
6 CO1 K2
key exchange, and how do security associations play a role in
managing the session?
7 Explain operational description of PGP. CO1 K2
8 Discuss Authentication Header. CO1 K2
9 Explain Pretty Good Privacy in detail. CO1 K2
Discuss the different methods involved in authentication of the
10 CO1 K2
source.
PART C (15 Marks) (K4/K5 ONLY)
Q.NO Questions CO NO BT
Write about how the integrity of message is ensure without
1 CO1 K4
source authentication.
In a scenario where two organizations need to establish secure
communication over email and IP-based networks, explain how
the architecture and protocols of PGP, S/MIME, and IPsec
2 CO1 K4
contribute to achieving confidentiality, integrity, and
authentication. Highlight the roles of key management and trust
models in these technologies.
Illustrate how PGP encryption is implemented thru a suitable
3 CO1 K4
diagram.
4 Evaluate the performance of PGP. Compare it with S/MIME. CO1 K4
Analyze the PGP Cryptography function, Explain the security
5 CO1 K4
features offered for email in detail
 DMI COLLEGE OF ENGINEERING
(An Autonomous Institution)
DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE
CW3551 - DATA AND INFORMATION SECURITY
UNIT V - WEB SECURITY
PART A (2 Marks) (K1/K2 ONLY)
Q.NO Questions CO NO BT
1 What is Handshake? CO5 K1
2 What is Steganography? CO5 K1
3 What is PKI? CO5 K1
4 What are the protocols used in Secure Internet Communication? CO5 K1
5 List Web security Issues? CO5 K1
6 Define Wireless Network Attacks. CO5 K1
7 List the types of Wireless Network Attacks. CO5 K1
8 What is SSL Record Protocol? CO5 K1
9 What are the factors of authentication? CO5 K1
10 List the requirements for SET. CO5 K1
11 What is SET Overhead? CO5 K1
12 What is Payment Gateway? CO5 K1
13 What is TLS? CO5 K1
14 Define Handshake Protocol. CO5 K1
15 What are Sock Servers? CO5 K1
16 What are intrusion detection systems (IDS)? CO5 K1
17 Define Dual Signature. CO5 K1
18 What is web Security? CO5 K1
19 List the primary facts of Web Security Problem. CO5 K1
20 Write down the system Security Standards. CO5 K1
21 What is a Proxy Server. CO5 K1
22 Define Anonymization. CO5 K1
23 What is Web Log File? CO5 K1
24 Write down the role of Security Standards. CO5 K1
25 Define Web Server. CO5 K1
PART B (13 Marks) (K2 AND ABOVE)
Q.NO Questions CO NO BT
1 Explain protocols for Secure communication in detail CO5 K2
2 Explain the Cryptographic algorithms in detail CO5 K2
3 Explain IDS in detail CO5 K2
4 Write short note: SSL CO5 K2
5 Explain SSL in Detail. CO5 K2
Write the steps involved in the simplified version of the SSL /
6 CO5 K2
TLS protocol.
Write the methodology involved in computing the keys in
7 CO5 K2
SSL/TLS Protocol.
 Explain the key security requirements for web-based
applications. How do confidentiality, integrity, and
8 CO5 K2
authentication contribute to secure communication over the
web?
Compare the architecture of Secure Sockets Layer (SSL) and
9 Transport Layer Security (TLS). What improvements were CO5 K2
introduced in TLS over SSL?
Given a scenario where a website needs to secure its
communication with users, describe how the SSL/TLS
10 CO5 K3
handshake process works to establish a secure connection.
Include the roles of certificates and key exchange.
PART C (15 Marks) (K4/K5 ONLY)
Q.NO Questions CO NO BT
1 Illustrate Secure Electronic Transaction. CO5 K4
2 Illustrate Wireless equivalent Privacy Protocol. CO5 K4
3 Analyze and explain Wireless Security CO5 K4
Critically assess the effectiveness of Secure Electronic
Transaction (SET) in providing secure e-commerce
transactions. Considering its complexity and adoption
4 CO5 K4
challenges, evaluate whether SET is still a viable solution
compared to modern alternatives such as TLS-based encryption
for e-commerce.
Analyze the strengths and weaknesses of using Secure Sockets
Layer (SSL) in securing web communication. What are the
5 CO5 K4
potential vulnerabilities of SSL, and how have these been
addressed in Transport Layer Security (TLS)?