SECURITY IN COMPUTING (IS) QUESTION PAPER

UNIT 1

2022-23

a. Explain 3D’s (Defense, Detection, and Deterrence) aspects of security can be applied to any situation.

b. Explain various Application-layer attacks which include any exploit directed at the applications running on top of
the OSI protocol stack.

c. Write a short note on CIA Triad Model with reference to Security in Computing.

d. With the help of diagram, explain how Onion Defence Model is better than other Model for security.

e. What is meant by Zone of Trust? Explain the importance of Zone of Trust for communication through with
diagram.

f. What are the various countermeasures that, anyone can implement to minimize the risk of successful attack?

2019 MAY

a. What are the importance of information protection? Explain with example.

b. Explain various components used to build a security program.

c. What are the three recognized variants of malicious mobile code? Explain.

d. Write a short note on Network-Layer Attack.

e. Explain the two most common approaches of security.

f. Explain the best practices for network defence.

2019 ATKT

a Explain three D’s of security.

b Explain the statement that “Achieving 100 percent protection against all conceivable attacks is an impossible job”

c Write a note on Threat Vector.

d What are Application layer attacks? Explain following Application layer attacks: i) Buffer overflows ii) Password
cracking

e Explain the Onion Model.

f List and explain the steps to create a Security Defence Plan.

UNIT 2

2022-23
a. Explain different types of Authentication in detail.

b. How Kerberos Authentication Process takes place? Explain each step with diagram.

c. Write a short note on Certificate-Based Authentication.

d. What is meant by Extensible Authentication Protocol (EAP)? Explain its different types.

e. Explain role of PKI (Public Key Infrastructure) in Security in Computing and Structure and Function of PKI.

f. “Each layer of security is designed for a specific purpose and can be used to provide authorization rules”.Explain
this statement with reference to Database Security Layers and its types.

2019 MAY

a. Define authentication. Explain two parts of authentication.

b. Explain the authorization systems.

c. Explain public key Cryptography.

d. What are the three primary categories of storage infrastructure in modern storage security? Discuss.

e. Write a short note on integrity risks.

f. Explain Database-Level Security.

2019 ATKT

a. Explain certificate-based authentication in detail.

b Write a note on Role-based Authorization (RBAC).

c Write a note on symmetric key cryptography.

d Explain any two confidentiality risks.

e Write a note on object-level security.

f Explain different types of database backups.

UNIT 3

2022-23

a. Explain different layers of two-tier network fundamentals.

b. With reference to OSI model in which layer does Router operate? Explain the working of Routing Protocols.

c. Write a short note on different generation of Firewalls.

d. Explain role of ICMP, SNMP and ECHO in network hardening.

e. With the help of diagram, explain working of Bluetooth Protocol Stack.

2019 MAY

a. Explain the Cisco Hierarchical Internetworking model.

b. Explain network availability and security.

c. Write a short note on hubs and switches.

d. Explain the features of firewall.

e. Explain the five different types of wireless attacks.

f. What are the countermeasures against the possible abuse of wireless LAN?

2019 ATKT

a Write a note on outbound filtering.

b Explain the role of hubs and switches in network.

c Explain in detail Network Address Translation (NAT).

d Explain strengths and weaknesses of a firewall.

e Explain the importance of antenna choice and positioning.

f Explain any two types of wireless attacks.

UNIT 4

2022-23

a. Write a short note on two types of IDS Generation in brief.

b What is Private Branch Exchange (PBX)? Explain how it can be secured

c How Mandatory Access Control Lists (MACL) differ from Discretionary access control lists (DACLs)? Explain.

d Explain working of Biba and Clark Wilson Classic Security Models.

e What is meant by Security Reference Monitor? Explain Windows Security Reference Monitor in detail.

f Explain main problems of TCP/IP’s lack of security.

2019 MAY

a Explain intrusion Defense System types and detection models.

b Write a short note on Security Information and Event Management.

c What are components of Voice Over IP? Explain.

e Explain different classic security models.

f Write a short note on trustworthy computing.

2019 ATKT

a Explain network-based intrusion detection system in detail.

b List and explain steps to a successful IPS Deployment plan.

c Write a note on H.323 protocol that includes:

i) Governing Standard

ii) Purpose

iii) Function

iv) Known Compromises and Vulnerabilities

v) Recommendations

d What is Private Branch Exchange (PBX)? How will you secure PBX?

e Write a note on Access Control List (ACL).

f Explain the reference monitor concept and windows security reference monitor.

UNIT 5

2022-23

a. What is meant by Hypervisor machine? Explain Why it is necessary to protect this machine.

b. Write a short note on Security Benefits of Cloud Computing.

c. With the help of diagram explain the concept of Secure development lifecycle in Agile.

d. Explain phishing mechanism and 3D’s aspects of security with reference to it.

e. Give a reason in brief, why it is mandatory to update application patches? Explain various mechanisms for easily
updating applications.

f. Explain various concerns for web application security to be considered with reference to Security in Computing.

2019 MAY

a. Define virtual machine. How is hypervisor responsible for managing all guest OS installations on a VM server?

b. What is cloud computing? Explain the types of cloud services.

c. Explain the application security practices and decisions that appear in most secure development lifecycle.
d. Explain the reasons for remote administration security. What are advantages of web remote administration?

e. Explain the security considerations for choosing a secure site location.

f. Explain the different factors for securing the assets with physical security devices.

2019 ATKT

a Explain how to protect the Guest OS, Virtual Storage and Virtual Networks in Virtual machines.

b State and explain types of cloud services.

c Explain various Application Security Practices.

d Write a note Custom Remote Administration.

e Explain the classification of Corporate physical Assets.

f Explain Locks and Entry Controls that should be considered while securing assets with physical security devices