Sample Question Paper:

Maharashtra State Board of Technical Education

Scheme – I
Programme Name: Computer/Information Technology Engineering
Programme code: CO/IF
Semester: VI
22620
Course Title: Network and Information Security
Marks : 70 Time: 3 Hrs.
Instructions:
(1)All questions are compulsory.
(2) Illustrate your answers with neat sketches wherever necessary.
(3) Figures to the right indicate full marks.
(4) Assume suitable data if necessary.
(5) Preferably, write the answers in sequential order.

Q.1) Attempt any FIVE of the following. (10 Marks)

a) List any four basic for security.
b) List any four features of DAC.
c) Define following terms
i) Cryptography
ii) Cryptology
d) Classify following Cybercrime
i) Cyber terrorism against a government organization
ii) Cyber-stalking
iii) Copyright Infringement
iv) Email harassment
e) Give example of Active and Passive attack (Two Each).
f) State of needs of Firewalls.
g) Define AS, TGS with respect to Kerberos.

Q.2) Attempt any THREE of the following. (12 Marks)

a) Explain criteria’s for information classification.
b) Define following terms.
i) Authentication ii) Authorization
c) Differentiate between symmetric and asymmetric key cryptography.
d) Explain stenography technique with suitable diagram.

Q.3) Attempt any THREE of the following. (12 Marks

a) Describe the working of biometric system with neat sketch.
b) Consider plain text “INFORMATION” and convert given plain text into cipher text
using ‘Caesar Cipher’ with shift of position three-write down steps in encryption.
c) Demonstrate the advantages of setting up a DMZ with two firewalls.
d) Describe the dumpster diving with its prevention mechanism.

1
Q.4) Attempt any THREE of the following. (12 Marks)
a) Convert the given plain test into cipher text using single columnar technique using
following data
 Plain Text: INFORMATION SECURITY
 Number of Columns: 06
 Encryption Key: 326154
b) State difference between Firewall and Intrusion Detection System?
c) Describe the host-based intrusion detection system with suitable diagram.
d) Explain working principle of SMTP.
e) Find the output of the initial permutation box when the input is given in hexadecimal
as: 0x0002 0000 0000 0001

Q.5) Attempt any TWO of the following. (12 Marks)

a) Explain the terms:
i) Vulnerability
ii) Threats
iii) Risks
b) Describe the following
i) Network based IDS
ii) Packet Filter Firewall
c) Describe COBIT framework with neat sketch.

Q.6) Attempt any TWO of the following. (12 Marks)

a) List Need and Importance of Information? State the Information Classification.
b) Describe following terms of intellectual property :
i) Copyright
ii) Patent
iii) Trademark
c) Describe the DMZ with suitable example.

______________________

2
 Sample Test Paper I
MSBTE Outcome based Curriculum
Scheme – I
Programme Name: Computer Engineering/Information Technology
Programme Code: CO/IF
Semester: Sixth
22620
Course: Network and Information Security
Marks: 20 Time:1 hour
Instructions:
1. All questions are compulsory
2. Illustrate your answers with neat sketches wherever necessary
3. Figures to the right indicate full marks
4. Assume suitable data if necessary
5. Preferably, write the answers in sequential order

Q1. Attempt Any FOUR (08 Marks)

a) Define terms i) Confidentiality ii) Integrity.
b) List the any four types of Biometric techniques.
c) Define the terms i) Encryption ii) Decryption.
d) Define the service pack (SP).
e) Describe the term Authentication.
f) Define symmetric key cryptography with suitable diagram

Q2. Attempt any THREE (12 Marks)

a) Differentiate between the Intruders and Insiders
b) Describe the Biometric System with suitable diagram.
c) Describe the Single Columnar Technique with suitable example.
d) Explain the Information Classification.

__________________________

3
 Sample Test Paper II
MSBTE Outcome based Curriculum
Scheme – I

Programme Name: Computer Engineering/Information Technology

Programme Code: CO/IF
Semester: Sixth
22620
Course: Network and Information Security
Marks: 20 Time:1 hour
Instructions:
1. All questions are compulsory
2. Illustrate your answers with neat sketches wherever necessary
3. Figures to the right indicate full marks
4. Assume suitable data if necessary
5. Preferably, write the answers in sequential order.

Q1. Attempt Any FOUR (08 Marks)

a) List the limitation of Firewall.
b) Define Cyber Crime? List any two cyber crime.
c) Define the situation where packet filter firewall can be used
d) Draw the ITIL Framework diagram.
e) List the components of PKI
f) List any four types of Cybercrime

Q2. Attempt any THREE (12 Marks)

a) Describe working principle of PGP.
b) State the function of application gateways firewall.
c) Explain the working of Kerberos with suitable diagram
d) Define IDS? Describe any one IDS technique.

________________________

4
21222
22620
3 Hours / 70 Marks Seat No.
15 minutes extra for each hour

Instructions : (1) All Questions are compulsory.

(2) Answer each next main Question on a new page.
(3) Illustrate your answers with neat sketches wherever necessary.
(4) Figures to the right indicate full marks.
(5) Assume suitable data, if necessary.
(6) Mobile Phone, Pager and any other Electronic Communication
devices are not permissible in Examination Hall.

Marks

1. Attempt any FIVE of the following : 10

(a) Define following terms :

(i) Confidentiality

(ii) Accountability

(b) Explain the terms :

(i) Shoulder surfing

(ii) Piggybacking

(c) Define term cryptography.

(d) Classify following cyber crimes :

(i) Cyber stalking

(ii) Email harassment

[1 of 4] P.T.O.
22620 [2 of 4]
(e) Differentiate between viruses & worms (Any two).

(f) Define firewall. Enlist types of firewalls.

(g) Define AH & ESP with respect to IP security.

2. Attempt any THREE of the following : 12

(a) Define following terms :

(i) Operating System Security

(ii) Hot fix

(iii) Patch

(iv) Service pack

(b) Explain the mechanism of fingerprint & voice pattern in Biometrics.

(c) Differentiate between symmetric & asymmetric key cryptography.

(d) Write & explain DES algorithm.

3. Attempt any THREE of the following : 12

(a) Describe the features of DAC access control policy.

(b) Consider plain text “COMPUTER ENGINEERING” & convert given plain
text into cipher text using ‘Caesar Cipher’ with shift of position three - write
down steps in encryption.

(c) Differentiate between host-based & network based IDS.

(d) Define access control & explain authentication mechanism for access control.
22620 [3 of 4]
4. Attempt any THREE of the following : 12

(a) Enlist substitution techniques & explain any one.

(b) Explain DMZ.

(c) Differentiate between firewall & IDS.

(d) Explain Email security in SMTP.

(e) Explain Digital Signature in Cryptography.

5. Attempt any TWO of the following : 12

(a) Define Information. Explain basic principle of information security.

(b) Define & explain :

(i) Circuit Gateway

(ii) Honey Pots

(iii) Application Gateway

(c) Explain the working of Kerberos.

6. Attempt any TWO of the following : 12

(a) Explain DOS with neat diagram.

(b) Explain Public Key Infrastructure with example.

(c) Explain Policies, configuration & limitations of Firewall.

_______________

P.T.O.
22620 [4 of 4]
22232
22620
3 Hours / 70 Marks Seat No.

Instructions : (1) All Questions are compulsory.

(2) Illustrate your answers with neat sketches wherever necessary.
(3) Figures to the right indicate full marks.
(4) Assume suitable data, if necessary.

Marks

1. Attempt any FIVE of the following : 10

(a) Compare virus and logic bomb. (any two points).

(b) Identify any four individual user responsibilities in computer security.

(c) Define following terms :

(i) Cryptography

(ii) Cryptology

(d) Construct digital signature using cryptool.

(e) List any two types of active and passive attacks.

(f) State any two policies of the firewall.

(g) List any four types of cybercrimes.

2. Attempt any THREE of the following : 12

(a) Describe CIA model with suitable diagram.

[1 of 4] P.T.O.
22620 [2 of 4]
(b) Define following with suitable example :

(i) DAC

(ii) MAC

(c) Differentiate between symmetric and asymmetric key cryptography. (any four
points)

(d) Explain steganography technique with suitable example.

3. Attempt any THREE of the following : 12

(a) Describe piggy backing and shoulder surfing.

(b) Convert plain text into cipher text by using Simple columner technique of the
following sentence :

“Maharastra State Board of Technical Education”

(c) State any four difference between Firewall and Intrusion Detection System.

(d) Describe any four password selection criteria.

4. Attempt any THREE of the following : 12

(a) Convert the given plain text, encrypt it with the help of Caesor’s cipher
technique.

“Network and Information Security”.

(b) Demonstrate configuration of Firewall setting windows operating system.

(c) Describe DMZ with suitable diagram.

(d) Describe PGP with suitable diagram.

(e) Find the output of the initial permutation box when the input is given in
hexadecimal as

0  0003 0000 0000 0001

22620 [3 of 4]

5. Attempt any TWO of the following : 12

(a) Describe the following terms :

(i) Assels

(ii) Vulnerability

(iii) Risks

(b) Describe network based IDS with suitable diagram.

(c) Describe COBIT framework with neat diagram.

6. Attempt any TWO of the following : 12

(a) Describe any three phases of virus with suitable example.

(b) Describe ‘Kerberos’ protocol with suitable diagram.

(c) Describe following terms :

(i) Packet filter Firewall

(ii) Application gateway

(iii) Circuit gateway

_______________

P.T.O.
22620 [4 of 4]
23124
22620
3 Hours / 70 Marks Seat No.

Instructions : (1) All Questions are compulsory.

(2) Answer each next main Question on a new page.
(3) Illustrate your answers with neat sketches wherever necessary.
(4) Figures to the right indicate full marks.
(5) Assume suitable data, if necessary.
(6) Mobile Phone, Pager and any other Electronic Communication
devices are not permissible in Examination Hall.

Marks
1. Attempt any FIVE of the following : 10
(a) List any four virus categories.
(b) List any four biometric mechanisms.
(c) Define the following terms :
(i) Cryptography
(ii) Cryptanalysis
(d) Give examples of Active & Passive Attacks (two each).
(e) State the two types of firewall with its use.
(f) List two protocols in IP Sec. State its function.
(g) Classify the following cyber crime :
(i) Cyber terrorism against a government organization
(ii) Cyber – Stalking
(iii) Copyright infringement
(iv) Email harassment

[1 of 4] P.T.O.
22620 [2 of 4]
2. Attempt any THREE of the following : 12
(a) Explain basic principles of information security.
(b) Explain any two password attacks.
(c) Describe digital signature technique using message digest.
(d) Explain steganography technique with an example.

3. Attempt any THREE of the following : 12

(a) Describe :
(i) Piggybacking
(ii) Dumpster diving
(b) Consider plain text “CERTIFICATE” and convert it into cipher text using
Caesar Cipher with a shift of position 4. Write steps for encryption.
(c) State the use of packet filters. Explain its operation.
(d) State the features of (i) DAC (ii) MAC.

4. Attempt any THREE of the following : 12

(a) Convert the given plain text into cipher text using simple columnar technique
using the following data :
 Plain text : NETWORK SECURITY
 Number columns : 06
 Encryption key : 632514
(b) State the working principle of application gateways. Describe circuit gateway
operation.
(c) Describe DMZ with an example.
(d) State the use of Digital Certificates. Describe the steps for digital certificate
creation.
(e) Considering DES, find the output of the initial permutation box when the
input is given in hexadecimal as, 0×0000 0080 0000 0002
22620 [3 of 4]
5. Attempt any TWO of the following : 12
(a) State the criteria for information classification. Explain information
classification.
(b) State the features of the following IDS :
(i) Network based IDS
(ii) Host based IDS
(iii) Honey pots
(c) Explain step-by-step procedure of Kerberos with diagrams.

6. Attempt any TWO of the following : 12

(a) Explain the following attacks using an example :
(i) Sniffing (ii) Spoofing (iii) Phishing
(b) Describe ITIL framework with different stages of life cycle.
(c) State and explain 3 types of firewall configurations with a neat diagram.
_______________

P.T.O.
22620 [4 of 4]
23242
22620
3 Hours / 70 Marks Seat No.

Instructions : (1) All Questions are compulsory.

(2) Illustrate your answers with neat sketches wherever necessary.
(3) Figures to the right indicate full marks.
(4) Assume suitable data, if necessary.

Marks

1. Attempt any FIVE of the following : 10

(a) Differentiate between viruses & worms.

(b) State any four advantages of Biometrics.

(c) Explain the term cryptanalysis.
(d) Define term cyber crime.
(e) Explain the term assets.
(f) State any four limitations of firewall.
(g) Explain working of Kerberos in short.

2. Attempt any THREE of the following : 12

(a) Enlist types of Biometrics & explain any one Biometrics type in detail.
(b) Explain DOS with neat diagram.
(c) Differentiate between symmetric and asymmetric cryptography.
(d) Illustrate digital signature and explain it with neat diagram.

[1 of 2] P.T.O.
22620 [2 of 2]
3. Attempt any THREE of the following : 12
(a) Define the following terms :
(i) Authentication
(ii) Authorization
(b) Convert plain text into cipher text by using simple columnar technique of the
following sentence :
ALL IS WELL FOR YOUR EXAM.
(c) Describe packet filter router firewall with neat diagram.
(d) Explain working of fingerprint mechanism and its limitations.

4. Attempt any THREE of the following : 12

(a) Explain Caesar’s cipher substitution technique with example.
(b) Describe host based IDS with its advantages and disadvantages.
(c) Define Hacking. Explain different types of Hackers.
(d) Explain the features of IDS technique.
(e) Differentiate between substitution and transposition techniques ?

5. Attempt any TWO of the following : 12

(a) Explain active attack and passive attack with suitable example.
(b) Describe the DMZ with suitable example.
(c) Explain working principle of SMTP in detail.

6. Attempt any TWO of the following : 12

(a) Explain any three criteria for classification of information.
(b) Describe COBIT framework with neat sketch.
(c) Explain policies, configuration & limitations of firewall in detail.

_______________
12425
22620
3 Hours / 70 Marks Seat No.

Instructions : (1) All Questions are compulsory.

(2) Answer each next main Question on a new page.
(3) Illustrate your answers with neat sketches wherever necessary.
(4) Figures to the right indicate full marks.
(5) Assume suitable data, if necessary.
(6) Mobile Phone, Pager and any other Electronic Communication
devices are not permissible in Examination Hall.

Marks

1. Attempt any FIVE of the following : 10

(a) Define CIA model of Security Basic.

(b) Enlist the types of Firewalls.

(c) Differentiate between Virus & Worm (any two).
(d) Explain the term Cryptography.
(e) Define the term Honeypots.
(f) Enlist two Intrusion Detection System.
(g) Enlist two Active & Passive attack each.

2. Attempt any THREE of the following : 12

(a) Explain criterias for information classification.
(b) Describe the dumster diving with its prevention mechanism.

[1 of 4] P.T.O.
22620 [2 of 4]
(c) Draw and explain Host-Based intrusion detection system.

(d) Explain Data Encryption Standard.

3. Attempt any THREE of the following : 12

(a) Define following terms :

(i) Operating system security

(ii) Hot fix

(iii) Patch

(iv) Service Pack

(b) Define password selection strategies.

(c) Explain Caesar’s Cipher substitute technique with suitable example.

(d) Explain Email Security in SMTP.

4. Attempt any THREE of the following : 12

(a) Differentiate between Symmetric and Asymmetric key cryptography.

(b) Draw and explain DMZ.

(c) Describe cyber crime and cyber laws in detail.

(d) Write a brief note on Firewall configuration and state its limitations.

(e) Draw and explain network-based intrusion detection system.

5. Attempt any TWO of the following : 12

(a) Draw and explain DOS & DDOS attack in detail.

(b) Write short note on :

(i) Digital signature

(ii) Steganography

(c) Explain Kerberos with the help of suitable diagram.

22620 [3 of 4]
6. Attempt any TWO of the following : 12

(a) Describe following terms w.r.t. biometric :

(i) Finger Print Analysis

(ii) Retina Scan

(iii) Keystroke

(b) Draw and explain following terms :

(i) Packet Filter Firewall

(ii) Proxy Server

(c) Explain following terms of intellectual property right :

(i) Copyright

(ii) Patent

(iii) Trademark

_______________

P.T.O.
22620 [4 of 4]