VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ......
-
Upload
hoanghuong -
Category
Documents
-
view
287 -
download
14
Transcript of VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ......
VALLIAMMAI ENGINEERING COLLEGE
SRM Nagar, Kattankulathur – 603 203
DEPARTMENT OF COMPUTER APPLICATIONS
QUESTION BANK
IV SEMESTER
MC7005 – Security in Computing
Regulation – 2013
Academic Year 2017 – 18
Prepared by
Mr. V.Santhana Marichamy, Assistant Professor (Sel.G) / MCA
VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.
DEPARTMENT OF COMPUTER APPLICATIONS
QUESTION BANK SUBJECT : MC7005 – Security in Computing
SEM / YEAR: IV / II
UNIT - I ELEMENTARY CRYPTOGRAPHY
Terminology and Background – Substitution Ciphers – Transpositions – Making Good Encryption
Algorithms- Data Encryption Standard- AES Encryption Algorithm – Public Key Encryption –
Cryptographic Hash Functions – Key Exchange – Digital Signatures – Certificates
PART – A
Q.No Questions BT
Level
Competence
1. Define Eavesdropping. 1 Remembering
2. Differentiate between symmetric and asymmetric encryption 2 Understanding
3. Define the term Avalanche effect. 1 Remembering
4. List the Shannon’s characteristics of Good Ciphers. 1 Remembering
5. What are the key principles of security? 1 Remembering
6. What is hash function? 1 Remembering
7. What is meant by certificate Revocation? 1 Remembering
8. Distinguish between direct and arbitrated digital signature. 2 Understanding
9. Does a substitution need to be a permutation of the plaintext symbols? Why or
why not? 2 Understanding
10. Differentiate between active and passive attack. 2 Understanding
11. How do you conclude SHA is more secure than MD5? 3 Applying
12. Illustrate the procedure for simple columnar transposition. 3 Applying
13. Show the properties of a digital signature. 3 Applying
14. Assess the pros of certificates during data transfer in networks. 4 Analysing
15. Infer the Stream cipher and block cipher with example. 4 Analysing
16. Compare Substitution and Transposition techniques. 4 Analysing
17. Generalize the types of attacks on encrypted message. 5 Evaluating
18. Prepare any four names of substitution techniques. 5 Evaluating
19. Invent “Good Morning” using Caesar chipper encryption technique. 6 Creating
20. Generalize the pros of certificates during data transfer in network.
6 Creating
PART – B
1. Describe the following (i) Associate DES with AES education (6)
(ii)Describe RSA algorithm in detail with the examples (7)
1 Remembering
2. Describe the following (i) Compare the performance of SHA and MD5
(ii) Digital Signature Algorithm (6+7)
1 Remembering
3. Examine briefly about AES encryption algorithm in detail (13) 1 Remembering
4. Discuss about (i) Various types of security services (ii) security attacks
(6+7)
2 Understanding
5. Summarize the concepts of (i)Shannon's Characteristics of "Good"
Ciphers (ii)Comparing Stream and block algorithms (7+6)
2 Understanding
6. Describe in detail about principles of public key cryptography. (13)
3 Applying
7. Explain the classical Encryption techniques in detail. (13) 4 Analysing
8. Explain the following (i) Substitution ciphers (ii) Columnar
transposition. (7+6)
4 Analysing
9. (i) Draw the general structure of DES and explain the encryption decryption
process. (8) (ii) Mention the strengths and weakness of DES algorithm. (5)
2 Understanding
10. (i) Prove the complement property for the DES is correct one (5) (ii)
Write short notes: (A) Key exchange algorithm (B) Digital Certificate
(4+4)
6 Creating
11. (i) Why do cryptologists recommend changing the encryption key from
time to time? How frequently should a cryptographic key be changed? (6)
(ii) Find primes p and q so that 12-bit plaintext block could be encrypted
with RSA. (7)
4 Analysing
12. (i) How man in middle attack can be performed in Diffie Hellman
algorithm. (5) (ii) Explain the generation sub key and S Box from the
given 32-bit key by Blowfish. (8)
1 Remembering
13. (i) Comparing Secret Key and Public Key Encryption. (6)
(ii) Comparison of DES and AES. (7)
(13)
5
Evaluating
14. (i) Identify the possible threats for RSA algorithm and list their counter
measures. (6) (ii) Perform decryption and encryption using RSA algorithm
with p=3, q=11, e=7 and N=5. (7)
3 Applying
PART – C
1. In an RSA system, the public key of a given user is e=31,n=3599.what is
the private key of this user (15)
5 Evaluating
2. (i)With a neat diagram implement AES-256.Use 128-bit input,256-bit
key,14 rounds.(ii)Explain Vigenere cipher.Using the Vigenere
cipher,encrypt the word’explanation’ using the key ‘leg’
5 Evaluating
3. Briefly explain Deffie- Hellman key exchange with an example. (15) 6 Creating
4. Prepare a Secure Hash Algorithm(SHA) with necessary example (15)
6 Creating
VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.
DEPARTMENT OF COMPUTER APPLICATIONS
QUESTION BANK SUBJECT : MC7005 – Security in Computing
SEM / YEAR: IV / II
UNIT II - PROGRAM SECURITY
Secure programs – Non-malicious Program Errors – Viruses – Targeted Malicious code –
Controls Against Program Threat – Control of Access to General Objects – User
Authentication – Good Coding Practices – Open Web Application Security Project Flaws
– Common Weakness Enumeration Most Dangerous Software Errors.
PART – A
Q.No Questions BT Level Competence
1. Define the term Virus. 1 Remembering
2. Define OWASP. 1 Remembering
3. What are the major types of virus? 1 Remembering
4. What do you mean by exhaustive attack? 1 Remembering
5. State the different types Non-malicious Program Errors 1 Remembering
6. Differentiate between virus and worm. 2 Understanding
7. Differentiate between flaws, faults, and failures 2 Understanding
8. What is meant by key stroke logging? 1 Remembering
9. How would you prevent virus infection? 5 Evaluating
10. Conclude about broken access control 5 Evaluating
11. Predict the impact of Privilege Escalation
2 Understanding
12. Express the term authentication. 2 Understanding
13. Illustrate the most Dangerous Software Errors 3 Applying
14. Demonstrate the various good coding practices 3 Applying
15. How to use check functions on output to prevent cross site
scripting attacks
3 Applying
16. Identify the types of Flaws 4 Analysing
17. Analyze about Salami Attack 4 Analysing
18. Classify the Most Critical Web Application Security
Vulnerabilities
4 Analysing
19. Integrate about Prevent Injection using OWASP 6 Creating
20. What do you think Insecure Direct Object Reference? 6 Creating
PART – B
1. Describe the following
(i) Specify he meaning of malicious code.
(ii) Describe the working principles of malicious code
and its effect. (6+7)
1 Remembering
2. Describe in detail about (i) Targeted Malicious Code
(ii)Discuss in detail about secure programming.(6+7) 1 Remembering
3. Tabulate the types of viruses and explain in detail (13)
1 Remembering
4. (i).Discuss about the concepts of Controls against Program
Threats. (ii)What are the qualities used by authentication
Mechanisms to confirm a user identity? Explain in detail about biometrics.List
out of the problems faced in biometrics.(6+7)
4 Analysing
5. Explain in detail about (i) types of program threat (ii)
Control of Access to general objects ( 7+6)
4 Analysing
6. Discuss about the following: (i) Types of Flaws (ii) Time-
Of-Check To Time-Of-Use (TOCTTOU) (6+7)
2 Understanding
7. Write short notes on the following (i) Security versus
precisions (ii) Rootkits and the Sony XCP (7+6)
1 Remembering
8. Summarize the following (i) Two Phase Update (ii)
Covert Channel (7+6)
2 Understanding
9. Describe in detail about good coding practices with a
particular programming language (JAVA,C#, etc) (13)
(13)
2 Understanding
10. Explain the following (i) The concept of Salami Attack (ii) (ii) Why Salami Attacks Persist (6+7)
4 Analysing
11. Illustrate the following (i) The methods of user authentication
mechanisms (ii) The storage channel with example (6+7)
(13)
3 Applying
12. Integrate on web security problems and remedies (13) 6 Creating
13. Types of Flaws and explain in detail Open Web Application
Security Project Flaws (13)
3 Applying
14. (i) Explain a Common Weakness Enumeration.
(ii) Explain the Most Dangerous Software Errors in detail
(6+7)
5 Evaluating
PART – C
1. What are Trojans? Discuss its types, attacks and counter
measures in detail. (15)
5 Evaluating
2. Briefly explain the concepts of user authentication.(15) 6 Creating
3. Illustrate non-malicious program errors with a suitable
example. (15)
6 Creating
4. Explain how information in an access log could be used to
identify the true identity of an imposter who has acquired
unauthorized access to a computing system. Describe several
different pieces of information in the log that could be
combined to identify the imposter. (15)
5 Evaluating
VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.
DEPARTMENT OF COMPUTER APPLICATIONS
QUESTION BANK SUBJECT : MC7005 – Security in Computing
SEM / YEAR: IV / II
UNIT III - SECURITY IN NETWORKS
Threats in networks – Encryption – Virtual Private Networks – PKI – SSH – SSL – IPSec – Content
Integrity – Access Controls – Wireless Security – Honey pots – Traffic Flow Security – Firewalls –
Intrusion Detection Systems – Secure e-mail.
PART – A
Q.No Questions BT Level Competence
1. Define and expand VPN 1 Remembering
2. List out the categories of security threads 1 Remembering
3. Define the term SSH in Encryption. 1 Remembering
4. What is meant by Honeypots?
1 Remembering
5. What are services provided by PKI’s? 1 Remembering
6. Define the term Anonymity. 1 Remembering
7. Distinguish between public key and conventional encryption techniques
2 Understanding
8. What is IP address Spoofing?
2 Understanding
9. Estimate the different types Non malicious Program Errors
2 Understanding
10. Assess the features of SET. 3 Applying
11. Differentiate firewall and intrusion detection system. 2 Understanding
12. State the pros of honeypots 3 Applying
13. Show the different types of Firewalls. 3 Applying
14. Analyze the term traffic flow security. 4 Analysing
15. Classifying the different types of honey pots. 4 Analysing
16. Invent about Mutual suspicions. 4 Analysing
17. Evalute the term incomplete mediation
5 Evaluating
18. How would you Identify the different classes of intruders? 5 Evaluating
19. Compose Persistent Permission
6 Creating
20. Generalize about Prevent Injection using OWASP 6 Creating
PART – B
1. Describe the various threats of network security (13)
1 Remembering
2. Write short notes on the following: (i) VPN (ii)PKI (iii) SSH (5+4+4)
1 Remembering
3. Describe the following (i) Denial Of Service (DOS) (ii) Comparison of
link and End-to- End Encryption. (5 +8)
1 Remembering
4. Describe in detail about the architecture of IP Security. (13)
2 Understanding
5. Describe the following (i) What Makes a Networks are Vulnerable? (ii) )
The needs of Wireless Security (7+6)
2 Understanding
6. Illustrate about (i) Honey pots (ii) How honey pots are useful in Traffic
Flow Security? (3+10) 3 Applying
7. Explain in detail about (i) Trusted authentication (ii) What is content
Integrity and Explain in detail? (8+5)
4 Analysing
8. (i) Comparisons of the Firewalls types
(ii) Evaluate the Strengths and Limitations of IDS. (8+5)
5 Evaluating
9. (i) Is a social engineering attack more likely to succeed in person, over the
telephone, or through e-mail? Justify your answer. (5)
(ii) What information might a stateful inspection firewall want to examine
from multiple packets? (4)
(iii) What is the security purpose for the fields, such as sequence number,
of an IPSec packet? (4)
6 Creating
10. Discuss in detail the DSS algorithm with an example. (13)
1 Remembering
11. (i) Explain firewalls and how they prevent intrusions. (ii) Illustrate to
initiating a Kerberos session. (7+6)
3 Applying
12. (i) Give the types of Firewalls (ii) Describe about the Positive and
Negative effects of the firewall (5+8)
2 Understanding
13. Illustrate (i)operational description of PGP (ii) How does PGP to provide
trust in email services (6+7)
4 Analysing
14. Discuss the various methods for providing email security. (13)
4 Analysing
PART – C
1 i) Why is a firewall a good place to implement a VPN? Why not
implement it at the actual Server(s) are being assessed? (ii) Discuss in
detail about secure e-mail system. (8+7)
5 Evaluating
2 (i) Discuss about the various Intrusion detection system in detail. (10)
(ii) Explain in detail about traffic flow security . (5)
6 Creating
3 (i) Can a firewall block attacks user server scripts, such as attack in which the
user could change a price on an item offered by an e-commerce site? Why or
why not? Explain. (ii) Why does a stealth mode IDS need a separate network to
communicate alarms and to accept management commands? Explain. (8+7)
5 Evaluating
4 Design the concepts of firewalls and its types briefly (15) 6 Creating
VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.
DEPARTMENT OF COMPUTER APPLICATIONS
QUESTION BANK SUBJECT : MC7005 – Security in Computing
SEM / YEAR: IV / II
UNIT IV - SECURITY IN DATABASES
Security requirements of database systems – Reliability and Integrity in databases –
Redundancy – Recovery – Concurrency/ Consistency – Monitors – Sensitive Data –
Types of disclosures – Inference-finding and confirming sql injection
PART – A
Q.No Questions BT Level Competence
1. Define the term Commit flag in database 1 Remembering
2. What is meant by sensitive data? Give an example 1 Remembering
3. List out the various dimensional views of database
integrity and reliability?
1 Remembering
4. What is meant by elementary integrity in a database?
1 Remembering
5. Name the list of requirements for database security 1 Remembering
6. Define the term SQL Injection attack? 1 Rememberin
g 7. Differentiate between state and transition constraints
2 Understanding
8. Describe the use of shadow fields in database
redundancy
2 Understanding
9. Write about the Monitors in database.
2 Understanding
10. What is meant by inference? Give an example. 2 Understanding
11. How shadow fields are used in database redundancy? 3 Applying
12. Show the differences between security and precision.
3 Applying
13. Illustrate sensitive data with an example
3 Applying
14. Create the types of Discretionary Privileges in database
security.
6 Creating
15. What are the corrective actions taken for maintain the
integrity of database?
4 Analysing
16. Classify the rules for identifying SQL injection
vulnerabilities.
4 Analysing
17. Compare: SQL injection and blind SQL injection.
4 Analysing
18. How to assess the Role-Based Access Control in
database?
5 Evaluating
19. Summarize the types of disclosures.
6 Creating
20. How to find SQL injection vulnerabilities?
5 Evaluating
PART – B
1. Describe the following (i) Database Redundancy (ii)
Database Recovery (7+6)
1 Remembering
2. (i) Analyse the need for the concurrency control
Mechanisms (4)
(ii) Explain the Concurrency control mechanisms
with an example (9)
1 Remembering
3. Discuss the integrity issues in database design with an
example. (13)
1 Remembering
4. Discuss about database recovery algorithms with an
example.(13)
2 Understanding
5. What is meant by d What is meant by database security? List and discuss the
different issues related to database Security. (13)
2 Understanding
6. (i) Explain the concepts of Security requirements for
database systems in detail.(5)
(ii)Summarize the basic characteristics for selecting
an authoring tools (8)
4 Analysing
7. Illustrate the purpose of encryption in a multilevel
Secure database management system? (13)
3 Applying
8. Explain the control of Access to General Objects in secure
operating systems.(13)
6 Creating
9. Prepare the short notes on the following : (i) Types of
Disclosures (ii) Sensitive Data (7+6)
5 Evaluating
10. Describe in detail about the types of SQL Injection
mechanism. (13)
1 Remembering
11. Describe (i) Inference with example (ii) Factors in
finding SQL injection. (7+6)
2 Understanding
12. Illustrate the following (i) Monitors (ii) Security versus
Precision (7+6)
3 Applying
13. Discuss about the process involved in Automating SQL
Injection Discovery in detail. (13)
4 Analysing
14. Explain the disadvantages of partitioning as a means of
implementing multilevel security for databases. (13)
4 Analysing
PART – C
1. (i) Can a database contain two identical records without
a negative effect on the integrity on the database?
Why or why not? Explain. (7)
(ii) Illustrate a situation in which the sensitivity of an
aggregate is greater than that of its Constituent values.
Explain. (8)
6 Creating
2. Suppose a database manager were to allow nesting of one
transaction inside another. That is, after having updated
part of one record, the DBMS would allow you to select
another record, update it, and then perform further
updates on the first record. What effect would nesting
have on the integrity of a database? Suggest a mechanism
by which nesting could be allowed. (15)
5 Evaluating
3. (i) What is the purpose of encryption in a multilevel secure
database management system? (7)
(ii) Illustrate a situation in which the sensitivity of an
aggregate is less than that of its Constituent values.
Explain. (8)
6 Creating
4. A database transaction implements the command "set
STATUS to 'CURRENT' in all records where
BALANCE-OWED = 0."
a. Describe how that transaction would be performed with
the two-step commit protocol. (5)
b. Suppose the relations from which that command was
formed are (CUSTOMER-ID,STATUS) and
(CUSTOMER-ID,BALANCE-OWED). How would the
transaction be performed? (5)
c. Suppose the relations from which that command was
formed are (CUSTOMER-ID,STATUS), (CREDIT-
ID,CUSTOMER-ID), (CREDIT-ID, BALANCE-
OWED). How would the transaction be performed? (5)
5 Evaluating
VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.
DEPARTMENT OF COMPUTER APPLICATIONS
QUESTION BANK SUBJECT : MC7005 – Security in Computing
SEM / YEAR: IV / II
UNIT V - SECURITY MODELS AND STANDARDS
Secure SDLC – Secure Application Testing – Security architecture models – Trusted
Computing Base – Bell-LaPadula Confidentiality Model – Biba Integrity Model –
Graham-Denning Access Control Model – Harrison-Ruzzo-Ulman Model – Secure
Frameworks – COSO – CobiT – Compliances – PCI DSS – Security Standards - ISO
27000 family of standards – NIST.
PART – A
Q.No Questions BT
Level Competence
1. List the various secure testing techniques.
1 Remembering
2. What is trusted computing base (TCB)? 1 Remembering
3. Define authoring. 1 Remembering
4. List out the key features of TCB. 1 Remembering
5. Examine the various steps involved in secure SDLC?
3 Applying
6. List out the management control of NIST. 1 Remembering
7. Define Harrison-Ruzzo-Ulman Model. 2 Remembering
8. Invent the reason for Secure Application Testing is in high
priority?
6 Creating
9. Differentiate SSDLC with SDLC 2 Understanding
10. Classify the various components of security architectural
model
3 Applying
11. Distinguish between Integrity and Confidentiality 2 Understanding
12. Express the term Graham-Denning Access Control
Model
2 Understanding
13. Distinguish between CobiT and COSO security
standards.
2 Understanding
14. Specify any two secure frameworks. 3 Applying
15. Assess the various primitive protection rights in Graham-
Denning Access Control Model.
5 Evaluating
16. Compare Biba and Bell-Lapadula integrity models.
4 Analysing
17. Infer the term PCI DSS. 4 Analysing
18. Analyze the various relationships between PCI DSS and
PA-DSS?
4 Analysing
19. Assess the five Mandatory Policies in Biba integrity
Model.
5 Evaluating
20. Summarize the ISO 27000 family of standards for
network security.
6 Creating
PART – B
1. Describe about the process of security in SDLC. (13)
1 Remembering
2. Describe the concepts of various secure testing
techniques in detail. (13)
1 Remembering
3. (i) Assess various levels of security standards (5)
(ii) Summarize technical controls of NIST (8)
5 Evaluating
4. Discuss in detail about scope of PCI DSS requirements
and assessment process.(13)
2 Understanding
5. Demonstrate the PCDA approach of ISO 27001 in detail.
(13)
3 Applying
6. Describe the following (i)Bell-LaPadula confidentiality
Model (ii) Secure Frameworks Give Example? (7+6)
1 Remembering
7. Describe in detail about (i) State Machine Models
(ii) COSO security standards. (6+7)
2 Understanding
8. (i) Describe about Graham-Denning Access Control
Model with an example (8)
(ii) Clark—Wilson Integrity Model (5)
1 Remembering
9. (i) Prepare the various precautionary measures can take
to avoid Compliances (10)
(ii) Needs for PCI DSS. (3)
6 Creating
10. Explain the following (i) Harrison-Ruzzo-Ulman Model
(ii) PCI DSS compliance (8+5)
4 Analysing
11. Describe the following (i) ISO 27000 Standards (ii)
COBIT (7+6)
2 Understanding
12. Illustrate about (i) The technical controls of NIST
(ii) The management control of NIST. (7+6)
3 Applying
13. Discuss in detail about scope of PCI DSS requirements
and assessment process. (13)
4 Analysing
14. (i) Lattice model (ii) Compare COBIT and ISO27001
(5+8) 4 Analysing
PART – C
1. Explain the security architectural model with its design
components in detail. (15)
5 Evaluating
2. i) Combine the various characteristics of a Good security
policy (7)
(ii) Concepts of Biba integrity model (8)
6 Creating
3. (i) Generalize concepts of the operational controls
of NIST (5)
(ii) Integrate the various ISO 27000 Information security
management series and its benefits.(10)
6 Creating
4. How to Test Application Security – Web and Desktop
Application Security Testing Techniques? (15)
in detail?
5 Evaluating