VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ......

of 12 /12
VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur 603 203 DEPARTMENT OF COMPUTER APPLICATIONS QUESTION BANK IV SEMESTER MC7005 Security in Computing Regulation 2013 Academic Year 2017 18 Prepared by Mr. V.Santhana Marichamy, Assistant Professor (Sel.G) / MCA

Transcript of VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ......

Page 1: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

VALLIAMMAI ENGINEERING COLLEGE

SRM Nagar, Kattankulathur – 603 203

DEPARTMENT OF COMPUTER APPLICATIONS

QUESTION BANK

IV SEMESTER

MC7005 – Security in Computing

Regulation – 2013

Academic Year 2017 – 18

Prepared by

Mr. V.Santhana Marichamy, Assistant Professor (Sel.G) / MCA

Page 2: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.

DEPARTMENT OF COMPUTER APPLICATIONS

QUESTION BANK SUBJECT : MC7005 – Security in Computing

SEM / YEAR: IV / II

UNIT - I ELEMENTARY CRYPTOGRAPHY

Terminology and Background – Substitution Ciphers – Transpositions – Making Good Encryption

Algorithms- Data Encryption Standard- AES Encryption Algorithm – Public Key Encryption –

Cryptographic Hash Functions – Key Exchange – Digital Signatures – Certificates

PART – A

Q.No Questions BT

Level

Competence

1. Define Eavesdropping. 1 Remembering

2. Differentiate between symmetric and asymmetric encryption 2 Understanding

3. Define the term Avalanche effect. 1 Remembering

4. List the Shannon’s characteristics of Good Ciphers. 1 Remembering

5. What are the key principles of security? 1 Remembering

6. What is hash function? 1 Remembering

7. What is meant by certificate Revocation? 1 Remembering

8. Distinguish between direct and arbitrated digital signature. 2 Understanding

9. Does a substitution need to be a permutation of the plaintext symbols? Why or

why not? 2 Understanding

10. Differentiate between active and passive attack. 2 Understanding

11. How do you conclude SHA is more secure than MD5? 3 Applying

12. Illustrate the procedure for simple columnar transposition. 3 Applying

13. Show the properties of a digital signature. 3 Applying

14. Assess the pros of certificates during data transfer in networks. 4 Analysing

15. Infer the Stream cipher and block cipher with example. 4 Analysing

16. Compare Substitution and Transposition techniques. 4 Analysing

17. Generalize the types of attacks on encrypted message. 5 Evaluating

18. Prepare any four names of substitution techniques. 5 Evaluating

19. Invent “Good Morning” using Caesar chipper encryption technique. 6 Creating

20. Generalize the pros of certificates during data transfer in network.

6 Creating

PART – B

1. Describe the following (i) Associate DES with AES education (6)

(ii)Describe RSA algorithm in detail with the examples (7)

1 Remembering

2. Describe the following (i) Compare the performance of SHA and MD5

(ii) Digital Signature Algorithm (6+7)

1 Remembering

3. Examine briefly about AES encryption algorithm in detail (13) 1 Remembering

Page 3: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

4. Discuss about (i) Various types of security services (ii) security attacks

(6+7)

2 Understanding

5. Summarize the concepts of (i)Shannon's Characteristics of "Good"

Ciphers (ii)Comparing Stream and block algorithms (7+6)

2 Understanding

6. Describe in detail about principles of public key cryptography. (13)

3 Applying

7. Explain the classical Encryption techniques in detail. (13) 4 Analysing

8. Explain the following (i) Substitution ciphers (ii) Columnar

transposition. (7+6)

4 Analysing

9. (i) Draw the general structure of DES and explain the encryption decryption

process. (8) (ii) Mention the strengths and weakness of DES algorithm. (5)

2 Understanding

10. (i) Prove the complement property for the DES is correct one (5) (ii)

Write short notes: (A) Key exchange algorithm (B) Digital Certificate

(4+4)

6 Creating

11. (i) Why do cryptologists recommend changing the encryption key from

time to time? How frequently should a cryptographic key be changed? (6)

(ii) Find primes p and q so that 12-bit plaintext block could be encrypted

with RSA. (7)

4 Analysing

12. (i) How man in middle attack can be performed in Diffie Hellman

algorithm. (5) (ii) Explain the generation sub key and S Box from the

given 32-bit key by Blowfish. (8)

1 Remembering

13. (i) Comparing Secret Key and Public Key Encryption. (6)

(ii) Comparison of DES and AES. (7)

(13)

5

Evaluating

14. (i) Identify the possible threats for RSA algorithm and list their counter

measures. (6) (ii) Perform decryption and encryption using RSA algorithm

with p=3, q=11, e=7 and N=5. (7)

3 Applying

PART – C

1. In an RSA system, the public key of a given user is e=31,n=3599.what is

the private key of this user (15)

5 Evaluating

2. (i)With a neat diagram implement AES-256.Use 128-bit input,256-bit

key,14 rounds.(ii)Explain Vigenere cipher.Using the Vigenere

cipher,encrypt the word’explanation’ using the key ‘leg’

5 Evaluating

3. Briefly explain Deffie- Hellman key exchange with an example. (15) 6 Creating

4. Prepare a Secure Hash Algorithm(SHA) with necessary example (15)

6 Creating

Page 4: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.

DEPARTMENT OF COMPUTER APPLICATIONS

QUESTION BANK SUBJECT : MC7005 – Security in Computing

SEM / YEAR: IV / II

UNIT II - PROGRAM SECURITY

Secure programs – Non-malicious Program Errors – Viruses – Targeted Malicious code –

Controls Against Program Threat – Control of Access to General Objects – User

Authentication – Good Coding Practices – Open Web Application Security Project Flaws

– Common Weakness Enumeration Most Dangerous Software Errors.

PART – A

Q.No Questions BT Level Competence

1. Define the term Virus. 1 Remembering

2. Define OWASP. 1 Remembering

3. What are the major types of virus? 1 Remembering

4. What do you mean by exhaustive attack? 1 Remembering

5. State the different types Non-malicious Program Errors 1 Remembering

6. Differentiate between virus and worm. 2 Understanding

7. Differentiate between flaws, faults, and failures 2 Understanding

8. What is meant by key stroke logging? 1 Remembering

9. How would you prevent virus infection? 5 Evaluating

10. Conclude about broken access control 5 Evaluating

11. Predict the impact of Privilege Escalation

2 Understanding

12. Express the term authentication. 2 Understanding

13. Illustrate the most Dangerous Software Errors 3 Applying

14. Demonstrate the various good coding practices 3 Applying

15. How to use check functions on output to prevent cross site

scripting attacks

3 Applying

16. Identify the types of Flaws 4 Analysing

17. Analyze about Salami Attack 4 Analysing

18. Classify the Most Critical Web Application Security

Vulnerabilities

4 Analysing

19. Integrate about Prevent Injection using OWASP 6 Creating

20. What do you think Insecure Direct Object Reference? 6 Creating

PART – B

1. Describe the following

(i) Specify he meaning of malicious code.

(ii) Describe the working principles of malicious code

and its effect. (6+7)

1 Remembering

2. Describe in detail about (i) Targeted Malicious Code

(ii)Discuss in detail about secure programming.(6+7) 1 Remembering

3. Tabulate the types of viruses and explain in detail (13)

1 Remembering

Page 5: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

4. (i).Discuss about the concepts of Controls against Program

Threats. (ii)What are the qualities used by authentication

Mechanisms to confirm a user identity? Explain in detail about biometrics.List

out of the problems faced in biometrics.(6+7)

4 Analysing

5. Explain in detail about (i) types of program threat (ii)

Control of Access to general objects ( 7+6)

4 Analysing

6. Discuss about the following: (i) Types of Flaws (ii) Time-

Of-Check To Time-Of-Use (TOCTTOU) (6+7)

2 Understanding

7. Write short notes on the following (i) Security versus

precisions (ii) Rootkits and the Sony XCP (7+6)

1 Remembering

8. Summarize the following (i) Two Phase Update (ii)

Covert Channel (7+6)

2 Understanding

9. Describe in detail about good coding practices with a

particular programming language (JAVA,C#, etc) (13)

(13)

2 Understanding

10. Explain the following (i) The concept of Salami Attack (ii) (ii) Why Salami Attacks Persist (6+7)

4 Analysing

11. Illustrate the following (i) The methods of user authentication

mechanisms (ii) The storage channel with example (6+7)

(13)

3 Applying

12. Integrate on web security problems and remedies (13) 6 Creating

13. Types of Flaws and explain in detail Open Web Application

Security Project Flaws (13)

3 Applying

14. (i) Explain a Common Weakness Enumeration.

(ii) Explain the Most Dangerous Software Errors in detail

(6+7)

5 Evaluating

PART – C

1. What are Trojans? Discuss its types, attacks and counter

measures in detail. (15)

5 Evaluating

2. Briefly explain the concepts of user authentication.(15) 6 Creating

3. Illustrate non-malicious program errors with a suitable

example. (15)

6 Creating

4. Explain how information in an access log could be used to

identify the true identity of an imposter who has acquired

unauthorized access to a computing system. Describe several

different pieces of information in the log that could be

combined to identify the imposter. (15)

5 Evaluating

Page 6: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.

DEPARTMENT OF COMPUTER APPLICATIONS

QUESTION BANK SUBJECT : MC7005 – Security in Computing

SEM / YEAR: IV / II

UNIT III - SECURITY IN NETWORKS

Threats in networks – Encryption – Virtual Private Networks – PKI – SSH – SSL – IPSec – Content

Integrity – Access Controls – Wireless Security – Honey pots – Traffic Flow Security – Firewalls –

Intrusion Detection Systems – Secure e-mail.

PART – A

Q.No Questions BT Level Competence

1. Define and expand VPN 1 Remembering

2. List out the categories of security threads 1 Remembering

3. Define the term SSH in Encryption. 1 Remembering

4. What is meant by Honeypots?

1 Remembering

5. What are services provided by PKI’s? 1 Remembering

6. Define the term Anonymity. 1 Remembering

7. Distinguish between public key and conventional encryption techniques

2 Understanding

8. What is IP address Spoofing?

2 Understanding

9. Estimate the different types Non malicious Program Errors

2 Understanding

10. Assess the features of SET. 3 Applying

11. Differentiate firewall and intrusion detection system. 2 Understanding

12. State the pros of honeypots 3 Applying

13. Show the different types of Firewalls. 3 Applying

14. Analyze the term traffic flow security. 4 Analysing

15. Classifying the different types of honey pots. 4 Analysing

16. Invent about Mutual suspicions. 4 Analysing

17. Evalute the term incomplete mediation

5 Evaluating

18. How would you Identify the different classes of intruders? 5 Evaluating

19. Compose Persistent Permission

6 Creating

20. Generalize about Prevent Injection using OWASP 6 Creating

PART – B

1. Describe the various threats of network security (13)

1 Remembering

2. Write short notes on the following: (i) VPN (ii)PKI (iii) SSH (5+4+4)

1 Remembering

3. Describe the following (i) Denial Of Service (DOS) (ii) Comparison of

link and End-to- End Encryption. (5 +8)

1 Remembering

4. Describe in detail about the architecture of IP Security. (13)

2 Understanding

5. Describe the following (i) What Makes a Networks are Vulnerable? (ii) )

The needs of Wireless Security (7+6)

2 Understanding

Page 7: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

6. Illustrate about (i) Honey pots (ii) How honey pots are useful in Traffic

Flow Security? (3+10) 3 Applying

7. Explain in detail about (i) Trusted authentication (ii) What is content

Integrity and Explain in detail? (8+5)

4 Analysing

8. (i) Comparisons of the Firewalls types

(ii) Evaluate the Strengths and Limitations of IDS. (8+5)

5 Evaluating

9. (i) Is a social engineering attack more likely to succeed in person, over the

telephone, or through e-mail? Justify your answer. (5)

(ii) What information might a stateful inspection firewall want to examine

from multiple packets? (4)

(iii) What is the security purpose for the fields, such as sequence number,

of an IPSec packet? (4)

6 Creating

10. Discuss in detail the DSS algorithm with an example. (13)

1 Remembering

11. (i) Explain firewalls and how they prevent intrusions. (ii) Illustrate to

initiating a Kerberos session. (7+6)

3 Applying

12. (i) Give the types of Firewalls (ii) Describe about the Positive and

Negative effects of the firewall (5+8)

2 Understanding

13. Illustrate (i)operational description of PGP (ii) How does PGP to provide

trust in email services (6+7)

4 Analysing

14. Discuss the various methods for providing email security. (13)

4 Analysing

PART – C

1 i) Why is a firewall a good place to implement a VPN? Why not

implement it at the actual Server(s) are being assessed? (ii) Discuss in

detail about secure e-mail system. (8+7)

5 Evaluating

2 (i) Discuss about the various Intrusion detection system in detail. (10)

(ii) Explain in detail about traffic flow security . (5)

6 Creating

3 (i) Can a firewall block attacks user server scripts, such as attack in which the

user could change a price on an item offered by an e-commerce site? Why or

why not? Explain. (ii) Why does a stealth mode IDS need a separate network to

communicate alarms and to accept management commands? Explain. (8+7)

5 Evaluating

4 Design the concepts of firewalls and its types briefly (15) 6 Creating

Page 8: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.

DEPARTMENT OF COMPUTER APPLICATIONS

QUESTION BANK SUBJECT : MC7005 – Security in Computing

SEM / YEAR: IV / II

UNIT IV - SECURITY IN DATABASES

Security requirements of database systems – Reliability and Integrity in databases –

Redundancy – Recovery – Concurrency/ Consistency – Monitors – Sensitive Data –

Types of disclosures – Inference-finding and confirming sql injection

PART – A

Q.No Questions BT Level Competence

1. Define the term Commit flag in database 1 Remembering

2. What is meant by sensitive data? Give an example 1 Remembering

3. List out the various dimensional views of database

integrity and reliability?

1 Remembering

4. What is meant by elementary integrity in a database?

1 Remembering

5. Name the list of requirements for database security 1 Remembering

6. Define the term SQL Injection attack? 1 Rememberin

g 7. Differentiate between state and transition constraints

2 Understanding

8. Describe the use of shadow fields in database

redundancy

2 Understanding

9. Write about the Monitors in database.

2 Understanding

10. What is meant by inference? Give an example. 2 Understanding

11. How shadow fields are used in database redundancy? 3 Applying

12. Show the differences between security and precision.

3 Applying

13. Illustrate sensitive data with an example

3 Applying

14. Create the types of Discretionary Privileges in database

security.

6 Creating

15. What are the corrective actions taken for maintain the

integrity of database?

4 Analysing

16. Classify the rules for identifying SQL injection

vulnerabilities.

4 Analysing

17. Compare: SQL injection and blind SQL injection.

4 Analysing

18. How to assess the Role-Based Access Control in

database?

5 Evaluating

19. Summarize the types of disclosures.

6 Creating

20. How to find SQL injection vulnerabilities?

5 Evaluating

PART – B

1. Describe the following (i) Database Redundancy (ii)

Database Recovery (7+6)

1 Remembering

Page 9: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

2. (i) Analyse the need for the concurrency control

Mechanisms (4)

(ii) Explain the Concurrency control mechanisms

with an example (9)

1 Remembering

3. Discuss the integrity issues in database design with an

example. (13)

1 Remembering

4. Discuss about database recovery algorithms with an

example.(13)

2 Understanding

5. What is meant by d What is meant by database security? List and discuss the

different issues related to database Security. (13)

2 Understanding

6. (i) Explain the concepts of Security requirements for

database systems in detail.(5)

(ii)Summarize the basic characteristics for selecting

an authoring tools (8)

4 Analysing

7. Illustrate the purpose of encryption in a multilevel

Secure database management system? (13)

3 Applying

8. Explain the control of Access to General Objects in secure

operating systems.(13)

6 Creating

9. Prepare the short notes on the following : (i) Types of

Disclosures (ii) Sensitive Data (7+6)

5 Evaluating

10. Describe in detail about the types of SQL Injection

mechanism. (13)

1 Remembering

11. Describe (i) Inference with example (ii) Factors in

finding SQL injection. (7+6)

2 Understanding

12. Illustrate the following (i) Monitors (ii) Security versus

Precision (7+6)

3 Applying

13. Discuss about the process involved in Automating SQL

Injection Discovery in detail. (13)

4 Analysing

14. Explain the disadvantages of partitioning as a means of

implementing multilevel security for databases. (13)

4 Analysing

PART – C

1. (i) Can a database contain two identical records without

a negative effect on the integrity on the database?

Why or why not? Explain. (7)

(ii) Illustrate a situation in which the sensitivity of an

aggregate is greater than that of its Constituent values.

Explain. (8)

6 Creating

2. Suppose a database manager were to allow nesting of one

transaction inside another. That is, after having updated

part of one record, the DBMS would allow you to select

another record, update it, and then perform further

updates on the first record. What effect would nesting

have on the integrity of a database? Suggest a mechanism

by which nesting could be allowed. (15)

5 Evaluating

Page 10: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

3. (i) What is the purpose of encryption in a multilevel secure

database management system? (7)

(ii) Illustrate a situation in which the sensitivity of an

aggregate is less than that of its Constituent values.

Explain. (8)

6 Creating

4. A database transaction implements the command "set

STATUS to 'CURRENT' in all records where

BALANCE-OWED = 0."

a. Describe how that transaction would be performed with

the two-step commit protocol. (5)

b. Suppose the relations from which that command was

formed are (CUSTOMER-ID,STATUS) and

(CUSTOMER-ID,BALANCE-OWED). How would the

transaction be performed? (5)

c. Suppose the relations from which that command was

formed are (CUSTOMER-ID,STATUS), (CREDIT-

ID,CUSTOMER-ID), (CREDIT-ID, BALANCE-

OWED). How would the transaction be performed? (5)

5 Evaluating

Page 11: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur – 603 203.

DEPARTMENT OF COMPUTER APPLICATIONS

QUESTION BANK SUBJECT : MC7005 – Security in Computing

SEM / YEAR: IV / II

UNIT V - SECURITY MODELS AND STANDARDS

Secure SDLC – Secure Application Testing – Security architecture models – Trusted

Computing Base – Bell-LaPadula Confidentiality Model – Biba Integrity Model –

Graham-Denning Access Control Model – Harrison-Ruzzo-Ulman Model – Secure

Frameworks – COSO – CobiT – Compliances – PCI DSS – Security Standards - ISO

27000 family of standards – NIST.

PART – A

Q.No Questions BT

Level Competence

1. List the various secure testing techniques.

1 Remembering

2. What is trusted computing base (TCB)? 1 Remembering

3. Define authoring. 1 Remembering

4. List out the key features of TCB. 1 Remembering

5. Examine the various steps involved in secure SDLC?

3 Applying

6. List out the management control of NIST. 1 Remembering

7. Define Harrison-Ruzzo-Ulman Model. 2 Remembering

8. Invent the reason for Secure Application Testing is in high

priority?

6 Creating

9. Differentiate SSDLC with SDLC 2 Understanding

10. Classify the various components of security architectural

model

3 Applying

11. Distinguish between Integrity and Confidentiality 2 Understanding

12. Express the term Graham-Denning Access Control

Model

2 Understanding

13. Distinguish between CobiT and COSO security

standards.

2 Understanding

14. Specify any two secure frameworks. 3 Applying

15. Assess the various primitive protection rights in Graham-

Denning Access Control Model.

5 Evaluating

16. Compare Biba and Bell-Lapadula integrity models.

4 Analysing

17. Infer the term PCI DSS. 4 Analysing

18. Analyze the various relationships between PCI DSS and

PA-DSS?

4 Analysing

19. Assess the five Mandatory Policies in Biba integrity

Model.

5 Evaluating

20. Summarize the ISO 27000 family of standards for

network security.

6 Creating

PART – B

1. Describe about the process of security in SDLC. (13)

1 Remembering

Page 12: VALLIAMMAI ENGINEERING COLLEGE Semester/MC7005-Security in...UNIT - I ELEMENTARY CRYPTOGRAPHY ... Write short notes: (A) ... VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur

2. Describe the concepts of various secure testing

techniques in detail. (13)

1 Remembering

3. (i) Assess various levels of security standards (5)

(ii) Summarize technical controls of NIST (8)

5 Evaluating

4. Discuss in detail about scope of PCI DSS requirements

and assessment process.(13)

2 Understanding

5. Demonstrate the PCDA approach of ISO 27001 in detail.

(13)

3 Applying

6. Describe the following (i)Bell-LaPadula confidentiality

Model (ii) Secure Frameworks Give Example? (7+6)

1 Remembering

7. Describe in detail about (i) State Machine Models

(ii) COSO security standards. (6+7)

2 Understanding

8. (i) Describe about Graham-Denning Access Control

Model with an example (8)

(ii) Clark—Wilson Integrity Model (5)

1 Remembering

9. (i) Prepare the various precautionary measures can take

to avoid Compliances (10)

(ii) Needs for PCI DSS. (3)

6 Creating

10. Explain the following (i) Harrison-Ruzzo-Ulman Model

(ii) PCI DSS compliance (8+5)

4 Analysing

11. Describe the following (i) ISO 27000 Standards (ii)

COBIT (7+6)

2 Understanding

12. Illustrate about (i) The technical controls of NIST

(ii) The management control of NIST. (7+6)

3 Applying

13. Discuss in detail about scope of PCI DSS requirements

and assessment process. (13)

4 Analysing

14. (i) Lattice model (ii) Compare COBIT and ISO27001

(5+8) 4 Analysing

PART – C

1. Explain the security architectural model with its design

components in detail. (15)

5 Evaluating

2. i) Combine the various characteristics of a Good security

policy (7)

(ii) Concepts of Biba integrity model (8)

6 Creating

3. (i) Generalize concepts of the operational controls

of NIST (5)

(ii) Integrate the various ISO 27000 Information security

management series and its benefits.(10)

6 Creating

4. How to Test Application Security – Web and Desktop

Application Security Testing Techniques? (15)

in detail?

5 Evaluating