B.E/B.

Tech DEGREE EXAMINATION,NOVEMBER/DECEMBER 2007 Seventh Semester Computer Science and Engineering CS1014-INFORMATION SECURITY (Regulation 2004) Time :Three hours Maximum:100 Marks. Answer ALL questions PART A-(10*2=20marks) 1.State the critical characteristics of information. 2.List the components used in security models. 3.Name the counter measures on threats. 4.Differentiate between threats and attacks. 5.Mention the benefits of risk management. 6.State the roles involved in Risk management. 7.Name the people affected in security policy. 8.State the pros of Visa international security model. 9.List any two IDS.Mention its category of classification 10.What are the basic functions of access controldevices?. PART B-(5*16=80 marks) 11.(a) Discuss in detail NSTISSC security model. (Or) (b)What is SDLC?Illustrate the security of SDLC. 12(a) Explain in detail the different types of cryptanalytic attacks. (or) (b)Discuss in detail the Legal ,Ethical and Professionalism issues during security investigation. 13(a)What is risk Management?.State the methods of identifying and assessing risk management. (or) (b)Discuss in detail the process of assessing and controlling risk management issues. 14(a)(i) Compare and contrast the ISO 17700 with BS7799 NIST security models. (ii) Briefly explain the NIST SECURITY MODEL (or) (b) List the styles of architecture security models .Discuss them in detail. 15 (a)(i) What is intrusion detection system ?.Explain its types in detail. (ii).Write short notes on scanning and analysis tools used during design. (or) (b) (i)What is cryptography ?.Discuss the authentication models used in cryptography. (ii) Write notes on the control devices used in security design

2009 Anna University M.C.A Computer Aplications INFORMATION SECURITY Question paper INFORMATION SECURITY Part-A (20x2=40) 1. What are the Multilayer of the security? 2. Email spoofing? 3. What do you understands by the term methodology ? 4. Explain the Risk Management? 5. Software privacy? 6. What is called Elite Hacker? 7. Clarify Brute force attack? 8. Indicate the necessary of deterrence? 9. What you mean by liability? 10. State dumpster driving? 11. List out three categories of control ? 12. Def transference? 13. what is Policy? 14. Give details about Evidence? 15. What is Firewall? 16. State Alert message? 17. What do you meant by Proxy-server? 18. Define Socks? 19. Specify a padded cell? 20. Define Mantrap? Part-B (12x5=60) 21.a) List out the Components of an Information System? 6 b) Briefly discuss Security System Development life cycle? 6 22. List out the different Attacks caused in the security . Explain any 12? 23. Write short note on Codes of Ethics and professional organizations? 24.a) What is Risk Assessment ? Exp steps? 6

b) Approaches of Risk control strategies? 6 25.a) Write short notes on ISO 17799/BS7799? 4 b) How do you design security Architecture ? 8 26. In what we can Categorize Firewall by Processing mode.Discuss/ 27. Indicate the Technologies associated with Access Control ? 28. Illustrate the various Cryptography Tools?
Code No:2320504 Set No.1 III B.Tech II Semester Regular Examinations, April/May 2009 INFORMATION SECURITY (Computer science & Engineering ) Time: 3 hours Max Marks: 80 Answer any FIVE Questions All Questions carry equal marks 1.(a)"Internetwork security is both fascinating and complex"-justify the statement with valid reasoning. (b) Explain the terms related to oerflow: i.Stack dumping. ii.Execute payload. [MARKS 8+8] 2.(a) Explain with a neat illustration the automatic key distribution. (b) Explain the various steps involved in the HMAC algorithm. [MARKS 8+8] 3.(a) Explain the procedure involved in RSA public-key encryption algorithm. (b) Explain what Kerberos is and give its requirements. [MARKS 8+8] 4.(a) Explain the following terms in relation with the e-mail software- PGP: i.E-mail compatibility ii.Segmentation and reassembly. (b) Describe how authentication and confidentiality are handled in S/MIME. [MARKS 8+8] 5.(a) When tunnel mode is used, a new outer IP header is constructed. For both IPV4 and IPV6, indicate the relationship of each outer IP header field and each extension header in the outer packet to the correspon-

ding field or extension header of the inner packet. That is, indicate which outer values are derived from inner values and which are constructed independently of the inner values? (b) IP Sec Architecture document mandates support for two types of key management. what are they? [MARKS 12+4] 6.Explain how the following threats to web security can be defended by SSL. (a)Known plaintext dictionary attack (b)Replay attack (c)Password sniffing (d)SYN flooding.

[MARKS 16]

7.(a) Explain how proxy accommodates devices that do not implement SNMP? (b) Discuss SNMPV1 administrative concepts. [MARKS 8+8] 8.(a) What are two default policies that can be taken in a packet filter if there is no match to any rule? Which is more conservative? Explain with example rule sets both the policies? (b) What are the advantages of decomposing a user operation into elementary actions? (c) What are false negatives and false positives? [MARKS 6+6+4]