(Please write your Exam Roll No.) Q3. Qs. 26. Q. Qs. [Paper Code: MST) 217 Subject: Information Security | Time : 3 Hours 5 Maximum Marks :75 Note: Attempt any five questions. J Ql. a) Explain the difference between risk, vulnerability and threat? Give examples to support your answer. (7) b) What is a Denial of Service attack? What are its types? How can it be mitigated? (8) Q2. a) What is the importance of Information Security for an organization? How is it different from Computer Security? Disease ae major Security Goals. (8) ») Discuss the McCumber Cube and its relevance in the context of information security, (7) ®) Discuss various kinds of Security threats and their Countermeasures that are adopted by organizations for safeguarding their IT assets, (10) >) Discus the steps that are specific to Security systems Development Life Cycle. (5) a) Explain the term-Ethical Hacking (5) 5) What is network stalking? How can it be prevented? (5) ©) Discuss the Information security assessment process used by sceanizations. How an organization decide about the extent et security that should be adopted. (5) Write short notes on any three of the following: (5x3=15) a) Spyware b) Phishing co Fingerprinting @) RFID hacking 9) What do you mean by access control in the context of information security? What are the features of a good control system? What wc the different types of access control techniques? Explain, (4+4+4=12) >) What are intrusion detection system? Explain. (3) 8) What physical threats are there with respect to information security {or an enterprise in the current world? Support your answer wi, examples. (7 ») IT is rapidly migrating to cloud infrastructure. How will thi help in fuhancing information security? What are the risks that mey arrorn Discuss. (8) 9) Differentiate between identification, authentication and authorization. (5) »} What should be the coverage in an effective Security Policy? What are the types of security policies according to NIST? Explain them. (10) steeaenneaee