THIRD SEMESTER UNIVERSITY EXAMINATION, NOVEMBER 2021

ETHICAL HACKING
Time: 03 Hours Maximum Marks:770
Note: Answer any FIVE full questions.

1. a What is hacking? What is ethical hacking?

b. Discuss in detail about the different elements of information security?

C. Enumerate different phases of hacking? Explain each in detail. 2+5+7

2 Classify the different types of scanning.

List the countermeasures against SNMP and DNS enumeration.

C Test password cracking using any one tool. What are the countermeasures to be

taken to prevent this attack? 2+5+7

3 a. Define ARP poisoning.

b. How can we defend against MAC attacks? Explain.

C. Why is social engineering effective? What are the factors that make companies
Vulnerable to social engineering attacks? 2+5+7

a Define denial of service attack?

b. Define cross site scripting attack and explain the working function in detail.

C. Compare and contrast Security Audit, Vulnerability assessment and Pen testing?
2+5+7

5. a. List the advantages of Client-server networks.

b. Explain the different techniques to crack webserver passwords.

What are the countermeasures against hacking webservers? 2+5+7

6. a. What are the tools used for Tools Used for Os fingerprinting?

b. Explain the different types of social engineering.

C. Discuss in detail about Hacking Law and Punishment. 2+5+7

7. a. List out some of the common tools used by Ethical hackers.

b. Explain network level and application level session hijacking.

How can phishing emails be detected? Explain. 25+7

How would you test medical identify theft?

8. a.

b. What makes a good penetration test?

C. How can we defernd against HTTP response splitting and web cache poisoning?

2+5+7

Page 1 of 1
 THIRD SEMESTER UNIVERSITY EXAMINATION, NOVEMBER - 2021

CYBER FORENSICS
Time: 03 Hours
Maximum Marks:70
Note: Answer any FIVE full
questions.
1. a. List and explain about the people involved in computer forensics
b. What are the steps to perform an acquisition on a USB drive with ProDiscover BasiC?
7+7
2 a. Define registry.
b. Compare live acquisition with static acquisition.
C. Explain NTFS Compressed Files and NTFS Encrypting File System. 2+5+7

3. a. What are some

popular network forensics tools and resources?
b. What traffic protocols and network
layers are analyzed in network forensics?
C. What are the
challenges faced by network forensics? 2+5+7

a. What is spam?
b. Compare IMAP with POP3.
C. Elaborate the working of email systemn.
2+5+7

a What is a written report?

b. What are the guidelines for writing reports? 7+7

6. a. Why should evidence media be write-protected?

b. What's the purpose of maintaining
network of digital forensics
a
specialists?
C Elaborate the procedure of assessing a case.
2+5+7

1 a. How to delete NTES Files? Explain the steps to recover deleted files.
b. What are main event logs? Explain Network investigation using the same. 7+7

Explain OSCAR in detail.

b. What traffic protocols and network layers are analyzed in network forensics? 7+7
loloau terhncol a n A U cloudA

Page 1 of 1
 THIRD SEMESTER UNIVERSITY EXAMINATION, NOVEMBER 2021

WEB SECURITY AND SDLC

Time: 03 Hours Maximum Marks:70

Note: Answer any FIVE full questions.

1. a. Define Software Development Lifecycle. 02

b. Differentiate between pre-production inspection and first article 05
inspection.
C Explain the different phases of Spiral Model in detail. 07

2. a. Define Web security. 02

b. Explain the different type of data with the 05
help of example.
C. Discuss and CroSs site request forgery attack and detail.
preventive measures in
o

3 a. What do you mean by Sandbox architecture ? 02

b. State the common way to write a security-minded class loader. 05

C With a neat diagram, explain Java security architecture. 07

4 a. What do you mean by buffer overflow attack? 02

b. Explain double encoding attack with example. 05

C. Describe command injection and code injection attack with suitable example. 07

5. a Define SSH. 02
b. Explain the various administrative services of Remote Server management. 05

C. Write a note on various trends in application security with examples. 07

6. a. What are the key elements in information security policy? 02

b. Describe the various benefits of integrating security in SDLC. 05

C Explain the Risk analysis process in risk management with example. 07

7. a Define Rootkit with example. 02

b. Explain the various application of Artificial neural network with examples. 05

C. Briefly explain Broken Authentication and Session Management attack with

preventive measures. 07

8. a. What do you mean by Cross site scripting? 02

b. Explain the various aspects of data security with example. 05

C. What are the types of Application Control? Explain. 07

 THIRD SEMESTER UNIVERSITY EXAMINATION, NoVEMBER - 2021

DATABASE SECURITY FUNDAMENTALS

Time: 03 Hours Maximum Marks:70

Note: Answer any FIVE full questions.

1 a. Define Structured Query Language. 02

b. What is the need of Big Data? Write Short notes on it.
05

C. Differentiate between Grant, Deny and Revoke with 07

syntax.

What are the different types of No 02

SQL databases? Give an example.
How to grant permission for accessing database 05
and how it can be revoked
C Discuss Database Security
Lifecycle in Detail. 07

3. a. What is the of
use Privileges in database Security? 02
b. How to create Schema? Explain. 05
C. Analyze the database risk, threats and vulnerabilities. 07

a. What is Authentication in Database Security?

02
b How SQL Servers are Secured against SQL Injection? 05
Describe Design and implementing the password policies. 07

5 a. What is meant by Authentication and Authorization? 02

b. Describe Database user privileges in detail.
05
C. Discuss about Exploitation of Privileges and password. 07

6. 3. Define DML Triggres.

02
b. Discuss Plan for database Security Audit.
05
C How to Secure Dynamic SQL from SQL Injection? Explain. 07

1. a. What are the Process of Audit?

02
b. Write Syntax of DDL Triggers. 05
Create an after trigger that fires at all three events (Insert, Update or Delete). 07

What is the purpose of Audit

logs? 02
b. Are triggers
set-oriented? Justify your answer.
05
C Explain any seven events of Security audit of SQL server. 07

Page 1 of 1
 THIRD SEMESTER UNIVERSITY EXAMINATION, NO0VEMBER 2021
VULNERABILITY ASSESSMENT AND PENETRATION TESTING
Time: 03 Hours
Maximum Marks:70

Note: Answer any FIVE full

questions.
1. a Define Penetration testing.
b. Brief about the RoE for
penetration testing.
C. Explain the various phases of penetration testing. 2+5+7

2 a. Differentiate between active and

passive information gathering.
b. Discuss the various control
flags of TCP header.
C. Write in detail about the
process of DNS interrogation. 2+5+7

3. a. Highlight the steps involved in ISSAF.

b. Describe about SQL Injection attacks
methodology
C. Explain about vulnerability scanning process using Nessus. 2+5+7

4. a. Differentiate Bind Shell and Reverse Shell.

b. Discuss the need of covering tracks in penetration testing.
C. Illustrate the process involved in hiding files in Linux environment. 2+5+7

5. a. Mention the need for Penetration testing.

b. Write about tools used for debugging and software assurance and highlight the

purpose of each.
Explain different tools with its purpose for cracking credential and password attacks.

2+5+7
6. a. Define threat, attack & Vulnerability.
b. Describe any 5 legal laws of IT penetration testing.
C. Discuss in detail about the types of assessments involved for white box
penetration
testing. 2+5+7

7. a. Define port scanning.

b. Brief about the perimeter identification process.
C. Elaborate the various phases of project management. 2+5+7

8. Why kali Linux preferred by a Penetration Tester or Hacker?

b. Define active information gathering and write about OSINT Tools.

C Illustrate the need of scripting and programming in Penetration Tester with an

example of your own. 2+5+7

Page 1 off 1
 THIRDSEMESTER UNIVERSITY EXAMINATION, NOVEMBER 2021

APPLIED CRYPTOGRAPHY

Time: 03 Hours Maximum Marks:70

Note: Answer any FIVE full questions.

a. What is verifiable secret sharing scheme?

b. Explain the possible ways to cheat with a threshold scheme with eanples.
C. Discuss the working of one-way accumulator protocol. 2+5+7

2 a. What is dictionary attack?

b. Explain how Public-key certificates are used in Key management.

Discuss Output-Feedback mode in detail with neat diagram. 2+5+7

3. a. What is the major disadvantage of end-to-end encryption?

b. Explain Hardware encryption on the basis of Speed and Security.

C. Explain the process of Hiding Ciphertext in ciphertext. 2+5+7

4. a. What is correlation attack?

b. Explain the working of Nanoteq algorithm?

Explain the working of Feedback with Carry Shift Registers. 2+5+7
C.

a What do you mean by hash rate?

b. Discuss GOST Hash Function.

C. Explain the Knapsack algorith m for the generalized public-key encryption. 2+5+7

6. a. Mention the characteristics of Digital Signature.

b. What are the properties that hold for Proxy Signatures?

C. Discuss Cipher-Feedback mode in detail with neat diagram. 2+5+7

7. a. What is the primary problem with link encryption?

b. Discuss briefly any three DES variants.

Discuss in detail about Stream Ciphers Using FCSRs. 2+5+7

8. a Explain the working of DSA in detail.

b. Explain the working of Feedback with Carry Shift Registers. 7+7

Page 1 of 1