Professional Documents
Culture Documents
of Pages: 02
Total No. of Questions: 09
INSTRUCTIONS TO CANDIDATES:
1. SECTIONS-A, B, C & D contains TWO questions each carrying TEN marks and
students have to attempt any ONE question from each SECTION.
2. SECTION-E is COMPULSORY consisting of TEN questions carrying TWENTY marks
in all.
3. Use of non-programmable scientific calculator is allowed.
o m
.r c
SECTION A
1. The requirements listed in FIP PUB 200 encompass a wide range of countermeasures to
security vulnerabilities and threats. Explain.
p e o m (10)
2. What is public key cryptography? What are the principal ingredients of a public-key
.r c
cryptosystem? Explain the steps followed in public key cryptography algorithms. (10)
p a
b r SECTION B
p e
3. Describe the principal threats to secrecy of passwords. What are two common techniques
a
used to protect a password file? Explain. (10)
rp
4. a) Differentiate between access control list and a capability ticket. (5)
b) Explain the approaches used to deal with the inference prevention for a statistical
database.
b
SECTION C
(5)
5. a) During its lifetime, a typical virus goes through the four phases. Explain. (5)
b) Differentiate between simple reflection attack and amplification attack. (5)
6. a) Describe how a heap buffer overflow attack is implemented. (5)
b) Discuss several software security concerns associated with writing safe program code. (5)
M-74074 Page 1 of 2
SECTION D
7. a) What are the main security concerns with virtualized systems? Explain. (5)
b) Explain the difference between certification rules and enforcement rules in the Clark-
Wilson model. (5)
8. a) Explain the different approaches used for identifying and mitigating IT risks. (5)
b) Differentiate between technical and operational controls? (5)
SECTION E
9. a) Differentiate between trojan horse and denial-of-service attacks.
b) Define availability.
c) What is the use of hash function?
d) What is pseudorandom numbers?
e) Explain Software as a service (SaaS).
o m
f) What is injection attack?
.r c m
e
g) What is rootkit?
p
h) Differentiate between compile-time defenses and runtime defenses.
o
a
i) What is code injection attack?
p .r c
r
j) What is data authentication?
b p e
a
b rp
M-74074 Page 2 of 2