Scribd Logo
Upload

Welcome to Scribd!

  • IS (3rd) May2018 2

    Uploaded by

    sujata
    6 views2 pages

    Original Title

    IS(3rd)May2018 2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    IS (3rd) May2018 2

    Uploaded by

    sujata

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Roll No. Total No.

    of Pages: 02
    Total No. of Questions: 09

    MCA (2015 & Onwards) (Sem. – 3)


    INFORMATION SECURITY
    M Code: 74074
    Subject Code: MCA-302
    Paper ID: [74074]
    Time: 3 Hrs. Max. Marks: 60

    INSTRUCTIONS TO CANDIDATES:
    1. SECTIONS-A, B, C & D contains TWO questions each carrying TEN marks and
    students have to attempt any ONE question from each SECTION.
    2. SECTION-E is COMPULSORY consisting of TEN questions carrying TWENTY marks
    in all.
    3. Use of non-programmable scientific calculator is allowed.

    o m
    .r c
    SECTION A
    1. The requirements listed in FIP PUB 200 encompass a wide range of countermeasures to
    security vulnerabilities and threats. Explain.

    p e o m (10)
    2. What is public key cryptography? What are the principal ingredients of a public-key

    .r c
    cryptosystem? Explain the steps followed in public key cryptography algorithms. (10)

    p a
    b r SECTION B

    p e
    3. Describe the principal threats to secrecy of passwords. What are two common techniques

    a
    used to protect a password file? Explain. (10)

    rp
    4. a) Differentiate between access control list and a capability ticket. (5)
    b) Explain the approaches used to deal with the inference prevention for a statistical
    database.
    b
    SECTION C
    (5)

    5. a) During its lifetime, a typical virus goes through the four phases. Explain. (5)
    b) Differentiate between simple reflection attack and amplification attack. (5)
    6. a) Describe how a heap buffer overflow attack is implemented. (5)
    b) Discuss several software security concerns associated with writing safe program code. (5)

    M-74074 Page 1 of 2
    SECTION D
    7. a) What are the main security concerns with virtualized systems? Explain. (5)
    b) Explain the difference between certification rules and enforcement rules in the Clark-
    Wilson model. (5)
    8. a) Explain the different approaches used for identifying and mitigating IT risks. (5)
    b) Differentiate between technical and operational controls? (5)

    SECTION E
    9. a) Differentiate between trojan horse and denial-of-service attacks.
    b) Define availability.
    c) What is the use of hash function?
    d) What is pseudorandom numbers?
    e) Explain Software as a service (SaaS).
    o m
    f) What is injection attack?
    .r c m
    e
    g) What is rootkit?

    p
    h) Differentiate between compile-time defenses and runtime defenses.
    o
    a
    i) What is code injection attack?

    p .r c
    r
    j) What is data authentication?

    b p e
    a
    b rp

    M-74074 Page 2 of 2

    You might also like