Name of the College : Kings College Of Engineering
Department : Computer Science & Engineering
Subject : Information Security
Website : kings.ac.in
Document Type : Question Bank
Download Model/Sample Question Paper : https://www.pdfquestion.in/uploads/ki…305-CS1015.pdf
Kings Information Security Question Paper
Unit I
Introduction To Information Security :
Part – A :(2 Marks)
1. What is information security?
2. What are the types of attack? Compare.
3. What is meant by top-down approach to security implementation? Give its advantages.
4. What is meant by bottom-up approach to security implementation? Give its disadvantages.
Related : Kings College Of Engineering CS1018 Grid Computing Question Bank : www.pdfquestion.in/315.html
5. What type of security was dominant in the early years of computing?
6. What are the three components of C.I.A. triangle? What are they used for?
7. What is security blue print?
8. What is the difference between a threat agent and a threat?
9. What is vulnerability?
10. Who is involved in the security development life cycle? Senior Management : Chief.
11. Name the multiple layers of security in a successful organization.
12. Define file-hashing.
13. Define E-mail Spoofing.
14. Give the measures that can be taken to protect confidentiality of information.
15. What are the critical characteristics of information?
16. When can a computer be a subject and an object of an attack respectively?
Part-B : (16 Marks)
1. Describe the critical characteristics of information. How are they used in the study of computer security? (16)
2. Briefly explain the components of an information system and their security. How will you balance security and access? (16)
3. (a) Describe the system development life cycle? (4)
(b) Explain the security system development life cycle? (12)
4. What is Information security? Explain the NSTISSC security model and the top-down approach to security implementation. (16)
Unit II
Security Investigation :
Part – A : (2 Marks)
1. Why is information security a management problem?
2. Why is data the most important asset an organization possesses?
3. How can a Service Level Agreement (SLA) provide a safeguard for Internet or web hosting services?
4. What is software piracy? Name two organizations that investigate allegations of software abuse.
5. Name the two categories of hackers and differentiate between them.
6. Who is a cyberactivist?
7. Who is a cyberterrorist?
8. How does a threat to information security differ from an attack?
9. What is a threat?
10. Define malware. Give examples.
11. In what way does the DDoS differ from the DoS attack?
12. How do worms differ from viruses?
13. What is spoofing?
14. What are the types of password attack?
15. What is the difference between criminal law & civil law?
16. What is tort law?
17. What are the primary examples of public law?
18. What is a policy? How does it differ from law?
19. How does tort law differ from public law?
20. Which law amended the computer Fraud and Abuse Act of 1986, and what did it change?
21. What are the three general categories of unethical and illegal behaviour?
22. What is DMCA?
23. What does CISSP stand for?
Part-B :
1. (a) Explain the four important functions of information security in an organization? (8)
(b) Explain the ethical concepts in Information Security and the deterrence to illegal and unethical behaviour. (8)
2. What is a threat? Explain in detail the various groups of threats facing an organization. (16)
3. Define an attack. Describe attack replication vectors & major types of attacks. (16)
4. Write detailed notes on Codes of Ethics, Certifications & Professional Organisations. (16)
5. Explain the relevant laws in Information Security in detail. (16)
Unit III
Security Analysis :
Part –A (2 MARKS) :
1. What is risk management?
2. Who are responsible for risk management in an organization?
3. What are the four risk strategies for controlling risk?
4. Which community of interest usually takes the lead in Information security risk management? Why?
5. What is the formula for calculating risk?
6. Define risk avoidance?
7. Define risk transference?
8. Define risk mitigation?
9. What are the three types of plans that are involved in mitigation of risk?
10. Name three common methods of risk avoidance?
11. What is the difference between intrinsic value and acquired value?
12. What is annual loss expectancy?
13. What is cost benefit analysis?
14. What is the definition of single loss expectancy?
15. What is the difference between benchmarking and base lining?
16. What are vulnerabilities?
17. What is risk assessment?
18. What is a hot site? How is this useful in risk mitigation?
19. Compare and contrast preventive and detective controls.
20. What is a Delphi technique?
21. Define risk appetite.