Registration No.
BTECH
Total number of printed pages – 3 CI30139
SET – 1
th
6 SEMESTER REGULAR/BACK EXAMINATION – 2021
INTERNET SECURITY
BRANCH: CSE/CSIT
Time – 3 Hours
Full Marks – 100
Answer all Questions from Part – A and Part – B
The figures in the righthand margin indicate marks.
PART – A
1. Answer the following questions: [2 x15]
(a) Differentiate between IT Security and Cyber Security.
(b) Give a comparison between Symmetric and Asymmetric encipherment.
(c) How does malicious code spread? Mentions the method to stop it?
(d) Explain the term tuning ‘used’ in configuration of an IDPS.
(e) Categorize the Intruders into different types and briefly explain them all.
(f) A person might mistype the address of a computer and accidentally attempt to
connect to a different system without authorization.Justify whether you consider it
as an intrusion activity. If yes identify the type of intruder the person will be.
(g) Differentiate between Denial of Service (DoS) and Distributed Denial of service
(DDoS) attacks. Name some organizations which became victims of DoS attacks.
(h) Illustrate the term Bandwidth throttling and rate limiting.
(i) List out the activities and functions for a Packetanalyzer in Internet Security
Mechanism.
(j) Differentiate between the concept of single and 2 firewall used in DMZ.
(k) Explain the working mechanism of a reverse proxy
(l) Draw a diagram o show an IP Spoofing on a particular IP address.
(m)Explain the term OWASP top ten Security Risk with its Application.
(n) Explain the term CSRF related to OWASP top 10 security threats.
1
� (o) Which Risk Mentioned in OWASP top 10 security threats model affect the banking
system the most. Also suggest some prevention mechanism.
PART - B
2. Answer any two: [7 x 2]
(a)Outline the three main threats associated with the use of passwords for
authentication. Explain what is meant by a social engineering attack on a password.
(b)John wants to damage the system of MAX and confused to choose between
different kinds of Active Security attacks.Can you explain about all the active attacks
and suggest one attack to John which he can apply on Max.?
(c) Explain how public key cryptography may be used for identification.
3. Answer any two: [7 x 2]
(a)When an organization is aware about an intrusion incident, they may have to go for
legal action in the court of law by reporting the same mention the whole process of reporting
an intrusion by an organization.
(b)There is some process of monitoring the events occurring in a computer system or
network and analysing them for signs of possible intrusions those are available.
Explain briefly about each types of intrusion Detection System.
(c)Intrusion Detection/Prevention Systems (IDPS) have been promoted as cost-
effective ways to block malicious traffic but it has also got many limitations. List any
ten limitations of IDPS.
4. Answer any two: [7 x 2]
(a)When an attacker mimics an authorized device or user, to steal data, spread malware, or
bypass access control systems, this attack is known as Spoofing. Outline its consequences
and prevention technique.
(b) The PRIORITY QUEUING Scheduling algorithm having a problem in its
mechanism. Can you identify the problem in this technique and suggest a solution?
(c)Explain the techniques used tocontrol the amount and the rate of the traffic sent from
one network to the other by providing suitable example.
5. Answer the followings: [7 x 2]
(a) The two devices (Initiator& Responder) are needed to share a set of secret
communication with to each other. Outline the Phases of Internet key Exchange
management with the help of block diagram.
(b) More than 400 million websites worldwide rely on NGINX Plus and NGINX
to deliver their content quickly, reliably, and securely. According to your view, which
mechanism they are using.Explain the theoretical concept behind this in details6.
6. Answer the followings: [7 x 2]
(a) Why do hackers use SQL injection? Explain SQL injection attack with example.
2
� (b)Briefly explain the following terms by giving an example for each to prevent them:
CROSS-SITE SCRIPTING
SECURITY MISCONFIGURATION
INSECURE DESERIALIZATION
Course Outcome Assessment Scheme
Cos Questions Total
Mark
CO1 Distinguish among different type of Q1.a + Q1.b + Q1.c + Q2.a + 27
security attack on a given system. Q2.b +Q2.c = (2+2+2+7+7+7)
CO2 Analyze Intrusion risks, investigate, Q1.d+ Q1.e + Q1.f + Q3.a + Q3.b 27
verify and recover intrusion. +Q3.c = (2+2+2+7+7+7)
CO3 Estimate future needs of security for a Q1.g + Q1.h+ Q1.i + Q4.a + Q4.b 27
system by researching current environment +Q4.c = (2+2+2+7+7+7)
on a continuous basis for the benefit of
society.
CO4 Justify various methods to undertake Q1.j + Q1.k + Q1.l + Q5.a + Q5.b 20
security projects for application of = (2+2+2+7+7)
technologies to various sections of industry
and society.
CO5 Identify the Application Security Risks Q1.m + Q1.n + Q1.o + Q6.a + 20
and its mitigation. Q6.b = (2+2+2+7+7)
