BIM 5th Sem-Exam Question Solution 2024 – Information Security

BIM 5th Sem-Exam Question Solution 2024 – Information Security

Brief Answer Questions:

1.) Define Attack:

An attack is any attempt by an unauthorized individual to access, modify, or damage a computer system, network, or data.

2.) What is product cipher?

A product cipher is a type of encryption that combines two or more basic cipher techniques, such as substitution and transposition, to enhance security.

3.) Why is Digital Signature used?

A digital signature is used to ensure the authenticity, integrity, and non-repudiation of a digital message or document.

4.) Define Authentication:

Authentication is the process of verifying the identity of a user, system, or entity before granting access to resources.

5.) Describe Honeypot:

A honeypot is a decoy system or network set up to attract and detect unauthorized access attempts, helping to study attackers’ behavior.

6.) List the differences between zombie and bots:

• Zombie: A compromised computer controlled remotely to perform malicious tasks without the user’s knowledge.

• Bot: A software program that can be used for both legitimate automation and malicious activities like participating in botnets.

7.) List any two uses of VPN:

• To provide secure remote access to a corporate network.
• To protect online privacy by masking IP addresses and encrypting traffic.

8.) Define IT Security Management:

IT Security Management is the process of protecting information systems through policies, procedures, and technologies to ensure data confidentiality, integrity, and availability.

9.) Define Cryptography:

Cryptography is the science of securing information by transforming it into an unreadable format using algorithms, only readable by someone with the correct key.

10.) List any two Intrusion Detection Analysis Approaches:

• Signature-based detection
• Anomaly-based detection

Short Answer Questions:

11.) Explain Token-Based Authentication with Example:

Token-based authentication is a method where users receive a token after successfully logging in, which is used to access protected resources. For example, in web applications, a user logs in with credentials and receives a JWT (JSON Web Token) that is sent with every request for authentication.

12.) Define Intruder and explain its types:

An intruder is an unauthorized individual who tries to access or damage a system.

Types:

• Masquerader: External person using false identity.
• Misfeasor: Legitimate user misusing access.
• Clandestine User: Gains control and hides their presence.

13) Define Malicious Software. List the differences between virus and worm:

Malicious software or malware is software designed to harm or exploit any device or network.
Virus vs. Worm:

• Virus: Requires user action to replicate (e.g., clicking a file).
• Worm: Self-replicates and spreads without user interaction.

14.) Explain the differences between security risk assessment and security risk analysis:

• Security Risk Assessment: Identifies potential risks and evaluates vulnerabilities in a system.
• Security Risk Analysis: Analyzes and prioritizes identified risks based on their impact and likelihood.

15.) Explain Hash-based MAC (HMAC):

HMAC is a type of Message Authentication Code that uses a cryptographic hash function and a secret key to verify data integrity and authenticity. It is widely used in protocols like SSL/TLS.

16.) Explain CIA triad with example:

The CIA triad refers to the three main principles of information security:

• Confidentiality: Ensuring data is accessible only to authorized users. (e.g., encrypted email)
• Integrity: Ensuring data is not altered or tampered with. (e.g., checksums)
• Availability: Ensuring data and services are accessible when needed. (e.g., redundancy and backups)

Long Answer Questions:

17.) Define Message Digest. Explain the differences between MD4 and MD5.

A message digests is a fixed-size numerical value generated from input data (a message) using a hash function. It acts like a digital fingerprint of the data.

• Even a small change in the input will result in a completely different digest.

Difference Between MD4 and MD5:

18.) How can we ensure the security of our organization’s network? Explain.

To ensure network security in an organization, the following practices should be adopted:

• Firewalls: Implement firewalls to filter unauthorized access.
• Intrusion Detection/Prevention Systems (IDS/IPS): Monitor and respond to suspicious activities.
• Regular Updates: Keep software and systems updated.
• Encryption: Secure data transmissions using encryption protocols like SSL/TLS.
• Access Control: Grant access only to authorized users using role-based access.
• Security Policies: Define clear policies for handling data and resources.
• Employee Training: Train employees to recognize phishing and social engineering attacks.

19.) Encrypt “Information Security” using any one substitution cipher and transposition cipher.

• Substitution Cipher Example (Caesar Cipher with shift 3):
• Plaintext: INFORMATION SECURITY
• Shift each letter by +3:

• I → L, N → Q, F → I, O → R, R → U, M → P, A → D, T → W, I → L, O → R, N → Q
• S → V, E → H, C → F, U → X, R → U, I → L, T → W, Y → B

Encrypted Text (Substitution): LQIRUPDWLRQ VHFXULWB

Transposition Cipher Example (Rail Fence Cipher, 3 rails):

Write in 3 lines (zig-zag pattern):

Rail 1: I       R       A       I       S       C       R
Rail 2:  N   O   M   T   I   N   E   U   I   T
Rail 3:     F       O       N       S       Y

• Read row-wise:
• Encrypted Text (Transposition): IRAISCRNOMTINEUITFONSY

20.) Explain any five security design principles with examples.

• Least Privilege:
  • Only give users the minimum level of access required.
  • Example: A clerk can only view, not edit, financial records.

• Fail-Safe Defaults:
  • Deny access by default unless explicitly allowed.
  • Example: Firewall blocks all ports unless permitted.

• Economy of Mechanism:
  • Design should be simple and small.
  • Example: Simple login page with basic authentication is less error-prone.

• Complete Mediation:
  • Every access must be checked.
  • Example: Each file access in a system is verified with user permissions.

• Open Design:
  • Security should not depend on secrecy of design but on secrecy of keys.
  • Example: Encryption algorithms like AES are public but secure.

Comprehensive / Case-Based Questions

21.) How does the implementation of logging function contribute to effective audit trail analysis in a security auditing architecture, and what are the key considerations while designing a security audit trail?

Contribution of Logging Function:

• Tracks user activities and system events.
• Identifies security incidents (e.g., unauthorized access).
• Supports forensic analysis post-incident.
• Helps in compliance with legal and regulatory requirements.
• Enables continuous monitoring and alerting.

Key Considerations in Designing a Security Audit Trail:

• Integrity: Logs must not be tampered with.
• Confidentiality: Logs should be protected from unauthorized access.
• Completeness: All relevant events should be logged.
• Storage and Retention: Define log storage limits and duration.
• Real-time Monitoring: Enable alerts for suspicious patterns.
• Audit Trail Scope: Clearly define what needs to be logged.

22.) Explain basic overview and working of Diffie–Hellman Protocol. Find the shared secret ‘S’, if:

• Prime number (p) = 13
• Base/generator (g) = 6
• Alice’s private key (a) = 5
• Bob’s private key (b) = 7

Overview of Diffie–Hellman Protocol:

• Used to securely exchange cryptographic keys over a public channel.
• Both parties generate private keys and compute public keys.
• Shared secret is computed independently using the other’s public key.