SNS COLLEGE OF ENGINEERING Kurumbapalayam(Po), Coimbatore – 641 107 Accredited by NAAC-UGC with ‘A’ Grade Approved by AICTE & Affiliated to Anna University, Chennai 16 Marks-QUESTION BANK IT2042/ Information Security 1) Explain in detail the critical characteristics of information 2) Explain the components of an Information System. 3) Explain in detail the various phases of System Development Life Cycle(SDLC)? 4) Explain in detail the Security System Development Life Cycle(SecSDLC) 5) Explain with examples various threats to Information Security. 6) What are dual homed host firewalls? 7) What are deliberate acts of Espionage or tresspass. Give examples. 8) What deliberate software attacks? 9) Enumerate different types of attacks on computer based systems. 10) What are different US laws and International laws on computer based crimes? 11) What are the code of ethics to be adhered to by the information security personnel stipulated by different professional organizations? 12) What is risk management? Why is the identification of risks by listing assets and vulnerabilities is so important in the risk management process? 13) Explain in detail different risk control strategies? 14) Explain in detail the three types of Security policies(EISP,ISSP and sysSP). 15) What is Information Security Blue print? Explain its salient features. 16) What are ISO 7799 and BS7799? Explain their different sections and salient features. 17) Explain salient features of NIST security models. 18) Explain with diagrams the design of security architecture. OR 19) Write short notes on a) Defense in depth b) Security perimeter c) Key technology components 20) Write short notes on a) Incident Response plan(IRP) b) Disaster Recovery Plan c) Business Continuity Plan 21) What is Business Impact Analysis? Explain different stages of BIA in detail. 22) Explain in detail a) Firewalls categorized by processing mode b) Different generations of firewall 23) Explain in detail different firewall architectures (OR) Write short notes on a) Packet filtering Routers b) Screened Host fire wall c) Screened subnet firewalls (with DMZ) 24) a) What are the factors to be considered in selecting a right firewall? b) How firewalls are configured and managed? c) Outline some of the best practices for firewall use. 25) What are fire wall rules? Explain different fire wall rule sets. 26) What is Iintrusion Detection System(IDS)? Explain different reasons for using IDS and different terminologies associated with IDS. 27) What are different types of Intrusion Detection Systems available? Explain with diagrams (OR) Write short notes on a) Network-based IDS b) Host-based IDS c) Application-based IDS d) Signature-based IDS 28) What are Honey pots,Honey Nets and Padded cell systems? Explain each. 29) What is Attacking Protocol? Explain a) Foot printing and b) Finger printing. 30) What are the purposes of Scanning and Analysis tools? Who will be using these tools? Explain the functioning of few of these tools. 31) What is cryptography? Define various encryption terms used. 32) What are cryptographic algorithms? 33) What is RSA algorithm? Explain different steps> 34) What are different possible attacks on crypto systems? 35) List and describe four categories of locks? 36) Explain with a diagram different positions in Information security. What are the functions of a)CISO,b) Information Security Manager, and c)Security Technician 37) How the credentials of Information Security Personnels are assessed? What are the certifications the Information Security Personnels should aquire for fitting into their roles?