Information security & audit
Case studies
1. For a bank portal, as more users are added, response time gets longer.
The EDP Manager is perplexed that system can cope up with many
more users without noticeable response time. He cannot determine
whether the problem occurred is of hardware or server software based.
He asks you to assist him to identify problem and suggest solution.
Explain the measure you would undertake to trace and resolve the above
case.
2.A Software Company alleged the complaint that some of the former
employees had accessed and tampered the vital data of company. As
an IT head suggest steps to investigate it. Also suggest controls to
avoid the same in the feature.
3.With continuing security concerns for the airport operations, the
protection of internal operational protocols of an international airport
has become more critical than ever before. Therefore, the Information
Security System (ISS) was developed which can protect the critical
information related to airport operations. The ISS can securely protect
the computer system at airport by :
– Performing real-time encoding of the users who accessed the
protected files and folders.
– Limiting the user’s capability to edit the protected documents.
– Blocking the user’s access to portable storage devices.
– Inserting security water marks on the printed outputs.
As a system analyst specify the additional threats and security for
Airport System.
4. An International Library have decided to perform open transactions.
Library will be fully computerised with web based application. No
human assistant will operate it for issue/return transactions. Biometric
System will be used for accessing Library and CCTV will be fitted
inside stack room.
As a system analyst suggest specific biometric system and also suggest
a security policy for the application software.
5.Super BPO Company is a company providing customer care and phone
banking facilities. Its main customers are some of the biggest banks
of USA. It employees 200 BPO executives who have access to all
the financial and personal data and credit card information of nearly
1 million clients of these banks.
You have been appointed as the security administrator and have been
assigned the work to study the possible security lapses which might
occure.
(a) What are the different types of threats and vulnerabilities you
might find in this BPO Company ?
(b) Give your recommendation so as to control these threats.
6.Intellectual Property Theft :
The complainant (Software Company based in Bangalore) alleged that
some of the company’s former employees had accessed the company’s
IT System and tampered with the Source Code of the Software under
Development.
(a) What precaution was not taken by the organisation to prevent
it ? What is your suggestion in this regard ?
(b) Write down the steps to investigate and suggest required internal
control on this.
Slove the following
1.
2.
3.
4.
5.
6.
what are different types of information?add a note on information system
what are the threats of infrastructure security?
Discuss in brief block diagram of information security?
Discuss basic of information security and its evolution
Define Information Security. Explain the role of Security in the internet.
Explain the need of Physical Security. What are the different types of Physical Threats
and what are the measures to counter them ?
7. Explain the different types of Bio-metric Controls that can be used for Information
System Security.
8. Discuss the role of Incident Response Team (IRT) in Information Security Mechanism.
9. What are various security considerations for mobile workforce?
10. Wired or Wireless Network is secured comment
11. Discuss in brief the need for VPN and Security Issues.
12. What do you understand by the term ‘Encryption’, ‘Private Key Encryption’ and ‘Public
Key Encryption’ .Create a Sample Password Policy for an Organisation.
13. What are Intrusion Detection System(IDS).
14. Protecting your data through Bluetooth what security precautions you are applying?
Explain.
15. Define and explain Enterprise Application Integration(EAI).
16. Discuss SSE - CMM Model in detail.
17. Explain security models and frameworks
18. Explain ISO network managemet model in detail.
19. What is Risk ? Explain the steps involved in Risk Management.
20. Explain the need of IS Audit. What are the goals achieved by IS Audit ?
21. Describe the Evidence Collection and Evaluation Methods in detail.
22. Define Audit Controls. Explain the Application and Management Control.
23. Describe the role of Data Base Administrator in Auditing Process.
24. What are the Physical and Logical Security of IS Assets that an Auditor should Audit in
an Organisation.
25. What do you mean by Computer Crimes ? Elaborate the different types of Crimes.
26. Explain in detail the major pillars of Information Security.
27. What is IPR ? Explain various approach regarding it.
28. Explain in detail Disaster Recovery planning?
Write short notes
1. BCP
2. Trojan Horse
3. Steering Committee
4. ISACA
5. E-commerce
6. Digital Signature
7. Technical attacks
8. Layers of information security
9. Biometric Controls
10. Ethical Issues for Information Security
11. Intrusion Detection System
12. Security of E-mail System
13. Role of Internet in Global Information System
14. Technological Impact on Data Privacy
15. Firewall and its types
16. Copyright Act
17. Disaster Recovery Planning
18. Security of E-mail System
19. Sarbanes - Oxley Act
20. COBIT
21. Database Security
22. Cryptographic Techniques
23. Access controls
24. Benefits of security risk analysis
25. Privacy issues in web services
Software Development
ADVANCED JAVA
solve the following :
1. List EJB Session Bean Lifecycle Methods.
2. What is UDP ?
3. Write about the Interfaces used in JDBC.
4. What’s the difference between SendRedirect( ) and Forward( )Methods ?
5. Write code to call a stored procedure using JDBC.
6. Write Down Socket and Server Socket Class Constructor.
7. What is RMI Registry ?
8. Difference between GenericServlet and HTTPServlet.
9. Life Cycle Methods of Bean
10. Write statement object hierarchy used in JDBC.
11. Write difference between TCP and UDP.
12. What is BMP ? Explain in brief.
13. What is signature of service method in servlet ?
14. What is Jsp:forward and Jsp:include ?
15. How cookies are created and values are set ?
16. What are different Statements used in JDBC ?
17. Which methods are supported by these Statements ?
18. What are different rules for writing simple bean ?
19. What is URL ? List any four methods.
20. List any four methods of ResultSetMetaData.
21. List any four interfaces involved in Java Mail.
22. What is Port Number ?
23. What are Cookies ?
24. What is Deployment Descriptor ?
Slove the following
1. Write an application to accept Customer Details on html page and send
to servlet. Servlet will insert record in Customer Table after validating
credit limit. If the credit limit is above 5,00,000, display error message,
otherwise insert the record in the table.
Customer : CustomerID, Name, Address1, Address2, City, State, PIN,
Credit Limit.
2. Create a bean that will calculate square and cube of a given number.
Use bean in JSP Program. Accept number from user and display square
and cube of that number.
3. Write program segment :
(a) To get row count from a table.
(b) To declare function in JSP using JSP Expression.
(c) To register out parameter with data type string.
(d) To create DatagramPacket to send to specified address and port
number.
(e) To retrieve information from cookies in Servlet.
4.Write a threaded echo Server - Client Socket Program.
5.Write RMI application to invoke remote method to reverse a given
string.
6.Write Servlet Application to accept movie name from user through
HTML page. Display movie details and names of theaters, timeslot
where the movie is showing. If the movie is not currently showing
anywhere display message "Movie Not Available now !"
Use Tables :
Movie : MovieId, Mname, Casting, Launch Date, Director, Musician
MovieDisplay : Serialno, MovieId, Theater, Timeslot, DisplayStatus
(could be showing or not showing)
7.Write an Employee bean containing eno, ename, dept, salary attributes
and calculated Commission(float percentage) Method.
8.Write JSP Application to use this Employee bean. Accept details from
html page set the values for Employee bean and display calculated
commission in client's browser.
9.Write Multithreaded Server - Client Chat Application using Sockets.
10.Write JDBC Application to insert records in movie table. Continue
insertions till user want. Use Tables :
Movie : MovieId, Mname, Casting, Launch Date, Director, Musician
MovieDisplay : Serialno, MovieId, Theater, Timeslot, DisplayStatus
(could be showing or not showing)
11. Write JSP Application using JSTL to display cubes of first 30 natural
numbers in a tabular form. The table should contain the number and
its cube.
12.Write a Socket Program that run on Server and echoes back all the
strings sent by Client after receiving string. If Client sends string EXIT,
Server should get terminated.
13.Write RMI to accept a number and display its factorial value using
remote method fact( ).
14.Write a Servlet with following specification - Servlet will accept user
name, password and foreground colour and display ‘hello’ message
in accepted colour.
15.Write a program that will open department table allow user to insert,
modify, delete record from table. (Take suitable table structure)
Write JDBC program to establish connection to “student” table with following
structure.
(– Roll_No, Stud_Name, Course, fees_paid – Accept Stud_Name from command
line and display the details of that student (using prepared statement)
15. Write RMI application :
a) Write remote interface named MyRmi which contains following methods ?
int findLargest (int a, int b, int c)
b) Write code to link this interface to MyImp class.
c) Start RMIServer.
d) Write client side code to invoke remote method.
16. Write JSP application to accept item number from user through HTML
page and display description, available quantity, rate and cost of
available quantity from underlying table. ITEM table has : ITEMCD,
DESCRIPTION, QUANTITY, RATE Fields.
17. Write working of RMI with the help of suitable example.
18.Write socket program for client that will send a sentence to server.
Server will count the number of characters, special characters, digits
from the sentence and send the counts as single string to client. Client
program with display output as the passed string from server.
19.Write servlet program to display department wise employee list and
department wise total salary in the client's browser. Given tables
(DEPT : DeptNo, Dname,Dloc); (EMP : EmpNo, Ename, DeptNo,
Salary).
20.Write EJB component to display user details. The Browser client sent
user name to the ejb. Through bean retrieve the record of that user
from underlined database and display details in client browser.
(Assume suitable data)
Remote Interface
Home Interface
Implementation Class
ejb-jar.xml File
Client Program
21. Write Java program to count number of vowels from the given file. Accept filename from
command line.
22.Write a program for chatting between client and server.
23.Write a client server networking program to accept string from user pass to server server will
Send response whether the string is palindrome or not
24.Write a program for multithreaded chat application
25.Write a RMI to accept a number and display prime no upto given number by using method
Primeno().
Write short notes :
1. JNDI
2. Session Tracking in Servlets
3. RMI Architecture
4. JSP Directives
5. Java Beans
6. MVC Architecture
7. Servlet life cycle
8. RMI Architecture
9. Types of drivers in JDBC
10. Types of EJB’S.
11. Struts’ MVC Architecture
12. JNDI Interfaces and Methods
13. Working of RMI
14. JSP Include and Forward
15. JDBC architecture
16. Servletconfig and servletcontext
17. Difference between Genericservlet and HTTPServlet
18. JSP actions
19. JSTL
20. Struts
21. Hibernate
22. ORM
23. HQLEclipse architecture
24. DynaAction class
25. LazyAction class
ASP.NET
1.Explain ASP.NET Architecture in detail.
2.What is State Management ? Explain Client Side State Management
Techniques in detail.
3.Explain various Validator Controls in details.
4.Create and explain web.sitemap file. And use it by making use
of treeview control.
5.Explain Exception handling in ASP.Net.
6.Explain how Session Management is done in ASP.Net ?
7.Explain Authentication and Authorization of User.
8.Explain ADO.NET Object Model in detail.
9.Explain Server Side State Management Techniques in detail.
10.Explain methods, properties and events of the following controls :
(a) CheckBoxList Control
(b) ImageMap Control
(c) SiteMap Control
11. What is Web Service ? Explain the steps and code to create and
consume Webservice.
12.Differentiate between ASP and ASP.NET
13.Difference between Authentication and Authorization
14.Differentiate between connected and disconnected architecture in ADO.NET
15.What are the different mechanisms to trace the asp.net web application
How would you configure ASP.NET trace output
16. What are Web Services ? Explain with example.
Explain the following controls
(a) Login Control
(b) Dropdown List Control
(c) Treeview Control
(d) Listbox Control
(e) AdRotator Control
(f) Image Map Control
(g) File Upload Control
(h) Login Control
(i) Check Box List Control
(j) Radio button list control
(k) Calendar Control
(l) Checkbox Control
(m) Gridview
Write short notes :
(a) Imagemap Control
(b) Web Services
(c) ADO.Net Object Model
(d) Site Map
(e) Exception Handling
(f) Web Services
(g) Authentication and Authorisation
(h) Deploying Web Application
(i) Namespace
(j) HTML and Web server control
(k) Data bound control in ADO.NET
(l) Data source controls in ASP.NET
(m) Transcation object in ADO.NET
(n) Xcopy
(o) Advantages of ASP.NET
Program
Hint: student must study brief the programs based on ADO.NET
1.Design a form and write code to :
(a) Add New Record
(b) Delete Selected Record
(c) Edit Selected Record
(d) Use Gridview Control to Display Records
Make use of connected architecture.
Name of Table : Books (BookId, BookName, Author, Price, Publisher)
2.Create theme for Textbox, Buttons and Gridview. Apply theme using
web.config file.
3.Design GUI and write code for following :
(a) Add New Record
(b) Delete Record
(c) Edit Record
(d) Use Disconnected Architecture
Table Name - Student (sno, sname, sdob, quailification, address)
SQL Server - College
Server Name - UOP
4. Design a GUI for login page. Make use of database to validate
user login. Display welcome page for successful login and error
page if login failed.
5. Write a Sectional Code for following :
(a) Disable the past dates and Sundays in calendar control.
(b) Create an application using File Upload Control. Which will
upload your photo and display it in a image control ? The file
type must be image only and file size should not exceed 1 MB.
6. Design a form and write code to :
(a) Populate and display books names in a drop down list.
(b) Select a book from drop down list and display its details in
underlying text boxes.
(c) Add a record
(d) Delete Selected Record
(e) Edit Selected Record
Use connected architecture.
Name of Table : BookMaster (BookID, Title, Author, Publisher, Price)
Name of Server : MyAspDB (SQL Server)
7.Design a form and write code to :
(a) Add New Record
(b) Delete Selected Record
(c) Edit Selected Record
(d) Use Gridview Control to Display Records
Make use of dis connected architecture.
Name of Database :Employee
Name of Table : EMP (EmpId , EmpName, DOB, salary)
Server name:UOP
8.Create a web.sitemap file. Explain it and use it by making use of the Tree View and Sitemap
Path Control draw proper GUI
9.Design a GUI for login page using label,textboxs and button control .display
Welcome page for successful login else error page.make use of valid database to validate user
login.
10.Design Interface and write code for the following :
– Add a new record
– Delete a record
– Edit a record
– Use gridview to display records
– Use connected architecture
– Name of Database : Inventory
Name of Table : Product (Product ID, Desc, Rate, Stock)
Server : SQL Server
Server Name : ABCD
11. Design Interface and write code for shopping cart application :
– Take a drop down list to display product.
– Display product rate in a label when the product is selected.
– Accept Quantity in a textbox and add it to the cart when add
button is clicked.
-Display order on next page when display order button is
pressed.use table (Name of Table : Product (Product ID, Desc, Rate, Stock)
Software Testing
Software quality assurance
1. Define Software Quality. Describe the need and importance of
Quality.
2.Explain Contribution of Deming Juran.
3.Explain Software Testing Life Cycle.
4.Explain British Standard 7799 for Information Security.
5.What are the various Testing Methods used to Test Web Based
Applications ?
6.Explain Software Configuration Management.
7.What is Service Level Agreement ? Explain its importance.
8.Define Software Quality. Explain Quality Attributes.
9.Explain Concept of SCM from Quality Point of View.
10.Discuss Quality and Productivity. Explain in detail the Concept of
COQ.
11.Explain in detail important features of CMM.
12.Why quality training is required for Software Quality Team ?
13.What is meant by Defect Management ? What are the processes used
in this ?
14.“Quality Metrics is important in the Software Development
Organisation.”Justify.
15.Why Software Quality is required in Software Development Process ?
Explain.
16. What is use of SEI-CMM Level for Software Organisation ? Explain
CMM Level-3 in detail.
17. Define the following terms with example :
(a) Bug
(b) Defect
(c) Audit
18.Explain ‘V’ Model in Software Testing. Give example.
19.Explain the terms in short :
(a) Load Testing
(b) Stress Testing
(c) α and ß Testing (Alpha and Beta)
20.Role of Customer in QualityDefine Quality. Describe need and importance of Quality.
21.Explain Consumer’s View and Producer’s View about Quality.
22.Explain various Testing and Defect Tracking Tools.
23. Explain Unit Testing in details.
24.Compare and contrast Black and White Box Testing Methods of Software
Testing.
25.What is Software Quality Control and Software Quality Assurance ? Explain
in detail SQA.
26.Explain various factors considered while setting a Computer Centre.
27.What do you mean by Risk ? Explain Software Project Risk Management in
detail.
28.Describe various Software Project Time Estimation Tools, with suitable illustration.
29.Explain in detail various steps, methods and documentation process of User
Acceptance Testing.
30.Explain procedure followed and care taken while terminating a person in
IT organisation.
Write short notes :
1. Risk Management
2. Code Review
3. Cause and Effect Diagram
4. Kaizen Principles
5. PDCA
6. Test Automation Tools
7. Process Inventory
8. KPA
9. Quality Control
10. Black Box Testing
11. Acceptance Testing
12. Inspection
13. Management Controls
14. Service Level Agreement
15. Function point analysis
16. COCOMO
17. Walkthrough.
SOFTWARE TESTING PROCESS & DOCUMENTATAION
1.What is Test Data ? What are its norms ?
2.Write Test Cases for Washing Machine.
3.Define Software Quality. Describe reasons for Poor Quality. Explain
reasons for Product Quality and Process Quality.
4.What is Software Testing ? What is its need ? Explain levels of
Testing.
5.What is Functional Testing ? Explain various types of Functional
Testing.
6.Prepare BVA and ECP for below scenario login window :
(a) Use-id – allow alphanumerics 4 to 16 characters long
(b) Password – allow alphabets 4 to 8 characters long
7.Write test case for Student Registration Validation Program with
following fields : student_username, student_password,
confirm_password, student_email and student_course.
8.What is Review ? What is its purpose ? Explain different types of
Reviews.
9.What is Test Plan ? Explain IEEE Standards of Test Plain.
Define Quality Assurance and Quality Control. Support your answer
with ‘V’ Model of Software Testing.
10Define Risk. Explain Risk-based Testing.
11.Explain various factors considered while setting a Computer Centre.
What do you mean by Risk ? Explain Software Project Risk Management in
detail.
12.Describe various Software Project Time Estimation Tools, with suitable illustration.
13.Explain in detail various steps, methods and documentation process of User
Acceptance Testing.
14.Explain procedure followed and care taken while terminating a person in
IT organisation.
15.Explain Software Project Maintenance in detail.
16.What is Testing ? Explain Functional and Non-functional Testing ?
17.Write test case for ATM Money Withdrawal Operation with
necessary rules and regulations.
18.What is Defect Management ? How it is important ? Explain Process
of Defect Reporting and Tracking.
19.Describe Unit Level Testing and Integration Testing in detail with
suitable examples.
20.What is White Box Testing ? Explain various White Box Testing
Techniques with example.
21.What is Test Plan ? List down contents of Test Plan.
Write short notes :
1. Types of Defect Management
2. Test Automation
3. TMM
4. Black Box Versus White Box Testing.
5. COTS
6. Agile Testing
7. Software Implementation.
8. Version Control
9. Software Testing
10. QA Vs QC
11. Wireless / Mobile Computering Applications
12. Static V/s Dynamic Testing
13. Manual V/s Automated Testing