Information security & audit Case studies 1. For a bank portal, as more users are added, response time gets longer. The EDP Manager is perplexed that system can cope up with many more users without noticeable response time. He cannot determine whether the problem occurred is of hardware or server software based. He asks you to assist him to identify problem and suggest solution. Explain the measure you would undertake to trace and resolve the above case. 2.A Software Company alleged the complaint that some of the former employees had accessed and tampered the vital data of company. As an IT head suggest steps to investigate it. Also suggest controls to avoid the same in the feature. 3.With continuing security concerns for the airport operations, the protection of internal operational protocols of an international airport has become more critical than ever before. Therefore, the Information Security System (ISS) was developed which can protect the critical information related to airport operations. The ISS can securely protect the computer system at airport by : – Performing real-time encoding of the users who accessed the protected files and folders. – Limiting the user’s capability to edit the protected documents. – Blocking the user’s access to portable storage devices. – Inserting security water marks on the printed outputs. As a system analyst specify the additional threats and security for Airport System. 4. An International Library have decided to perform open transactions. Library will be fully computerised with web based application. No human assistant will operate it for issue/return transactions. Biometric System will be used for accessing Library and CCTV will be fitted inside stack room. As a system analyst suggest specific biometric system and also suggest a security policy for the application software. 5.Super BPO Company is a company providing customer care and phone banking facilities. Its main customers are some of the biggest banks of USA. It employees 200 BPO executives who have access to all the financial and personal data and credit card information of nearly 1 million clients of these banks. You have been appointed as the security administrator and have been assigned the work to study the possible security lapses which might occure. (a) What are the different types of threats and vulnerabilities you might find in this BPO Company ? (b) Give your recommendation so as to control these threats. 6.Intellectual Property Theft : The complainant (Software Company based in Bangalore) alleged that some of the company’s former employees had accessed the company’s IT System and tampered with the Source Code of the Software under Development. (a) What precaution was not taken by the organisation to prevent it ? What is your suggestion in this regard ? (b) Write down the steps to investigate and suggest required internal control on this. Slove the following 1. 2. 3. 4. 5. 6. what are different types of information?add a note on information system what are the threats of infrastructure security? Discuss in brief block diagram of information security? Discuss basic of information security and its evolution Define Information Security. Explain the role of Security in the internet. Explain the need of Physical Security. What are the different types of Physical Threats and what are the measures to counter them ? 7. Explain the different types of Bio-metric Controls that can be used for Information System Security. 8. Discuss the role of Incident Response Team (IRT) in Information Security Mechanism. 9. What are various security considerations for mobile workforce? 10. Wired or Wireless Network is secured comment 11. Discuss in brief the need for VPN and Security Issues. 12. What do you understand by the term ‘Encryption’, ‘Private Key Encryption’ and ‘Public Key Encryption’ .Create a Sample Password Policy for an Organisation. 13. What are Intrusion Detection System(IDS). 14. Protecting your data through Bluetooth what security precautions you are applying? Explain. 15. Define and explain Enterprise Application Integration(EAI). 16. Discuss SSE - CMM Model in detail. 17. Explain security models and frameworks 18. Explain ISO network managemet model in detail. 19. What is Risk ? Explain the steps involved in Risk Management. 20. Explain the need of IS Audit. What are the goals achieved by IS Audit ? 21. Describe the Evidence Collection and Evaluation Methods in detail. 22. Define Audit Controls. Explain the Application and Management Control. 23. Describe the role of Data Base Administrator in Auditing Process. 24. What are the Physical and Logical Security of IS Assets that an Auditor should Audit in an Organisation. 25. What do you mean by Computer Crimes ? Elaborate the different types of Crimes. 26. Explain in detail the major pillars of Information Security. 27. What is IPR ? Explain various approach regarding it. 28. Explain in detail Disaster Recovery planning? Write short notes 1. BCP 2. Trojan Horse 3. Steering Committee 4. ISACA 5. E-commerce 6. Digital Signature 7. Technical attacks 8. Layers of information security 9. Biometric Controls 10. Ethical Issues for Information Security 11. Intrusion Detection System 12. Security of E-mail System 13. Role of Internet in Global Information System 14. Technological Impact on Data Privacy 15. Firewall and its types 16. Copyright Act 17. Disaster Recovery Planning 18. Security of E-mail System 19. Sarbanes - Oxley Act 20. COBIT 21. Database Security 22. Cryptographic Techniques 23. Access controls 24. Benefits of security risk analysis 25. Privacy issues in web services Software Development ADVANCED JAVA solve the following : 1. List EJB Session Bean Lifecycle Methods. 2. What is UDP ? 3. Write about the Interfaces used in JDBC. 4. What’s the difference between SendRedirect( ) and Forward( )Methods ? 5. Write code to call a stored procedure using JDBC. 6. Write Down Socket and Server Socket Class Constructor. 7. What is RMI Registry ? 8. Difference between GenericServlet and HTTPServlet. 9. Life Cycle Methods of Bean 10. Write statement object hierarchy used in JDBC. 11. Write difference between TCP and UDP. 12. What is BMP ? Explain in brief. 13. What is signature of service method in servlet ? 14. What is Jsp:forward and Jsp:include ? 15. How cookies are created and values are set ? 16. What are different Statements used in JDBC ? 17. Which methods are supported by these Statements ? 18. What are different rules for writing simple bean ? 19. What is URL ? List any four methods. 20. List any four methods of ResultSetMetaData. 21. List any four interfaces involved in Java Mail. 22. What is Port Number ? 23. What are Cookies ? 24. What is Deployment Descriptor ? Slove the following 1. Write an application to accept Customer Details on html page and send to servlet. Servlet will insert record in Customer Table after validating credit limit. If the credit limit is above 5,00,000, display error message, otherwise insert the record in the table. Customer : CustomerID, Name, Address1, Address2, City, State, PIN, Credit Limit. 2. Create a bean that will calculate square and cube of a given number. Use bean in JSP Program. Accept number from user and display square and cube of that number. 3. Write program segment : (a) To get row count from a table. (b) To declare function in JSP using JSP Expression. (c) To register out parameter with data type string. (d) To create DatagramPacket to send to specified address and port number. (e) To retrieve information from cookies in Servlet. 4.Write a threaded echo Server - Client Socket Program. 5.Write RMI application to invoke remote method to reverse a given string. 6.Write Servlet Application to accept movie name from user through HTML page. Display movie details and names of theaters, timeslot where the movie is showing. If the movie is not currently showing anywhere display message "Movie Not Available now !" Use Tables : Movie : MovieId, Mname, Casting, Launch Date, Director, Musician MovieDisplay : Serialno, MovieId, Theater, Timeslot, DisplayStatus (could be showing or not showing) 7.Write an Employee bean containing eno, ename, dept, salary attributes and calculated Commission(float percentage) Method. 8.Write JSP Application to use this Employee bean. Accept details from html page set the values for Employee bean and display calculated commission in client's browser. 9.Write Multithreaded Server - Client Chat Application using Sockets. 10.Write JDBC Application to insert records in movie table. Continue insertions till user want. Use Tables : Movie : MovieId, Mname, Casting, Launch Date, Director, Musician MovieDisplay : Serialno, MovieId, Theater, Timeslot, DisplayStatus (could be showing or not showing) 11. Write JSP Application using JSTL to display cubes of first 30 natural numbers in a tabular form. The table should contain the number and its cube. 12.Write a Socket Program that run on Server and echoes back all the strings sent by Client after receiving string. If Client sends string EXIT, Server should get terminated. 13.Write RMI to accept a number and display its factorial value using remote method fact( ). 14.Write a Servlet with following specification - Servlet will accept user name, password and foreground colour and display ‘hello’ message in accepted colour. 15.Write a program that will open department table allow user to insert, modify, delete record from table. (Take suitable table structure) Write JDBC program to establish connection to “student” table with following structure. (– Roll_No, Stud_Name, Course, fees_paid – Accept Stud_Name from command line and display the details of that student (using prepared statement) 15. Write RMI application : a) Write remote interface named MyRmi which contains following methods ? int findLargest (int a, int b, int c) b) Write code to link this interface to MyImp class. c) Start RMIServer. d) Write client side code to invoke remote method. 16. Write JSP application to accept item number from user through HTML page and display description, available quantity, rate and cost of available quantity from underlying table. ITEM table has : ITEMCD, DESCRIPTION, QUANTITY, RATE Fields. 17. Write working of RMI with the help of suitable example. 18.Write socket program for client that will send a sentence to server. Server will count the number of characters, special characters, digits from the sentence and send the counts as single string to client. Client program with display output as the passed string from server. 19.Write servlet program to display department wise employee list and department wise total salary in the client's browser. Given tables (DEPT : DeptNo, Dname,Dloc); (EMP : EmpNo, Ename, DeptNo, Salary). 20.Write EJB component to display user details. The Browser client sent user name to the ejb. Through bean retrieve the record of that user from underlined database and display details in client browser. (Assume suitable data) Remote Interface Home Interface Implementation Class ejb-jar.xml File Client Program 21. Write Java program to count number of vowels from the given file. Accept filename from command line. 22.Write a program for chatting between client and server. 23.Write a client server networking program to accept string from user pass to server server will Send response whether the string is palindrome or not 24.Write a program for multithreaded chat application 25.Write a RMI to accept a number and display prime no upto given number by using method Primeno(). Write short notes : 1. JNDI 2. Session Tracking in Servlets 3. RMI Architecture 4. JSP Directives 5. Java Beans 6. MVC Architecture 7. Servlet life cycle 8. RMI Architecture 9. Types of drivers in JDBC 10. Types of EJB’S. 11. Struts’ MVC Architecture 12. JNDI Interfaces and Methods 13. Working of RMI 14. JSP Include and Forward 15. JDBC architecture 16. Servletconfig and servletcontext 17. Difference between Genericservlet and HTTPServlet 18. JSP actions 19. JSTL 20. Struts 21. Hibernate 22. ORM 23. HQLEclipse architecture 24. DynaAction class 25. LazyAction class ASP.NET 1.Explain ASP.NET Architecture in detail. 2.What is State Management ? Explain Client Side State Management Techniques in detail. 3.Explain various Validator Controls in details. 4.Create and explain web.sitemap file. And use it by making use of treeview control. 5.Explain Exception handling in ASP.Net. 6.Explain how Session Management is done in ASP.Net ? 7.Explain Authentication and Authorization of User. 8.Explain ADO.NET Object Model in detail. 9.Explain Server Side State Management Techniques in detail. 10.Explain methods, properties and events of the following controls : (a) CheckBoxList Control (b) ImageMap Control (c) SiteMap Control 11. What is Web Service ? Explain the steps and code to create and consume Webservice. 12.Differentiate between ASP and ASP.NET 13.Difference between Authentication and Authorization 14.Differentiate between connected and disconnected architecture in ADO.NET 15.What are the different mechanisms to trace the asp.net web application How would you configure ASP.NET trace output 16. What are Web Services ? Explain with example. Explain the following controls (a) Login Control (b) Dropdown List Control (c) Treeview Control (d) Listbox Control (e) AdRotator Control (f) Image Map Control (g) File Upload Control (h) Login Control (i) Check Box List Control (j) Radio button list control (k) Calendar Control (l) Checkbox Control (m) Gridview Write short notes : (a) Imagemap Control (b) Web Services (c) ADO.Net Object Model (d) Site Map (e) Exception Handling (f) Web Services (g) Authentication and Authorisation (h) Deploying Web Application (i) Namespace (j) HTML and Web server control (k) Data bound control in ADO.NET (l) Data source controls in ASP.NET (m) Transcation object in ADO.NET (n) Xcopy (o) Advantages of ASP.NET Program Hint: student must study brief the programs based on ADO.NET 1.Design a form and write code to : (a) Add New Record (b) Delete Selected Record (c) Edit Selected Record (d) Use Gridview Control to Display Records Make use of connected architecture. Name of Table : Books (BookId, BookName, Author, Price, Publisher) 2.Create theme for Textbox, Buttons and Gridview. Apply theme using web.config file. 3.Design GUI and write code for following : (a) Add New Record (b) Delete Record (c) Edit Record (d) Use Disconnected Architecture Table Name - Student (sno, sname, sdob, quailification, address) SQL Server - College Server Name - UOP 4. Design a GUI for login page. Make use of database to validate user login. Display welcome page for successful login and error page if login failed. 5. Write a Sectional Code for following : (a) Disable the past dates and Sundays in calendar control. (b) Create an application using File Upload Control. Which will upload your photo and display it in a image control ? The file type must be image only and file size should not exceed 1 MB. 6. Design a form and write code to : (a) Populate and display books names in a drop down list. (b) Select a book from drop down list and display its details in underlying text boxes. (c) Add a record (d) Delete Selected Record (e) Edit Selected Record Use connected architecture. Name of Table : BookMaster (BookID, Title, Author, Publisher, Price) Name of Server : MyAspDB (SQL Server) 7.Design a form and write code to : (a) Add New Record (b) Delete Selected Record (c) Edit Selected Record (d) Use Gridview Control to Display Records Make use of dis connected architecture. Name of Database :Employee Name of Table : EMP (EmpId , EmpName, DOB, salary) Server name:UOP 8.Create a web.sitemap file. Explain it and use it by making use of the Tree View and Sitemap Path Control draw proper GUI 9.Design a GUI for login page using label,textboxs and button control .display Welcome page for successful login else error page.make use of valid database to validate user login. 10.Design Interface and write code for the following : – Add a new record – Delete a record – Edit a record – Use gridview to display records – Use connected architecture – Name of Database : Inventory Name of Table : Product (Product ID, Desc, Rate, Stock) Server : SQL Server Server Name : ABCD 11. Design Interface and write code for shopping cart application : – Take a drop down list to display product. – Display product rate in a label when the product is selected. – Accept Quantity in a textbox and add it to the cart when add button is clicked. -Display order on next page when display order button is pressed.use table (Name of Table : Product (Product ID, Desc, Rate, Stock) Software Testing Software quality assurance 1. Define Software Quality. Describe the need and importance of Quality. 2.Explain Contribution of Deming Juran. 3.Explain Software Testing Life Cycle. 4.Explain British Standard 7799 for Information Security. 5.What are the various Testing Methods used to Test Web Based Applications ? 6.Explain Software Configuration Management. 7.What is Service Level Agreement ? Explain its importance. 8.Define Software Quality. Explain Quality Attributes. 9.Explain Concept of SCM from Quality Point of View. 10.Discuss Quality and Productivity. Explain in detail the Concept of COQ. 11.Explain in detail important features of CMM. 12.Why quality training is required for Software Quality Team ? 13.What is meant by Defect Management ? What are the processes used in this ? 14.“Quality Metrics is important in the Software Development Organisation.”Justify. 15.Why Software Quality is required in Software Development Process ? Explain. 16. What is use of SEI-CMM Level for Software Organisation ? Explain CMM Level-3 in detail. 17. Define the following terms with example : (a) Bug (b) Defect (c) Audit 18.Explain ‘V’ Model in Software Testing. Give example. 19.Explain the terms in short : (a) Load Testing (b) Stress Testing (c) α and ß Testing (Alpha and Beta) 20.Role of Customer in QualityDefine Quality. Describe need and importance of Quality. 21.Explain Consumer’s View and Producer’s View about Quality. 22.Explain various Testing and Defect Tracking Tools. 23. Explain Unit Testing in details. 24.Compare and contrast Black and White Box Testing Methods of Software Testing. 25.What is Software Quality Control and Software Quality Assurance ? Explain in detail SQA. 26.Explain various factors considered while setting a Computer Centre. 27.What do you mean by Risk ? Explain Software Project Risk Management in detail. 28.Describe various Software Project Time Estimation Tools, with suitable illustration. 29.Explain in detail various steps, methods and documentation process of User Acceptance Testing. 30.Explain procedure followed and care taken while terminating a person in IT organisation. Write short notes : 1. Risk Management 2. Code Review 3. Cause and Effect Diagram 4. Kaizen Principles 5. PDCA 6. Test Automation Tools 7. Process Inventory 8. KPA 9. Quality Control 10. Black Box Testing 11. Acceptance Testing 12. Inspection 13. Management Controls 14. Service Level Agreement 15. Function point analysis 16. COCOMO 17. Walkthrough. SOFTWARE TESTING PROCESS & DOCUMENTATAION 1.What is Test Data ? What are its norms ? 2.Write Test Cases for Washing Machine. 3.Define Software Quality. Describe reasons for Poor Quality. Explain reasons for Product Quality and Process Quality. 4.What is Software Testing ? What is its need ? Explain levels of Testing. 5.What is Functional Testing ? Explain various types of Functional Testing. 6.Prepare BVA and ECP for below scenario login window : (a) Use-id – allow alphanumerics 4 to 16 characters long (b) Password – allow alphabets 4 to 8 characters long 7.Write test case for Student Registration Validation Program with following fields : student_username, student_password, confirm_password, student_email and student_course. 8.What is Review ? What is its purpose ? Explain different types of Reviews. 9.What is Test Plan ? Explain IEEE Standards of Test Plain. Define Quality Assurance and Quality Control. Support your answer with ‘V’ Model of Software Testing. 10Define Risk. Explain Risk-based Testing. 11.Explain various factors considered while setting a Computer Centre. What do you mean by Risk ? Explain Software Project Risk Management in detail. 12.Describe various Software Project Time Estimation Tools, with suitable illustration. 13.Explain in detail various steps, methods and documentation process of User Acceptance Testing. 14.Explain procedure followed and care taken while terminating a person in IT organisation. 15.Explain Software Project Maintenance in detail. 16.What is Testing ? Explain Functional and Non-functional Testing ? 17.Write test case for ATM Money Withdrawal Operation with necessary rules and regulations. 18.What is Defect Management ? How it is important ? Explain Process of Defect Reporting and Tracking. 19.Describe Unit Level Testing and Integration Testing in detail with suitable examples. 20.What is White Box Testing ? Explain various White Box Testing Techniques with example. 21.What is Test Plan ? List down contents of Test Plan. Write short notes : 1. Types of Defect Management 2. Test Automation 3. TMM 4. Black Box Versus White Box Testing. 5. COTS 6. Agile Testing 7. Software Implementation. 8. Version Control 9. Software Testing 10. QA Vs QC 11. Wireless / Mobile Computering Applications 12. Static V/s Dynamic Testing 13. Manual V/s Automated Testing