Two marks

1. UNIT-1
INTRODUCTION
1. Distinguish active and passive attack with an example.
o Active Attack: An attacker modifies or disrupts data transmission (e.g., man-
in-the-middle attack).
o Passive Attack: An attacker only monitors or intercepts data without altering
it (e.g., eavesdropping).
2. What are the key principles of security?
o Confidentiality (preventing unauthorized access), Integrity (ensuring data
remains unchanged), Availability (ensuring resources are accessible),
Authentication (verifying identity), and Non-repudiation (preventing denial
of actions).
3. What is meant by a denial-of-service (DoS) attack? Is it an active or passive
attack?
o A DoS attack disrupts services by overwhelming a system with traffic. It is an
active attack as it prevents legitimate access.
4. Define an attack.
o An attack is any action taken to compromise the security of a system, network,
or data.
5. List some examples of security attacks.
o Eavesdropping, Phishing, Man-in-the-Middle, Denial of Service, Malware,
SQL Injection.
6. What is a passive attack?
o A passive attack is an attempt to gain unauthorized access without modifying
the data (e.g., traffic analysis).
7. What is an active attack?
o An active attack involves modifying, disrupting, or destroying data (e.g., virus
injection).
8. Categorize passive and active attacks.
o Passive Attacks: Eavesdropping, Traffic Analysis.
o Active Attacks: Denial of Service, Man-in-the-Middle, Spoofing.
9. What are the aspects of information security?
o Confidentiality, Integrity, Availability, Authentication, Non-repudiation.

2. 10. What is a threat? List its types.
 A threat is a potential risk that could exploit a vulnerability. Types:
o Natural Threats: Earthquake, Flood.
o Human Threats: Hacking, Phishing.
o Technical Threats: Malware, Hardware Failure.
11. What is encipherment?
 Encipherment is the process of converting plaintext into ciphertext using encryption
techniques.
12. Define symmetric encryption.
 Symmetric encryption uses a single key for both encryption and decryption (e.g.,
AES, DES).
13. What are the essential ingredients of a symmetric cipher?
 Plaintext, Encryption Algorithm, Secret Key, Ciphertext, Decryption Algorithm.
14. What are the two basic functions used in encryption algorithms?
 Substitution (Replaces characters) and Permutation (Shuffles characters).
15. Why is asymmetric cryptography bad for huge data? Specify the reason.
 Asymmetric encryption is computationally expensive and slow because it uses
complex mathematical operations (e.g., RSA).
16. What are the two general approaches to attacking a cipher?
 Cryptanalysis (Mathematical analysis to break encryption) and Brute-force
attack (Trying all possible keys).
17. Distinguish between attack and threat.
 Threat is a potential danger; Attack is an actual attempt to exploit a vulnerability.
18. Differentiate MAC and Hash function.
 MAC (Message Authentication Code): Uses a secret key to ensure message
authenticity.
 Hash Function: Generates a fixed-size output from input data but has no key.
19. What is a Hash in Cryptography?
 A hash is a fixed-size string derived from input data using a hashing algorithm (e.g.,
SHA-256).
20. How is the security of the MAC function expressed?

3.  It is expressed in terms of resistance to forgery (i.e., an attacker should not be able to
generate a valid MAC without knowing the secret key).
UNIT-II : KEY MANAGEMENT AND AUTHENTICATION
1. Name the four requirements defined by Kerberos.
 Secure authentication
 Reliable third-party authentication
 Secure communication
 Scalability
2. Name the authentication protocols.
 Password-based authentication
 Challenge-Response authentication
 Kerberos
 Public Key Infrastructure (PKI)
 OAuth, SAML
3. List four requirements that were defined by Kerberos.
 Mutual authentication
 Secure communication using session keys
 Protection against replay attacks
 Scalability for large networks
4. List any four password selection strategies.
 Use complex passwords with uppercase, lowercase, numbers, and special characters
 Implement multi-factor authentication (MFA)
 Avoid using dictionary words or easily guessable passwords
 Regularly update passwords
5. Specify the various types of authentication protocols.
 Kerberos
 Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

4.  Password Authentication Protocol (PAP)
 Challenge Handshake Authentication Protocol (CHAP)
 OAuth/OpenID
6. How does a digital signature differ from authentication protocols?
 Digital Signature: Ensures integrity and non-repudiation by verifying document
authenticity using encryption.
 Authentication Protocol: Verifies user identity before granting access to systems or
data.
7. What are the principal differences between Kerberos version 4 and version 5?
o Version 5 supports different encryption algorithms; Version 4 uses only DES.
o Version 5 prevents replay attacks with timestamps.
o Version 5 allows ticket lifetime control, unlike Version 4.
o Version 5 supports cross-realm authentication.
8. When are the certificates revoked in X.509?
o When a private key is compromised
o When an employee leaves an organization
o When a certificate expires or is replaced
o When security policies change
9. Show how SHA is more secure than MD5.
o SHA (e.g., SHA-256) produces a longer hash value (256-bit) compared to
MD5 (128-bit).
o SHA has a lower collision rate than MD5.
o MD5 is vulnerable to hash collisions, while SHA-2 provides stronger security.
10. What is a realm in Kerberos?
 A realm is a domain of authentication where a single Kerberos server (Key
Distribution Center) manages security for users and services.
11. What entities constitute a full service in a Kerberos environment?
 Authentication Server (AS)
 Ticket Granting Server (TGS)
 Client (User)

5.  Service Server (Application Server)
12. What is a Key Distribution Center (KDC)?
 A KDC is a trusted entity in a Kerberos system that provides authentication and
ticket-granting services.
13. What is a public key certificate?
 A public key certificate is a digitally signed document issued by a Certificate
Authority (CA) that binds a public key to an entity.
14. What is the life cycle of a key?
 Generation → Distribution → Usage → Expiration/Revocation → Destruction
15. Define password protection.
 Password protection involves securing passwords through encryption, hashing, and
implementing strong authentication policies.
16. What are the advantages of key distribution?
 Secure communication
 Reduced risk of key compromise
 Centralized key management
 Scalability in large networks
17. What is PKI (Public Key Infrastructure)?
 PKI is a framework that uses cryptographic keys and digital certificates to enable
secure communication and authentication over networks.
18. What is a digital certificate?
 A digital certificate is an electronic credential issued by a CA that verifies the identity
of an entity and enables secure transactions.
19. Define Realm.
 A realm is a logical boundary within which Kerberos authentication is managed by a
single KDC.
20. Define Kerberos Realm.
 A Kerberos realm is a network domain managed by a Kerberos authentication server,
ensuring secure identity verification.
UNIT-III : ACCESS CONTROL AND SECURITY

6. 1. What is SSH?
o SSH (Secure Shell) is a cryptographic network protocol used for secure
remote access, file transfer, and command execution over an insecure network.
2. What is an SSL Session?
o An SSL session is an encrypted connection between a client and a server that
is established using SSL/TLS protocols to ensure data confidentiality and
integrity.
3. Which two services are provided by the SSL Record Protocol for SSL
connections?
o Confidentiality (by encrypting transmitted data)
o Integrity (by verifying message authenticity using MAC - Message
Authentication Code)
4. What is the purpose of HTTPS?
o HTTPS (HyperText Transfer Protocol Secure) secures web
communications by encrypting data exchanged between the browser and the
web server using SSL/TLS.
5. What is the difference between an SSL connection and an SSL session?
o SSL Connection: A single, secure communication channel between client and
server.
o SSL Session: A set of multiple SSL connections that share cryptographic
parameters to optimize security.
6. Define TLS.
o TLS (Transport Layer Security) is the successor to SSL, providing stronger
encryption and authentication for secure communication over networks.
7. What is Extensible Authentication Protocol (EAP)?
o EAP is a flexible authentication framework used in wireless networks and
point-to-point connections to support multiple authentication methods (e.g.,
password, digital certificates).
8. What is Network Access Control (NAC)?
o NAC is a security mechanism that restricts unauthorized devices from
accessing a network by enforcing compliance with security policies.
9. Define Handshake Protocol.
o The Handshake Protocol is part of SSL/TLS, used to establish secure
connections by exchanging cryptographic keys and verifying identities
between a client and a server.
10. Explain Internet Key Exchange (IKE).
o IKE is a protocol used in IPSec to establish secure communication by
negotiating cryptographic keys and security associations between devices.

7. 11. Difference between Transport Mode vs. Tunnel Mode
 Transport Mode: Encrypts only the payload of the IP packet (used in end-to-end
communication).
 Tunnel Mode: Encrypts the entire IP packet and encapsulates it inside a new IP
header (used for VPNs).
12. What is Security Association (SA)?
 SA is a set of security parameters that define how data should be encrypted and
authenticated in IPSec communication.
13. Define IP Security (IPSec).
 IPSec is a suite of protocols that provides encryption, authentication, and secure
communication over IP networks.
14. Explain Network Access Control.
 NAC restricts network access based on device authentication, user identity, and
security policies to prevent unauthorized access.
15. What are the two basic types of network access control?
 Pre-admission control: Evaluates a device before granting access to the network.
 Post-admission control: Monitors devices after they are connected to the network.
16. List out the benefits of an HTTPS Certificate.
 Encrypts data to prevent interception
 Ensures website authenticity
 Improves SEO rankings
 Protects against phishing attacks
17. Advantages of Network Access Control (NAC)
 Prevents unauthorized access
 Ensures compliance with security policies
 Reduces malware and cyber threats
 Enhances network visibility and control
18. What are the benefits of IPSec?
 Secure encryption of data transmissions
 Strong authentication mechanisms
 Protection against replay attacks

8.  Secure remote access via VPNs
19. Explain the IPSec Document Specification.
 RFC 4301: Security architecture for IPSec
 RFC 4302: Defines the Authentication Header (AH)
 RFC 4303: Defines the Encapsulating Security Payload (ESP)
 RFC 4306: Describes Internet Key Exchange (IKEv2)
UNIT-IV : APPLICATION LAYER SECURITY
1. What are the different types of MIME?
 MIME (Multipurpose Internet Mail Extensions) types:
o Text MIME Types: text/plain, text/html
o Image MIME Types: image/jpeg, image/png
o Audio MIME Types: audio/mpeg, audio/wav
o Video MIME Types: video/mp4, video/avi
o Application MIME Types: application/pdf, application/zip
2. List out the services provided by PGP.
 Confidentiality (encryption of messages)
 Authentication (verifying sender identity)
 Integrity (ensuring message remains unchanged)
 Non-repudiation (prevents sender from denying message)
 Compression (reduces message size before encryption)
3. What do you mean by PGP?
 PGP (Pretty Good Privacy) is an encryption program that provides secure email
communication and file encryption using public-key cryptography.
4. What are the five principal services provided by PGP?
 Confidentiality, Authentication, Integrity, Compression, Email Compatibility
5. Mention the five header fields defined in MIME.
 MIME-Version
 Content-Type

9.  Content-Transfer-Encoding
 Content-Disposition
 Content-ID
6. Define mobile device security.
o Mobile device security includes practices and technologies to protect
smartphones, tablets, and other devices from malware, unauthorized access,
and data breaches.
7. Why does PGP generate a signature before applying compression?
o PGP signs a message before compressing it to ensure that the integrity of the
signature remains intact and to improve compression efficiency.
8. What is MIME?
o MIME (Multipurpose Internet Mail Extensions) is an email standard that
enables the transmission of multimedia content such as text, images, and
attachments over email.
9. What is S/MIME?
o S/MIME (Secure Multipurpose Internet Mail Extensions) is an enhanced
version of MIME that provides encryption and digital signature capabilities for
secure email communication.
10. Why is the segmentation and reassembly function in PGP needed?
o PGP breaks large messages into smaller segments for transmission and
reassembles them at the receiver's end to ensure compatibility with email
systems that have size limitations.
11. How does PGP use the concept of trust?
o PGP relies on a "web of trust" where users digitally sign public keys to verify
the authenticity of others without a central authority.
12. Define EAPOL.
 EAPOL (Extensible Authentication Protocol Over LAN) is a network authentication
protocol used in 802.1X for secure wired and wireless connections.
13. List out the authentication and key argument in 802.11i.
 Authentication: 802.1X/EAP, Pre-Shared Key (PSK)
 Key Management: Temporal Key Integrity Protocol (TKIP), Counter Mode with
CBC-MAC Protocol (CCMP)

10. 14. What are different types of stations in wireless network security?
 Station (STA): Wireless device that connects to a network
 Access Point (AP): Connects stations to a wired network
 Ad-Hoc Mode Stations: Communicate directly without an access point
15. Define domain keys identified mail (DKIM).
 DKIM is an email authentication method that adds a digital signature to emails to
verify sender authenticity and prevent email spoofing.
16. List out the S/MIME functionality.
 Message Encryption
 Digital Signatures
 Authentication
 Data Integrity
 Non-repudiation
17. List out the types of keys in PGP cryptographic keys and key ring.
 Public Key (for encryption)
 Private Key (for decryption)
 Session Key (used for encrypting data)
 Key Ring (stores trusted public/private keys)
18. Define mail message format in S/MIME.
 Header (MIME-Version, Content-Type, etc.)
 Body (encrypted or signed content)
 Signature (optional for authentication)
19. What are the organizations configured with security controls?
 NIST (National Institute of Standards and Technology)
 ISO (International Organization for Standardization)
 CIS (Center for Internet Security)
 IETF (Internet Engineering Task Force)
20. Define Wired Equivalent Privacy (WEP).

11.  WEP is an older encryption protocol for Wi-Fi networks, providing basic security
using static encryption keys but is vulnerable to attacks.
UNIT-V : SECURITY PRACTICES
1. What are the major issues derived by Porras about the design of a
distributed intrusion detection system?
 Scalability: Handling large networks efficiently.
 Cooperation: Coordinating multiple detection components.
 Accuracy: Reducing false positives and negatives.
 Real-time Analysis: Detecting attacks as they occur.
2. Define intruder. Name three different classes of intruders.
 An intruder is an unauthorized user who tries to access or manipulate data.
 Classes of Intruders:
1. Masquerader: Uses stolen credentials.
2. Misfeasor: Legitimate user misusing privileges.
3. Clandestine user: Evades security controls.
3. What are the three main components involved in the distributed intrusion detection
system?
 Data Collection: Monitors system/network activities.
 Analysis Engine: Detects potential intrusions.
 Response Component: Alerts or takes preventive actions.
4. What is an intruder?
 An intruder is a person or system attempting unauthorized access to a network or
device.
5. Define intrusion.
 Intrusion refers to unauthorized access or attack on a system or network to
compromise security.
6. Define the roles of a firewall.

12. o A firewall monitors, filters, and controls incoming/outgoing network traffic
to protect against unauthorized access.
7.What is the advantage of an intrusion detection system (IDS) over a firewall?
o IDS can detect and alert about internal threats, while a firewall only blocks
unauthorized access.
8.What is the main function of a firewall?
o To filter network traffic, blocking or allowing data based on security rules.
9.List out the various types of firewalls.
o Packet Filtering Firewall
o Stateful Inspection Firewall
o Proxy Firewall
o Next-Generation Firewall (NGFW)
10.What are the design goals of firewalls?
o Prevent unauthorized access
o Monitor and control traffic
o Enforce security policies
o Enhance network security
11.Who is a masquerader and who is a clandestine user?
o Masquerader: Impersonates a legitimate user.
o Clandestine User: Bypasses security measures to avoid detection.
12. What is an intrusion detection system (IDS)?
o An IDS monitors and analyzes network/system activity for suspicious
behavior or attacks.
13.List out the common security issues around cloud computing.
o Data breaches
o Unauthorized access
o Weak authentication
o DDoS attacks
14. What are the three cloud computing security challenges?
o Data Security (encryption and protection)
o Access Control (authentication and identity management)
o Compliance and Privacy (meeting legal security requirements)

13. 15. What are the advantages of Blockchain?
o Decentralization (no central authority)
o Security (tamper-proof records)
o Transparency (public ledger visibility)
o Efficiency (faster transactions)
16. Draw neatly blockchain technology layer.
1. Application Layer (Smart contracts, dApps)
2. Consensus Layer (Proof-of-Work, Proof-of-Stake)
3. Network Layer (Communication between nodes)
4. Data Layer (Storage of transactions)
17. Describe Screened Subnet.
 A Screened Subnet (also called a DMZ) is a buffer zone between an internal network
and the internet, with firewalls on both sides for added security.
18. Define DMZ Network.
 A DMZ (Demilitarized Zone) is a segregated network that hosts public-facing
services (e.g., web servers) while protecting the internal network.
19. Define Password Protection.
 Password protection refers to security measures like encryption, hashing, and MFA
to protect user credentials from unauthorized access