B5.

3-R3: NETWORK MANAGEMENT

& INFORMATION SECURITY
Question Papers
January 2007

July 2006

JANUARY 2006
January, 2005

July, 2005

July, 2004

January, 2004

january 2007
B5.3-R3: NETWORK MANAGEMENT & INFORMATION SECURITY

NOTE:
1. Answer question 1 and any FOUR questions from 2 to 7.
2. Parts of the same question should be answered together and in the same
sequence.

Time: 3 Hours Total Marks: 100

1.
a) Distinguish between Host based and Network based Intrusion Prevention Systems.
b) Why is the Domain Security policy required? How is it different from local security policy?
c) What are the short comings of IT Act 2000 that deter companies from approaching the
cyber cell for the enforcement?
d) How is Dictionary attack different from Brute Force attack?
e) What is the use of Active Directory in Windows 2000?
f) How can IPsec be used to create a VPN?
g) In most of the campus/corporate networks, we find firewalls preceded by a router, but not
the reverse. Why has this become almost a de-facto standard?
(7x4)

2.
a) What are the various categories of Denial of Service Attack (DOS) available? State at
least three ways by which this attack could be launched by an intruder.
b) Explain the various measures required to be taken in Security Testing of a financial
institution with respect to IT.
(9+9)

3.
a) In RSA Encryption method if the prime number p and q are 3 and 7 respectively, the
encryption exponent e is 11, find the following:
i) the least positive decryption exponent d
ii) public and private key
iii) cipher text when the plain text P is encrypted using the public key ?
b) How does User Based Security Model provide integrity protection with or without delay
detection and privacy protection?
(10+8)

4.
a) How is a virus different from a worm? What are the various types of viruses?
b) Compare the strength and weaknesses of Intrusion Detection System (IDS)?
c) How does Digital Signature prevent E-mail spoofing?
(8+6+4)

5.
a) Alice sends some message M to Bob using RSA public-Key encryption Algorithm where
public key is (5,119) and private key is (77,119). The Cipher text is 66. Find the message
M sent to Bob.
b) How does biometric help in security electronic banking?
c) Why can IP spoofing not be prevented by using Packet Filter Firewall Technique?
(5+8+5)

6.
a) What is Trojan Horse? Explain some functions of the Trojan. Also suggest any three
ways to detect Trojan.
b) How does Asymmetric key encryption ensure “Non-Repudiation”? Explain with an
example?
c) Why are each initiator and each target assigned to one or more security groups in an
access control scheme based on security labels?
(7+5+6)

7.
a) How is Kerberos designed to provide strong authentication for client/server applications
by using secret key cryptography? Also mention the short comings of Kerberos.
b) Hoe does SET make a digital wallet similar to a real wallet and secure for e-commerce
payment transaction?
c) Explain briefly the three modes that a snoop can configure.
(6+6+6)

july 2006
 B5.3-R3: NETWORK MANAGEMENT & INFORMATION SECURITY

NOTE:
1. Answer question 1 and any FOUR questions from 2 to 7.
2. Parts of the same question should be answered together and in the same
sequence.

Time: 3 Hours Total Marks: 100

1.
a) What are the unicast and multicast packets? By examining the addresses used,
determine whether the packet is multicast or unicast.
b) How IPSec can be used to create VPN?
c) How does two filtering routers make the screened subnet firewall most secure?
d) What basic arithmetical and logical functions are used in MD5 and SHA-1?
e) What are the Denial of Service attacks?
f) How is ASN.1 different from other data structure definition schemes?
g) What are main services provided by Computer security incident response teams?
(7x4)

2.
a) What protocol is used at the transport layer? Explain briefly the three functional areas of
IP level security.
b) Why does Encapsulating Security Payload (ESP) include a padding field?
c) What is the difference between passive and active attacks with respect to security threats
faced in using the web.
(6+6+6)

3.
a) What are the basic techniques that are used by firewalls to control access and enforce
the site’s security policy?
b) Which type of firewall does act as a relay of application level traffic? Explain, how it is
better from other types of firewalls.
(12+6)

4.
a) Differentiate between both the MD5 and SHA-1 algorithms.
b) Suppose that A has a data file namely “d” that B needs. A and B want to ensure a secure
transmission of file. They do not want that anyone should know the content of file even if
it is intercepted during transmission. B also wants to know whether or not whatever is
transmitted from A has not been corrupted or altered in transit and that the file was sent
by A . It is assumed that A and B share a secret symmetric key that no one else knows
and there is a public key infrastructure available.
Describe the steps that A takes to send the data file “d” meeting the requirements give as
above. Your solution should only use as few a number of symmetric and/or public key as
necessary while meeting the above requirements.
(6+12)

5.
a) What are some of the attacks that can be made on packet filtering routers and their
appropriate counter measures?
b) What are the procedures involved in Quantitative Risk Assessment? How is the
Annualized Loss Expectancy (ALE) calculated?
(12+6)
6.
a) What was the security problem present in SNMP V1 that was solved in SNMP v3 and
how?
b) What are two most popular active contents used as tools by attackers? Describe them
briefly.
(12+6)

7.
a) What is a “smurf attack” and how is it defended?
b) What are the conditions prescribed in IT Act 2000 for the purpose of Electronic
Governance to retain documents, record or information in electronic form for any
specified period?
(12+6)

JANUARY 2006
B5.3-R3: NETWORK MANAGEMENT & INFORMATION SECURITY
NOTE:
1. Answer question 1 and any FOUR questions from 2 to 7.
2. Parts of the same question should be answered together and in the same
sequence.

Time: 3 Hours Total Marks: 100

1.
a). What is digital signature? Which algorithms are used for digital signatures?
b) Differentiate between steganography and cryptography.
c) How does message digest help in checking the integrity of a transmitted text?
d) State four primary functions of CERT.
e) Differentiate between active and passive attacks on a computer.
f) What is an application level firewall and why is it necessary?
g) State any four acts amounting to "cybercrime" as per IT Act 2000.
(7x4)
2.
a) Suppose you are doing RSA encryption with the prime numbers p=13 and q=7.
Also, assume that encryption exponent e=5. Find the least positive decryption
exponent d. Next, encrypt the message m=7. Now decrypt the cipher c=2.
b) Explain the distributed DoS (Denial of Service) attack with a suitable diagram?
Why is this kind of attack very common during the final hours of the Internet
auction?
c) What is the importance of "no read up" plus "no write down" rule for a multilevel
security system?
(9+6+3)
3.
a) What is meant by IP spooling? How can a router be used to prevent IP spooling?
b) How does RSA based digital signature help in "non-repudiation"? Explain with a
concrete example scenario between a sender and a receiver.
c) Describe the Digital Signature (OS) Algorithm based on OS standard of NIST.
How are signing and verifying done in OS standard?
(3+6+9)
4.
a) Consider the following threats to Web security and describe how each is
countered by a particular feature of SSL (Secure Sockets Layer):
i) Brute-Force Cryptanalytic Attack
ii) Replay Attack
iii) Packet Sniffing
iv) Password Cracker
v) SYN Flooding
vi) Man-In- The-Middle Attack
b) Name the six participants in the SET system and show their interconnections in a
secure electronic commerce component diagram.
([6x2]+6)

B5.3-R3 Page 1 of 2 January, 2006

5.
a) In most of the campus/corporate networks, we find firewalls preceded by a
router, but not the reverse. Can you explain why this has become almost a de-
facto standard?
b) What is the difference between "reactive" and "proactive" fault management?
State the four steps usually followed in reactive fault management.
c) What does SNMP define as manager, agent and client? .Why does SNMP need
SMI and MIB to manage a network? How are they related to UDP?
(3+6+9)
6.
a) Describe briefly the Bell-La Padula Model and its limitations. What is tranquility
principle in this model?
b) What are the three classes of intruders? Discuss any three metrics used in
profile-based anomaly detection. Explain the architecture of a distributed
intrusion detection system (with a suitable diagram) and name the various
components.
(8+10)
7. Write short notes on any three:
i) Pretty Good Privacy (PGP)
ii) IPsec VPN
iii) Risk Assessment (RA)
iv) Biometrics
 (3x6)

January, 2005
Note:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same sequence.

Time: 3 Hours Total Marks:100

1.
1. List and describe three preventative measures that can be taken to
minimize the risk of computer virus infection, other than the use of anti-
virus software. .
 2. With respect to an operating system, what is the primary security benefit
of access control lists? .
3. Explain why the use of UDP is "popular" for packet spoofing attacks.
4. Briefly describe port-scanning attacks and explain why attackers use them.
5. Cryptography needs physical security. To what extent is this statement
correct?
6. We consider the random cipher model with random variables M, C and K
for plaintext, ciphertext and key, respectively. Give an interpretation in
cryptographic terms of the equation
H(M,C) = H(M)+H(C).
Give also an example of a cryptosystem, which has this property.
7. Describe how IPsec can be used to create a VPN.

(7x4)

2.
1. How is the Internet challenging the protection of individual privacy?
Discuss and give examples where appropriate.
2. Briefly describe steps from recovering from system compromise in which
an intruder or an attacker has gained access to system.

(12+6)

3.
1. Consider the task of designing a Web server that will target specifically E-
commerce, with the objective of accommodating a number of merchant
sites, each consisting of a catalog, shopping cart, payment system
interfacing with a credit card company, customer profiles repository based
on previous transactions, and a recommender system. What specific
architectural suggestions would you make to ensure:
1. efficiency
2. security
3. reliability
2. What is meant by IP spoofing? How can a router be used to prevent IP
spoofing?
3. What is an important difference between an SNMP request/response and
an SNMP trap message?
4. Explain the difference between identification and authentication.

(9+3+3+3)

4.
1. What is an Intrusion Detection System? Describe briefly the main
components of an IDS with the help of a diagram.
 2. You will find that experts disagree on the relative strength of proxy
servers and packet filtering firewalls. Examine their arguments and justify
your own verdict on their dispute?

(10+8)

5.
1. What are the objectives mentioned in the Preamble to the IT Act?
2. How do IP addresses get mapped on to data-link layer addresses, such as
Ethernet? Explain by illustrating class 'C' networks of a university.
3. Give a list of SNMP v3 commands and their functionalities. Indicate their
direction of flow. Which of the commands are not supported in SNMP v1?

(6+6+6)

6.
1. We consider the use of RSA encryption with a 1024 bits modulus to
transmit a 56 bit DES key to be used as session key. One can develop a
meet-in-the-middle attack on this practice, based on the fact that a random
56 bit number m can with significant probability be factored as m =
m1.m2, where both m1and m2 are 28 bit numbers. So, assume that the DES
key m has such a factorization and that the ciphertext c = me mod N has
been intercepted by an adversary. Describe the attack in detail and give
estimates of how much computation and storage that is needed for the
attack.
2. Nikita and Michael decide to agree on a secret encryption key using the
Diffie-Hellman key exchange protocol. You observe the following:
1. Nikita chooses p=13 for the modulus and g=2 as generator.
2. Nikita sends 6 to Michael.
3. Michael sends 11 to Nikita.

Determine the secret key.

7. (12+6)
8.
1. Write short notes on any THREE of the following technologies explaining
how they are used in the development of a distributed information system.
1. Active X control
2. FTP server
3. CGI script
4. Active Server Page
5. HTML form

Indicate whether the technology runs on the client, on the server, or on

both.
 2. Which security feature's do you expect-from a secure e-mail system and
from the machines running a secure e-mail system? Which layer is most
appropriate for such a security service? Distinguish between services that
want to offer anonymity in your answer.

(12+6)

JULY 2005
NOTE:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same
sequence

TIME: 3 HOURS TOTAL MARKS: 100

1.

1. What are agents in network management system?

2. What is a proxy and how does it work?
3. What are the three key properties of hash functions?
4. Differentiate between passive and active attacks on a computer.
5. Is a firewall sufficient to secure network or do we need anything else?
6. How can an intrusion detection system actively respond to an attack?
7. What is non-repudiation? How does Asymmetric key encryption ensure
non-repudiation?

(7x4)

2.
1. What is a digital signature? Which algorithms are used to digital
signatures?
2. What is IPSec? Explain.
3. Differentiate between Symmetric Key and Asymmetric Key algorithms?
Which is most commonly used for encryption on the web?

(4+6+8)

3.
1. What are DOS attacks? Explain one of them.
2. What other countermeasures besides IDS are there in a network?
What are different types on Intrusion Detection Systems?
3. What are Intrusion Prevention Systems? Explain.

(6+6+6)
 4.
1. Explain briefly about Mandatory Access Control and Discretionary
Access Control.
2. What are Trojans? Give example of at least one commonly known
Trojan?
3. Differentiate between works and viruses.

(6+6+6)

For more questions papers visit www.DoeaccOnline.com, www.IgnouOnline.com

5.

1. Explain briefly about penetration testing and post scanning.

2. What are the different levels in TCP/IP at which web security may be
implemented? Illustrate with examples.
3. What is Demilitarized Zone? Explain with a diagram.

(6+6+6)

6.

4. How are Digital Certificates used to provide third party trust?

5. What are the components of X.506 v3 format for digital signatures?
6. What is CRL? How is it used to validate digital certificates?

(5+6+7)

7.
Write short notes on the following:

7. Public Key infrastructures (PKI)

8. Reverse Proxy
9. Virtual Private Network (VPN)

(6+6+6)
July, 2004
Note:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same sequence.

Time: 3 Hours Total Marks:100

1.
1. Differentiate between passive and active attacks on a computer.
2. What is malicious code? What are its different types? What differentiates
one type from another?
3. A data entry firm experiences on an average a loss of 10 files of 1000
bytes each per day due to power failures. The loss probability is 0.9. The
cost of keying in a character is Rs. 0.005. At what cost burden the firm
should consider putting in a loss prevention mechanism?
4. What are session keys? How are they distributed using PKI?
5. What are access control lists and capability lists? In what ways they differ
in their organization?
6. A password cracker knows for certain that a genuine user uses a password
that is four characters long drawn from a set of 100 characters. He decides
to crack the password by brute force method. What is the maximum
number of combinations he needs to test? How long would it take (in
years) for him to crack the password if it takes 100 msec to test each
password?
7. Show that in a block chaining mode of encryption a XOR operation on the
decrypted result with the preceding block produces the plain text.

(7x4)

2.
1. List any four biometric methods other than voice print used for user
authentication. Discuss the user registration and authentication procedures
in the case of voice print biometric key.
2. What is the basic purpose of a security model for computer systems?
3. Discuss no read up and no write down security policies and the tranquility
principle in Bell - La Padula security model.

(8+3+7)

3.
1. What is steganography? How is it different from cryptography?
2. Give expressions describing the triple DES function at the sending and
receiving ends. What is the purpose of the intermediate stage? Illustrate
how the intended purpose of the intermediate stage is achieved.
 3. Consider the plain text 47E6BF5193ACD280 and the key FFC16B4A
both in hexadecimal. Apply the following functions on the plain text using
the key and compute the result:

4. (4+6+8)
5.
1. What is hashing? How does it help in checking the integrity of a
transmitted text?
2. Given a message, describe the steps involved in arriving at a digital
signature for the message.
3. What are the three phases of authentication in Kerberos v4? Discuss each
phase briefly bringing out clearly how certain security threats are
overcome in each phase.

(4+5+9)

6.
1. What are agents in Network Management System?
2. Give a list of SNMP v3 commands and their functionalities. Indicate their
direction of flow. Which of the commands are not supported in SNMP v1?
3. What are the different components of IDS? Explain the different types of
IDS.

(6+7+5)

7.
1. What are the different levels in TCP/IP at which WEB security may be
implemented? Illustrate with examples.
2. Explain with a diagram how tunnel mode IPSec operation can be
established among different segments of a virtual private network.
3. What is DOS attack? Explain one of them.

(6+6+6)

8.
1. What is the basic purpose of a firewall? Briefly discuss the different types
of firewalls.
2. Present and discuss the screened subnet architecture of firewalls.
3. IT Act 2000 specifies eight acts which if carried out without the
permission of the owner or the person in-charge of a computer system are
considered as crimes. List any three such acts and relate them to the type
of security attacks.

(8+5+5)
January, 2004
Note:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same sequence.

Time: 3 Hours Total Marks:100

1.
1. What are four problems related to network security? Explain the meaning
of each of them.
2. Explain what is challenge response system?
3. What are agents in Network management system?
4. What is a stream cipher? Is DES a stream or block cipher?
5. What is firewall? State briefly how it works.
6. What are the three key properties of hash functions?
7. With the possibility of inside attack, where should IDS devices be located?

(7 x 4)

2.
1. What are two common techniques used to protect a password file?
2. Explain briefly what are the following Internet security threats:
1. Packet sniffing.
2. IP spoofing.
3. Denial of service.
3. Why is authentication an important requirement for network security?

(6+8+4)

3.
1. Explain briefly about Mandatory Access Control and Discretionary Access
Control.
2. Describe briefly the Bell-La Padula model and its limitations.
3. What are the essential components of a corporate security policy?

(6+6+6)

4.
1. What are the four modes of operation for a symmetric cipher? What are
the relative advantages of each of the mode?
2. A wants to send B a signed message. A and B have certificates for their
public keys, signed by a mutually trusted CA. Explain how A generates
 the signature which is appended to the message, assuming RSA, and MD5
can be used.
3. Does the certification Authority need a private key? What for? What
happens if this is compromised?

(6+6+6)

5.
1. Briefly explain how cookies pose security threat?
2. What is MIB? What are the two ways to convey MIB information?
3. What is the difference between SNMP and RMON ? Explain in brief
about the snmpbulkget request operation.
4. Which message types are used:
1. to gather information from an agent?
2. to inform the manager of certain events?

(4+5+5+4)

6.
1. What is buffer overflow? How does it lead to security problems?
2. Explain briefly about penetration testing and port scanning.
3. What is the difference between IDS and Firewall?

(8+6+4)

7. Write short notes on the following:

1. Virtual Private Network (VPN)
2. Secure Socket Layer.
3. Proxy Firewall