Department of Computer Science and Technology, UTUutu.ac.in/dcst/download/documents/QBMSCIT060010708.pdf · 2014-10-18 · Department of Computer Science and Technology, UTU 2014

Department of Computer Science andTechnology, UTU

2014

Ms. Juhi Patel Page 1

Course: 060010708 – Network Security

Unit – 1 Introduction of Network Security

SHORT QUESTIONS:

1. Which are the behavioural characters that can be used to identify hacker?2. How does a script kiddie vary from a hacker?3. How can “theft of sensitive information” be described?4. Justify the statement “my competitor’s loss is my gain”.5. Define the term disruption of services.6. Define the term Cyber Forensics.7. Which guiding principles can be used for practising security?8. How does Default permit policy differ from a Default deny policy?9. Where can ICMP be used?

LONG QUESTIONS:

1. Describe what are the major motives behind attacks done by cyber criminals.2. Write a short note on Denial of Service attack.3. List out four types of difference between human vulnerabilities and protocol vulnerabilities.4. Draw a diagram for common attacks and vulnerabilities.5. Compare and contrast configuration vulnerabilities with protocol vulnerabilities.6. Write a short note on software vulnerabilities.7. What is a defence strategy? Explain data protection.8. “Security by obscurity is often bogus”. Justify the statement with proper reason.9. Justify the statement “Security versus performance is a tradeoff often encountered”10. Are there situations where the “Default Accept” or “Default Permit” policy is more appropriate

than the “Default Deny” policy for access control? Explain.

FILL IN THE BLANKS:

1. __________________ use scripts and attack kits designed by others.2. The primary motivation for launching cyber attacks has shifted to _____________.3. .___________ and ___________ are malware that replicate themselves.4. A _______________ is a weakness or lacuna in procedure.5. ____________ is an instance of a particular attack on a computer system that leverages a

specific vulnerability or set of vulnerabilities.6. The first defence strategy to prevent intrusions is _________________.7. _______________ and _________________ are preventive strategies.8. ______________________ behaviour is a radical departure from the norm.9. The CSMA/CA protocol was inspired by the______________.10. A___________ uses a MAC table to keep track of addresses.11. __________ is used to resolve an IP address to a MAC address.12. The _________________ is responsible for routing packets or datagrams over the internet.


2014


13. ____________ messages are used in Denial of service attacks like smurf and fraggle.14. The _________________ is a connectionless protocol.15. ___________ is a contagious set of nodes in the DNS tree.16. The major players in the internet Mail systems are _______________ and _____________.

MULTIPLE CHOICE QUESTION:

1. The motivation of an ethical hacker isa. Financial gainb. Thrill of hackingc. Desire to identify vulnerabilitiesd. A religious/political/ideological cause.

2. Which of the following attacks is/are likely to result in identity theft?a. Phishing attackb. Denial of service attackc. Dictionary attack.d. Virus infection

3. The buffer overflow attack is caused by ____________a. Vulnerability in the design of a networking protocol.b. Vulnerability in the implementation of a networking protocol.c. Vulnerability in human behaviour.d. Vulnerability in software.

4. A counter measure to eavesdropping on the communication link is the use ofa. Cryptographic checksumb. Encryption.c. A login name and passwordd. A fake identity.

5. The following is used when the source code for a piece of software is unavailable.a. Blackbox testingb. Whitebox testingc. Regression testingd. Unit testing

6. A good example of a defence in depth isa. The use of exhaustive software testingb. The detection of worm and virus signatures.c. The use of encryption in conjunction with a checksumd. The use of multiple firewalls in organization

7. Which of the following is true for wired LAN communications?a. A frame is broadcast by the sender to all stations in a hub based LANb. A frame is broadcast by the sender to all stations in a switch based LANc. The bandwidth in switch based is higher than that in hub based


2014


d. A LAN switch forwards packets based on the destination IP addresses.

8. Which of the following is not a valid IPV4 address?a. 192.10.14.3b. 200.172.287.33c. 65.92.11.00d. 10.34.110.77

9. Address resource records are associated witha. 1Routing tables in internet routers.b. DNS serversc. ARP caches in LAN workstations.d. NATing devices in an organization

10. ICMP messages are exchanged betweena. Two routersb. Two hostsc. A router and a switchd. A host and a switch

11. Which of the following protocol is used in accessing web mail?a. SMTPb. HTTPc. POP3d. IMAP

12. Which of the following is/are true for HTTP GET and POST methods?a. The GET request has no bodyb. The POST request has no bodyc. The response to a GET request is always a file.d. HTML form parameters are always sent through a POST request.

Unit 2 :

SHORT QUESTIONS:

1. Define authentication2. What do you mean by a verifier?3. What is password based authentication.4. Define challenge-response protocol5. What is mutual authenciation?6. Define parallel session attack7. Define reflection attack.8. Define dictionary attacks.


2014


9. State the types of dictionary attacks.10. What do yu mean by encrypted key exchange?11. What is perfect forward secrecy?12. What is a long term secret?13. Define a short-time session key.14. What is a challenge-response phase?15. Daw the diagram of preliminary version 2.16. Draw the diagram of preliminary version 3.17. Define Kerberos.18. List out the factors ensured by password based system.19. What is a ticket granting server?20. Show the message sequence in Kerberos.21. Define biometric.22. What is the purpose of enrolment in biometrics?23. What is the purpose of recognition in biometrics?24. What is the purpose of identification in biometrics?25. State the characteristics of a good biometric.26. What do you mean by singularities?27. Define iris.28. What is a non-invasive technique?29. What do you mean by statistical independence?30. Define hamming distance.

LONG QUESTIONS:

1. Describe in brief the broadcast communication process used in LAN and WiFi.2. Draw the diagram of a LAN layout in an academic environment.3. Write a short note on ARP.4. Show diagrammatically the difference between IPv4 header and IPv6 header.5. Describe in detail about IP Version 46. Write as short note on IP Version 67. Describe briefly what is ICMP8. Explain in detail about TCP9. Draw the format of a TCP header.10. Show briefly what a 3-way handshake is.11. Write a short note on NAT/PAT.12. State two points of difference between NAT and PAT.13. Draw the diagram of DNS hierarchy.14. Write a short note on HTTP.15. Write a short note on E-mail.16. Describe briefly what you mean by authentication.17. Explain in detail about Password based one-way authentication.18. Write a short note on challenge response protocol.19. Write a short note on certificate based authentication.20. List all types of mutual authentication and explain any one in detail.


2014


21. Describe the use of timestamp based method for the purpose of mutual authentication.22. Write a short note on dictionary attacks.23. Explain how dictionary attacks can be defeated.24. Write a short note on asymmetric key-based authentication.

FILL IN THE BLANKS:

1. New generation ___________ and __________________ can be used to store an individual’s fingerprint.2. The most common mechanism for authentication is _______________.3. __________________ is an attack in which a part of a message received by an attacker is reflected back to the

victim.4. Private key operations are notoriously ______________.5. _______________ is an alternative to nonce.6. __________________ and _________________ are types of dictionary attacks.7. ___________________ is nt susceptible to an offline dictionary attack.8. A property of EKE is that it provides _______________________.9. Public key/private key operations are relatively slow compared to __________________.

10. The main function of the KDC is to securely communicate a _____________________.11. Impersonation can be a consequence of replay attacks in scenarios involving ___________ or ____________.12. KDC used in Needham Schroeder protocol is logically split into two entities _____________ and

_____________.13. The __________________ is mot maintained on the KDC but in the tickets issued by AS.14. A ____________ is a biological feature or a characteristic of a person that uniquely identifies him/her over

his/her lifetime.15. _______________ was proposed as an alternative or complement to passwords.16. ____________ and_______________ are processes involved in a biometric system.17. The _________ is a thin, opaque diaphragm of smooth muscle situated in front of the lens.

MULTIPLE CHOICE QUESTIONS:

1. The use of which of the following provides two-factor authentication?a. Digital image of a person’s fingerprint stored on an electronic passport.b. PIN enabled chip card for electronic payment.c. Use of login name + passwordd. Driver’s license + national ID card

2. Entity authentication is used to protect against.a. Session hijackingb. impersonationc. replay attacksd. identity theft

3. The EKE protocol is resistant toa. Replay attacksb. Man-in-the-middle attacksc. Dictionary attacksd. Reflection attacks.

4. Which of the following measures is/are effective in thwarting online dictionary attacksa. Store the hash of the password on the authentication server.b. Send the hash of the password over the communication link.c. Client responds to server nonce by computing a one way function of the nonce and the password.


2014


d. Server disables login after four incorrect login attempts.

5. Which of the following is/are true about nonces/timestamps?a. A nonce may or may not be predictable.b. Use of timestamps requires fewer numbers of messages compared to nonce-only authentication

protocols.c. Server keeps track of nonce it has used in the past.d. Timestamp based protocols are sensitive to clock skew.

6. The KDC functions as a/ana. Authentication serverb. Trusted third partyc. Certification authorityd. Timestamp authority

7. The KDC obviates the need fora. Digital certificatesb. Message integrity verificationc. Message confidentialityd. having long term secrets between every pair of entities

8. The Kerberos protocol protects against which of the following attacksa. Dictionary attackb. Man in the middle attackc. Replay attackd. Denial of service attack

9. In Kerberos a long term key is shared betweena. Each client and each application serverb. Each client and the authentication serverc. Each client and the ticket granting serverd. Each application server and the authentication server

10. Which of the following characteristics does a mutual signature lack?a. Permanenceb. Universalityc. Uniquenessd. Robustness

11. Which of the following characteristics is most widely used in fingerprint recognition?a. Number and coordinates of arch patternsb. Number and coordinates of loop patternsc. Number and coordinates of whorl patternsd. Coordinates and orientations of fingerprint minutiae.

Unit 3

SHORT QUESTIONS:

1. State the three areas where security can be implemented.2. What is IPSec?


2014


3. What does a DoS do?4. State the type of information included in SA.5. How can SA be uniquely identified?6. State the main difference between AH and ESP.7. Draw a figure showing AH Header.8. Draw s figure showing ESP Header.9. What is a tunnel mode?10. Define NAT.11. What is IKE?12. What is a Security Policy Database?13. Define a virtual private network.14. What is a Site-to-Site VPN?15. What is the purpose of SSL handshake protocol?16. What do you mean by a Record layer protocol?17. State the steps in a handshake.18. State the main steps in a SSL handshake.19. Write down the formula of Master Secret.20. Write down the formula of Derived Secret.21. What is a signature-only certificate?22. Define OpenSSL.23. State the use of OpenSSL.

LONG QUESTIONS:

1. Describe the process of message confidentiality using KDC.2. Explain in detail the preliminary version 1 of Needham-Schroeder Protocol.3. Explain in detail the preliminary version 2 of Needham-Schroeder Protocol.4. Explain in detail the preliminary version 3 of Needham-Schroeder Protocol.5. Describe in brief Man – in – the - middle attack.6. Describe in brief the replay attack7. Explain in detail what Kerberos is.8. Write a short note on Kerberos message sequence.9. Describe the phases involved in a biometric sequence.10. Describe two situations where biometrics is used.11. List and describe the characteristics of a good biometric.12. Explain “error measures” in biometrics.13. Write a short note on fingerprints.14. Write a short note on Iris Scan.15. State the advantages and disadvantages of Security at different levels.16. List the type of services provided by “DOS”.17. Write a short note on IPSec Security Association.18. Describe AH and ESP protocols in detail.19. Compare and contrast Tunnel Mode and Transport Mode.


2014


20. Write a short note on IPsec Cookies.21. Explain in detail IKE phase-1.22. Differentiate between Main mode and the aggressive mode of IKE-Phase 1.23. Write a short note on IKE-Phase24. Describe Security Policy and IPSEC.25. Write a short note on Virtual Private Network.

FILL IN THE BLANKS:

1. Security is commonly implemented between the ___________ layer and the ___________ layer.2. ______________ is the best known protocol for providing security at the network layer.3. An SA is uniquely identified by a combination of a 32-bit ____________________ and the

_____________ of the connection endpoint.4. The main difference between AH and ESP is that ____________ has no provision for confidentiality.5. The only IPSec protocol/mode that can co-exist with NAT is _______________ in the tunnel mode.6. ___________________ is the first phase of IKE.7. A _______________ is used to determine whether a packet sent or received should pass through

security or simply be dropped.8. The two most widely used VPNs are ____________________ and ____________________.9. The SSL is sandwiched between the ____________ layer and the __________layer.10. A good security practice is to change keys during a _________________ session.11. The _______________ is used to securely transmit data using the negotiated cipher suite and the

keys derived during SSL handshake.12. _________________ is open source software that implements the SSL/TLS protocol.

MULTIPLE CHOICE QUESTIONS:

1. A receiving node determines the SA an IPSec packet belongs to based ona. The sequence number in the IPSec headerb. The SPI in the IPSec headerc. Source IP addressd. A combination of source

2. An extra network layer header is inserted bya. AH in transport modeb. AH in tunnel modec. ESP in transport moded. ESP in tunnel mode

3. Which of the following is NAT compatible with?a. Ah in transport modeb. AH in tunnel modec. ESP in transport moded. ESP in tunnel mode

4. IKE borrows heavily froma. EKEb. SSL


2014


c. Oakleyd. ISAKMP

5. IPSec is designed to withstand replay attacks through the use ofa. Sequence numbersb. Noncesc. Nonces + Sequence numbersd. Tiestamps

6. The advantage of IKE Phase 1 Main mode over IKE Phase 1 Aggressive mode isa. Main mode uses fewer messagesb. Main mode provides greater securityc. Main mode hides the identities of the communicating entitiesd. Main mode has a larger suite of options for key exchange

7. SSL provides security at which layer?a. Applicationb. Transportc. Networkd. Data Link

8. Which of the following is/are mandatory in SSL?a. Server authenticationb. Client authenticationc. Message confidentialityd. Non-repudiation

9. Which of the following may be negotiated as part of the SSL handshake?a. New Session IDb. Key exchange protocolc. Initial sequence numberd. Encryption algorithm

10. The SSL Record Layer Protocola. Entity authenticationb. Message authenticationc. Key agreementd. Message integrity checking

11. SSL protects against which of the following attacks?a. Man in the middle attackb. Replayc. Denial of serviced. Dictionary

Unit 4

SHORT QUESTIONS:


2014


1. Which are the two principles of WLANs.2. State the full form of AAA.3. State the full form of RADIUS.4. What is a basic service set?5. What is a Beacon?6. State the entities involved in authentication in 802.11i.7. Define EAP.8. List out the main authentication methods supported by EAP.9. What is a protected EAP?10. State the two types of keys used in a WLAN.11. What is a pairwise key?12. State the difference between PTK and PSK.13. What is the use of a Key Confirmation key?14. State the goals of a four way handshake.15. What is a known plaintext attack?16. Define frame sequence counter.17. Show diagrammatically two-phase key mixing in TKIP.18. State the full form of UMTS.19. What does the MSC do?20. Give the full form of VLR.21. Give the full form of SIM.22. State the security goals of GSM/UMTS.23. What do you mean by TMSI?24. State the principal tasks that are involved in providing security in GSM.25. List out the steps taken in GSM entity authentication.26. Define false base station attack.27. State any one shortcoming of GSM.28. State the steps involved in UMTS authentication.29. State the formula to compute Per-message MAC.30. Show diagrammatically the integrity protection and encryption in UMTS.31. State the formula to computer a KEYSTREAM.

LONG QUESTIONS:

1. Describe briefly what do you mean by SSL.2. Explain SSL handshake protocol.3. Explain the key design ideas in SSL HP.4. Write a short note on SSL Record Layer protocol.5. Describe briefly Open SSL.6. Explain infrastructure of wireless LAN.7. Describe briefly Pre-WEP Authentication.8. Describe authentication in WEP.9. Compare and contrast the authentication techniques in WEP and PRE-WEP.10. Explain in detail authentication and Key agreement in 802.11 ii11. Describe each of the entities involved in authentication.12. Describe all the authentication methods supported by EAP.13. Explain key hierarchy in authentication in 802.1 ii14. Write a short note on 4-way handshake in 802.11 i.


2014


15. List the techniques used for data protection in WEP. Explain any one in detail.16. Describe data protection in TKIP.17. Describe data protection in CCMP.18. Draw diagram of 2-phase key mixing in TKIP.19. Draw diagram of MAC generation and encryption in CCMP.20. Explain all the entities relevant to security in cellular networks.21. List out the security goals in GSM/UMTS.22. Explain entity authentication and key agreement in GSM security.23. Describe the problems that arise in GSM security.24. Write a short note on security enhancements in UMTS.25. List out the differences of authentication and key agreement in UTMS and GSM.26. Describe how integrity protection and encryption used for security purpose in UMTS is.

FILL IN THE BLANKS

1. ____________ present formidable challenges in the area of security.2. AAA functionality is often provided by a _____________ server.3. A network of wireless stations associated with an AP is referred to as a _____________.4. 802.11i uses _______________ a protocol that supports authentication at the link layer.5. The AP broadcasts its security capabilities in the _____________ or _____________ frames.6. ______________ is the most basic of the EAP authentication methods.7. Protected EAP is proposed by _____________,________________ and _______________.8. The first task in preparing a frame for transmission is to compute a ______________.9. The successor to GSM is ____________________ or simply _______________.10. The full form of 3GPP is _____________________.11. Encryption of messages between the base station and the cellphone is performed by a

____________.12. The MSC/VLR sends the list of all __________________ and encryption algorithms to the base

station controller.13. Message origin authentication and integrity protection are provided using a ________________.

MULTIPLE CHOICE QUESTIONS

1. The secrets stored on the SIM card includea. The IMSIb. A long term key shared with the MSC/HLRc. The key used for encrypting user messagesd. The key used for integrity-protecting all messages

2. User identity confidentiality is provided bya. Encrypting the ID of the subscriberb. Use of the TMSIc. Using public key of the subscriberd. Using the hash of the subcriber’s ID


2014


3. The SIM authenticates itself to the MSC/HLR usinga. A user passwordb. A digital certificatec. A response to a challenged. An encrypted signalling message

4. The key used for message encryption is a function ofa. The IMSIb. The TMSIc. A random number generated by the base stationd. The long term key shared between the SIM and the MSC/HLR

5. The MAC computed in UMTS is used toa. Authenticate the base station to the SIM cardb. Authenticate the SIM card to the base stationc. Authenticate the MSC/HLR to the SIM cardd. Authenticate the SIM card to the MSC/HLR

6. Which of the following is/are true of encryption/integrity protection in UMTS?a. KASUMI is used in OFB mode for block encryptionb. KASUMI is used in CFB mode for block encryptionc. A keyed hash is used for integrity protectiond. KASUMI is used in CBC mode for integrity protection

7. The RADIUS servera. Is a part of the wireless infrastructure within a typical organizationb. Is part of the wired infrastructure within a typical organizationc. Is responsible for authentication , authorization, and accounting4d. Communicates fluently using EAPOL messages

8. The Key Confirmation Key (KCK) is used toa. Integrity-protect data between station and the APb. Integrity-protect messages between in the four way handshakec. Encrypt data between the station and the APd. Encrypt the message containing the Group Key

9. The four way handshake is used toa. Authenticate the station to the APb. Authenticate the AP to the stationc. Agree on a pairwise master keyd. Agree on a pairwise transient key

10. Inputs to the key-mixing function that produces the per-frame encryption key in TKIP includesa. The PMKb. A frame sequence numberc. The sender’s MAC addressd. The reciever’s IP address

11. The message integrity check in CCMP is computed usinga. Two-phase key mixingb. AES in CBC modec. A keyed hashd. A CRC

Unit 5


2014


Short QUESTIONS:

1. What is the main purpose of DoS?2. Give an example of a DoS attack.3. What is a smurf attack?4. What is a Distributed DoS?5. List the steps of session hijacking.6. What is the difference between Mitnick’s attack and TCP connection hijack?7. Show diagrammatically how ARP cache poisoning leads to MiM attack?8. What does a static ARP cache do?9. What is DNSSEC?10. Which information is stored in RRSIG?11. Draw the figure of WLAN frame spoofing.12. What is an inter-frame space?\

13. Give the full form of NAV.14. For what purpose is Duration field used?15. What is phishing?16. Give a small example of phishing.17. When does a Buffer overflow occur?18. Show the organization of virtual memory.19. Give example of a function call and its associated stack organization.20. State one point regarding BOF vulnerability.21. State any two defensive measures against BOF.22. What is a canary value?23. Defiine cross Site scripting.24. What is the main difference between whitelist and blacklist?25. What is an SQL injection?26. State a remedy for SQL injection.

LONG QUESTIONS:

1. List out any explain any two DoS scenarios.2. Write a short note on impact and SYN flooding.3. Draw a diagram showing an attacker using s spoofed source address for an attack.4. List out and explain in detail the steps involved in session hijacking.5. Write a short note on impersonation and session hijacking.6. Write a short note on ARP spoofing.7. List out the features of “intelligent switches”.8. List out the preliminaries involved during a pharming attack.9. Explain in detail a pharming attack scenario.10. Explain with diagram the working of DNS cache poisoning.11. Describe briefly Spoofed Response ID based attacks.12. Write a short note on DNSSEC.13. Explain in detail about Frame Spoofing.


2014


14. What do you mean by violating MAC etiquette? Explain with figure.15. Differentiate between Violating Inter-frame spacing Rules and Abusing Virtual Carrier Sensing.16. Explain phising attack with example.17. List out the key points regarding Buffer Overflow vulnerabilities.18. Write a detailed note on Stack-related Preliminaries.19. Describe Function call and associated stack organization with figure.20. Explain how stack overflows can be exploited through the use of shell code.21. Describe in brief “Return-into-LibC”.22. List out and explain the defence measures against Buffer overflows.23. Explain Heap Overflows.24. What is a format string attack? Explain with example25. Write a short note on reading from an arbitrary memory location.26. List out and explain XSS vulnerabilities.27. Explain the defensive methods for overcoming XSS.28. Explain in detail about SQL injection.29. Write a short note on SQL injection remedies.

FILL IN THE BLANKS:

1. The main purpose of a DoS attack is to consume the __________ of its victim to the point where itcrawls to a halt.

2. In a TCP SYN Flooding attack, the ___________ space is reserved for each incoming connectionrequest of a three-way handshake.

3. The _____________ attack is launched by geographically dispersed zombies located across theinternet.

4. The ____________ resolver is a piece of software in the OS of a client’s machine.5. The DNS query and DNS response from a DNS server of a client uses _________ packets.6. DNSSEC was proposed by ____________________.

7. To save battery power, a mobile station powers off its ____________.8. The _______________ keeps track of the duration of the time for which the network is expected to

be busy.9. ________________ and ________________ relate to the ability of the software to function as

expected according to specifications.10. The _______________ vulnerability is one of the most common and oldest software vulnerability.11. The _____________exploit uses existing code in the C library to spawn a shell.12. The exact number of variables in a printf() functions is determined by _________________ which

may only be available at runtime.13. A website is said to have an ________________ is it inadvertently includes malicious scripts crafted

by an attacker.14. ____________________ applications typically have three tiers , the web, the application and the

database tier.

SHORT QUESTIONS:


2014


1. Which of the following is/are necessary features of a DoS attack?a. Use of TCP SYN packetsb. Use of spoofed IP packetsc. Use of multiple attackers geographically dispersedd. Use of malformed IP packets

2. Which of the following is true in a Smurf attack?a. The victim receives a large number of UPD packets to non-listening ports.b. The victim receives a large number of TCP SYN-ACK packetsc. The victim receives a large number of ICMP “echo request” messagesd. The victim receives a large number of ICMP “echo replay” messages

3. Which of following holds true in ARP?a. ARP request frames are always unicastb. ARP response frames are always unicastc. ARP request frames are always broadcastd. ARP response frames are always broadcast

4. Which of the following is/are true of DNS queries and responses?a. They use TCPb. They contain an 8 bit ID fieldc. The first valid response is saved, all the rest are ignoredd. DNS responses may contain gratuitous records

5. The basic idea in DNSSec isa. To have each requester sign in DNS queryb. To encrypt each DNS query responsec. To have a name server sign each DNS responsed. To have a name server encrypt each DNS response

6. Virtual Carrier Sensing in IEEE 802.11 is made possible bya. Detecting collisions on the channelb. Observing the Duration field of a framec. Observing the presence of an RTS framed. Observing the presence of a CTS frame

7. The vulnerability exploited in a phishing attack involving an online bank is due toa. Poor authentication procedures by the bank’s web serverb. XSS vulnerability in the bank’s web serverc. SQL injection vulnerability in the bank’s application softwared. Human gullibility

8. Which of the following are not placed on the program attack?a. Local variables of the called functionb. Dynamically allocated variables in the called functionc. Return address of callerd. Calling arguments of the called function

9. Poorly designed social networking sites are especially vulnerable toa. Buffer overflow attacksb. SQL injection attacksc. Non-persistent cross-site scripting attacksd. Persistent cross-site scripting attacks

10. A persistent cross-site scripting attack saves malicious code oon


2014


a. The clientb. The serverc. Both, client and serverd. Neither client and server

11. An SQL injection attack may be used toa. Delete a tableb. Read a row in a tablec. Change column names in a tabled. Change number of columns in a table

12. The most effective remedy for SQL injection attacks isa. To filter HTML form input at the client sideb. To employ stored procedures on the database serverc. To employ prepared SQL statements on the web serverd. To perform input validation on the server via regular expressions

Unit 6

SHORT QUESTIONS:

1. What is RFID?2. Which are the two types of tags used in RFID?3. State the uses of RFID.4. List out which are the principal threats to RFID.5. What is a cloned tag?6. What do you mean by a ghost read?7. State the commands that correspond to inventory operation.8. Give a solution for the tracking problem.9. What is a spurious read?10. What is a machine readable zone?11. Why is an electronic passport used?12. State the key steps BAC.13. What is the entropy of a DoB field?14. What is the entropy of an Expiry Date field?15. What is the entropy of Passport ID?16. List the categories of payment types.17. What is a pre-paid payment?18. What do you mean by point of sale?19. What is an FSP?20. What is a PSP?21. Define SET.22. What is the main purpose of SET?23. Give examples of technologies which can be used for proximity payment system.24. What is a processor card?25. State the applications of a smart card.26. State the information which is stored on the magnetic strip of a debit/credit card.27. List the types of attacks possible on debit/credit cards.28. What is skimming?29. What is a cloned card?30. How can the use of a lost or a stolen card be prevented?


2014


31. What is a chip card?32. Is chip card different from an EMV card? Justify with proper reason.33. State the steps involved in card based transactions.34. State any one method for cardholder verification.35. What is the main issue involved while making a payment over the internet?36. What is a mobile payment?37. State the purpose of using mobile banking.38. What is an e-coin?39. What is an e-cash protocol?

LONG QUESTIONS:

1. Describe the RFID basics.2. Write a short note on the applications of RFID.3. List out any four security issues related to RFID and explain any one.4. Explain the features and resources related to generation 2 tags in detail.5. List out the commands and operations for generation 2 tags.6. Write a short note on solutions at the physical layer for RFID privacy.7. Write a short note on solutions at the application layer for RFID privacy.8. Compare and contrast set of hash values to set of hash lists.9. How can forward security be maintained for the pur pose of RFID privacy?10. Describe the basic concerns of electronic passwords.11. Write a short note on Authenticity/Integrity of Passport Information.12. Explain in detail about confidentiality of Passport Information.13. List out the categories of electronic payment systems and describe each of them briefly.14. Describe briefly communication technologies.15. Write a detailed note on smart card and smart phones.16. Explain with figure the process of Smart card-based payment.17. Describe the attacks on credit card holders while performing e-transactions.18. Explain in detail Chip Card Transactions.19. List and explain the steps involved in card-based transactions.20. Describe the issues and concerns of payment process over the internet.21. Explain in detail SET/ Secure Electronic Transactions.22. List out the important features of SET.23. Explain the process involved in online rail ticket booking.24. Write a short note on mobile payments.25. List out and explain the steps involved in a mobile banking transaction on a Java-enabled cell phone.26. Write a short note on electronic cash.27. List out the steps to modify e-cash protocol.


2014


Documents

Department of Computer Science and Technology, UTUutu.ac.in/dcst/download/documents/QBMSCIT060010708.pdf · 2014-10-18 · Department of Computer Science and Technology, UTU 2014