UNIT 1
Confidentiality, Integrity-Availability, Security Violation-Security Threats, Security Policy and
Procedure-Assumptions and Trust, Security Assurance-Implementation Issues, Operational Issues -
Security Life Cycle, Discretionary and Mandatory Models-Roll-based model, Task-based model-Unified
Models, Access Control Algebra-Temporal model, Spatio-temporal Model
1. Information security is designed and implemented on basis of Sphere of protection into
A. Policies, People, Technology
B. Protection, People, Technology
C. Protection, Policy, Technology
D. Policies, Protocols, Technology
2. Which is not an objective of network security?
A. Identification
B. Authentication
C. Access control
D. Lock
3. Information security system must be protected. In case of an attack, it must:
A. Shutdown once the attack is confirmed
B. Provide enough information to assess the damage caused by the attack.
C. do nothing
D. None of the above
4. Choose the most appropriate answer. Assessing, analyzing and investigating the damage caused
by an information security breach is called __________.
A. Forensics
B. Information flow analysis
C. Security Assessment
D. Security Audit
5. The process of verifying the identity of a user.
A. Authentication
B. Identification
C. Validation
D. Verification
6. According to the CIA Triad, which of the below-mentioned element is not considered in the
triad?
A. Confidentiality
B. Integrity
C. Authenticity
D. Availability
�7. This is the model designed for guiding the policies of Information security within a company,
firm, or organization. What is “this” referred to here?
A. Confidentiality
B. Non-repudiation
C. CIA Triad
D. Authenticity
8. ______ means the protection of data from modification by unknown users.
A. Confidentiality
B. Integrity
C. Authentication
D. Non-repudiation
9. B received a message from A, it can neither confirm if A sent it nor ascertain that the
message was untampered. The two are violations of
A. Confidentiality and Authentication
B. Confidentiality and Message integrity
C. Authentication and Message integrity
D. Authentication and Availability
10. Access control lists include______________
A. specific configuration codes entered into security systems to guide the execution of the
system
B. Collection of all memory locations
C. Capability tables governing the rights and privileges of a particular user to a particular
system
D. Security Policy and Mechanism
11. _____ Provide all the privileges of the read role
A. Update
B. Execute
C. Delete
D. readWrite
12. __________Consists a specified resource and the actmions permitted on the resource
A. Privilege
B. Action
C. Command
D. Right
13. Suppose in a system you have 2000 files and 4 user who has access rights to these files. Which
one of the following will be the best method to implement access control?
A. Using Access Matrix
B. Using a capability based implementation
C. using access control lists
D. other advanced Techniques which work well
�14. ___________________ Access controls are the hardware or software mechanisms used to
manage access to resources and systems and to provide protection for those resources and
systems.
A. Administrative
B. Logical/technical
C. Physical
D. Preventative
15. To control access by a subject (an active entity such as individual or process) to an object (a
passive entity such as a file) involves setting up:
A. Access Rules
B. Access Matrix
C. Identification controls
D. Access terminal
16. Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within
what category of access control ?
A. Discretionary Access Control (DAC)
B. Mandatory Access control (MAC)
C. Non-Discretionary Access Control (NDAC)
D. Lattice-based Access control
17. Which of the following is not an access control mechanism
A. serialized Access Control
B. Discretionary and Mandatory Model
C. Roll-based model
D. Task-based model
18. The type of discretionary access control (DAC) that is based on an individual's identity is also
called:
A. Identity-based Access control
B. Rule-based Access control
C. Non-Discretionary Access Control
D. Lattice-based Access control
19. Which access control type has a central authority that determine to what objects the subjects
have access to and it is based on role or on the organizational security policy?
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
20. What is called the type of access control where there are pairs of elements that have the least
upper bound of values and greatest lower bound of values?
A. Mandatory model
B. Discretionary model
C. Lattice model
D. Rule model
�21. What is called the act of a user professing an identity to a system, usually in the form of a log-on
ID?
A. Authentication
B. Identification
C. Authorization
D. Confidentiality
22. If we want to include attributes from two different which of the following operation is needed?
A. Set Difference
B. Union
C. Cartesian Product
D. Projection
23. Which form of access control enables data owners to extend access rights to other logons?
A. Mandatory Access Control
B. Discretionary Access Control
C. Role-based Access Control
D. Rule-based Access Control
24. The form of data, having an associated time interval during which it is valid is known as
A. Temporal Data
B. snapshot Data
C. Chunk Data
D. Point in the time Data
25. Functional dependencies that have a time associated with them during which they are valid are
called as________
A. Timed functional dependencies
B. Clocked functional dependencies
C. Temporal functional dependencies
D. Modeled functional dependencies
26. The Term That Means the value of the data at a particular point in time is said to be
A. Interval Data
B. Temporal Data
C. Chunked Data
D. Snapshot Data
27. Which of the following is the time of temporal data that record when a fact was recorded in a
database?
A. Transaction time
B. Valid time
C. Enter time
D. Exit time
28. Which of the following examples is not spatio temporal (ST) change pattern analysis
A. Urban Sprawl Analysis
� B. Big Data Analysis
C. Climate Change Analysis
D. Human Movement Analysis
29. Spatio-Temporal data analysis involve_________
A. Hotspot Detection
B. Big Data Analytics
C. Database Indexing
D. Segmentation
30. Employee have been noticed sharing password of some office application which contain specific
data, Recently during a penetration testing it has been found out the password used by the
employee are weak and susceptible to dictionary attacks especially the onsite team that access
the office application from a public network. The team has decided to make some system and
the network policy changes. Which of the following policies could best resolve the issue?
A. Educate User to use strong Password
B. Educate user to not to share password
C. Enforce strong Password and educate user to not to share Password
D. penalize employees who use weak password
�1. Write the four important functions performed by information security for an organization
2. What is meant by balancing Security and Access?
3. List the legal, ethical and professional issues related to information security
4. What are the approaches used in information security?
5. If the C.I.A Triangle is incomplete why is it so commonly used in security?
6. Differentiate between a policy, a standard and a practice
7. Differentiate between attack and threat
8. What are the various threats to information?
9. What is meant by attack? How does it differ from vulnerability?
10. Differentiate DOS and DDOS
11. What are the various types of malware? How does it differ from viruses?
12. What are the Implementation Issues present in Computer Security
13. What is meant by Discretionary Access Control?
14. What is meant by Mandatory Access Control?
15. What is meant by Access Control Algebra
16. What is meant by Unified Models
17. What is meant by Temporal model and Spatio-temporal Model
18.
�1. Briefly Explain the Components of an information System and their Security
2. Discuss the legal and ethical issues associated with the information security.
3. How to operate an information system that satisfies the user and the security professional by
Balancing Information Security and Access
4. Information security is a major concern for the software industry today as the number of
internal threats is nearly 80% - Discuss on the statement highlighting the various attacks.
5. Identify the six components of an information system. Which are mostly directly affected by the
study of Computer Security? Illustrate with an Example
6. Explain different phases of Security Systems Development Life Cycle (SSDLC).
7. List the Different types of security policies? Explain in detail with an example.
8. Explain in detail about Cost Benefit Analysis and Risk Analysis
9. Discuss in detail about Roll-based model and Task-based model
10. Explain in detail about Access Control Algebra
11. Discuss in detail about Unified Models with suitable examples
12. How Temporal model and Spatio-temporal Model can be implement in information security,
Explain in Detail.
