Chameli Devi Group of Institutions

Department of Information Technology

(SESSION EVEN 2017-2018)

VI SEM IT

Viva Questions

Information Security

[IT-801]

1.What’s the difference between encoding, encryption, and hashing?

Ans:
Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original
message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for
encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality
and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-
reversible), and the output is of a fixed length that is usually much smaller than the input.

2. What is information Security about?

Ans:
In general terms it’s about
• Computers and their electronic content (digital data)
• Access to computers and data on computers and other electronic devices
• Paperwork – hard copy information
• People with access to computers and information (what they say and
What they do).

3.How do you classify information, Security risks across an organization?

Ans:
Its best classified according to the nature of risks:
1. Assets security risk
2. People security risk
3. Operational risk
4. Communications security risk

4. What is the importance of Encryption on a network?

Ans:
Encryption is the process of translating information into a code that is unreadable by the user. It is then
translated back or decrypted back to its normal readable format using a secret key or password. Encryption
help ensure that information that is intercepted halfway would remain unreadable because the user has to
have the correct password or key for it.

5. Explain the importance of authentication.

Ans:
Authentication is the process of verifying a user’s credentials before he can log into the network. It is normally
performed using a username and password. This provides a secure means of limiting the access from
unwanted intruders on the network.

6. What is the Public Key Encryption?

Ans:
Public key encryption uses public and private key for encryption and decryption. In this mechanism, public key
is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a
message, a sender has to know recipient’s public key.

7. What is Digital Signatures?

Ans:
Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the
authenticity of the sender.

8. What are Brute Force Attacks?

Ans:
Brute forcing is a mechanism which is used by an attacker to break the encryption of data by applying a set of
various keys. Cryptanalyst has a set of number of keys and apply them one by one to the encryption algorithm
until he gets the right key.

9. How do you use RSA for both authentication and secrecy?

Ans:
RSA is a public key encryption algorithm. The RSA algorithms are based on the mathematical part that it is easy
to find and multiply large prime numbers together, but it is extremely difficult to factor their product.
For authentication: One can encrypt the hash (MD4/SHA) of the data with a private key. This is known as digital
signature.

10. If you are a victim of Denial of Service (Dos) then what you do?
Ans:
The function of a denial of service attack is to flood its target machine with too much traffic and prevents it
from being accessible to any other requests or providing services.
To prevent DoS attacks firewall can be configured as a relay; in this approach the firewall responds on behalf of
the internal host. During the attack, the firewall responds to the SYN sent by the attacker; since the ACK never
arrives, the firewall terminates the connection.

11. if We have to generate a hash function then what characteristics are needed in a secure hash function?
Ans:
A secure hash function should have the following characteristics:
 The output generated by a hash function should be of a fixed length.
 It should be very easy to find out a hash function for a given message.
 If a hash value is given of a message than it is almost impossible to get that message.
 The two different messages should not have the same hash value; it is against the hash function
property.
 Chameli Devi Group of Institutions
Department of Information Technology
Information Security [IT-801]
Practical List

Date of Date of Faculty’s

S. No. List of Experiments/Practical’s Remarks
Experiment Submission Signature
Study of Network Security fundamentals - Ethical
1
Hacking, Social Engineering practices.
Study of System threat attacks - Denial of
2
Services.
Write a program to implement the Caesar cipher
3
technique.
Write a program to implement the Asymmetric
4
encryption-RSA Algorithm.
Study of Virus and Trojans & its removal.
5
Write a program to implement the RC4
6
Algorithm.
Write a program to implement the DES
7
encryption Algorithm.
Study of Sniffing & Spoofing Techniques.
8

Study of Web Based password capturing.

9
Study of Honeypots.
10
 Study of IP based Authentication.
11