Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • T4-04 Qs PAPER SAM

    Încărcat de

    Aman Saxena
    20 vizualizări3 pagini
    ed;jmcnmna.

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    ed;jmcnmna.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    20 vizualizări3 pagini

    T4-04 Qs PAPER SAM

    Încărcat de

    Aman Saxena
    ed;jmcnmna.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 3

    i Nu*" of the r,,o.,,,)*rtr*...... Roll No...

    The Nationatl Law Institute University, Bhopal


    Term/Ex-Student Examination-Septembe r, 2016
    M.S. (Cyber Law and Information Security)
    Trimester-IV
    Security Architecture and Models
    Time: Three Hours Maximum Marks:80
    Instructions:

    (1) Answer anyfour questions including Questiott No.I snd 2 which are Compulsory.
    Q) AA questions carry equal marks.
    (3) No overwriting/alteration in tlrc answers of Question No.I is allowed.
    (4) Tlte Students may seek clarification regarding tlte questions in the Jirst thirty (30) nfinutes of
    tlte beginrilng of tlte examinotion and no request in this regard will be entertained
    tltereafter.

    Q.1 (a) Choose the most appropriate option:

    i. Rating'EAL-4'of ISO 15408 is-


    A. Tested and Reviewed
    B. Methodically Designed Tested and Reviewed
    C. Semi formally Tested, Verified
    D. Semi formally Design anci Tested
    ii. Systems that are described as are built upon standards, protocols, and
    interfaces that have published specifications, which enable third-par1y vendors to develop
    add-on components and devices.

    A. Close

    B. Semi Close

    C. Open
    D. Semi Open
    iii. The concept of 'Object Reuse' is introduced in which of the following class of TCSEC-
    A. B2
    B. CI
    C. C2
    D. BI
    iv. Which of the following is not an element of Enterprise Security Architecture?
    A. Security Policy
    B. Security Seruices
    C. Security Dornains
    D. Trust Levels
    Page 1 of 3

    tu
    ,, ..

    v. According to TN[, the two global considerations that affect the interconnection of sysiems :'

    are_ r
    A. Propagation of local risk and cascading problern
    B. Risk factor and Risk Analysis
    C. Risk Metrics and Risk Evaluation
    D. Risk Mitigation and insider: attack problem
    vi. Which of the following is comect about Simple Objecf Access Protocol (SOAP)?
    A. SOAP allows you to get around the firewall
    B. SOAP will be developed as a World Wide Web Consortium (W3C) Architecture
    C. Both A and B
    D. None of the above
    vii. Which of the following language is used by Universal Description Discovery &
    Integration (UDDI)?
    A. Object Oriented Programming (OOP)
    B. Web Services Description Language (WSDL)
    C. Simple Object Access Protocol (SOAP)
    D. None of the above
    viii. Which of the following Enterprise Security Solution does not supports the Access Control
    -,
    -lis+pslilxias?_ __

    _ A. Neqrrork;;"
    B. End Point Orchestrator
    C. Firewall
    D. Security Incident and Event Management
    ix. 'Trusted Distribution' concept is introduced in Al class of TCSEC under which of the
    following head-
    '
    l fi:x?:ilTAuthentication *

    C. Life cycle Assurarrce


    D. Trusted Facility Management
    x. In Trusted Network Interpretation, 'NSAP' stands for-
    A. Network Security Availability Process
    B. Network Service Access Poin{

    D. Network Service Automatic Protection

    Page 2 of 3

    *
    (b) Fill in the Blanks:

    xi. A program is mandated by Enclosure (3) of DoDD 5zo0.2g in TNI.


    xii. The main goal of Chinese Wall rnodel is to avoid
    xiii' Service Oriented Architecture (SOA) is the architectural style that supports
    services to enable business flexibility.
    xiv' In covert tirning channels the service prcgram and spy need access to
    resources.
    xv. In Bell LaPadula security model,'simple property'and'Star propefty'can also
    be
    represented as_ and
    xvi. 'ASE TSS' stands for
    xvtl. is a formal description of a security policy.
    xviii. [n a Non-interference model,_ is a set of objects that a user can access.
    xix. The architecture of 'The Open Group Architecture fi.amework,
    (TOGAFF) defines strategy, govelnance and key operation procedure.
    xx. A represents a piece of code that is executed within a process.

    Q2 XYZ is a computer manufacturing company established in US. XyZ wishes to release a new
    product'XYX-Nano'' So, to gain the customer's confidence,XYZ initiated a security
    evaluation
    process for their new product 'XYZ-Nano' in US. The company
    claims that their new product is
    equivalent to highest rzting of TCSEC.

    Considering yourself as a security auditor, discuss the requirements for achieving


    the highest
    rating in TCSEC in detail. Make the necessary assumptions wherever required.

    Q'3 Explaining the meaning and significance of 'security nrodel', discuss the Clar-k Wilson model
    with the help of suitable examples. Also differentiate between Clark Wilson model and
    Biba
    model.

    Q'4 What is the purpose of 'security Evaluation Criteria'? Discuss the salient features of TCSEC
    and ITSEC adopted by Common Criteria (CC). Also discuss the different
    assurance levels
    provided by CC in detail.

    Q'5 (a) Wrat do you understand by Buffer Overflow attack and Covert Channel attack? Discuss
    the countemeasul"es available to a user to combat these attacks.

    Q'5 (b) Explairring the concept of 'Network Trusted Computing Base', discuss the Trusted
    Network Interpretation (TNI) in detail.

    Page 3 of 3

    tu

    S-ar putea să vă placă și