Documente Academic
Documente Profesional
Documente Cultură
(1) Answer anyfour questions including Questiott No.I snd 2 which are Compulsory.
Q) AA questions carry equal marks.
(3) No overwriting/alteration in tlrc answers of Question No.I is allowed.
(4) Tlte Students may seek clarification regarding tlte questions in the Jirst thirty (30) nfinutes of
tlte beginrilng of tlte examinotion and no request in this regard will be entertained
tltereafter.
A. Close
B. Semi Close
C. Open
D. Semi Open
iii. The concept of 'Object Reuse' is introduced in which of the following class of TCSEC-
A. B2
B. CI
C. C2
D. BI
iv. Which of the following is not an element of Enterprise Security Architecture?
A. Security Policy
B. Security Seruices
C. Security Dornains
D. Trust Levels
Page 1 of 3
tu
,, ..
v. According to TN[, the two global considerations that affect the interconnection of sysiems :'
are_ r
A. Propagation of local risk and cascading problern
B. Risk factor and Risk Analysis
C. Risk Metrics and Risk Evaluation
D. Risk Mitigation and insider: attack problem
vi. Which of the following is comect about Simple Objecf Access Protocol (SOAP)?
A. SOAP allows you to get around the firewall
B. SOAP will be developed as a World Wide Web Consortium (W3C) Architecture
C. Both A and B
D. None of the above
vii. Which of the following language is used by Universal Description Discovery &
Integration (UDDI)?
A. Object Oriented Programming (OOP)
B. Web Services Description Language (WSDL)
C. Simple Object Access Protocol (SOAP)
D. None of the above
viii. Which of the following Enterprise Security Solution does not supports the Access Control
-,
-lis+pslilxias?_ __
_ A. Neqrrork;;"
B. End Point Orchestrator
C. Firewall
D. Security Incident and Event Management
ix. 'Trusted Distribution' concept is introduced in Al class of TCSEC under which of the
following head-
'
l fi:x?:ilTAuthentication *
Page 2 of 3
*
(b) Fill in the Blanks:
Q2 XYZ is a computer manufacturing company established in US. XyZ wishes to release a new
product'XYX-Nano'' So, to gain the customer's confidence,XYZ initiated a security
evaluation
process for their new product 'XYZ-Nano' in US. The company
claims that their new product is
equivalent to highest rzting of TCSEC.
Q'3 Explaining the meaning and significance of 'security nrodel', discuss the Clar-k Wilson model
with the help of suitable examples. Also differentiate between Clark Wilson model and
Biba
model.
Q'4 What is the purpose of 'security Evaluation Criteria'? Discuss the salient features of TCSEC
and ITSEC adopted by Common Criteria (CC). Also discuss the different
assurance levels
provided by CC in detail.
Q'5 (a) Wrat do you understand by Buffer Overflow attack and Covert Channel attack? Discuss
the countemeasul"es available to a user to combat these attacks.
Q'5 (b) Explairring the concept of 'Network Trusted Computing Base', discuss the Trusted
Network Interpretation (TNI) in detail.
Page 3 of 3
tu