Here we are discussing for Unit 3 SECURE ARCHITECTURE PRINCIPLES ISOLATION & LEAS | Computer System Security AKTU. Hope This article will you in your future Exams & Best of luck 🙏.
Dudes 🤔.. You want more useful details regarding this subject. Please keep in mind this as well. Important Questions For Computer System Security: *Unit-01 *Unit-02 *Unit-03 *Unit-04 *Unit-05 *Short-Q/Ans *Question-Paper with solution 21-22
Q1. Explain briefly the term access control.
Ans.
- 1. Limiting access to a system, physical resources, or virtual resources is done by using access control.
- 2. It is a procedure by which users can access systems, resources, or information and are given specific privileges.
- 3. Access control is a security method that regulates who may view various components of a computing environment, what can be viewed, and who can use resources.
- 4. It is a fundamental security concept that lowers the risk to the company or organization.
- 5. By analyzing the necessary login credentials, which may include passwords, pins, biometric scans, or other authentication elements, access control systems carry out identification, authentication, and authorization of individuals and entities.
- 6. In order to safeguard access control systems, multi-factor authentication, which calls for two or more authentication factors, is a crucial component of layered security.
Q2. Discuss access control principle and security principle used for access control.
Ans. Access control principles :
1. Principle of least privilege : It specifies that a user should not be able to access a resource if nothing has been specially specified for him or her, or for the groups to which he or she belongs, i.e., default no access.
2. Separation of duties : dividing up any areas of duty that might conflict in order to lessen the possibility of information or organizational assets being modified without authorization or accidentally.
3. Need to know : It is founded on the idea that people should only have access to the data that is strictly necessary for them to carry out their jobs.
Security principles used for access control :
1. Identification : Identification is a technique for verifying that a topic is who it says it is. For example, a user name or an account number.
2. Authentication : The process of demonstrating a subject’s identification is called authentication. For example, password, passphrase, PIN.
3. Authorization : The process of limiting a subject’s access to things is called authorization. For example, a user cannot delete a particular file after logging into the system.
4. Non-repudiation: The guarantee of non-repudiation states that something cannot be denied. The capacity to guarantee that a party to a contract or communication cannot contest the veracity of their signature on a document or the transmission of a message that they created is known as non-repudiation.
Q3. What are the characteristics and features of Unix?
Ans. Characteristics of Unix :
1. Memory allocation : In addition to allocating memory when a programme asks it, it keeps track of the primary memory, including how much of it is being used and by whom.
2. Processor management : It allocates the CPU for a process or deallocates if not required.
3. Device management : It maintains track of all devices and chooses which users should be given priority and for how long.
4. File management : It decides who should receive the resources as well as how and where they should be distributed.
5. Security : limiting illegal access to software and data through passwords and other methods.
Features of Unix :
1. Portable: Unix can be installed on many hardware platforms.
2. Multi-user: Multiple users can concurrently share hardware and software thanks to Unix users.
3. Multi-tasking: Unix allows a user to run more than one program at a time.
4. Organized file system: Users can organize and maintain files using the organized file and directory system provided by Unix.
5. Device independence: Input and output devices are treated like regular files by Unix. Redirection is a feature of the Unix design that makes it simple to control the location of file input and output.
6. Utilities : Unix provides a rich library of utilities that can increase user’s productivity.
Q4. Define web security with its goals.
Ans.
- 1. Web security is the practise of preventing unwanted access to and modification of sensitive data maintained online.
- 2. This is accomplished by enforcing strict policy measures.
- 3. Website security software scans websites for any potential viruses and vulnerabilities. This programme can check for Trojans, backdoor hackers, redirect attacks, and a variety of other threats.
- 4. If there are any problems with the website, a website security programme alerts the user and offers fixes.
- 5. It is the collective term for all the strategies and controls we have available to protect the data stored in the files that power our website and that of all of our users.
- 6. Although security should be included into our website from the start, some platforms, such as WordPress, let us do so quickly and for little to no money.
- 7. The goal of web security is to identify the following:
- i. Critical assets of the organization
- ii. Genuine users who m&y access the data
- iii. Level of access provided to each user
- iv. Various vulnerabilities that may exist in the application
- v. Data criticality and risk analysis on data exposure.
- vi. Appropriate remediation measures.
Q5. Explain threat modelling. What is its purpose ?
Ans.
- 1. Threat modelling is a process for improving network security that identifies goals and weaknesses before developing defences to stop or lessen the consequences of threats to the system.
- 2. A threat in this context is a prospective or actual negative occurrence that could undermine an enterprise’s assets. It could be intentional (like a denial-of-service attack) or accidental (like a storage device failure).
- 3. Finding the areas where a system has to be kept secure with the most effort is the key to threat modelling.
- 4 . Threat modelling is an iterative process that includes defining enterprise assets, determining what each application does in relation to these assets, creating a security profile for each application, identifying potential threats, prioritising potential threats, and recording negative events and the actions taken in each case.
- 5. A organised method for locating, evaluating, and addressing risks is threat modelling.
- 6. It enables system security personnel to convey the possible harm from security issues and to set remedial priorities.
Purpose of threat modelling :
- 1. Threat modelling serves the early identification, communication, and understanding of threats and their mitigation among the stakeholders of the organization.
- 2. System analysts and defence personnel have access to a thorough study of the likely attacker profile thanks to the documentation from this process.
Q6. Explain security interface framework.
Ans.
- 1. A group of Objective-C classes known as the security interface framework offer user interface components for programmes that handle security features including authorization, access to digital certificates, and access to keychain items.
- 2. User Interface (UI) defines the way humans interact with the information systems.
- 3. A device’s user interface (UI) is made up of a number of pages, displays, buttons, forms, and other graphic elements. Every website and app has a user interface.
- 4. User interface (UI) design is the process of creating visuals, illustrations, and using photographic artwork and typography to improve how a digital product is shown and laid out across a variety of device views.
- 5. Input controls (buttons, drop-down menus, data fields), navigational elements (search fields, slider, icons, tags), and informational elements make up interface elements (progress bars, notifications, message boxes).
Important Question with solutions | AKTU Quantums | Syllabus | Short Questions
Computer System Security Quantum, Syllabus, Important Questions
Label | Link |
---|---|
Subject Syllabus | Syllabus |
Short Questions | Short-question |
Important Unit-1 | Unit-1 |
Important Unit-2 | Unit-2 |
Important Unit-3 | Unit-3 |
Important Unit-4 | Unit-4 |
Important Unit-5 | Unit-5 |
Question paper – 2021-22 | 2021-22 |
Computer System Security Quantum PDF: | AKTU Quantum PDF:
Quantum Series | Links |
Quantum -2022-23 | 2022-23 |
AKTU Important Links | Btech Syllabus
Link Name | Links |
---|---|
Btech AKTU Circulars | Links |
Btech AKTU Syllabus | Links |
Btech AKTU Student Dashboard | Student Dashboard |
AKTU RESULT (One VIew) | Student Result |