Short Questions – Computer System Security AKTU Btech Important question.

In this blog, we are discussing for Short Questions – Computer System Security AKTU Btech Important question. Hope this Blogs will help you in your upcoming exams.

Dudes 🤔.. You want more useful details regarding this subject. Please keep in mind this as well.

Important Questions For Computer System Security: 
*Unit-01     *Unit-02    
*Unit-03    *Unit-04 
*Unit-05    *Short-Q/Ans
*Question-Paper with solution 21-22 

Unit – 1 (Introduction)

Q1. Define computer security system.

Ans. Information systems are shielded from disturbance or theft by computer security.

Q2. Why computer security is used?

Ans. It is used:

• 1. To prevent theft of hardware.
• 2. To prevent theft of information.
• 3. To prevent disruption of service.

Q3. Define the term confidentiality, integrity and availability.

Ans. Confidentiality: Information access is constrained by a set of constraints known as confidentiality.

Integrity : Integrity is the promise that the data is reliable and correct.

Availability: A assurance of dependable access to the information by authorized individuals is availability.

Q4. What are the goals of computer security system?

Ans. Following are the goals of computer security system :

• 1. Integrity
• 2. Secrecy
• 3. Availability

Q5. What are the problems related with computer security ?

Ans. Problems related with computer security are :

• 1. Phishing
• 2. Vishing
• 3. Smishing
• 4. Pharming
• 5. Vulnerability
• 6. Exposures

Q6. What do you mean by phishing ?

Ans. Phishing is the practise of attempting to obtain sensitive information from people by posing as a reliable institution in an online contact, such as their banking and credit card information (e-mail, social media, etc).

Q7. Define the term vishing and smishing.

Ans. Vishing : Vishing (voice phishing) is a method used by con artists to get their victims to send money or personal information over the phone.

Smishing : Any situation in which text messages are delivered in an effort to trick recipients into sending money or clicking on dubious links is known as smishing (SMS phishing).

Q8. What are the steps taken to protect computer system hardware?

Ans. Five steps to protect computer system hardware are :

• 1. Install firewall
• 2. Install antivirus software
• 3. Install anti-spyware software
• 4. Use complex and secure passwords
• 5. Check on the security settings of the browser

Q9. Define security policies.

Ans. In order to secure the security of a network and computer systems in an organization, a security policy consists of a set of goals for the business, guidelines for users and administrators, and requirements for systems and administration.

Q10. What are the different security models ?

Ans. Following are the different security models :

• 1. Lattice models
• 2. State machine model
• 3. Non-interference models
• 4. Bell-LaPadula confidentiality model
• 5. Biba integrity model
• 6. Clark-Wilson integrity model

Q11. What are the rules of Biba model ?

Ans. The rules of Biba model :

1. Simple integrity rule (no read down) : A subject cannot read data from a lower integrity level, according to the statement.

2. Star integrity rule (no write up) : According to this, a subject is not permitted to write data to an object with a higher integrity level.

3. Invocation property: A subject at a lower integrity level cannot be invoked (called upon), according to this rule.

Q12. What are the components of Clark-Wilson integrity model?

Ans. Components of Clark-Wilson model :

i. Subjects (users): These are active agents.

ii. Transformation Procedures (TPs): The software processes—such as read, write, and modify—that carry out the necessary action on the subject’s behalf (user).

iii. Constrained Data Items (CDI) : Data that can be modified only by TPs.

iv. Unconstrained Data Items (UDI) : Data that is manipulatable by users through simple read/write operations.

v. Integrity Verification Procedure (IVP): Programmes that run on a recurring basis to verify CDis’ accuracy with the outside world. Typically, vendors set these integrity standards.

Q13. What are security policies components ?

Ans. Following are security policies components :

• 1. Governing policies
• 2. End-user policies
• 3. Technical policies

Q14. What are various attacks used in computer security ?

Ans. Various attacks in computer security :

• i. Malware
• ii. Macro viruses
• iii. File infectors
• iv. System or boot-record infectors
• v. Stealth viruses
• vi. Trojans

Q15. Define the term server – side attack and insider attack.

Ans. Server-side attack : Server-side attacks are conducted directly at a listening service by an attacker (the client).

Insider attack : An insider attack is a malicious attack carried out on a computer system or network by a user who has been granted access to the system.

Q16. What is hijacking ?

Ans. A particular kind of network security assault called a “hijacking” involves the attacker seizing control of a communication.

Q17. What are the types of control hijacking?

Ans. There are three types of control hijacking in computer security :

• 1. Buffer overflow attacks
• 2. Integer overflow attacks
• 3. Format string vulnerabilities

Q18. What is computer security problem ? What factors contribute to it ?

Ans. Malware is a serious issue with computer security. Malware can cause computer security issues by infecting our computers, erasing our files, stealing our data, or enabling an attacker to access our system without our knowledge or consent. Malware includes things like Trojan horses, worms, ransomware, spyware, and viruses.

Q19. What is SQL injection ?

Ans. Malicious SQL statements are injected into entry fields for execution via the SQL injection technique, which is used to target data-driven systems.

Unit – 2 (Confidentiality Policy)

Q1. Define confidentiality policy.

Ans. A confidentiality policy is meant to safeguard information and stop unlawful disclosure. Specific procedures guarantee privacy and protect data against nefarious intrusions.

Q2. Name the security model used in confidentiality policy.

Ans. Bell-LaPadula confidentiality model is the security model employed in confidentiality policy.

Q3. Define Bell-LaPadula confidentiality model.

Ans. A multi-level security policy based on state machines is the Bell-LaPadula confidentiality model. Originally intended for military use, this model.

Q4. Define the term access control.

Ans. Limiting access to a system or to physical or virtual resources is done by using access control. Access control in computing is the method by which users are given permission to access systems, resources, or data as well as certain rights.

Q5. What are the types of access control ?

Ans. Following are the types of access control :

• 1. Discretionary Access Control (DAC)
• 2. Mandatory Access Control (MAC)

Q6. Define DAC.

Ans. A type of security access control known as discretionary access control (DAC) allows or prohibits access to an item based on an access policy set by the object’s owner.

Q7. What are the advantages of DAC?

Ans. Following are the advantages of DAC :

1. User may transfer object ownership to another user s

2. User may determine the access type of other users

Q8. What are the disadvantages of DAC ?

Ans. Following are the disadvantages of DAC :

• 1. Inherent vulnerabilities (Trojan horse)
• 2. Access control list maintenance
• 3. Grant and revoke permissions maintenance

Q9. What are the issues related with DAC ?

Ans. Issues related with DAC are :

• 1. Difficult to enforce a system-wide security policy.
• 2. Only support coarse -grained privileges.
• 3. Unbounded privilege escalation.

Q10. What is MAC ?

Ans. An example of mandatory access control is when the operating system limits a subject’s ability to access or interact with an object in some way.

Q11. What are the advantages of MAC?

Ans. Advantages of MAC are :

• 1. It guarantees a high level of protection and stops the transfer of information that is unlawful.
• 2. It is appropriate for use in military and high-security applications.

Q12. What are the disadvantages of MAC ?

Ans. Disadvantages of MAC are :

• 1. The rigorous categorization of subjects and objects is necessary.
• 2. It is applicable to few environments.

Q13. Define confinement problem.

Ans. The confinement problem is the issue of stopping a server from disclosing data that a service user deems sensitive. The confinement problem is concerned with stopping a process from acting in an improper manner.

Q14. What are the types of Unix user ID ?

Ans. Types of Unix user ID are :

• 1. Real user ID
• 2. Effective user ID
• 3. Saved user ID

Q15. Define real user ID.

Ans. The files to which the process has access are determined by the real user ID. It belongs to the process’s owner.

Q16. Define effective user ID.

Ans. Although effective user ID and real user ID are identical, they are occasionally modified to allow non-privileged users to access files that are only accessible by root.

Q17. Define saved user ID.

Ans. When a process that is operating with elevated privileges (often root) has to perform some work that requires lower privileges, it can temporarily switch to a non-privileged account to accomplish this. This is known as a saved user ID.

Q18. What are confinement techniques ?

Ans. Following are the various confinement techniques :

• 1 . Chroot (change root)
• 2. Jailkits
• 3. FreeBSD jail
• 4. System call interposition

Q19. What are the types of VM based isolation ?

Ans. Following are the types of Virtual Machine based isolation :

• 1. Process virtual machines
• 2. System virtual machines (Hypervisor virtual machines)
• 3. Hosted virtual machines
• 4. Hardware virtual machine

Q20. Define rootkit.

Ans. A rootkit is a type of computer programme made to maintain privileged access to a computer while remaining undetectable. A rootkit is a group of programmes that made it possible to log in as the administrator of a machine or network.

Q21. What is the purpose of rootkits ?

Ans. Rootkits are used by malware to grant their owner enduring, covert remote access to our computers. They alter the system to hide the malware’s presence and its operations in order to prevent detection.

Q22. What is intrusion detection system ?

Ans. A network security technique called an intrusion detection system (IDS) is designed to find vulnerability exploits against a target computer or application.

Q23. What are the types of intrusion detection system ?

Ans. Following are the types of intrusion detection system :

• 1. Network Intrusion Detection System (NIDS)
• 2. Host-based Intrusion Detection System (HIDS)
• 3. Perimeter Intrusion Detection System (PIDS)
• 4. VM based Intrusion Detection System (VMIDS)

Q24. What are the components of intrusion detection system?

Ans. Components of intrusion detection system are :

• 1. Packet decoder
• 2. Preprocessor
• 3. Detection engine
• 4 . Logging and alerting system
• 5. Output modules

Q25. Explain system call interposition.

Ans. The technique of system call interposition is used to control and keep track of programme behaviour. It enables security systems to keep track of every contact the application has with the file system, network, and other delicate system resources.

Q26. What is the problem of covert channel in VMM security ?

Ans. A covert channel is a sort of attack that enables the movement of information objects between processes that the computer security policy is not supposed to permit to connect with one another.

Unit – 3 (Secure Architecture Principles Isolation And Leas)

Q1. What do you understand by access control ?

Ans. The security method of access control limits who or what can access resources in a computing environment. It is a basic security principle that reduces risk to the company or organization.

Q2. Define physical and logical access control.

Ans. Physical access control : Access to campuses, buildings, rooms, and physical IT assets is restricted via physical access control.

Logical access control : Logical access control restricts access to data, system files, and computer networks.

Q3. What are the types of access control ?

Ans. Types of access control are :

• 1. Mandatory Access Control (MAC)
• 2. Discretionary Access Control (DAC)
• 3 . Role-Based Access Control (RBAC)

Q4. What are the best practices for access control ?

Ans. Access control practices are :

• 1. It denies access to systems by undefined users.
• 2. It limits and monitors the usage of administrator.
• 3. It suspends or delay access capability.
• 4. As soon as a user quits the firm, it deletes any accounts that are no longer in use.

Q5. Discuss security principle for access control.

Ans. Security principles for access control are:

• 1. Identification
• 2. Authentication
• 3. Authorization
• 4. Non-repudiation

Q6. Define the term identification, authentication, authorization, non-repudiation.

Ans. Identification : Identification is a technique for verifying that a topic is who it says it is.

Authentication : The process of demonstrating a subject’s identification is called authentication.

Authorization : The process of limiting a subject’s access to things is called authorization.

Non-repudiation : The guarantee of non-repudiation states that something cannot be denied.

Q7. What are the various issues in access control?

Ans. Various issues in access control are :

• 1. Appropriate role-based access
• 2. Poor password management
• 3. Poor user education

Q8. What do you understand by browser isolation ?

Ans. An internet user’s web surfing activity can be physically separated from their local system, network, and infrastructure using the cyber security approach known as “browser isolation.”

Q9. List some browser isolation vendors.

Ans. Browser isolation vendors include :

• 1. Apozy
• 2. Authentic
• 3. Ericom
• 4. Menlo Security

Q10. What is threat modelling ?

Ans. A technique for improving network security called threat modelling identifies goals and weaknesses before building defences to stop or lessen the impact of threats to the system.

Q11. What are the elements of threat modelling ?

Ans. Three main elements of threat modelling are :

• 1. Assets
• 2. Threats
• 3. Vulnerabilities

Q12. What are the layers used in threat modelling ?

Ans. Layers used in threat modelling are :

• 1. Network layer
• 2. Host layer
• 3. Application layer

Q13. What are the steps used for threat modelling ?

Ans. Steps used for threat modelling are :

• 1. Identify the assets
• 2. Describe the architecture
• 3. Break down the applications
• 4. Identify the threats
• 5. Document and classify the threats
• 6. Rate the threats

Q14. What are major web server threats?

Ans. Major web server threats are :

• 1. Injection flaws
• 2. Broken authentication
• 3. Sensitive data exposure
• 4. Cross-Site Request Forgery ( CSRF)
• 5. Man-in-the-Middle Attack (MITM)
• 6. Phishing attack

Q15. What are the methods of CSRF mitigation ?

Ans. Methods of CSRF mitigation are :

• 1. Logging off web applications when not in use.
• 2. Securing usernames and passwords.
• 3. Not allowing browsers to remember passwords.
• 4. Avoiding simultaneously browsing while logged into an application.

Q16. How can we develop secure software ?

Ans. Secure software can be developed by:

• 1. Sanitize inputs at the client side and server side.
• 2. Encode request/response.
• 3. Use HTTPS for domain entries.
• 4. Use only current encryption and hashing algorithms.
• 5. Do not allow for directory listing.

 Q17. How to avoid limitation in threat models ?

Ans. We can avoid limitation in threat models by:

• 1. Creating more rigorous and explicit threat models to comprehend potential shortcomings
• 2 . Making simpler and more general threat models
• 3 . Making less assumption to design a better threat model.

Q18. What is penetration testing ?

Ans. An internal examination of operating systems and apps for security issues is known as penetration testing. It is a legitimately staged cyberattack on a computer system that is conducted to gauge the system’s security.

Q19. What are the principles of secure design ?

Ans. Confidentiality, integrity, and availability are fundamental tenets of secure design.

Q20. What are difference between discretionary access control and mandatory access control ?

Ans. 

Q21. What is web security ?

Ans. Cybersecurity is another name for web security. In essence, it refers to securing a website or web application by identifying, thwarting, and reacting to online threats.

Unit – 4 (Basic Cryptography)

Q1. What do you mean by cryptography ?

Ans. Using cryptography, data is transformed into a code that may be encrypted and transferred across a public or private network. The art and science of developing secret codes are involved.

Q2. What are the different factors on which cryptography depends?

Ans. Following are the different factors on which cryptograph~. depends:

• 1. Plaintext
• 2. Encryption algorithm
• 3. Ciphertext
• 4. Decryption algorithm

Q3. What are the different security attacks ?

Ans. Following are the two types of security attacks :

1. Passive attacks : Attacks classified as passive involve the attacker observing the transfer of data.

2. Active attacks : Attacks that involve an active attempt to modify data are called active attacks.

Q4. Distinguish between an active and passive attack.

Ans. 

Q5. What are the requirements for the use of a public key certificates scheme ?

Ans. Requirements for the use of a public key certificates

scheme are:

• 1. Any participant can read a certificate to find out the owner’s name and public key.
• 2 . The origin of the certificate and its authenticity can be independently confirmed by any participant.
• 3. Only the certificate authority can create and update certificates.
• 4. Any participant can verify the currency of the certificate.

Q6. Give the ingredients of public key encryption scheme.

Ans. Ingredients of public key encryption scheme are :

• i. Plain text
• ii. Encryption algorithm
• iii. Public and private keys
• iv. Ciphertext
• v . Decryption algorithm

Q7. What do you mean by RSA ?

Ans. In the RSA asymmetric cryptography algorithm, the decryption key is kept private, but the encryption key is made public.

Q8. What requirements should a digital signature scheme satisfy?

Ans. Following are the requirements for digital signature are :

• 1. A bit pattern that is specific to the message being signed must be used as the signature.
• 2 . For the purpose of preventing forgery and denial, the signature must contain some details specific to the sender.
• 3 . Production of digital signature must be easy.

Q9. Explain briefly the two different approaches of digital signature.

Ans. Two different approaches of digital signature are :

1. RSA : RSA is used for encryption and decryption.

2. DSA : DSA (Digital Signature Algorithm) is used for signing verification.

Q10. Define hash algorithm.

Ans. A hash algorithm is a function that changes a variable-length input string into a fixed-length numeric output string. Since hash algorithms are meant to avoid collisions, it is extremely unlikely that the same string will be generated for distinct data.

Q11. Write down the security services provided by a digital signature.

Ans. Security services provided by digital signature are :

• i. Message authentication
• ii. Message integrity
• iii. Non-repudiation
• iv. Confidentiality

Q12. What are the drawbacks of digital signature ?

Ans. Drawbacks of digital signature are :

• i. Association of digital signature and trusted time stamping.
• ii. Non-repudiation.

Q13. Define symmetric key cryptography.

Ans. A shared secret key between two parties is used in symmetric key cryptography. Large messages can be decoded more quickly using this method. Its fundamental distribution strategy is what gives it its power.

Q14. Define S/MIME. 

Ans. The Secure Multi-Purpose Internet Mail Extensions, or S/MIME standard, is used to encrypt and sign MIME data with a public key. Using the RSA encryption mechanism, S/MIME provides a safe way to exchange emails.

Q15. What do you mean by mail security ?

Ans. The term “mail security” refers to all the precautions taken to keep the content and access to an email account or service secure. It enables a person or organization to limit who has access to one or more email addresses or accounts overall.

Q16. Write down the different ways the public key can be distributed.

Ans. Different ways the public key can distributed are :

• i. Public announcement 
• ii. Publically available directory
• iii. Public key authority

Q17. What do you understand by Pretty Good Privacy algorithm?

Ans. PGP is an encryption method that offers data communication users cryptographic privacy and authentication.

Q18. Give the services provided by PGP.

Ans. Service provided by PGP:

• i. Authentication
• ii. Confidentiality
• iii. Compression
• iv. Segmentation and reassembly
• v. Signature component
• vi. Message component

Q19. Differentiate between public key and private key.

Ans. 

Q20. What is IP security ?

Ans. The Internet Engineering Task Force (IETF) created a group of protocols known as IP Security (IPSec) to offer security for a packet at the network layer.

Q21. Explain intrusion detection.

Ans. The procedure of locating efforts to breach a system and gain unauthorized access is known as intrusion detection. A software/hardware system known as an intrusion detection system is created to identify unauthorized attempts to enter a target application or system.

Q22. What are the functional areas of IPsec ?

Ans. Functional areas of IPSec are :

• i. Authentication
• ii. Confidentiality
• iii. Key management

Q23. What are the services provided by IPSec ?

Ans. Services provided by IPSec are :

• 1. Access control
• ii. Connectionless integrity
• iii. Data origin· authentication
• iv. Confidentiality
• v. Limited traffic flow confidentiality

Q24. Describe briefly the security policy database.

Ans. The policies that decide how to handle all IP traffic entering or leaving a host or a security gateway are specified in a security policy database.

Q25. Describe briefly the purpose of SET protocol.

Ans. Purpose of SET protocol :

• i. Maintain the privacy of payment and order details.
• ii. It supports and enables network and software provider interoperability.
• iii. It ensures the integrity of all transmitted data.

Q26. What is the function of DNS rebinding defense ?

Ans. Function of DNS rebinding defense are :

• i. Browser mitigation
• ii. Server-side defenses
• iii. Firewall defense s

Q27. Name the protocol defined by IP Sec.

Ans. Protocols defined by IPSec are :

• 1. Authentication Header (AH)
• 2. Encapsulating Security Payload (ESP)

Q28. What is encryption and decryption ?

Ans. Encryption : It involves converting plain text data into something that seems random and meaningless ( ciphertext).

Decryption : It entails transforming plaintext back to ciphertext. A larger amount of data must be encrypted, hence symmetric encryption is utilized.

Unit – 5 (Internet Infrastructure)

Q1. What is internet infrastructure ?

Ans. The phrase “Internet infrastructure” refers to all hardware and software systems that are necessary for the smooth operation of the Internet.

Q2. What are the components of network infrastructure ?

Ans. Network infrastructure includes:

• 1. Network hardware
• 2. Network software
• 3. Network services

Q3. What is routing ?

Ans. The process of choosing a path for traffic within, between, or across networks is called routing. Networks of all kinds, including computer networks like the Internet and circuit-switched networks like the Public Switched Telephone Network (PSTN), execute routing.

Q4. What are the impacts of attack on router ?

Ans. Impacts of attacks on routers are :

• 1. Traffic redirection
• 2. Traffic sent to a routing black hole
• 3. Router denial-of-service (DoS)
• 4. Unauthorized route prefix origination

Q5. What are the main functions of link layer ?

Ans. Main functions of link layer are :

• 1. It handles problems that occur as a result of bit transmission errors.
• 2. It makes sure that sending and receiving devices are not overloaded with data flow.
• 3. It allows data to be sent up to the network layer, where it can be addressed and routed.

Q6. What do you understand by TCP/IP ?

Ans. To connect to the internet, computers employ the Transmission Control Protocol/Internet Protocol (TCP/IP) language. It is composed of a number of protocols that were developed to build a network of networks that allows a host to access the internet.

Q7. What is firewall?

Ans. A firewall is a type of network device that separates an organization’s internal network from the Internet and other external networks. The system that prevents unwanted access to or from the internal network might be composed of hardware, software, or both.

Q8. What are various types of firewall ?

Ans. Types of firewall are :

• 1. Packet filtering
• 2. Stateful packet filtering
• 3. Application level gateways

Q9. What is packet filtering ?

Ans. Using a packet filtering firewall, network access can be restricted by keeping track of both incoming and departing packets.

Q10. What is application level gateway ?

Ans. A firew:all that can inspect application level protocols is an application level gateway. For this to work, the firewall needs to comprehend a few certain application protocols.

Q11. Write disadvantages of packet filtering.

Ans. Disadvantages of packet filtering are :

• 1. It can be challenging to configure the packet filtering rules. To configure it correctly, we need a lot of knowledge and the right approach.
• 2. It is challenging to thoroughly test and confirm if anything is operating well or not after it has been configured.
• 3. It is an indeterminate machine. The previous packet’s state is not retained. Attackers can exploit stateless packet filters.

Q12. Write advantages of packet filtering.

Ans. The main advantage of the packet filtering :

1. A strategically placed packet filtering firewall can protect the entire network.

2. Packet filtering is available in routers.

Q13. What are intrusion detection models ?

Ans. Intrusion detection model are :

1. Misuse detection model

2. Anomaly detection model

Q14. What are the difference between HTTPs, SSL and TLS?

Ans. 

Q15. Give three benefits of IPsec.

Ans. Benefits of IPsec:

1. Support for the Internet Key Exchange (IKE) protocol decreased key negotiation overhead and streamlined maintenance.

2. Good compatibility.

3. Encryption on per-packet rather than per-flow basis.

Computer System Security Quantum, Syllabus, Important Questions

Computer System Security Quantum PDF: | AKTU Quantum PDF:

AKTU Important Links | Btech Syllabus

Important Links-Btech (AKTU)