Title NIS winter 22 model.pdf ✅

3/13/23, 12:09 PM 22620 modelans W-g22 about:blank 1/27 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION (Autonomous) (ISO/IEC - 27001 - 2005 Certified) WINTER – 2022 EXAMINATION MODEL ANSWER Subject: Network & Information Security Subject Code: Page 1 / 27 22620 Important Instructions to examiners: 1) The answers should be examined by key words and not as word-to-word as given in the model answer scheme. 2) The model answer and the answer written by candidate may vary but the examiner may try to assess the understanding level of the candidate. 3) The language errors such as grammatical, spelling errors should not be given more Importance (Not applicable for subject English and Communication Skills. 4) While assessing figures, examiner may give credit for principal components indicated in the figure. The figures drawn by candidate and model answer may vary. The examiner may give credit for anyequivalent figure drawn. 5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values may vary and there may be some difference in the candidate’s answers and model answer. 6) In case of some questions credit may be given by judgement on part of examiner of relevant answer based on candidate’s understanding. 7) For programming language papers, credit may be given to any other program based on equivalent concept. 8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma Programme from academic year 2021-2022. Hence if the students in first year (first and second semesters) write answers in Marathi or bilingual language (English +Marathi), the Examiner shall consider the same and assess the answer based on matching of concepts with model answer. Q. No Sub Q.N. Answer Marking Scheme 1. a) Ans. Attempt any FIVE of the following: Define computer security andstate it’sneed Computer Security refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Need of computer Security: 1. For prevention of data theft such as bank account numbers, credit card information, passwords, work related documents or sheets, etc. 2. To make data remain safe and confidential. 3. To provide confidentiality which ensures that only those individuals should ever be able to view data they are not entitled to. 10 2M Definition 1M Any one need 1M
3/13/23, 12:09 PM 22620 modelans W-g22 about:blank 2/27 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION (Autonomous) (ISO/IEC - 27001 - 2005 Certified) WINTER – 2022 EXAMINATION MODEL ANSWER Subject: Network & Information Security Subject Code: Page 2 / 27 22620 4. To provide integrity which ensures that only authorized individuals should ever be able change or modify information. 5. To provide availability which ensure that the data or system itself is available for use when authorized user wants it. 6. To provide authentication which deals with the desire to ensure that an authorized individual. OR The need of computer security has been threefold: confidentiality, integrity, and authentication—the “CIA” of security. 1. Confidentiality: the principle of confidentiality specifies that only sender and intended recipients should be able to access the contents of a message. Confidentiality gets compromised if an unauthorized person is able to access the contents of a message. 2. Integrity: when the contents of the message are changed after the sender sends it, but before it reaches the intended recipient, we say that the integrity of the message is lost. 3. Authentication: Authentication helps to establish proof of identities. The Authentication process ensures that the origin of a message is correctly identified. b) Ans. Explain shoulder surfing attack. Shoulder surfing a similar procedure in which attackers position themselves in such a way as to- be-able to observe the authorized user entering the correct access code. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision- enhancing devices. Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. 2M Relevant explanation 2M
3/13/23, 12:09 PM 22620 modelans W-g22 about:blank 3/27 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION (Autonomous) (ISO/IEC - 27001 - 2005 Certified) WINTER – 2022 EXAMINATION MODEL ANSWER Subject: Network & Information Security Subject Code: Page 3 / 27 22620 c) Ans. Explain the term cryptography. Cryptography: Cryptography is the art and science of achieving security by encoding messages to make them non-readable. 2M Correct explanation 1M Diagram 1M d) Ans. State the meaning of hacking. Hacking in simple terms means an illegal intrusion into a computer system and/or network. Government websites are the hot target of the hackers due to the press coverage, it receives. Hackers enjoy the media coverage. OR Hacking is the act of identifying and then exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data. Hacking is not always a malicious activity, but the term has mostly negative connotations due to its association with cybercrime. 2M Correct explanation 2M e) Ans. Describe sniffing attack. This is software or hardware that is used to observe traffic as it passes through a network on shared broadcast media. It can be used to view all traffic or target specific protocol, service, or string of characters like logins. Some network sniffers are not just designed to observe the all traffic but also modify the traffic. Network administrators use sniffers for monitoring traffic. They can also use for network bandwidth analysis and to troubleshoot certain problems such as duplicate MAC addresses. 2M Correct explanation 2M f) Ans. Explain need for firewall.  A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.  Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.  Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world via wide area networks and the Internet. 2M Any two needs 2M
3/13/23, 12:09 PM 22620 modelans W-g22 about:blank 4/27 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION (Autonomous) (ISO/IEC - 27001 - 2005 Certified) WINTER – 2022 EXAMINATION MODEL ANSWER Subject: Network & Information Security Subject Code: Page 4 / 27 22620 g) Ans. Explain use of PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept process, store or transmit credit card information maintain a secure environment.PCI DSS is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. It presents common sense steps that mirror best security practices. 2M Correct explanation 2M 2. a) Ans. Attempt any THREE of the following: Define Risk. Describe qualitative and quantitative risk analysis. Risk: A computer security risk is any event or action that could cause a loss or damage to computer hardware, software, data, or information OR Risk is probability of threats that may occur because of presence of vulnerability in a system. Quantitative Risk Analysis: A Process of assigning a numeric value to the probability of loss based on known risks, on financial values of the assets and on probability of threats. It is used to determine potential direct and indirect costs to the company based on values assigned to company assets and their exposure to risk. Assets can be rated as the cost of replacing an asset, the cost of lost productivity, or the cost of diminished brand reputation. In this 100% quantitative risk analysis is not possible. Qualitative Risk Analysis: A collaborative process of assigning relative values to assets, assessing their risk exposure and estimating the cost of controlling the risk. It utilizes relative measures and approximate costs rather than precise valuation and cost determination. Assets can be rated based on criticality - very important, important, not-important etc. Vulnerabilities can be rated based on how it is fixed - fixed soon, should be fixed, fix if suitable etc. Threats can be rated based on scale of likely - likely, unlikely, very likely etc. In this 100% qualitative risk analysis is feasible. 12 4M Definition 1M Explanation of qualitative and quantitative risk analysis 3M b) Ans. Explain working of biometric access control with any type of example. Biometric refers study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral characteristics. Biometric identification is used on the basis of some unique physical attribute of the user that positively identifies the user. 4M Diagram 1M Explanation 3M