2 Marks 1. What is information security?

Information security in todays enterprise is a well-informed sense of assurance that the information risks and controls are in balance. Jim Anderson, Inovant (2002) The protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information Tools, such as policy, awareness, training, education, and technology are necessary

2. What is C.I.A? The C.I.A. triangle was the standard based on confidentiality, integrity, and availability. The C.I.A. triangle has expanded into a list of critical characteristics of information

3. Write a note on the history of information security Computer security began immediately after the first mainframes were developed Groups developing code-breaking computations during World War II created the first modern computers Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage

4. What is Rand Report R-609? Information Security began with Rand Corporation Report R-609, The Rand Report was the first widely recognized published document to identify the role of management and policy issues in computer security.

5. What is the scope of computer security?

The scope of computer security grew from physical security to include: a. Safety of the data b. Limiting unauthorized access to that data c. Involvement of personnel from multiple levels of the organization

6. What is Security? The quality or state of being secure--to be free from danger To be protected from adversaries

7. Define Physical security Physical Security to protect physical items, objects or areas of organization from unauthorized access and misuse

8. Define Personal Security Personal Security involves protection of individuals or group of individuals who are authorized to access the organization and its operations

9. Define Operations security Operations security focuses on the protection of the details of particular operations or series of activities.

10. Define Communications security Communications security encompasses the protection of organizations communications media, technology and content

11. Define Network security Network security is the protection of networking components,connections,and contents

12. Define Information security Information security is the protection of information and its critical elements, including the systems and hardware that use ,store, and transmit the information

13. What are the critical characteristics of information? Availability Accuracy Authenticity Confidentiality Integrity Utility Possession

14. What is NSTISSC Security model? This refers to The National Security Telecommunications and Information Systems Security Committee document. This document presents a comprehensive model for information security. The model consists of three dimensions

15. What are the components of an information system? An Information System (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, and procedures necessary to use information as a resource in the organization

16. What is meant by balancing Security and Access? Balancing Security and Access It is impossible to obtain perfect security - it is not an absolute; it is a process Security should be considered a balance between protection and availability To achieve balance, the level of security must allow reasonable access, yet protect against threats

17. What are the approaches used for implementing information security? Bottom Up Approach Top-down Approach

18. What is SDLC? The Systems Development Life Cycle Information security must be managed in a manner similar to any other major system implemented in the organization Using a methodology ensures a rigorous process avoids missing steps

19. Explain different phases of SDLC Investigation, Analysis, Logical Design, Physical Design, Implementation,Maintenance and Change

20. What is Security SDLC?

Security Systems Development Life Cycle The same phases used in the traditional SDLC adapted to support the specialized implementation of a security project Basic process is identification of threats and controls to counter them The SecSDLC is a coherent program rather than a series of random, seemingly unconnected actions

21. How information security is viewed as a social science? Social science examines the behavior of individuals interacting with systems Security begins and ends with the people that interact with the system End users may be the weakest link in the security chain Security administrators can greatly reduce the levels of risk caused by end users, and create more acceptable and supportable security profiles

22. What are the information security roles to be played by various professionals in a typical organization? Senior Management - Chief Information Officer, Chief Information Security Officer Security Project Team

The champion The team leader Security policy developers Risk assessment specialists Security professionals Systems administrators

 End users

23. What are the three types of data ownwership and their responsibilities? Data Owner - responsible for the security and use of a particular set of information Data Custodian - responsible for the storage, maintenance, and protection of the information Data Users - the end systems users who work with the information to perform their daily jobs supporting the mission of the organization

24. What is the difference between a threat agent and a threat? A threat is a category of objects,persons,or other entities that pose a potential danger to an asset. Threats are always present. A threat agent is a specific instance or component of a threat. (For example All hackers in the world are a collective threat Kevin Mitnick,who was convicted for hacking into phone systems was a threat agent.)

25. What is the difference between vulnerability and exposure? The exposure of an information system is a single instance when the system is open to damage. Weakness or faults in a system expose information or protection mechanism that expose information to attack or damage or known as vulnerabilities.

26. What is attack? An attack is an intentional or unintentional attempt to cause damage or otherwise compromise the information. If some one casually reads sensitive information not intended for his or her use ,this considered as a passive attack. If a hacker attempts to break into an information system,the attack is considered active.

27. What is hacking?

Hacking can be defined positively and negatively. (1) to write computer programs for enjoyment (2) to gain access to a computer illegally

28. What is security blue print? The security blue print is the plan for the implementation of new security measures in the organization. Some times called a framework,the blue print presents an organized approach to the security planning process.

25) What is MULTICS? MULTICS was an operating system ,now obsolete. MULTICS is noewothy because it was the first and only OS created with security as its primary goal. It was a mainframe ,time-sharing OS developed in mid 1960s by a consortium from GE,Bell Labs,and MIT.

26)What is ARPANET? Department of Defense in US,started a research program on feasibility of a redundant,networked communication system to support the militarys exchange of information.Larry Robers,known as the founder if internet ,developed the project from its inception.

27) Define E-mail spoofing Information is authentic when the contents are original as it was created,palced or stored or transmitted.The information you receive as e-mail may not be authentic when its contents are modified what is known as E-mail spoofing

16 Marks 1) Explain the four important functions, the information security performs in an organization 2) What are dual homed host firewalls? Explain

3) What are deliberate acts of Espionage or tresspass. Give examples. 4) What deliberate software attacks? 5) Explain in detail the different types of cryptanalytic attacks 6) Enumerate different types of attacks on computer based systems. 7) What are different US laws and International laws on computer based crimes? 8) Explain in detail the Legal, Ethical and Professional issues during the security investigation 9) What are threats? Explain the different categories of threat 10) What is the code of ethics to be adhered to by the information security personnel stipulated by different professional organizations? 11) What is Intellectual property? How it can be protected? 12) Who are Hackers? Explain its levels 13) Explain the attack replication vectors 14) Discuss in detail the forces of Nature affecting information security 15) Explain deliberate software attacks

UNIT II

2 Marks 1) What are the four important functions, the information security performs in an organization? Information security performs four important functions for an organization: o Protects the organizations ability to function o Enables the safe operation of applications implemented on the organizations IT systems o Protects the data the organization collects and uses

o Safeguards the technology assets in use at the organization

2) What are threats? A threat is an object, person, or other entity that represents a constant danger to an asset Management must be informed of the various kinds of threats facing the organization By examining each threat category in turn, management effectively protects its information through policy, education and training, and technology controls

(3) What are the different categories of threat? Give Examples.

(4) What are different acts of Human error or failure? Includes acts done without malicious intent. It is Caused by: o Inexperience o Improper training o Incorrect assumptions o Other circumstances

(5) How human error can be prevented? Much human error or failure can be prevented with training and ongoing awareness activities,but also with controls,ranging from simple procedures like asking users to type a critical command twice,to more complex procedures ,such as the verification of the commands by a second party(Eg key recovery actions in PKI systems)

(6) What is Intellectual property? Intellectual property is the ownership of ideas and control over the tangible or virtual representation of those ideas . Many organizations are in business to create intellectual property

o trade secrets o copyrights o trademarks o patents

7) How Intellectual property can be protected? Enforcement of copyright has been attempted with technical security mechanisms,such as using digital watermarks and embedded code.The most common reminder of the individuals obligation to fair and responsible use is the license agreement window that usually pops up during the installation of a new software.

8) What is deliberate acts of espionage or trespass? Broad category of activities that breach confidentiality o Unauthorized accessing of information o Competitive intelligence vs. espionage o Shoulder surfing can occur any place a person is accessing confidential information Controls implemented to mark the boundaries of an organizations virtual territory giving notice to trespassers that they are encroaching on the organizations cyberspace Hackers uses skill, guile, or fraud to steal the property of someone else

9) Who are Hackers? What are the two hacker levels? The classic perpetrator of deliberate acts of espionage or trespass is the hacker. Hackers are people who use and create computer software [to] gain access to information illegally. Generally two skill levels among hackers: o Expert hacker o unskilled hacker(Script kiddies)

10) What is information extortion? Information extortion is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non-use Extortion found in credit card number theft(A Russian hacker named Maxus,who hacked the online vendor and stole everal hundred thousand credit card numbers.

11) What is deliberate acts of sabotage and vandalism? Individual or group who want to deliberately sabotage the operations of a computer system or business, or perform acts of vandalism to either destroy an asset or damage the image of the organization These threats can range from petty vandalism to organized sabotage Organizations rely on image so Web defacing can lead to dropping consumer confidence and sales Rising threat of hacktivist or cyber-activist operations the most extreme version is cyberterrorism

12) What is Cyber terrorism? Cyberterrorism is amost sinister form of hacking involving cyberterrorists hacking systems to conduct terrorist activities through network or internet pathways. An example was defacement of NATO web pages during the war in Kosovo.

13)What are the deliberate acts of theft? Illegal taking of anothers property - physical, electronic, or intellectual The value of information suffers when it is copied and taken away without the owners knowledge Physical theft can be controlled - a wide variety of measures used from locked doors to guards or alarm systems

 Electronic theft is a more complex problem to manage and control - organizations may not even know it has occurred

14)What are deliberate software attacks? When an individual or group designs software to attack systems, they create malicious code/software called malware o Designed to damage, destroy, or deny service to the target systems Includes:

o macro virus o boot virus o worms o Trojan horses o logic bombs o back door or trap door o denial-of-service attacks o polymorphic o hoaxes

15) What are the forces of Nature affecting information security? Forces of nature, force majeure, or acts of God are dangerous because they are unexpected and can occur with very little warning Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information

 Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations

16)What are technical hardware failures or errors? Technical hardware failures or errors occur when a manufacturer distributes to users equipment containing flaws These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability Some errors are terminal, in that they result in the unrecoverable loss of the equipment Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated

17) What are technical software failures or errors? This category of threats comes from purchasing software with unrevealed faults Large quantities of computer code are written, debugged, published, and sold only to determine that not all bugs were resolved Sometimes, unique combinations of certain software and hardware reveal new bugs Sometimes, these items arent errors, but are purposeful shortcuts left by programmers for honest or dishonest reasons

18) What is technological obsolescence? When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity to threats and attacks

 Ideally, proper planning by management should prevent the risks from technology obsolesce, but when obsolescence is identified, management must take action

19) What is an attack? An attack is the deliberate act that exploits vulnerability It is accomplished by a threat-agent to damage or steal an organizations information or physical asset o An exploit is a technique to compromise a system o A vulnerability is an identified weakness of a controlled system whose controls are not present or are no longer effective o An attack is then the use of an exploit to achieve the compromise of a controlled system

20) What is a malicious code? This kind of attack includes the execution of viruses, worms, Trojan horses, and active web scripts with the intent to destroy or steal information. The state of the art in attacking systems in 2002 is the multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices

21) Define Virus Virus - Each infected machine infects certain common executable or script files on all computers to which it can write with virus code that can cause infection

22) Define Hoaxes Hoaxes - A more devious approach to attacking computer systems is the transmission of a virus hoax, with a real virus attached

23) What is Distributed Denial-of-service (DDoS)?

DDoS is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time

24) What is Back Door? Back Doors - Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource

25) Define Dictionary attack The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guide guesses

26.)What are the attack replication vectors?

27) What are the various forms of attacks.

IP Scan and Atack Web Browsing Virus Unprotected Shares Mass Mail SNMP Hoaxes Back Doors

 Password Crack Brute Force Dictionary Denial of Service Distributed DoS

28) What is Denial-of-service (DoS) ? a. attacker sends a large number of connection or information requests to a target b. so many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service c. may result in a system crash, or merely an inability to perform ordinary functions

29) Define Spoofing It is a technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host

30)Define Man-in-the-Middle Man-in-the-middle is an attacker sniffs packets from the network, modifies them, and inserts them back into the network

16 Marks 1) 2) 3) 4) Explain the four important functions, the information security performs in an organization What are dual homed host firewalls? Explain What are deliberate acts of Espionage or tresspass. Give examples. What deliberate software attacks?

5) 6) 7)

Explain in detail the different types of cryptanalytic attacks Enumerate different types of attacks on computer based systems. What are different US laws and International laws on computer based crimes?

8) Explain in detail the Legal, Ethical and Professional issues during the security investigation 9) What are threats? Explain the different categories of threat

10) What is the code of ethics to be adhered to by the information security personnel stipulated by different professional organizations? 11) What is Intellectual property? How it can be protected? 12) Who are Hackers? Explain its levels 13) Explain the attack replication vectors 14) Discuss in detail the forces of Nature affecting information security 15) Explain deliberate software attacks

UNIT III

2 Marks 1. What is risk management? Risk management is the process of identifying vulnerabilities in an organizations information systems and taking carefully reasoned steps to assure d. Confidentiality e. Integrity f. Availability of all the components in the organizations information systems

2. What the roles to be played by the communities of interest to manage the risks an organization encounters? It is the responsibility of each community of interest to manage risks; each community has a role to play: Information Security Management and Users Information Technology

3. What is the process of Risk Identification? A risk management strategy calls on us to know ourselves by identifying, classifying, and prioritizing the organizations information assets These assets are the targets of various threats and threat agents and our goal is to protect them from these threats

4. What are asset identification and valuation. This iterative process begins with the identification of assets, including all of the elements of an organizations system: people, procedures, data and information, software, hardware, and networking elements

5. What is Asset Information for People?

Position name/number/ID Supervisor Security clearance level Special skills

6. What are Hardware, Software, and Network Asset Identification? When deciding which information assets to track, consider including these asset attributes:

Name IP address MAC address Element type Serial number Manufacturer name Manufacturers model number or part number Software version, update revision, or FCO number Physical location Logical location Controlling entity 7. What are Asset Information for Procedures?

Description Intended purpose What elements is it tied to Where is it stored for reference Where is it stored for update purposes 8. What are the Asset Information for Data?

 Classification Owner/creator/manager Size of data structure Data structure used sequential, relational Online or offline Where located Backup procedures employed

9. How information assets are classified? Examples of these kinds of classifications are: confidential data internal data public data Informal organizations may have to organize themselves to create a useable data classification model The other side of the data classification scheme is the personnel security clearance structure

10. Define the process of Information asset valuation. Create a weighting for each category based on the answers to the previous questions Which factor is the most important to the organization? Once each question has been weighted, calculating the importance of each asset is straightforward List the assets in order of importance using a weighted factor analysis worksheet

11. What are the Questions to assist in developing the criteria to be used for asset valuation? Which information asset is the most critical to the success of the organization? Which information asset generates the most revenue? Which information asset generates the most profitability? Which information asset would be the most expensive to replace? Which information asset would be the most expensive to protect? Which information asset would be the most embarrassing or cause the greatest liability if revealed?

12. Define data classification and management. A variety of classification schemes are used by corporate and military organizations Information owners are responsible for classifying the information assets for which they are responsible Information owners must review information classifications periodically The military uses a five-level classification scheme but most organizations do not need the detailed level of classification used by the military or federal agencies

13. What are security clearances? The other side of the data classification scheme is the personnel security clearance structure Each user of data in the organization is assigned a single level of authorization indicating the level of classification Before an individual is allowed access to a specific set of data, he or she must meet the need-toknow requirement This extra level of protection ensures that the confidentiality of information is properly maintained

14. Explain the process of threat identification? Threat Identification Each of the threats identified so far has the potential to attack any of the assets protected This will quickly become more complex and overwhelm the ability to plan To make this part of the process manageable, each step in the threat identification and vulnerability identification process is managed separately, and then coordinated at the end of the process

15. How to identify and Prioritize Threats? Each threat must be further examined to assess its potential to impact organization - this is referred to as a threat assessment To frame the discussion of threat assessment, address each threat with a few questions: Which threats present a danger to this organizations assets in the given environment? Which threats represent the most danger to the organizations information? How much would it cost to recover from a successful attack? Which of these threats would require the greatest expenditure to prevent?

16. What are the different threats faced by an information system in an Organization?

17. What is Vulnerability Identification? We now face the challenge of reviewing each information asset for each threat it faces and creating a list of the vulnerabilities that remain viable risks to the organization Vulnerabilities are specific avenues that threat agents can exploit to attack an information asset Examine how each of the threats that are possible or likely could be perpetrated and list the organizations assets and their vulnerabilities

 The process works best when groups of people with diverse backgrounds within the organization work iteratively in a series of brainstorming sessions

18. What is Risk assessment? We can determine the relative risk for each of the vulnerabilities through a process called risk assessment Risk assessment assigns a risk rating or score to each specific information asset, useful in gauging the relative risk introduced by each vulnerable information asset and making comparative ratings later in the risk control process

19. Mention the Risk Identification Estimate Factors o Likelihood o Value of Information Assets o Percent of Risk Mitigated o Uncertainty

20. Give an example of Risk determination. For the purpose of relative risk assessment: risk = likelihood of vulnerability occurrence times value (or impact) percentage risk already controlled + an element of uncertainty

Information Asset A has an value score of 50 and has one vulnerability: Vulnerability 1 has a likelihood of 1.0 with no current controls and you estimate that assumptions and data are 90 % accurate Asset A: vulnerability rated as 55 = (50 * 1.0) 0% + 10%

21. What is residual risk? For each threat and its associated vulnerabilities that have any residual risk, create a preliminary list of control ideas Residual risk is the risk that remains to the information asset even after the existing control has been applied

22. What is access control? One particular application of controls is in the area of access controls Access controls are those controls that specifically address admission of a user into a trusted area of the organization There are a number of approaches to controlling access Access controls can be - discretionary , mandatory , nondiscretionary

23. What are the different types of Access Controls? Discretionary Access Controls (DAC) Mandatory Access Controls (MACs) Nondiscretionary Controls Role-Based Controls Task-Based Controls Lattice-based Control

24. What is the goal of documenting results of the risk assessment? The goal of this process has been to identify the information assets of the organization that have specific vulnerabilities and create a list of them, ranked for focus on those most needing protection first

 In preparing this list we have collected and preserved factual information about the assets, the threats they face, and the vulnerabilities they experience

25. Mention the strategies to control the vulnerable risks. Four basic strategies are used to control the risks that result from vulnerabilities: o Apply safeguards (avoidance) o Transfer the risk (transference) o Reduce the impact (mitigation) o Inform themselves of all of the consequences and accept the risk without control or mitigation (acceptance)

26. What are the different risk control strategies? Avoidance Transference Mitigation Acceptance

27. Write short notes on Incidence Response Plan The actions an organization can perhaps should take while the incident is in progress are documented in what is known as Incident Response Plan(IRP). Answers to the following type of questions will be provided in IRP: a. What should the administrator should do first? b. Whom should they contact? c. What should they document?

28. Define Disaster Recovery Plan The most common mitigation procedure is Disaster Recovery Plan(DRP). The DRP includes the entire spectrum of activities used to recover from the incident and strategies to limit losses before and after the disaster. DRP usually include all preparations for the recovery process, strategies to limit losses during the disaster.

29. Define Business Continuity Plan The BCP is the most strategic and long term of the three plans. It encompasses the continuation of business activities if a catastrophic event occurs,such as the loss of an entire database,building or entire operations center. The BCP includes the planning the steps necessary to to ensure the continuation of the organization when the scope or scale of a disaster exceeds the ability of the DRP to restore operations.

30. What are different categories of controls? a. Control Function b. Architectural Layer c. Strategy Layer d. Information Security Principles

16 Marks 1. What is risk management? State the methods of identifying and assessing risk management 2. Discuss in detail the process of assessing and controlling risk management issues 3. What is risk management? Why is the identification of risks by listing assets and vulnerabilities is so important in the risk management process? 4. Explain in detail different risk control strategies 5. Explain asset identification and valuation 6. Explain in detail the three types of Security policies (EISP,ISSP and sysSP).

7. What is Information Security Blue print? Explain its salient features. 8. Explain the roles to be played by the communities of interest to manage the risks an organization encounters 9. Explain the process of Risk assessment 10. Explain briefly the plans adopted for mitigation of risks 11. Explain how the risk controls are effectively maintained in an organization 13) Write short notes on a) Incidence Response Plan b)Disaster Recovery Plan c)Business continuity plan 12. Explain in detail the process of asset identification for different categories 13. Explain the process of Information asset valuation 14. Discuss briefly data classification and management 15. Explain the process of threat identification? 16. Explain the process of vulnerability identification and assessment for different threats faced by an information security system

UNIT IV

2 Marks 1. What is a policy? A policy is a plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters

2. What are the three types of security policies? Management defines three types of security policy: General or security program policy

 Issue-specific security policies Systems-specific security policies

3. What is Security Program Policy? A security program policy (SPP) is also known as A general security policy IT security policy Information security policy

4. Define Issue-Specific Security Policy (ISSP) The ISSP: addresses specific areas of technology requires frequent updates contains an issue statement on the organizations position on an issue

5. What are ACL Policies? ACLs allow configuration to restrict access from anyone and anywhere ACLs regulate: o Who can use the system o What authorized users can access o When authorized users can access the system o Where authorized users can access the system from o How authorized users can access the system

6. What is Information Security Blueprint? The Security Blue Print is the basis for Design,Selection and Implementation of Security Policies,education and training programs,and technology controls.

7. Define ISO 17799/BS 7799 Standards and their drawbacks One of the most widely referenced and often discussed security models is the Information Technology Code of Practice for Information Security Management, which was originally published as British Standard BS 7799 This Code of Practice was adopted as an international standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 17799 in 2000 as a framework for information security

8.Mention the Drawbacks of ISO 17799/BS 7799 Several countries have not adopted 17799 claiming there are fundamental problems: o The global information security community has not defined any justification for a code of practice as identified in the ISO/IEC 17799 o 17799 lacks the necessary measurement precision of a technical standard o There is no reason to believe that 17799 is more useful than any other approach currently available o 17799 is not as complete as other frameworks available o 17799 is perceived to have been hurriedly prepared given the tremendous impact its adoption could have on industry information security controls

9. What are the objectives of ISO 17799? Organizational Security Policy is needed to provide management direction and support Objectives:

o Operational Security Policy o Organizational Security Infrastructure o Asset Classification and Control o Personnel Security o Physical and Environmental Security o Communications and Operations Management o System Access Control o System Development and Maintenance o Business Continuity Planning o Compliance

10.What is the alternate Security Models available other than ISO 17799/BS 7799? o Another approach available is described in the many documents available from the Computer Security Resource Center of the National Institute for Standards and Technology (csrc.nist.gov) Including: o NIST SP 800-12 - The Computer Security Handbook o NIST SP 800-14 - Generally Accepted Principles and Practices for Securing IT Systems o NIST SP 800-18 - The Guide for Developing Security Plans for IT Systems

11.Lis the management controls of NIST SP 800-26 Risk Management Review of Security Controls Life Cycle Maintenance

 Authorization of Processing (Certification and Accreditation) System Security Plan

12. Mention the Operational Controls of NIST SP 800-26

Personnel Security Physical Security Production, Input/Output Controls Contingency Planning Hardware and Systems Software Data Integrity Documentation Security Awareness, Training, and Education Incident Response Capability

13. What are the Technical Controls of NIST 800-26? Identification and Authentication Logical Access Controls Audit Trails 14. What is Sphere of protection? The sphere of protection overlays each of the levels of the sphere of use with a layer of security, protecting that layer from direct or indirect use through the next layer The people must become a layer of security, a human firewall that protects the information from unauthorized access and use

 Information security is therefore designed and implemented in three layers o policies o people (education, training, and awareness programs) o technology

15. What is Defense in Depth?

o One of the foundations of security architectures is the requirement to implement security in layers o Defense in depth requires that the organization establish sufficient security controls and safeguards, so that an intruder faces multiple layers of controls

16.What is Security perimeter? The point at which an organizations security protection ends, and the outside world begins is referred to as the security perimeter

17.What are the key technological components used for security implementation? o A firewall is a device that selectively discriminates against information flowing into or out of the organization o The DMZ (demilitarized zone) is a no-mans land, between the inside and outside networks, where some organizations place Web servers o In an effort to detect unauthorized activity within the inner network, or on individual machines, an organization may wish to implement Intrusion Detection Systems or IDS

18.What is Systems-Specific Policy (SysSP)? SysSPs are frequently codified as standards and procedures used when configuring or maintaining systems

 Systems-specific policies fall into two groups: Access control lists (ACLs) consist of the access control lists, matrices, and capability tables governing the rights and privileges of a particular user to a particular system 19.What is the importance of blueprint? The blueprint should specify the tasks to be accomplished and the order in which they are to be realized. It should serve as a scaleable,upgradable,and comprehensive paln for the information security needs for coming years.

20. What are the approaches of ISSP? Three approaches: Create a number of independent ISSP documents Create a single comprehensive ISSP document Create a modular ISSP document

16 Marks 1. What are ISO 7799 and BS7799? Explain their different sections and salient features. 2. Explain salient features of NIST security models. 3. Explain with diagrams the design of security architecture. 4. Explain how information security policy is implemented as procedure 5. What are the three types of security policies? Explain 6. Compare and contrast the ISO 17700 wit BS 7799 NIST security model 7. Explain the NIST security model 8. List the styles of security architecture models. Discuss them in detail 9. Explain NIST SP 800-14 10. Explain Sphere of protection with a neat sketch

11. Explain the key technological components used for security implementation 12. Write short notes on i. Defense in depth ii. Security perimeter 13. Write short notes on iii. Incident Response plan(IRP) iv. Disaster Recovery Plan v. Business Continuity Plan 14. What is Business Impact Analysis? Explain different stages of BIA in detail. 15. Explain Key technology component

UNIT V

2 Marks 1. What are firewalls? A firewall is any device that prevents a specific type of information from moving between the untrusted network outside and the trusted network inside The firewall may be: o a separate computer system o a service running on an existing router or server o a separate network containing a number of supporting devices

2. Explain different generations of firewalls.

First Generation - packet filtering firewalls Second Generation-application-level firewall or proxy server Third Generation- Stateful inspection firewalls Fourth Generation-dynamic packet filtering firewall Fifth Generation- kernel proxy

3. Mention the functions of first generation firewall Examines every incoming packet header and selectively filters packets based on address, packet type, port request, and others factors

4. What are the restrictions of first generation firewall? The restrictions most commonly implemented are based on: o IP source and destination address o Direction (inbound or outbound) o TCP or UDP source and destination port-requests

5. What is the advantage of Second Generation firewalls? The primary disadvantage of application-level firewalls is that they are designed for a specific protocol and cannot easily be reconfigured to protect against attacks on protocols for which they are not designed

6. Define stateful inspection firewall It keeps track of each network connection established between internal and external systems using a state table which tracks the state and context of each packet in the conversation by recording which station sent what packet and when

7. What is the disadvantage of third generation firewalls? The primary disadvantage is the additional processing requirements of managing and verifying packets against the state table, which can possibly expose the system to a DoS attack. These firewalls can track connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic

8. What is the function of Fifth Generation firewall? The final form of firewall is the kernel proxy, a specialized form that works under the Windows NT Executive, which is the kernel of Windows NT. It evaluates packets at multiple layers of the protocol stack, by checking security in the kernel as data is passed up and down the stack

9. How firewalls are categorized by processing mode? The five processing modes are 1) Packet filtering 2) Application gateways 3) Circuit gateways 4) MAC layer firewalls 5) Hybrids

10) What is the drawback of packet-filtering router? The drawback of packet-filtering router includes a lack of auditing and strong authentication

11) What are Screened-Host Firewall Systems Screened-Host firewall system allows the router to pre-screen packets to minimize the network traffic and load on the internal proxy

12) What is the use of an Application proxy? An Application proxy examines an application layer protocol, such as HTTP, and performs the proxy services

13) What are dual homed host firewalls? The bastion-host contains two NICs (network interface cards) One NIC is connected to the external network, and one is connected to the internal network With two NICs all traffic must physically go through the firewall to move between the internal and external networks

14) What is the use of NAT? A technology known as network-address translation (NAT) is commonly implemented to map from real, valid, external IP addresses to ranges of internal IP addresses that are non-routable

15) What are Screened-Subnet Firewalls? Consists of two or more internal bastion-hosts, behind a packet-filtering router, with each host protecting the trusted network The first general model consists of two filtering routers, with one or more dual-homed bastionhost between them The second general model involves the connection from the outside or untrusted network

16) What are the factors to be considered while selecting a right firewall? o What type of firewall technology offers the right balance of protection features and cost for the needs of the organization? o What features are included in the base price? What features are available at extra cost? Are all cost factors known?

o How easy is it to set up and configure the firewall? How accessible are staff technicians with the mastery to do it well? o Can the candidate firewall adapt to the growing network in the target organization?

17) What are Sock Servers? The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS clientside agents on each workstation 18) What are the recommended practices in designing firewalls? All traffic from the trusted network is allowed out The firewall device is always inaccessible directly from the public network Allow Simple Mail Transport Protocol (SMTP) data to pass through your firewall, but insure it is all routed to a well-configured SMTP gateway to filter and route messaging traffic securely All Internet Control Message Protocol (ICMP) data should be denied Block telnet (terminal emulation) access to all internal servers from the public networks When Web services are offered outside the firewall, deny HTTP traffic from reaching your internal networks by using some form of proxy access or DMZ architecture

19) What are intrusion detection systems(IDS)? IDSs work like burglar alarms IDSs require complex configurations to provide the level of detection and response desired An IDS operates as either network-based, when the technology is focused on protecting network information assets, or host-based, when the technology is focused on protecting server or host information assets IDSs use one of two detection methods, signature-based or statistical anomaly-based

20) What are different types of IDSs?

a) Network-based IDS b) Host-based IDS c) Application-based IDS d) Signature-based IDS e) Statistical Anomaly-Based IDS

21) Define NIDS A network-based IDS(NIDS) resides on a computer or an appliance connected to a segment of an organizations network and monitors traffic on that network segment,looking for indications of ongoing or successful attacks.

22) What is HIDS? A Host-based IDS(HIDS) works differently from a network-based version of IDS. A host-based IDS resides on a particular computer or server,known as the host and monitors activity only on that system. HIDs are also known as System Integrity Verifiers as they benchmark and monitorthe status of key system files and detect when an intruder creates ,modifies or deletes monitored files.

23. What is the use of HIDS? A HIDs is also capable of monitoring system configuration databases,such as windows registries,in addition to stored configuration files like .ini,.cfg,and .dat files.

24.What is Application-based IDS? A refinement of Host-based IDs is the application-based IDS(AppIDS). The application based IDs examines an application for abnormal incidents. It looks for anomalous occurrences such as users exceeding their authorization,invalid file executions etc.

25.What is Signature-based IDS?

A signature-based IDS(also called Knowledge-based IDs) examines data traffic in search of patterns that match known signatures that is,preconfigured ,predetermined attack patterns.

26.What is LFM? Log File Monitor(LFM) is an approach to IDS that is similar to NIDS. Using LFm the system reviews the log files generated by servers,network devices,and wven other IDSs. These systems look for patterns and signatures in the log files that may indicate an attack or intrusion is in process or has already succeeded.

27.What are Honey Pots? Honey pots are decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves. These systems are created for the sole purpose of deceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.

29. What are Honey Nets? When a collection of honey pots connects several honey pot systems on a subnet,it may be called a honey net.

30.What are Padded Cell Systems? A Padded Cell is a honey pot that has been protected so that it cannot be easily compromised. In otherwords,a padded cell is a hardened honey spot..

31.What are the advantages and disadvantages of using honey pot or padded cell approach? Advantages: Attackers can be diverted to targets that they cannot damage. Administrators have time to decide how to respond to an attacker. Attackers action can be easily and extensively monitored

 Honey pots may be effective at catching insiders who are snooping around a network. Disadvantages: The legal implication of using such devices are not well defined. Honey pots and Padded cells have not yet been shown to be generally useful security technologies. An exper attacker,once diverted into a decoy system,may become angry and launch a hostile attack againt an organizations systems Admins and security managers will need a high level of expertise to use these systems.

32.What are foot printing and finger printing? One of the preparatory part of the attack protocol is the collection of publicly available information about a potential target,a process known as footprinting. Footprinting is the organized research of the Internet addresses owned or controlled by the target organization. The next phase of the attack protocol is a second intelligence or data-gathering process called fingerprinting. This is systematic survey of all of the target organizations Internet addresses(which are collected during the footprinting phase); the survey is conducted to ascertain the network services offered by the hostsin that range. Fingerprinting reveals useful information about the internal structure and operational nature of the target system or network for the anticipated attack.

33. What are Vulnerability Scanners? Vulnerability scanners are capable of scanning networks for very detailed information As a class, they identify exposed usernames and groups, show open network shares, expose configuration problems, and other vulnerabilities in servers

34. Define Packet Sniffers A network tool that collects copies of packets from the network and analyzes them Can be used to eavesdrop on the network traffic

To use a packet sniffer legally, you must be: o on a network that the organization owns o under direct authorization of the owners of the network o have knowledge and consent of the content creators (users)

35.What is Cryptography?. Cryptography, which comes from the Greek work kryptos,meaning hidden,and graphein,meaning to write,is aprocess of making and using codes to secure the transmission of information.

36.What is Cryptoanalysis? Cryptoanalysis is the process of obtaining the original message(called plaintext) from an encrypted message(called the ciphertext) without knowing the algorithms and keys used to perform the encryption.

37. Define Encryption Encryption is the process of converting an original message into a form that is unreadable to unauthorized individuals-that is,to anyone without the tools to convert the encrypted message back to its original format.

38.Define Decryption Decryption is the process of converting the cipher text into a message that conveys readily understood meaning.

39.What is Public Key Infrastructure (PKI)? PKI or Public Key Infrastructure

 Public Key Infrastructure is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs) and can: o Issue digital certificates o Issue crypto keys o Provide tools to use crypto to secure information o Provide verification and return of certificates

40. What are the PKI Benefits PKI protects information assets in several ways: o Authentication o Integrity o Privacy o Authorization o Nonrepudiation 41.How E-mail systems are secured? Encryption cryptosystems have been adapted to inject some degree of security into e-mail: o S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication o Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a standard to function with the public key cryptosystems o PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures o Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher along with RSA for key exchange

42.What are the seven major sources of physical loss? Temperature extremes Gases Liquids Living organisms Projectiles Movement Energy anomalies

43.What is a Secure Facility? A secure facility is a physical location that has been engineered with controls designed to minimize the risk of attacks from physical threats A secure facility can use the natural terrain; traffic flow, urban development, and can complement these features with protection mechanisms such as fences, gates, walls, guards, and alarms

44.What are the controls used in a Secure Facility? Walls, Fencing, and Gates Guards Dogs, ID Cards, and Badges Locks and Keys Mantraps Electronic Monitoring Alarms and Alarm Systems

 Computer Rooms Walls and Doors

45.What are the functions of Chief Information Security officer? The CISO performs the following functions: o Manages the overall InfoSec program o Drafts or approves information security policies o Works with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans o Develops InfoSec budgets based on funding o Sets priorities for InfoSec projects & technology o Makes decisions in recruiting, hiring, and firing of security staff o Acts as the spokesperson for the security team

16 Marks

1. Explain in detail i. Firewalls categorized by processing mode ii. Different generations of firewall 2. Explain in detail different firewall architectures (OR) Write short notes on iii. Packet filtering Routers iv. Screened Host fire wall v. Screened subnet firewalls (with DMZ) 3. What are the factors to be considered in selecting a right firewall?

4. Explain How firewalls are configured and managed? 5. Outline some of the best practices for firewall use. 6. What are fire wall rules? Explain different fire wall rule sets. 7. What is Iintrusion Detection System(IDS)? Explain different reasons for using IDS and different terminologies associated with IDS. 8. What are different types of Intrusion Detection Systems available? Explain with diagrams 9. Write short notes on vi. Network-based IDS vii. Host-based IDS viii. Application-based IDS ix. Signature-based IDS

10. What are Honey pots,Honey Nets and Padded cell systems? Explain each. 11. What is Attacking Protocol? Explain a) Foot printing and b) Finger printing. 12. What are the purposes of Scanning and Analysis tools? Who will be using these tools? Explain the functioning of few of these tools. 13. What is cryptography? Define various encryption terms used. 14. What is RSA algorithm? Explain different steps> 15. What are different possible attacks on crypto systems? 16. List and describe four categories of locks? 17. Explain with a diagram different positions in Information security. 18. What are the functions of a)CISO,b) Information Security Manager, and c)Security Technician 19. How the credentials of Information Security Personnels are assessed?

20. What are the certifications the Information Security Personnels should aquire for fitting into their roles?

ELECTRONIC COMMERCE

UNIT I

2 Marks 1. What is e-commerce? E-commerce is a modern business methodology that addresses the needs of organization, merchants and consumers to cut costs while improving the quality of goods and services and increasing the speed of service delivery.

2. What is i-way? E-commerce is associated with the buying and selling of information, products, and services via computer networks today and in the future via any one of the myriad of networks that make up the information superhighway (i-way).

3. What is cross-media convergence? Cross-media convergence refers to the integration of various industries entertainment, publication, and communication mediabased on multimedia content.

4. List some simple technological advances that drive the phenomenon of convergence? Convergence of content Convergence of transmission Convergence of information access

5. List some components of multimedia? Some components of multimedia are: text, audio, video, images, animation, graphics, hologram, and numerical data.

6. What is message passing? The client-server model allows the client to interact with the server through a request reply sequence governed by a paradigm known as message passing.

7. List some challenges that each highway route provider faces? Telecom-based Cable-based

 Computer Network-based Wireless

8. List the functions of the supply-chain management? Supplier Management Inventory Management Distribution Management Channel Management Payment Management Financial Management Sales force productivity

9. What is a terminal equipment? Customer Premises Equipment(CPE) or terminal equipment is a generic term for privately owned communications equipment that is attached to the network.

10. List some drawbacks of ADSL? Asymmetric digital subscriber line has the following drawbacks: It cannot handle live transmissions, and the picture it produces is not as clear as that provided by a well-tuned cable hookup.

11. What is fast packet switching?

The bundles of data, known as packets move through a network at very high speeds and this routing technique is known as fast packet switching.

12. List the 4 types of last mile connections? The four types of last mile connections are: plain old telephone system (POTS) wires, cable TV coaxial cable, electricity wires, and wireless.

13. What is HDT? The digital video signals from all providers are combined on a video distribution element known as host digital terminal (HDT).

14. Give two advantages of DBS? Two advantages of Direct Broadcast satellite are: Availability Affordability

15. List the two types of DBS available? PrimeStar DBS service Direct Satellite Service

16. List some major issues that will play a crucial role in defining the i-way? The major issues are: cost, subsidies, allocation of scarce resources, regulation, universal access, privacy, and social issues.

17. What is a Network Access Point? A NAP is a high speed network or switch to which a number of routers can be connected for the purpose of traffic exchange and interoperation.

18. What is a routing arbiter? A Routing Arbiter (RA) is an element that is introduced into the NAP architecture. RA organization implements the concept of policy-based network routing that enables routing of traffic between different network operators.

19. List the goals of Gigabit Network Research? There are two goals: To advance the technology and understanding of requirements for high speed networking. To explore the potential applications for such a network that are of importance to business and society in general.

20. List some services of the internet? Some services of the internet are: Individual to group communications Information Transfer and delivery services Information Databases Information Processing services

 Resource-sharing services

16 Marks 1. Explain E-commerce Framework? _Information Super-highway _Information and Multimedia Content _Technical Standards

2. Explain E-commerce and Media Convergence? _E-commerce, Convergence _Cross-Media _Technological Advances

3. Explain the anatomy of E-commerce applications? _Multimedia Content for e-commerce applications _Multimedia Storage servers & ecommerce applications _Information Delivery/ Transport and e-commerce applications _Consumer access devices

4. Explain the network infrastructure for e-commerce? _Market forces influencing the i-way _Network access equipment _The Last Mile _Global Information Distribution Networks _Public policy issues shaping the i-way

5. Explain the Internet as a Network Infrastructure? _Chronological history of the internet _NSFNET: Architecture and components _National Research and Education network _Globalization of the Academic Internet _Internet Governance and Applications UNIT II

2 Marks

1. What are the 3 types of electronic tokens? Cash or real-time Debit or prepaid Credit or postpaid

2. What are the properties of e-cash? E-cash must have a monetary value It must be interoperable It must be storable and retrievable It should not be easy to copy or tamper with while being exchanged

3. Write notes on electronic checks. Electronic checks are another form of electronic tokens. They are designed to accommodate the many individuals and entities that might prefer to pay on credit or through some mechanism other than cash.

4. What are smart cards? Smart cards are credit and debit cards and other card products enhanced with microprocessors capable of holding more information than the traditional magnetic stripe.

5. Mention the 2 types of smart cards. Relationship-based smart credit cards

 Electronic purses

6. What are the 3 basic categories of credit card payment on on-line networks? Payment using plain credit card details Payment using encrypted credit card details Payments using third-party verification

7. Mention some factors to be included for designing electronic payment systems. Privacy Security Intuitive interface Database integration Brokers Pricing Standards

8. Define EDI. Electronic Data Interchange (EDI) is the electronic transfer, from computer to computer, commercial and administrative data using an agreed standard to structure an EDI message.

9. Specify the 4 layers of EDI architecture.

 EDI semantic layer EDI standard layer EDI transport layer Physical layer

10. Mention the benefits for international trade. Reduced transaction expenditure Quicker movement of imported and exported goods Improved customer service through track and trace programs Faster customer clearance and reduced opportunities for corruption, a huge problem in trade.

11. Give out the basic kit necessary for EDI implementation. Common EDI standards Translation software Trading partners Banks EDI value-added networks (VANs) Proprietary hardware and networking

12. What are the 2 major ED standards? ANSI X.12 EDIFACT

13. Give the elements of an EDI message. Transaction set Data segments Data elements

14. Compare EDIFACT and X.12 Standards. Both are comprised of strings of data elements called segments. ANSI standards require each element to have a very specific name, such as order date or invoice date. EDIFACT segments, in contrast, allow for generic or multiuse elements, such as date.

15. Mention the layers of EDI software implementation. Business Application Layer Internal format conversion EDI Translator Layer EDI envelope for document messaging

16. Mention the 3 types of EDI access methods. Direct dial or modem to modem connection Limited third-party VANs Full-service third-party VANs

17. What are the factors involved in EDI implementation cost? The expected volume of electronic documents. Economics of the EDI translation software Implementation time Maintenance fees VAN charges

18. What are the 2 types of EDI envelopes used? X.435 Internet EDI based on MIME

19. Define VAN. A value-added network (VAN) is a communications network that typically exchanges EDI messages among trading partners.

20. What are the factors that make the internet useful for EDI? Flat pricing Cheap access Common mail standards Security

16 Marks

1. Explain EDI Software Implementation. Diagram: How EDI works EDI Business application layer Diagram: The preparation process followed by the application s/w EDI Translator layer EDI Communications layer

2. Write notes on digital token-based electronic payment systems. E-cash & its properties E-cash in action Business issues Operational risk Legal issues E-checks with diagram

3. Explain the EDI applications in business. International trade and EDI Financial EDI Health care and insurance EDI Manufacturing/Retail procurement using EDI Business information, product design, and procurement

4. Define VAN. Explain it in detail.

 Definition VAN pricing structures VAN service providers VANs and the internet

5. Write notes on smart cards and electronic payment systems. Relationship-based smart cards Electronic purses and debit cards Smart card readers and smart phones Business issues and smart cards

UNIT III 2 Marks 1. What is mean by Marketing? Marketing is a way of managing a business so that each important business decision is made with full knowledge of the impact it will have on the customer.

2. What are the assumptions of marketing? The assumptions are (i) all company policies and activities should be aimed at satisfying customer needs and (ii) profitable sales volume is better company goal than maximum sales volume.

3. What is mean by Advertising? Advertising is the process of reaching the customer using a broadcast or direct mail campaign orchestrated to influence purchasing behavior.

4. What is mean Bundling? Bundling is a classic marketing strategy in which two or more complementary products and/or services are offered as a package at a discounted price.

5. List out the bundling strategies. _Only components. _Only bundles. _Mixed strategy.

6. What are the two important information based products? The two important information based products are: _Pricing. _Priority.

7. What are the two main types of micromarketing? The two main types of micromarketing are: _Direct-relationship micromarketing. _Directorder micromarketing.

8. What are the two different advertising paradigms in the on-line world? The two different advertising paradigms in the on-line world are: _Active or Push-Based Advertising. _Passive or Pull-Based Advertising.

9. What are the two types of Push-based advertising? The two types of Push-based advertising are: _Broadcast Model. _Junk Mail Model.

10. What are the disadvantages of television advertising? The disadvantages of television advertising are: _High cost of production. _Limited exposure time. _Short air time. _Clutter of many other ads.

11. What are the types of Pull-based advertising? The types of Pull-based advertising are: _Billboards. _Catalogs or yellow page directories. _Endorsements. 12. What is Billboard or World Wide Web Model? Billboard model refers to information placed where it will come to the attention of customers in the course of other activities and does not require active search.

13. What are the advantages of Billboard Model? The advantages of Billboard Model are: _Ability to completely cover a market. _Maintain high levels of viewing frequency.

14. List the four major classifications of Electronic publishing. The four major classifications of Electronic publishing are: _On-line full text publishing. _CD-ROM publishing. _Collaboratories. _Video.

15. What are the two types of software agents function? The two types of software agents function are: _Static _Mobile.

16. What are the properties of Mobile Software Agents? The properties of Mobile Software Agents are: _Programming _Safety. _Resource usage. _Navigation _Privacy. _Communication.

17. What are the challenges for resource discovery of software agents? The challenges for resource discovery of software agents are: _The scale of problem. _Need for cooperative brokerages. _Need for resource sharing.

18. What are the three camps of agent requests? The three camps of agent requests are: _Synchronous communication-oriented remote procedure call (RPC). _Asynchronous message-oriented agents. _Intermediaries or database middleware.

19. What are the features of software agent? The features of software agent are: _Owner _Author _Lifetime _Account _Goal _Subject description _Background

20. What are the three approaches of Agent Reasoning Capability? The three approaches of Agent Reasoning Capability are: _Rule-based approach. _Knowledge-based approach. _Learning approach.

16 Marks 1. What are the technological components of Education on-Demand?

_On-line full text publishing. _CD-ROM publishing. _Collaboratories. _Video.

2. What are characteristics and properties of user agent? _Characteristics _Properties

3. Write notes on On-Line Advertising Paradigms. _Active or Push-Based Advertising _Passive or Pull-Based Advertising

4. Write briefly on computer-based education and training. _On-Line Education and Virtual Classrooms _Training On-Demand _Changing Roles Of Institutions

5. Write notes on digital copyrights and electronic commerce _Digital Copyright Basics _Digital Copyright Wording in On-Line Databases _Enforcing Digital Copyrights Using Technology.

UNT IV 2 Marks 1. What is operational picture? Managers and workers need to obtain information regarding their own situation, including the customers, suppliers, and other department in the areas of interest and, of course, the disposition of a competitor through market intelligence. The totality of the information relevant to manager can be referred to as the operational picture.

2. What are the challenges faced by a companies in handling data? The challenges are: i. To pull together the technology for amassing operational information ii. To maximize the utility of existing information to managers

3. What were/was expected to help improve a companys competitive position in the 1990s to manage information overload? a. Decision Support Systems(DSS) b. Management Support Systems(MSS) c. Visual Information Access and Analysis(VIAA) d. Data/Information Warehouses e. Structured Document and Imaging Databases f. Executive Information Systems(EIS) g. Business Intelligence Systems(BIS) h. On-line Analytical Processing(OLAP) i. Multidimensional databases(MDD)

4. Write the three key decision support trends 1. Digital information infrastructure consisting of documents and data. 2. Better utilization of information in strategic and operational decision making, which involves effective on-line information search and retrieval in a distributed environment. 3. Architecture for implementing decisions through workflow automation and

business process integration.

5. What is an infosphere? Millions of transactions and oceans of multimedia data will flow through the network every day. This creates an infosphere.

6. What are the two types of on-line transactions? Two types of on-line transactions are: i. On-line transaction processing(OLTP) ii. On-line analytic processing(OLAP)

7. What are the two activities related to navigating the infosphere? Navigating the infosphere involves two related activities: i. Information search, discovery, and retrieval ii. Presentation or visualization of the retrieved information

8. List few document management schemes i. Ad hoc documents ii. Process-specific documents iii. Knowledge-oriented documents

9. Give some examples for Ad-hoc documents. i. Letters

ii. Financial reports iii. Manuals

10. Write about Process-specific documents Some of the process specific documents are invoices and purchase orders. They are typically created, constructed, and distributed by support personnel. These are often forms-based: context and appearance undergo virtually no alteration and context varies only slightly according to well-articulated rules.

11. What are Knowledge-oriented documents? Knowledge-oriented documents encompass documentation, catalogs of product information, and design documents.

12. What are User models? User models are interposed between the user interface and information sources to filter the available information according to the needs of the task and the user. These models can be customized.

13. List the types of digital documents Document imaging Structured documents Hypertext documents Active documents

14. What are the steps involved in document oriented processes? Document creation Document media conversion Document production and distribution Document storage and retrieval

15. Write notes on document imaging. Document imaging emulates microfiche and microfilm. An imaging system passes a paper document through a scanner that renders it digital and then stores the digital data as a bit-mapped image of the document. Keywords are used for indexing and retrieval of document.

16. Write brief notes on hypertext documents. Hypertext is a way of making document based information more mobile. Relationships between documents can be represented through hypermedia links. 17. Write notes on active document. Active documents (or compound documents) represent what is known as document-oriented computing. Active documents provide an interactive interface where all documents, applications, and data related to a particular task are assembled, arranged, and interlinked in such a manner that the user can focus on the task at hand and be shielded from nontask-related issues like access, storage, data formats, location, computing, or delivery mechanisms.

18. Name the activities involved in document-based work flows Document modeling Transformation Synthesizing Business modeling

19. List the advantages of structured documents. Allows document formatting Documents can be edited, linked to graphics, video, photo etc. Easy to search and query documents.

20. Name the types of data warehouses. Physical data warehouse Logical data warehouse Data library Decision support systems

21. List the elements in building data warehouse Back end: Accessing and organizing data easily from disparate sources. Preparing data for analysis: Querying, searching, and governing the data.

 Front end: Providing means for effective analysis of the information.

22. What are the advantages of data warehouses? Users can manage and access large volumes of information in one cohesive framework. Managers can distribute information on a variety of platforms. Enables faster access and decision making. Increases flexibility.

16 Marks 1. Explain in detail the dimensions of internal electronic commerce systems. Infosphere- complexity of data-technological architecture for internal commerce(figure)-key areas-user modeling interaction-Effective utilization of information-Types of Onlinetransactions-Navigating the infosphere-Electronic Brokerages and Work FlowAutomation

2. What is a document library? Explain in detail about business can be promoted to meet customers needs by improving document management support with an example. Definiions-Challenges in an organization-Corporate digital library as a core of document management (figure)-Digital document management-issues and concerns.

3. Explain the types of digital documents. Document imaging Structured documents

 Hypertext documents Active documents

4. Explain the elements in building data warehouse Back end: Accessing and organizing data easily from disparate sources. Preparing data for analysis: Querying, searching, and governing the data. Front end: Providing means for effective analysis of the information.

5. Explain the issues behind document infrastructure. Document constituencies Document-oriented processes Document-based work flows UNIT V 2 Marks 1. What is the compression method used in Multimedia? Sector-oriented disk Compression Backup or archive-oriented compression Graphics and video-oriented Compression Compression of data being transmitted over low-speed networks

2. What is the goal of data compression in action? The goal of data compression is to make the size of the 100 bit message as close as possible to the 100 bits of underlying information.

3. What is the disadvantage of data compression? The most obvious problem is the time to transfer that much data from storage to the display. Nearly 30 Mb per second is enough to choke almost any I/O port or data bus. Other problems include both storage and processing.

4. What are the types of Compression Technique? Grief brief notes on them Compression techniques can be divided into two major categories, Lossless Compression Lossy Compression Lossless compression: It means that a given set of data will undergo a loss of accuracy or resolution after a cycle of compression and decompression. Lossy Compression: It produces compressed output that is exactly the same as the input.

5. Define Multiprocessing? Multiprocessing is defined as the ability to support the concurrent

execution of several tasks on multiple processors. This implies that ability to use more than one CPU for executing programs. The processors can be tightly or loosely coupled.

6. Define multitasking? Multitasking means that the server operating systems can run multiple programs and give the illusion that they are running simultaneously by switching control between them. Two types of multitasking are used: Preemptive No preemptive

7. Define Multithreading? Multithreading is a sophisticated and refers to the ability to support paths of execution within a single address space. Older operating systems achieve multitasking by creating multiple processes, which creates a great deal of overhead. 8. Give brief notes about the types of storage technology? Storage technology can be divided in to two types: Network-based (disk arrays) Desktop-based (CD-ROM) Disk arrays: Disk arrays store enormous of information and are becoming an important

storage technology for firewall servers and other electronic commerce servers. CD-ROM: The preemptive desktop storage technology for electronic commerce applications is CD-ROM.

9. What are the types of Desktop video conferencing? There are three types of desktop video conferencing they are Plain Old Telephone lines(POTS) ISDN Internet

10. What is MBONE? The MBONE is a virtual network that has been in existence since early 1992. The MBONE shares the same physical media as the internet. It uses a network of routers is not for the faint of heart and is time consuming because a lot of learning and fixing are involved.

11. Define SONET? SONET, or Synchronous Optical NETwork, is a set of standards that govern synchronous fiber optic data transmission at rates ranging from 51.8Mbps to 2.5Gbps.

12. How fast packet switching differs from the traditional circuit switching? The fast packet switching differs from the traditional circuit switching in the following three aspects Call set-up Traffic management Switching

13. Describe the benefits of Frame relay? Frame relay has two benefits: Speed: It is no longer necessary to carryout error controls and corrections between each node due to the improvements in transmission media. Sharing costly bandwidth: Frame relay allows users to share costly, high throughput channels over a single access line, and it uses a hubbing approach to distribute traffic over a wide area.

14. Describe the three functional levels in physical layer? The physical layer can be divided into three functional levels: Transmission path Digital section Regenerator section

15. What are the four dimensions in mobile computing? The four dimensions in mobile computing are, Wireless delivery technology and switching methods Mobile information access devices Mobile data internetworking standards and equipment Mobile computing based business applications

16. What are the categories of Radio based systems? Radio based services can be grouped into two main categories: Land based Satellite based

17. What is palmtop? Palmtop computers attempt to provide higher functionality and more closely resemble whats available in desktop computers. Palmtops called personal organizers. It offer the combined functionality of a personal organizer and communications terminal to provide access an applicationspecific personal computer and communications terminal to provide access to e-mail.

18. Specify the advantage of circuit-Switched Cellular transmission? The advantage of circuit switched cellular transmission is that users should be able to use a cellular modem as they would any modem. Because the

charge call is by the minute and also for set-up, cellular modems can be more cost-effective when used to send large messages.

19. What is licensed broadband? Licensed bandwidth allocation of 120 MHz in the 1850 MHz to 1990 MHz band represents a considerable amount of spectrum-by comparison, the current cellular phone system, known as advanced mobile phone system occupies only 50 MHz.

20. What is the application of unlicensed broadband? These applications today are relegated to the industrial/scientific/medical bands should make better use of the radio spectrum and allow for more simultaneous users and better signal quality.

16 Marks 1. Explain about digital video and electronic commerce? Characteristics of Digital video Digital video compression/Decompression Types of Codecs _Hybrid _Software-based Three Hybrid standards _JPEG _MPEG I _MPEG II

2. Describe Desktop Video Processing? Video on the desktop is a key element in turning a computer into a true

multimedia platform. However digital video isnt what one would call a natural fit when it comes to desktop computers due to their inability to process the compression and decompression of video satisfactorily. Desktop Video Hardware for playback and capture Video playback Video capture and Editing Desktop Video Application Software Apples Quick Time Microsofts video for Windows

3. Explain Desktop video conferencing? What are the types of Desktop video Conferencing? Desktop video conferencing is gaining momentum as a communications tool. For many business users, face-to-face videoconferences are already a common practice allowing distant colleagues to communicate without the expense and inconvenience of traveling. TYPES OF DESKTOP VIDEO CONFRENCING: Using POTS for video conferencing Using ISDN for video conferencing Using the internet for video conferencing _CU-SeeMe _MBONE

4. Describe the concept of Broadband background? Narrowband Versus Broadband Networks

 Integrated services Digital Network (ISDN) SONET and SDH BISDN Versus ATM Connectionless versus connection oriented networks Switching techniques _Call set-up _Traffic management _Switching 5. Explain about Asynchronous Transfer Mode (ATM)? ATM is a high-speed, connection-oriented, cell based transmission scheme that offers bandwidth on demand for voice, data and video telephony applications. ATM networks are being created to switching technology voice, data and video signals at multiples of 155 Mbps through multigigabit hubbing devices Types of ATM traffic and switching: ATM Switching ATM cell structure ATM system Architecture

6. Give brief description about wireless delivery technology and switching methods? Radio-Based Systems Cellular Communications _Increasing Capability and widespread coverage for cordless telephones _Decreasing cell size (micro cells) and power levels for hand-held and vehicular cellular radio. _Specialized wireless data systems Wireless packet data networks Satellite networks

 Very small aperture terminals (VSATs) Paging and satellite Networks Infrared or Light-Based Mobile computing

7. Explain Mobile information access devices? Portable computers Hybrid pen computers Personal Digital Assistants (PDAs) Digital Assistants Personal communicators Palmtops Cellular modems and PCMIA adapters

COMPUTER GRAPHICS

2 Marks 1. What is the purpose of presentation graphics? Presentation graphics is used to produce illustrations for reports or to generate 35mm slides or transparencies for use with projectors. Presentation graphics is commonly used to summarize financial, statical, mathematical, scientific, and economic data for research reports, managerial reports, consumer information bulletins, and other types of reports.

2. Define refresh buffer/frame buffer.

The memory area where in picture definition is stored is called Refresh buffer. This memory area holds the set of intensity values for all the screen points. On a black and white system with one bit per pixel, the frame buffer is called a bitmap.

3. What is pixel? Each screen point in a monitor is called a pixel/pel. It is also called picture element.

4. Define aspect ratio. It is a property of video monitors. This number gives the ratio of vertical points to horizontal points necessary to produce equal-length lines in both directions on the screen.

5. What is Output Primitive? Basic geometric structures that describe a scene are referred to as Output Primitives. Points and straight lines segments are the simplest geometric components of pictures. Additional output primitives that can be used to construct a picture include circles and other conic sections, quadric surfaces, spline curves and surfaces, polygon color areas, and character strings.

6. What is DDA? The Digital Differential Analyzer is a scan-conversion line algorithm based on calculating either difference in y-coordinate (dy) or difference in x-coordinate. We sample the line at unit intervals in one coordinate and determine corresponding integer values nearest the line path for the other coordinate.

7. What are the disadvantages of DDA algorithm? Round-off error in successive additions of the floating-point increment can cause the calculated pixel positions to drift away from the true line path for long line segments. Rounding operations and floating-point arithmetic in procedure are still timeconsuming.

8. What is attribute parameter? Any parameter that affects the way a primitive is to be displayed is referred to as an attribute parameter.

9. What are the basic line attributes? Basic attributes of a straight line segment are its type, its width, and its color.

10. What is meant by aliasing? The distortion of information due to low frequency sampling (Under sampling) is called aliasing. We can improve the appearance of displayed raster lines by applying antialiasing methods that compensate for the under sampling process.

11. Define Translation. A translation is applied to an object by repositioning it along a straight line path from one coordinate location to another. We translate a two-dimensional point by adding translation distances, tx and ty, to original coordinate position (x, y) to move the point to a new position (x\', y\'). x\' = x + tx, y\' = y + ty. The translation distance pair (tx, ty ) is called a translation vector or shift vector.

12. Define Rotation. A 2-D rotation is applied to an object by repositioning it along a circular path in the xy plane.

13. Define Scaling. A scaling transformation alters the size of an object. This operation can be carried out for polygons by multiplying the coordinate values (x,y) of each vertex by scaling factors sx and sy to produce the transformed coordinates ( x\', y\' ). x\' = x. sx, y\' = y. sy.

14. Define Reflection. A Reflection is a transformation that produces a mirror image of an object. The mirror image for a 2D reflection is generated relative to an axis of reflection by rotating the object 180 degree about the reflection axis.

15. Define Shear. A transformation that distorts the shape of an object such that the transformed shape appears as if the object were composed of internal layers that had been caused to slide over each other is called a shear.

16. Define Window. A world-coordinate area selected for display is called a window.

17. Define view port. An area on a display device to which a window is mapped is called a view port.

18. What is viewing transformation? The mapping of a part of a world-coordinate scene to device coordinates is referred to as viewing transformation.

19. Define Clipping. Any procedure that identifies those portions of a picture that are either inside or outside of a specified region of space is referred to as a clipping algorithm or simply clipping. The region against which an object is clipped is called a clip window.

20. What are the types of Clipping? Point clipping Line clipping Area clipping Curve clipping and Text clipping

16 Marks 1.Explain DDA algorithm for line. Algorithm Definition Diagram

 Theory Implementation

2.Explain Bresenham\'s algorithm for line, circle, ellipse.

Algorithm Definition Diagram Theory Implementation

3. Explain Attributes of Output primitives.

Line attributes Curve attributes area-fill attributes character attributes

4. Explain 2D Transformations.

Translation Rotation Scaling

 Shear Refletion

5. Explain 2D viewing.

Definition Diagram Theory UNIT II 2 Marks 1. Categorize the 3D representations? Boundary representation (B-reps) and space-partitioning representations.

2. What Boundary representation? It describes a 3D object as a set of surfaces that separate the object interior from the environment. e.g. polygon facets and spline patches.

3. What space-partitioning representation? This is used to describe interior properties, by partitioning the spatial region containing an object in to a set of small, non-overlapping, contiguous solids. e.g.octree.

4. What is Blobby Object?

Some objects do not maintain a fixed shape, but change their surface characteristics in certain motions or when in proximity to other objects. Examples in thisclass of objects include molecular structures, water droplets and other liquid effects,melting objects and muscle shapes in the human body. These objects can be described asexhibiting \"blobbiness\" and are often simply referred to as blobby objects, since their shapes show a certain degree of fluidity.

5. What is projection? The process of displaying 3D objects on a 2D display is called as Projection

6. What are the types of projection? Perspective projection Parallel projection

7. What is parallel projection? In a parallel projection, coordinate positions are transformed to the view plane along parallel lines.

8. What is Perspective projection? For a perspective projection object positions are transformed to the view plane along lines that converge to a point called the projection reference point.

9. What is chromaticity? The term chromaticity is used to refer collectively to the two properties describing color characteristics: Purity and dominant frequency.

10. Define Color model. A Color model is a method for explaining the properties or behavior of color within some particular context.

11. What are the uses of chromaticity diagram? The chromaticity diagram is useful for the following: Comparing color gamuts for different sets of primaries. Identifying complementary colors. Determining dominant wavelength and purity of a given color.

12 . What is HSV model? The HSV (Hue,Saturation,Value) model is a color model which uses color descriptions that have a more intuitive appeal to a user. To give a color specification, a user selects a spectral color and the amounts of white and black that are to be added to obtain different shades, tint, and tones.

13. What for CMY color model used? A color model defined with the primary colors cyan, magenta, and yellow is useful for describing color output to hard-copy devices.

14. What are the parameters in the HLS color model? Hue, Lightness and Saturation.

15. Define Computer animation. Computer animation refers to any time sequence of visual changes in a scene. In addition to changing object position with translations or rotations, a computer generated animation could display time variations in object size, color, transparency, or surface texture.

16. What are the steps in animation sequence? Story board layout Object definition Key-frame specifications Generation of in-between frames

17. How frame-by-frame animation works? Here each frame of the scene is separately generated and stored. Later the frames can be recorded on film or they can be consecutively displayed in \"real-time playback\" mode.

18. What is morphing? Transformation of object shapes from one form to another is called morphing.

19. What are the methods of motion specifications?

 Direct motion specification Goal-directed Systems Kinematics and Dynamics.

16 Marks 1. Explain various 3D object representations.

Categories with one example in each.

2. Explain 3D Transformations.

a. Translation b. Rotation c. Scaling

3. Explain 3D viewing.

1. Definition 2. Diagram 3. Theory

4. Explain Color models.

 RGB color model YIQ CMY HSV HLS

5. Explain computer animation.

Theory, definition and diagrams.