(SEM III) THEORY EXAMINATION 2021-22 COMPUTER SYSTEM SECURITY

This question paper belongs to the B.Tech (Semester III) – Computer System Security (Subject Code: KNC301) examination. The total marks for the exam are 50, and the paper is designed to thoroughly test a student’s understanding of cybersecurity fundamentals, system vulnerabilities, secure system design, and cryptographic concepts.

The paper is divided into three sections (A, B, C), each targeting different levels of difficulty and depth — from short concept checks to applied cybersecurity problems.

SECTION A – Conceptual Short Questions (10 Marks)

Section A consists of 5 short questions, each carrying 2 marks. These questions evaluate basic theoretical understanding of:

Why session hijacking attacks often succeed

The significance of the confinement principle in computer security

Differences between UNIX and Windows access control models

Number of lookup zones in DNS

Definition and uses of a firewall

These questions ensure the student understands core terminologies, basic attack surfaces, operating system security models, and network fundamentals.
 

SECTION B – Analytical / Explanatory Questions (15 Marks)

Students must attempt any three out of five questions (5 marks each). Topics include:

Control hijacking and buffer overflow attacks

System call interposition (a key defense technique)

Cross-Site Scripting (XSS) and prevention mechanisms

Public key cryptography basics

RSA public key system explained briefly

This section tests the student's ability to describe attacks, understand malware behavior, identify secure coding practices, and explain cryptographic mechanisms in detail.

SECTION C – Long Answer / Applied Cybersecurity (25 Marks)

Section C contains five main questions, each with two alternative choices. Students must attempt one part from each question (5 questions × 5 marks each).

Q3 – Cybersecurity Evolution / Digital Signatures

Students must discuss either how security systems should evolve to handle modern cyber threats OR explain digital signatures and how they work.

Q4 – Rootkits / Software Fault Isolation

Topics include rootkit detection and prevention methods or the need for isolating software faults in system security.

Q5 – CSRF / Browser Isolation

Covers how Cross-Site Request Forgery attacks work (with examples) or the difference between Browser Isolation and Remote Browser Isolation.

Q6 – RSA Algorithm / Symmetric vs Asymmetric Crypto

Students may solve an RSA encryption–decryption example using p=11, q=13, e=7, m=9 or compare symmetric and asymmetric cryptography, listing advantages and disadvantages.

Q7 – Risk, Threat, Vulnerability / Network IDS

Students may define risk, vulnerability, and threat in network security or explain Network Intrusion Detection Systems (NIDS) along with their types.

This section tests a student’s ability to apply cybersecurity concepts, evaluate attack mechanisms, demonstrate cryptography mathematics, and explain network defense strategies.