(SEM IV) THEORY EXAMINATION 2022-23 COMPUTER SYSTEM SECURITY

This question paper belongs to B.Tech Semester IV – Computer System Security (KNC-401).
The total marks are 100, and the duration is 3 hours.

The question paper is divided into three structured sections — A, B, and C.
Each section tests a different level of understanding:

Section A: Basic concepts and short theoretical definitions

Section B: Detailed explanations and comparative answers

Section C: Application-based, analytical, and advanced security topics

Students must attempt all sections. Wherever necessary, missing data may be assumed suitably.

2. Section A – Short & Fundamental Questions (20 Marks)

This section contains 10 questions, each of 2 marks, focusing on core security concepts.
Answers must be brief but conceptually accurate.

Topics covered include:

● Threat vs Vulnerability

Understanding differences between security risks and system weaknesses.

● Integer Overflow

Explaining how arithmetic limits cause security bugs.

● Anti-XSS Tools

Advanced tools that protect applications from Cross Site Scripting.

● IDS vs IPS

Monitoring vs prevention-based network security approaches.

● Web Security

Basic mechanisms to secure web applications.

● Benefits of IPSec

Confidentiality, authentication, integrity, and secure tunnels.

● Symmetric vs Asymmetric Encryption

Difference in keys, speed, and use cases.

● Three-way Handshake

TCP connection establishment process.

● Firewall

Definition, purpose, and typical usages.

● RIP vs OSPF

Differences between distance-vector and link-state routing protocols.

This section evaluates foundational knowledge and basic terminologies of security.

3. Section B – Detailed Descriptive Questions (30 Marks)

Students must attempt any three questions, each carrying 10 marks.
These require deeper explanation, examples, use cases, and structured answers.

Topics include:

● Control Hijacking & Buffer Overflow

How attackers manipulate control flow and how memory vulnerabilities are exploited.

● Access Control Comparison

Windows vs UNIX permissions, ACLs, file systems, and user models.

● Cross-Site Request Forgery (CSRF)

Definition, workflow, and defense mechanisms (tokens, same-site cookies, etc.).

● IP Security (IPSec)

Security architecture, AH/ESP, transport vs tunnel mode.

● Packet Filtering Firewalls

Definition, types (stateless, stateful), filtering rules.

This section checks understanding of real-world attacks, defenses, protocols, and OS security mechanisms.

4. Section C – Advanced & Application-Based Questions (50 Marks)

This section contains five parts (Q3–Q7), each with two options, and students must attempt one option from each part.
Each question carries 10 marks.

Part 3 – System Vulnerabilities

Choice between:

● Vulnerability Management

Steps in identifying, assessing, mitigating, and monitoring threats.

OR

● Format String Vulnerability

How improper format string usage leads to memory disclosure or code execution.

Part 4 – System Call & Virtualization Security

Choice between:

● System Call Interposition

Intercepting system calls for security monitoring.

OR

● VM-Based Isolation

Using virtual machines to isolate processes and applications.

Part 5 – Web Attacks & Threat Modelling

Choice between:

● Cross-Site Scripting (XSS)

Types of XSS, vulnerability scanning, payload injections.

OR

● Threat Modelling

Steps, methodologies (STRIDE, DREAD), risk evaluation.

Part 6 – Cryptographic Algorithms

Choice between:

● SHA-512 Algorithm

Step-by-step explanation of hashing operations.

OR

● RSA Algorithm

Working of encryption and decryption (with P=3, Q=11, plaintext=5).

Part 7 – Network & Link Layer Security

Choice between:

● Routing Security

Protecting routing protocols against spoofing, poisoning, manipulation.

OR

● Link Layer & TCP/IP Connectivity

Understanding communication at hardware and network layers.

This section tests deep knowledge, reasoning, algorithmic understanding, and real application of security mechanisms.

Final Summary (WHAT THIS DESCRIPTION MEANS)

This WHAT DESCRIPTION explains:

Structure of the question paper

Purpose of each section

Types of questions asked

Core concepts being tested

Expected depth of answers

It gives a complete, long, formal explanation of the entire KNC-401 exam structure.