Download JNTU-Hyderabad MBA 2nd Sem R15 2018 July 721CV Principles Of Information Security Question Paper

Code No: 721CV

R15

JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

--- Content provided by FirstRanker.com ---

MBA II Semester Examinations, June/July-2018

PRINCIPLES OF INFORMATION SECURITY

Time: 3 hours

Max.Marks:75

Note: This question paper contains two parts A and B.

--- Content provided by FirstRanker.com ---

Part A is compulsory which carries 25 marks. Answer all questions in Part A.

Part B consists of 5 Units. Answer any one full question from each unit. Each question carries 10 marks and may have a, b, c as sub questions.

PART - A

5×5 Marks = 25

1. a) How does the practice of information security qualify as both an art and a science? [5]

--- Content provided by FirstRanker.com ---

2. b) How does due diligence differ from due care? Why are both important? [5]
3. c) In risk management strategies, why must periodic review be a part of the process? [5]
4. d) What is the difference between digital signatures and digital certificates? [5]
5. e) What is collusion? How does the separation of duties impact collusion? [5]

PART - B

--- Content provided by FirstRanker.com ---

5 × 10 Marks = 50

2. Identify the five components of an information system. Which are most directly impacted by the study computer security? Which are most commonly associated with its study? [10]

   OR

3. What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is potentially more dangerous and devastating? Why? [10]

   --- Content provided by FirstRanker.com ---

4. What is intellectual property (IP)? Is it afforded the same protection in every country of the world? What laws currently protect it in the United States and Europe? [10]

   OR

5. What is the other name for the Kennedy-Kassebaum Act (1996) and why is it important to organizations that are not in the health-care industry? [10]

   --- Content provided by FirstRanker.com ---

6. Briefly describe management, operational, and technical controls, and explain when each would be applied as a part of a security framework? [10]

   OR

7. a) What is RADIUS? What advantage does it have over TACACS?

   --- Content provided by FirstRanker.com ---

   b) What is VPN? What are some reasons it is widely popular in many organizations? [10]

8. List and describe the four primary types of UPS systems? Which is the most effective and most expensive, and why? [10]

   OR

--- Content provided by FirstRanker.com ---

9. List and describe the four basic conversion strategies that are used when converting to a new system? Under which circumstances is each of these the best approach? [10]

10. What is the primary goal of the vulnerability assessment and remediation domain of the maintenance model? Is this important to an organization with an Internet presence? Why? [10]

    OR

--- Content provided by FirstRanker.com ---

11. What functions does the CISO perform, and what are the key qualifications and requirements for the position? [10]