Scribd Logo
Upload

Welcome to Scribd!

  • Ism PDF

    Uploaded by

    ChiragPhadke
    72 views4 pages
    ism question bank

    Original Title

    ISM.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ism question bank

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    72 views4 pages

    Ism PDF

    Uploaded by

    ChiragPhadke
    ism question bank

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    M.Sc. (I.T.) Sem.

    III
    INFORMATION SECURITY MANAGEMENT
    QUESTION BANK (2014 2015)
    Unit 1:
    1.
    2.
    3.
    4.
    5.
    6.
    7.
    8.
    9.
    10.
    11.
    12.
    13.
    14.
    15.
    16.
    17.
    18.
    19.
    20.
    21.
    22.
    23.
    24.

    Explain the process of risk management.


    What are the steps for risk assessment?
    What are steps to Prepare for a risk assessment?
    What are the different risk assessment approaches?
    What are the different risk analysis approaches?
    Explain generic risk model in detail.
    What are the key characteristics of OCTAVE approach?
    Explain reactive approach to Risk management with proper diagram.
    Explain proactive approach to risk management. What are the benefits over reactive
    approach?
    Write a short note on OCTAVE.
    What are the various domains & corresponding processes of COBIT?
    Explain any 2 methods of quantitative risk assessment.
    Explain with diagram OCTAVE method.
    Explain with diagram OCTAVE allegro.
    What are the various risk framing components & explain relationship among them?
    How are the values of asset derived in quantitative risk assessment approach?
    List various risk models. Explain.
    Explain the following risk models i. Threats ii. Likelihood iii. Impact
    With neat diagram explain the risk management hierarchy.
    How risk assessment is carries out at the organization tier of risk management hierarchy.
    How risk assessment is carries out at the information system of risk management
    hierarchy.
    Explain the quantitative risk assessment.
    Compare the quantitative and qualitative risk assessment approaches.
    List and explain the steps in risk assessment process.

    Unit 2:
    25.
    26.
    27.
    28.
    29.

    What are the various uses of IDPS technologies?


    What are the various functions of IDPS technologies?
    What are the common detection methodologies of IDPS?
    What are the various types of IDPS technologies?
    What are the typical components of IDPS System?

    30.
    31.
    32.
    33.
    34.
    35.
    36.
    37.
    38.
    39.
    40.
    41.
    42.
    43.
    44.
    45.
    46.
    47.
    48.
    49.
    50.
    51.
    52.
    53.
    54.
    55.
    56.
    57.
    58.
    59.
    60.

    What are the typical components of network based IDPS System?


    List and explain various security capabilities of IDPS technologies.
    What are the various types of sensors used in network based IDPS System?
    Explain packet filtering firewall technology.
    Explain the dedicated proxy server, application proxy server firewall technology.
    Explain how firewall act as network address translators.
    Explain stateful inspection.
    Write short note on application firewalls.
    Write short note on Application-Proxy Gateways & Dedicated Proxy Servers.
    Write short note on Web Application Firewalls & Firewalls for Virtual Infrastructures.
    State the Limitations of Firewall Inspection.
    Write short note on VPN.
    Explain various network layouts with firewall implementation.
    What are the various policies based on ip addresses.
    What are the various policies based on protocols.
    What are the various policies based on applications, user identity & Network Activity.
    Explain with diagram IT security requirements.
    What should be considered in the planning stages of a Web server?
    What are the steps for securely installing web server?
    Sate and explain any 4 Wireless Standards.
    State IEEE 802.11 Network Components and explain its Architectural Models.
    What are the various types of authentic methods implemented in IEEE 802.11 security?
    Write short note on IEEE 802.11i security.
    Write short note on the following:
    Server Backup Procedures
    Recovering From a Security Compromise
    Security Testing Servers
    What is penetration testing?
    Write a note on Identification & Authentication Technologies.
    List and explain the important implementation issues for I&A systems.
    What are various criteria used by the system to determine if a request for access will be
    granted?

    Unit 3:
    61.
    62.
    63.
    64.
    65.
    66.
    67.

    What are the various components of PKI?


    Explain mesh and hierarchical PKI structure.
    Explain bridge PKI architecture.
    Explain the two basic data structures used in PKIs.
    Write a note on physical architecture of PKI.
    List the most commonly logged types of information and their potential benefits.
    State & explain the common log management infrastructure functions.

    68. What are the various types of network & host based security software.
    69. What are the challenges in log management?
    70. Explain log management infrastructure.
    71. What are the various functions of log management infrastructure?
    72. Write short note on Syslog Security
    73. 13. Explain the Need for Log Management
    74. List& Explain the classic categories of malware.
    75. List& Explain the popular attacker tools.
    76. What are the recommended capabilities of an antivirus software?
    77. Write a note on sandboxing.
    78. Explain malware incident response life cycle in detail.
    79. List and explain the major component of containment of malware.
    80. Explain the three main categories of patch and vulnerability metrics.
    81. What is The Patch and Vulnerability Group & what are their duties?
    82. What are the primary methods of remediation that can be applied to an affected system?
    83. Who are involved in log management planning? Explain their responsibilities.
    84. What are the steps included in developing logging policies?
    85. List and explain the components of key management infrastructure.
    86. Write a short note on key management policy.
    87. What are the security objectives of key management policy?
    88. Explain the sample KMP format.
    89. Write a short note on Kerberos.
    90. List & explain the KMI components in detail.
    91. Write a short note on Key Management Policy.
    92. Explain any six server security principles.
    93. How the server security is planned?
    94. How the server security is maintained?
    95. List various PKI data structures. Explain in short.
    96. What is the need for log management?
    97. What are the challenges in log management?
    98. Explain the tiers used in a log management infrastructure.
    99. Define roles and responsibilities of the persons involved in log management.
    100. List and explain various forms of malware.
    101.
    List and explain the popular types of attacker tools.

    Unit 4:
    102. State the benefits & objectives of information security audit.
    103. List the principles of Auditing.
    104. List and explain the phases of a disaster recovery plan.
    105. State and explain any 4 interdependencies of audit trails.
    106. Write a note on cost considerations in audit trails.
    107. What are the various types of audit trails?

    108. Explain Audit Trails. What are the two types of audit records explain in detail?
    109. List the steps to perform information security audit.
    110. What are the implementations issues regarding Audit Trail?
    111. Write a note on interdependences in Audit Trial.
    112. Explain the concept of Business Continuity Planning with its different phases.
    113. Explain the concept of Business Continuity Planning and Recovery Plan in
    industry.
    114. Explain the various backup & recovery techniques for applications.
    115. Write a short note on logical security audit.
    116. Explain the system-level, application level and user audit trails.

    Unit 5:
    117. What is forensic science? What is the need of it?
    118. Who are the primary users of forensic tools and techniques? Also state the various factors
    to be considered when selecting an external or internal party?
    119. What are the different groups in which primary users of forensic tools and techniques
    within an organization usually can be divided into?
    120. What are the key recommendations of establishing and organizing a forensic capability?
    121. Write a note on forensic process.
    122. Write a note on forensic toolkit.
    123. Write a note on Examining data files.
    124. Explain the two different techniques used for copying files from media.
    125. What is NESSUS? Why is it considered as the most popular vulnerability scanner?
    126. What types of vulnerabilities are scanned by NESSUS?
    127. What are the control objectives of ISO 17799 standard?
    128. What is the functionality of NMAP tool?
    129. State the features of NMAP.
    130. What are the basic phases of forensic process? Give a brief overview of it.
    131. Write a short note on File Systems.
    132. How is the collection of files done in forensic science?
    133. What is the need for forensics?
    134. What are the key recommendations on establishing and organizing a forensic capability?
    135. List various phases in forensics process. Explain in short.
    136. Explain the two techniques used to copy files from media.

    You might also like