CYBER SECURITY - AUC- 002 (Questions with Answer) of AKTU

1. What is information assurance and how is it provided?(Ans:Information assurance is defined a the set of measures applied to protect information systems and the information of an organization. It ensures availability, integrity, confidentiality and non repudiation of an organization's information and information system. IA infact the management of risk in relation of processing, transmitting or storing data or information, which means to protect information and information system from accessing, misusing, disclosing, disrupting, destructing and modifying in an unlawful manner.) 
2. Describe security risk analysis?(Ans: Risk analysis is a continuous process that require you to constantly monitor the measures employed to maintain security of your system at present. Process of security risk analysis involves the following three key elements: impact statement, effectiveness measure and recommended countermeasures.  )
3. How do you classify the information system in general? (Ans: there are three basic categories   1. operation support system(Transaction processing system, process control system, Enterprise collaboration System ), 2. knowledge based system (expert system, knowledge Management System), 3. management support system.(management information system, decision support system) ).
4. What is the public key encryption ? Explain.(Ans: in public key encryption two keys are used to encrypt and decrypt data. the key used to encrypt the data is known as public key, and the key used to decrypt the data is known as the private key.you need to generate the public key and private key to use public key encryption. the public key is then made available to anybody who wants to send data. sender can use public key to encrypt data and send the encrypted data to destination. you need to use private key which remains hidden from sender to decrypt data.)
5. What are the security threats? Discuss.(Ans: viruses(polymorphic, stealth, retroviruses, multipartite, armored, companion, phage, macro viruses),  Trojan horses, Logic bombs, worms, spoofing(ip spoofing, content spoofing, caller id spoofing, email spoofing), Trapedoor, email viruses, Macro viruses, Malicious software, deniel of service attacks)
6. How we can use firewall to make secure our application? (Ans: Packet filter, Application level gateway, circuit level gateway, proxy server)
7. What is the process of developing secure information system?
8. What do you understand by security structure and design?
9. Describe the intellectual property issue (IPR).
10. Write a short note on the copyright Act.         
11. What is the information security? Explain cyber crime and Cyber security in this reference.
12. What is intellectual property? Explain with example.
13. Elaborate the difference between security and threats and explain web security.
14. Draw the digrametical approach to make difference between symmetric and asymmetric cryptography.
15. How tunneling takes place in virtual private network (VPN)? Explain the advantage of VPN.
16. How you can say that intrusion detection system is the backbone of information system? Justify  along with its categories.
17. Elaborate cyber crime play a vital role against person , property and government to protect all valuable information and rights.
18. What are the different technologies used for the security of data and application? explain the vulnerabilities.
19. Explain and diffrentiate between integrating security at the implementation phase and the development phase.
20. What is the data security considerations? explain in this reference data back up security, data archival security and data disposal considerations.
21. Explain in what situation semiconductor law comes in consideration and how it differs from patent law?
22. What is the application security? define it in the case of vendor challenges and user challenges for application security.
23. Explain the concept of cryptography by using the diagrammatic approach of it. define the transformation method of it.
24. Elaborate the term access control. What is include in authorization process for (File, Program, data Rights) and explain the all type of controls.
25. Explain the information system resource and activities and what may be the reason of failure of it.