"",uUJ&:.R

_°__°_1 1 3_7_2_2 _ubject Code

MB3H21T

DATE: January 10. 2010 TIMI GS: 10:00 Hrs to 13:00 Hrs

TOTAL MARKS: 100 DURATION: 3 Hours

To be filled b the Student

TEST CENTER

o RNO.

SEAT NO.

n wer heet to mark n w rs fi r S clion A. U th n wcr Booklet totion Band C

1. Fill in th r quired particular in he Qu tion Booklet and th ns r Bookl t. In th ab enc ofthi'data th An w r Bookl t will not b evaluat d

2.

e th b k co . r page for in truction on m rking ans~ er

4. hon hould be att rnpt d first. im allan d a an wer tion is 30 minut . Return th 0 'IR

n w r h t 30 minut aft r ommenc m nt of th aminatlon. Return th

end of th mination.

IUd nt n r tain this u tion Bookl I after th e. amination.

An werillg Materials di tribllted along with thi que lion booklet:

*OMR ANSWER SHEET I • A SWER BOOKLET

2010, 1 F I nh r it)

MB3H2IT-OllO

4. Which oftbe following statements is (abe about Internet Protocol Security (IPSec)?

(a) lPSec is below the transport layer(b) IPSec is transparent to all applications(e) IPSec can provide security for individual users ifneeded(d) LPSec is transparent to end users(e) There is a need to change software on 8 user or server system when IPSec is implemented in

the firewall or router.

5. Malicious software can be divided into two categories those that need a host program and those thatare independent. Which of the following 8Te the malicious softwares need a host program?

I. Viruses.II. Wonns,III. Zombie.IV. Backdoors.

(a) Both (I) and (II) above(b) Both (I) and (IV) above(e) Both (II) and (III) above(d) (I), (II) and (III) above(e) (II), (III) and (IV) above.

6. SSL session and SSL connection are the important components of SSL. Which of the following is/arethe parameter(s) of SSL session?

I. Peer certificate.II. Compression method.111. Server write key.

(a) Only (II) above(b) Only (III) above(e) Both (I) and (II) above(d) Both (I) and (III) above(e) Both (II) and (III) above.

7. There are many metrics which are useful for profile-based intrusion detection. For all these metricssome models are used to dc[ennine whether current activity fits within accep[able limits or not.Which of the following models is used to establish transition probabilities among various states?

(a) Mean and standard deviation model(b) Multivariate model(c) Markov process model(d) Time series model(e) Operation model.

8. Which of the following IPSec specification consists of description of a packet authentication extensionto lPv4 and IPv6?

(a) RFC 2401(b) RFC 2402(e) RFC2411(d) RFC 2404(e) RFC2104.

Page 3 of 14

C 2010, ICFAI University All rights reserved Photocopying. stnclly prohibited

(please Turn Page)

MB3H2IT-OllO

13. Which of the following statements is/are false about SMTP/822 scheme (Simple Mail TransferProtoeol)?

I. SMT? cannot transmit executable files or oLher binary objects.II. SMTP can transmit text data that includes national language characters.III. SMTP gateways to X.400 electronic mail nerworks cannot handle nontextual data included in

X.400 messages.

(a) Only (II) above(b) Only (III) above(0) Both (I) and (II) above(d) Both (I) and (III) above(e) Both (II) and (111) above.

14. Arrange the following operations in correct sequence for authentication in Pretty Good Privacy(PGP).

I. The sender creates a message.II. The receiver uses RSA with the sender's public key to decrypt and recover the hash code.III. SHA-I is used to generate a 160-bit hash code of the message.lV. The hash code is encrypted with RSA using the sender's private key, and the result is prepended

to the message.V. The receiver generates a new hash code for the message and compares it with the decrypted

hash code. If the two match, the message is accepted as authentic.

(a) (I)-(II)-(III}-(IV)-(V)(b) (1)-(III)-(IV}-(II)-(V)(c) (1)-(1I)-(V)-(III)-(IV)(d) (1)-(JII)-(11)-(IV)-(V)(e) (I)-(II)-(IV)-(JII)-(V).

IS. Which of the following Kerberos version 5 flags indicate that the protocol employed for initialauthentication required the use of hardware expected to be possessed solely by the named client?

(a) INITIAL(b) PRE·AUTHENT(0) HW-AUTHENT(d) RENEWABLE(e) FORWARDED.

16. VeriSign provides three levels or classes of security for public·key certificates. Which of the followingapplications uses VeriSign class I digital IDs?

(a) Web-browsing(b) Software validation(e) E-banking(d) Database access(e) Membership-based online services.

17. Which of the following types ofviruses mutate with every infection, making detection by "signature"of the virus impossible?

(a) Parasite virus(b) Memory-resident virus(e) Boot-sector virus(d) Stealth virus(e) Polymorphic virus.

Page 5 of 14

C 2010, ICFAI Umversity. All rights reserved Photocopying is stnctly prohibited

(l'Iease Turn Page)

MB3H2IT-OllO

23. ISAKMP provides a framework for message exchange, with the payload types serving as the buildingblocks. Which of tile following ISAKMP exchange types is used to perfonn mutual authentication,without a key exchange?

(a) Base exchange(b) Identity protection exchange(c) Authentication only exchangeCd) Aggressive exchange(e) Informational exchange.

24. Statistical anomaly detection and rule·based detection are the two approaches to intrusion detection.Which of the following methodes) is/are related 10 statistical anomaly detection?

I. Threshold detection.n. Profile based.m. Penetration identification.

(a) Only (I) above(b) Only (II) above(e) Both (I) and (II) above(d) Both (1) and (111) above(e) Both (II) and (Ill) above.

25. Markov model is developed for the generation of guessable passwords and it is generally representedas a quadruple [m, A, T, k]. In this quadruple 'k' represents

(a) Number of states in the model(b) State space(c) Matrix of transition probabilities(d) Order of the model(e) Complexity of the model.

26. Two key IDs are included in any POP message that provides both confidentiality and authentication.These keys need to be stored and organized in a systematic way for efficient and effective use by allparties. The scheme used in POP is to provide a pair of data structures (private·key ring, public·keyring) at each node, one to store the public/private keys pairs owned by that node and one to store thepublic keys of other users known at this node. Which of the following is not an entity in private·keyring structure?

(a) Timestamp(b) Key lD(c) Public Key(d) Encrypted Private Key(e) Key Legitimacy.

27. A Pretty Good Privacy (POP) message consists of three components. Which of the following is lIotincluded in signature component?

(a) Timestamp(b) Message digest(c) Leading two octets of message digest(d) Key ill of sender's public key(e) Session key.

Page 7 of 14

C 2010. ICFAI University. All rights reserved. Photocopying Is strictly prohibited

(Please Turn Page)

Sections B&C

Page 9 of 14

02010, ICFAI University. All nghts ""served Photocopying is slriclly prohibited

MB3H2IT-011 0

(please Turn Page)

MB3H2IT-011 0

firewall appliance that has exceptional ease of management and a Return on Investment thatis almost immediate compared to competing firewal1s with its unlimited user license thelicensing issues were eradicated leaving lastminute to develop and grow the companyinternationally without having to worry about licensing. Initially lastminute.comimplemented 9 units across 8 sites, supporting over 850 users.

Today they have 21 GNAT Boxes deployed and as new sites are opened additional GB­1000's will be installed,

As Jasuninute,com expands the organisation they will continue to move forward with theGNAT Box G8-1000 Firewall Appliance as their preferred platform for connecting andsecuring new remote offices and partners.

I-'--EN=-D-'--'-O=-F-"-CA-S=E=-L"=ET""'-1--,

Caselet 2Answer tbe following questions based on tbe given Casele.:

4. Assume you are CEO of Techcombank, what are the aspects you will consider whendetermining the ROI of RSA Securro solution? Also categorize the e--security ROIsegments into business and IT perspective. List out various value points of RSA SecurIDauthentication and explain the impact of these value points on Return On Investment (ROJ)segments. (12 marks)

5. RSA SecurID uses AES algorithm for encl)'ption and decryption. Explain in detail AESalgorilhm. (10 marks)

Techcombank is one of Vietnam's largest and fastest growing full service joint-stock banks.It offers banking products and financial services lO individuals, corporate customers andgovernmental organizations through a variety of delivery channels. Since its inception 14years ago, the bank has groWll to over 110 branches and transaction offices in 20 provincesand cities. By 2010, the bank aims to open its 300th branch. As a customer-centric andforward-thinking bank, Techcombank views technology as a platfornl to deliver fast,accurate and high value services for its customers. As such, Techcombank has become oneof Vietnam's pioneering banks in implementing a technology-focused strategy to dailyoperations and management.

Recognizing the convenience of online banking for its customers and the economic benefitsit can bring to the bank, namely, lower operational costs. Techcombank in 2003 installedthe corebanking Globus software from Temenos and ha\o'e been continuously upgrading it toprovide customers with the best products and services for online banking. Techcombank hasbuilt a reputation for looking after the needs of its customers and is well-known for havingbest practices banking security measures in place. Much emphasis was placed on thedevelopment of an online banking service that was convenient for customers, cost-effectiveand most importantly, secure. With these requirements in mind, Techcombank decided toimplement a two-factor authentication (2FA) key token system using one-time passwords.Customers would use their regular passwords as usual, but then provide a one-lime, uniquenumeric password as a second layer of security.

According to Nguyen Duc Vinh, CEO of Techcombank, the bank is recognized as aninnovator wilhin the Asian banking industry, possessing one of the most ad.,,:mced ITbanking systems in Vietnam. In line with its market expansion plans and branding strategy,with Vietnam's Internet penetration surpassing 16 million users in July 2007, provision for

Page II of 14

C 2010, ICFAI Unrversity. All rights reserved Photocopying is strictly prohibited

(please Turn Page)

MB3H2IT-OllO

Section C : Applied Theory (20 Marks)

• This section consists of questions with serial number 6 - 7.

• Answer all questioDS.• Marks arc indicated against each question.

• Do not spend more than 2S -30 miDutes on Section C.

6. In IPSec. Encapsulating Security Payload (ESP) provides confidentiality services, includingconfidentiality of message contents and limited traffic flow confidentiality. Explain theformat of an ESP packet and list the different encryption and authentication algorithmswhich are used for ESP. Also explain why ESP includes a padding field. (10 marks)

7. What is dual signature and explain its purpose with an example.

E 0 OF SECTION C

END OF QUESTIO PAPER

Page 13 of 14

C 2010. lCFAI University. All nghts reserved Photocopyrng Is sllictly prohibited

(10 marks)

(please Turn Page)