Unique Paper Code : 62347627
Name of the paper : Information Security and Cyber Laws
Name of the Course : B A Programme
Semester : VI
Duration : 3 hours
Maximum Marks : 75
Year of Admission : 2015, 2016, 2017 and 2018
Attempt any four questions.
All questions carry equal marks.
Complete answer to a question should be uploaded in the form of a single PDF file.
1.
● Encrypt the plaintext message DELHIUNIVERSITY using:
○ rail fence cipher with key 3 (no. of rows).
○ rail fence cipher with key 4 (no. of rows).
● Decrypt the ciphertext messages IARCNINIFREDAO and INNNADAVIY
using:
○ rail fence cipher with key 3 (no. of rows).
○ rail fence cipher with key 4 (no. of rows).
● Encrypt the plaintext message DELHIUNIVERSITY using:
○ Vigenère cipher with key COLLEGE.
● In a certain encryption scheme, PRAY is written as SUDB. Assuming that a
substitution cipher is used for encryption, deduce the key and use the same key
to encrypt the message HELLOWORLD. Also encrypt HELLOWORLD using a
transposition cipher with the following key:
8 -> 2, 7->1, 6->5, 5 -> 7, 4 -> 6, 3-> 8, 2 -> 4, 1-> 3
2.
● What is meant by the terms threat, vulnerability, and attack.
● In a system that allows weak passwords, identify the vulnerability, threat, and
attack.
● For each of the following examples, identify which element of the CIA-triad:
confidentiality, integrity and availability, is compromised and why:
● Ramesh wants to access SBI online but the website crashes and he is
unable to access his account information for two hours.
● Ira was checking the status of her delivery on amazon.in but she
accidentally was also able to see the delivery status of all other clients
at Delhi.
● Ram not only accessed the marksheet of all his classmates on his
college website but also changed the marks of some of his friends.
3.
� In each of the following scenarios, identify the type of malicious code, briefly
describe how it harms the system, and suggest one way of preventing it.
● A malicious code started by taking over the victim's Gmail program. It then
used a macro to hijack their email system and send messages to the addresses
in their mailing lists. This malicious code spread so rapidly that e-mail
systems were overwhelmed and the entire network got congested.
● A piece of code that starts operating a malicious code when a particular
defined condition is satisfied.
● Alex downloaded an email attachment containing “Happy New
Year.exe”. On clicking a video file started playing on his system. While the
video was playing, a code got downloaded in his computer and it started
attaching the same code with every email that Alex sent using his computer.
● On opening an email attachment, a file got downloaded and it started
monitoring each activity of the user on that system.
● Bob has downloaded an MP3 file after which he is getting multiple unsolicited
commercial e-mail every day.
● Kiara wanted to open her bank’s website www.igibank.com, but
automatically a malware changes this link to www.iggibank.com.
4.
● What do you mean by the term risk management? Mention three major components
of risk management and draw a diagram that describes these major components of risk
management.
● Distinguish between residual risk and risk appetite.
● Enumerate five criteria that must be met for a policy to become enforceable.
5.
● What is meant by the terms: identity theft and cross-site scripting?
● How is an application layer firewall different from a packet-filtering firewall? Why is
an application layer firewall, sometimes called a proxy server?
● How do the following types of firewall enforce address restrictions:
○ static filtering?
○ dynamic filtering?
○ stateful packet inspection (SPI)?
6.
● Differentiate between authentication and authorization, giving an example of each.
● Suggest how one may choose a strong password.
● Consider the following case study: “On September 9, 2010, the Bob made a fake
profile in the name of the Hon’ble President of his country. A complaint was made
from Additional Controller, President Household, President Secretariat regarding the
four fake profiles created in the name of Hon’ble President on social networking
website. The said complaint stated that president house has nothing to do with the
� fake profile that is misleading the general public”. Which section of the Information
Technology Act 2000 would be applicable to Bob and why?
● Enumerate four functions of access control systems. Briefly describe each of them.
