UNIT -I

 Define Information Assurance (IA) in Network security [R].

 List the three main terms in CIA traid [R].

 Explain the concept of Network Security [U].

 State the advantages of Network Security [R].

 Name two common types of network threats.[R]

 Explain what a firewall does in network security?[U]

 Explain the role of antivirus software in network security?[U]

 List the categories involved in network vulnerability[R]

 Define network security architecture in two sentences.[R]

 Explain the importance of encryption in network security architecture.[U]

 Discuss about the security elements in network security architecture[U]

 Show how the blackberry infrastructure involved in network security architecture

with a neat diagram[U]

 Define phishing and provide one example of a phishing attack.[R]

 Name two factors considered in access control for network security[R]

 Explain what social engineering is and give one example of a social engineering
attack.[U]

 Write about Sherwood Applied Business Security Architecture (SABSA)[Ap]

 Define insider threat and give one example of how an insider could pose a threat
to network security.[R]

 Discuss the concept of a network vulnerability and provide two examples of

common network vulnerabilities.[U]

 Write the different types of Network Security[Ap]

 State the four phases of network security architecture[R]

 Solve the following scenario:

“You are advising a startup company on securing their IoT devices, which are
susceptible to vulnerabilities such as weak authentication and insecure
communication protocols.Recommend security measures to mitigate these IoT-
specific vulnerabilities”.[Ap]

 Identify with an example of how a layered security approach can prevent

unauthorized access to sensitive data in a corporate network.[Ap]

UNIT –II

 Define the purpose of SSL/TLS protocols in network security.[R]

 Discuss how IPsec enhances network security.[R]

 Explain the role of SSH (Secure Shell) in securing remote access.[U]

 Explain the role of the NIST Cybersecurity Framework (CSF) in enhancing

 organizational security practices.[U]

 List the purpose of the ISO/IEC 27001 standard in network security[R]

 Discuss the primary objective of the NIST Cybersecurity Framework[U]

 Name the core components of the NIST Cybersecurity Framework [R]

 Discuss the key components of security protocol[U]

 Explain the steps in implementing security protocol [U]

 List the components of SSL/TLS protocol [R]

 Define a framework in network security[R]

 Explain about VPN policy in short[U]

 Discuss about the legal and ethical implications in network defense.[U]

 Write a note on Compliance in network security[Ap]

 Explain the data privacy and data protection in network security[ U]

 Write a note on key components of NIST framework[Ap]

 Discuss the term GRC in network security[U]

 Explain how IPSec protocol helps in protecting data during communication with
its

 components [U]

 Compare and contrast the roles of SSL and TLS in securing online
communications.

 Provide examples of where each protocol is commonly used.[Ap]

 Identify the role of SSH (Secure Shell) in securing remote access to servers and
network

 devices. How does SSH ensure confidentiality and integrity of data

transmissions?[Ap]

 Discuss the purpose and functionality of SSH protocol[U]

 State the challenges and considerations organizations may face when seeking
ISO/IEC 27001 certification. What strategies can be employed to overcome these
challenges and achieve successful certification?[R]

UNIT III

 List the four techniques in firewall. [R]

 Name two common firewall deployment architectures and briefly explain their
differences.[R]

 Identify which type of firewall is suitable for the given scenario: “A small
business wants to secure its internal network from external threats while allowing
basic internet browsing and email”.[AP]
 Explain how does IDS differ from Intrusion Prevention Systems (IPS)?[U]

 Identify and describe the approach to deploying and managing the stateful filter
firewall,emphasizing the specific challenges and considerations relevant to
safeguarding e-commerce operations.[Ap]Define Intrusion Detection System
(IDS)[R]

 Explain in two sentences about firewall[U]

 Explain the concept of stateful inspection firewalls.[U]

 List the characteristics of firewall[R]

 What does VPN stand for, and what is its primary purpose?[R]

 Recall the benefits of Virtual Private Network[R]

 Identify the differences between the perimeter and internal network security.[R]

 Explain about network firewall and the next generation firewall.[U]

 Describe the site to site VPN security[U]

 Discuss about the Remote access VPN[U]

 Define the Working process of VPN.[R]

 Describe the concept of Zero Trust Architecture and its application in securing
internal network communication.[U]

 Explain the following internal network communication[U]

a)Micro-Segmentation: b)End point security c)Network Access Control

 Explain which combination of security measures would you implement to

enhance perimeter security and mitigate these unauthorized access attempts for the
following Scenario?“Your company has recently experienced a series of unauthorized
access attempts from the internet. You are tasked with improving the network’s
perimeter security”. [AP]

 Compare and contrast the use of encryption for data-at-rest and data-in-transit.
[An]
 Define Network Address Translation (NAT) [R]

 Describe how encryption can be used to secure internal network communications

and provide examples of protocols used.[U]

 Evaluate the effectiveness of using firewalls, intrusion detection systems (IDS),

and intrusion prevention systems (IPS) in securing network communication.
Discuss how these technologies complement each other.[AP]

 Use the following scenario to describe the measures that you put in place to
securely enable remote access, and how would these measures protect the internal
network?“Your organization needs to allow remote employees to securely access
internal resources. You need to ensure that this access does not expose the
internal network to external threats”.[An]
 Recall the techniques used to secure the network communication for your
organization when it needs to allow remote employees to securely access internal
resources. You need to ensure that this access does not expose the internal
network to external threats [R] .

UNIT IV

 Define the Advanced Persistent Threats (APT)[R]

 List the characteristic of Advanced Persistent Threats [R]

 State an example for Advanced Persistent Threats[R]

 Define the Network Segmentation techniques in Advanced Persistent Threats[R]

 What distinguishes an APT from other types of cyber attacks?[R]

 How can organizations protect themselves against APTs?[R]

 Explain why APT is considered particularly dangerous to organizations?[U]

 Explain the concept of Threat Intelligence in APT[U]

 Discuss the term SIEM in APT[U]

 Describe which technique is used to ensure that users and systems have the
minimum level of access necessary to perform their functions.

 Explain Incident Response Planning. [U]

 Discuss about zero trust architecture[U]

 Define Spear phishing in APT[R]

 State the characteristics of Advanced Persistent Threat[R]

 State the two defensive strategies that organizations can implement to mitigate
the risk of APT attacks.[R]

 Explain the Stages of APT in a neat diagram.[U]

 Discuss the following techniques in detail.[U]

 Regular Patching and Updates b) User Training and Awareness

 Discuss about Multi-Factor Authentication (MFA)[U]

 Classify the steps that you take to respond to the following potential APT
attempt-“You are the Chief Information Security Officer (CISO) of a large
corporation. You receive an alert that an employee has received a suspicious
email that contains a link claiming to be from a well-known cloud service
provider requesting a password reset”. [AP]

 Your organization has been experiencing targeted attacks, and you suspect that an
APT group might be involved. As part of your defense strategy, you decide to
implement network segmentation. Describe how you would go about this and explain
how it can help in mitigating APT risks.[AP]

 Analyze how the core principles of Zero Trust Architecture—never trust, always
verify, and least privilege—affect the management of user access and network
security.[AN]

 Your company’s HR department has reported that an employee received an email

appearing to be from the company's CEO, asking for a list of employee salaries for a
"confidential project." Detect the steps you would take to respond to this situation and
prevent further risk.[AN]

 Define the Protect Surface Implement Strong Identity and Access Management
(IAM)[R]
 Explain the differences between phishing, spear phishing, and whaling. Include
key characteristics that distinguish each type.[R]
 Define the Endpoint Protection Software and Data Encryption security.[R]
 Discuss about Phishing and Fraud Detection and Vulnerability Management.[U]
 Explain Automated Response and Predictive Analytic in network defense.[U]
 Explain any 4 strategies of zero trust architecture.[U]
 Imagine you are tasked with implementing an AI-based Intrusion Detection
System (IDS) for a large organization. Describe how you would leverage AI to
improve the IDS's effectiveness. Include specific AI techniques you would use and
how they would enhance detection capabilities.[AP]
 Your organization has recently expanded its operations and is handling a large
volume of critical data. How would you design a data backup strategy to ensure the
integrity and availability of this data? Include considerations for backup frequency,
storage solutions, and recovery procedures.[Ap]
 Relate the three specific techniques used by AI to enhance email filtering and
provide examples of how these techniques improve user experience.[AN]
 Analyse the steps to create a strong security framework for protecting your
endpoints from various types of cyber threats.[AN]

UNIT V

[R]

 What is the purpose of the 'Preparation' phase in incident response?

 What actions are taken during the 'Eradication' phase of incident response?

 What role does 'Identification' play in the incident response process?

 How does 'Containment' differ between short-term and long-term strategies in

incident response?
 What is the role of network forensics in the 'Incident Response' phase of an
attack?

 Explain the significance of log analysis in network forensics.

[U]

 Explain how do tools like Wireshark assist in network forensics?

 Discuss the advantage of using a traffic analysis tool in network forensics?

 Describe what should be included in an incident response policy?

 Discuss what metrics can be used to evaluate the effectiveness of an incident

response?

 Describe how does the concept of "data sovereignty" affect forensic

investigations in data breaches?

 Discuss the role of a legal hold in the context of a forensic investigation?

[R]

 Define Network Packet Analyzers

 Recall the Log Management and Analysis Tools

 What is Packet Capturing and Analysis in network analysis during an incident

response

[U]

 Explain the key actions involved in the 'Identification' phase of incident response
and their significance.

 Discuss are the key components of the 'Lessons Learned' phase in incident
response, and why is this phase crucial?

 Explain the concept of Security Patches and Updates in Eradication phase.

[App]
 Sketch the key steps involved in the 'Detection and Analysis' phase of incident
response and explain their significance.

 Use which network forensic tools would you use to analyze the suspicious
network traffic, and what specific actions would you take to identify potential data
exfiltration?

 Use which log management tools would you use to investigate the breach, and
what steps would you take to analyze the logs for evidence of unauthorized access?

 Analyse the steps to show how can an organization use the findings from a
forensic investigation to enhance its overall security posture?

SECTIONC-6MARKS (10/UNIT)(R.U-6QUES,APP,AN,EVA,CREATE-4 QUES)

[R]

 Define the purpose of Recovery and Lessons Learned in incident response.

 Recall the key features and uses of forensic tools in digital investigations

 What is the Impact of Data Breaches on Network Defense Strategies.

{u]

 .Discuss the key legal considerations that organizations must address when
handling data breaches and conducting forensic investigations.
 Discuss the examples of how the legal considerations impact the process of
managing and investigating breaches.
 Describe the various steps involved in incident response.
 [Ap]
 You are the IT Security Manager at a mid-sized company. The company’s
network has been compromised by a ransomware attack that has encrypted
several critical files and displayed a ransom note on affected systems. Write the
steps you would take to respond to this incident.
 Your company suspects a data exfiltration attempt due to a sudden increase in
outbound traffic. How would you approach the investigation using forensic tools
and techniques? Illustrate your investigative process and the tools you would use.
{AN]

 Examine the steps you would take to respond to the following data breach as the
Incident Response Manager.”Your organization has suffered a data breach after
several employees fell victim to a phishing attack, leading to the compromise of
sensitive customer data”.
 A major data breach has occurred, and sensitive customer data has been leaked.
As a forensic investigator, identify the steps you would take to analyze the breach
and identify how the data was compromised.