1.

Differentiate between Substitution and SSL is located between the Application and
Transposition techniques. Transport layers.
Substitution: Replaces plaintext characters with
other characters (e.g., Caesar Cipher). 12. Define static and dynamic web pages.
Transposition: Rearranges the order of plaintext Static: Fixed content, same for all users (e.g.,
characters (e.g., Rail Fence). HTML).
Dynamic: Content generated on-the-fly, varies per
2. Define Rail Fence technique. user (e.g., PHP).
A transposition cipher where plaintext is written
in a zigzag pattern across rows and read row by 13. What are the protocols used in IP Security?
row to form ciphertext. Authentication Header (AH), Encapsulating
Security Payload (ESP), Internet Key Exchange
3. What is Brute-force attack? (IKE).
An attack that tries all possible key combinations
to decrypt ciphertext until the correct key is found. 14. Name any three firewall configurations.
Packet Filtering, Application Gateway, Circuit-
4. Define Seed. Level Gateway.
A random value used as initial input in
cryptographic algorithms (e.g., pseudorandom 15. Define Denial of Service (DoS).
number generators) for unique outputs. An attack that overwhelms a system or network to
disrupt availability to legitimate users.
5. Write any one problem with clear text
passwords. 16. Define Digital Envelope.
Clear text passwords are vulnerable to interception A technique combining symmetric and
during transmission, exposing them to attackers. asymmetric encryption to securely transmit a
symmetric key with encrypted data.
6. What is Masquerade attack?
An attack where an unauthorized entity 17. Write the participants involved in SET.
impersonates a legitimate user or system to gain Cardholder, Merchant, Payment Gateway, Issuing
access. Bank.

7. Define Block Cipher. 18. What is the need for security in computer
A cryptographic algorithm that encrypts fixed-size systems?
blocks of plaintext into ciphertext using a To protect data confidentiality, integrity, and
symmetric key (e.g., AES). availability from unauthorized access or attacks.

8. Convert "CYBER SECURITY" using Rail 19. Define Biometric Authentication.

Fence Technique. A security process verifying identity using unique
With 2 rows: biological traits (e.g., fingerprints, iris scans).
Row 1: C B R S C R T
Row 2: Y E E U I Y 20. Define Time Stamping Protocol.
Ciphertext: CBRSCRTEUIY A protocol providing a trusted timestamp for
digital documents to prove their existence at a
9. Define CRL (Certificate Revocation List). specific time.
A list maintained by a Certificate Authority
containing serial numbers of revoked digital 21. Define VPN.
certificates. A Virtual Private Network creates a secure,
encrypted connection over a public network for
10. Define Tiny Fragment attack. private communication.
An attack sending small, fragmented IP packets to
bypass firewall filters by exploiting packet 22. What is IP address spoofing?
reassembly flaws. An attack where an attacker fakes their IP address
to impersonate a trusted source or hide identity.
11. Where is SSL layer located in TCP/IP
model?
23. Define Authentication Token. o Example: Plaintext "HI" with
A device generating a temporary code to verify a keyword "KEY" encrypts as a pair.
user’s identity during authentication. o Security: Stronger than
monoalphabetic but breakable.
24. What is Public Key Infrastructure (PKI)? o Use: Historical, replaced by AES.
A framework managing public key encryption and
digital certificates via policies, hardware, and 28. Write the mechanism for protecting private
software. keys.

25. What is the purpose of Encryption and  Storage in Secure Hardware: Use
Decryption? Hardware Security Modules (HSMs) or
Encryption: Converts plaintext to ciphertext for smart cards. Example: Banking HSMs.
confidentiality.  Encryption of Keys: Encrypt keys with
Decryption: Converts ciphertext back to plaintext AES-256 and a strong passphrase.
for authorized access.  Access Control: Implement multi-factor
authentication and role-based access.
26. Differentiate between Symmetric and Example: Biometric verification for
Asymmetric Key Cryptography. admins.
 Secure Backup: Store encrypted backups
 Symmetric Key Cryptography: offline. Example: USB drives in secure
o Uses a single shared key for vaults.
encryption and decryption.  Monitoring and Auditing: Use SIEM tools
o Advantages: Fast, efficient for to log and audit key usage for anomaly
large data. detection.
o Disadvantages: Key distribution is
challenging; less scalable. 29. Explain the role of a Registration Authority
o Example: AES with 256-bit key for in certificate issuance.
file encryption.
 Asymmetric Key Cryptography:  Identity Verification: Verifies applicant’s
o Uses public and private key pairs. identity (e.g., government ID, domain
o Advantages: Secure key exchange, ownership).
supports digital signatures.  CSR Processing: Validates Certificate
o Disadvantages: Slower, requires Signing Request data (public key,
larger keys. organization details).
o Example: RSA for secure email.  Liaison with CA: Forwards verified CSRs
 Comparison: Symmetric is faster; to Certificate Authority for signing.
asymmetric is secure for key exchange.  Policy Enforcement: Ensures compliance
with CA standards (e.g., X.509). Example:
27. Explain Caesar Cipher and Polygram Domain control for SSL.
Substitution Cipher.  Record Keeping: Logs certificate details
for auditing and revocation.
 Caesar Cipher:
o Monoalphabetic substitution 30. Explain Challenge/Response Token
shifting each letter by a fixed key. Authentication.
o Example: "HELLO" with key=3
becomes "KHOOR".  Concept: Server challenges user; token
o Security: Weak, vulnerable to generates response using a secret key,
frequency analysis (26 key avoiding password transmission.
possibilities).  Process:
o Use: Educational, not practical. o Server sends a random challenge
 Polygram Substitution Cipher: (e.g., nonce).
o Substitutes letter blocks (e.g., o Token computes response with
Playfair Cipher using a 5x5 secret key (e.g., RSA SecurID).
matrix). o Server verifies response.
  Security: Dynamic responses prevent o DA: D→F, A→B → FB
replay attacks; key stays secure. o TA: T→Y, A→B → YB
 Example: Challenge “123456” yields o SE: S→E, E→U → EU
response “789012”. o CU: C→U, U→R → UR
 Applications: VPNs, online banking. o RI: R→U, I→K → UK
o TY: T→Y, Y→Z → YZ
31. Discuss various types of attacks on  Ciphertext: FBYBEUURUKYZ
computer systems.  Explanation: Encrypts pairs for added
security.
 Passive Attacks: Eavesdropping to steal
data. Example: Packet sniffing for 34. Explain SSL protocol and why it's placed
passwords. between application and transport layers.
 Active Attacks: Modify or disrupt systems.
Example: Man-in-the-middle altering  SSL: Secures communication with
messages. confidentiality, integrity, authentication.
 Malware Attacks: Viruses, worms,  Components:
ransomware. Example: WannaCry o Handshake: Negotiates keys,
encrypting files. ciphers, certificates.
 Social Engineering: Tricking users. o Record: Encrypts, fragments data.
Example: Phishing for credentials. o Alert: Manages errors.
 Denial of Service (DoS): Overwhelms o Change Cipher Spec: Activates
systems. Example: Flooding a server to ciphers.
crash it.  Placement: Between Application (HTTP)
and Transport (TCP) layers; encrypts data
32. Write and explain RSA Algorithm with an transparently.
example.  Example: HTTPS securing credit card
transactions.
 RSA: Asymmetric algorithm using  Significance: Enables secure protocols like
modular exponentiation. SMTPS.
 Steps:
1. Primes: p=3, q=11. 35. Define and explain Digital Signature.
2. n = p × q = 33.
3. φ(n) = (p-1)(q-1) = 20.  Definition: Verifies authenticity and
4. Public key e=7 (coprime to 20). integrity of messages.
5. Private key d=3 (d × e ≡ 1 mod  Process:
20). 1. Hash message (e.g., SHA-256).
6. Encrypt P=5: C = 5^7 mod 33 = 2. Encrypt hash with private key
14. (signature).
7. Decrypt C=14: P = 14^3 mod 33 = 3. Send message and signature.
5. 4. Receiver decrypts signature with
 Explanation: Security from factoring public key, compares hash.
difficulty.  Properties: Authenticity, integrity, non-
 Applications: SSL/TLS, digital signatures. repudiation.
 Example: Signing emails.
33. Encrypt "DATA SECURITY" using  Applications: Software distribution,
Playfair Cipher and keyword "SECURE". blockchain.

 Key Matrix (SECURE, I/J combined): 36. Define firewall and explain Application
 S E C U R Gateway and Packet Filtering.
 A B D F G
 H I/J K L M  Firewall: Monitors and controls network
 N O P Q T traffic via rules.
V W X Y Z
 Application Gateway:
o Application layer; inspects data
 Plaintext: DA TA SE CU RI TY. (e.g., HTTP).
 Encryption:
 o Example: Proxy filtering web  Process:
requests. i. Generate public-private key pair.
o Pros: Granular; Cons: Slower. ii. Submit CSR with public key,
 Packet Filtering: identity details to RA.
o Network layer; filters headers (e.g., iii. RA verifies identity, forwards to
IP). CA.
o Example: Router blocking IPs. iv. CA signs certificate (includes key,
o Pros: Fast; Cons: Less secure. identity, validity).
 Comparison: Gateway is thorough; v. Deliver certificate to applicant.
filtering is efficient. vi. Use for authentication, encryption.
vii. Standards: X.509 format.
37. Explain Digital Certificate Revocation
process. viii. Applications: SSL/TLS, email
signing.
 Concept: Invalidates certificates before
expiration (e.g., compromised key). 40. Explain DES Algorithm with example.
 Process:
1. Request revocation (owner or CA). DES: Symmetric block cipher, 64-bit blocks, 56-
2. CA adds certificate to CRL. bit key.
3. Publish CRL to repositories.
4. Parties check CRL or use OCSP  Steps:
for status. i. Key Scheduling: Generate 16
 Example: Revoking a website’s SSL subkeys.
certificate. ii. Initial Permutation: Rearrange
 Challenges: Large CRLs, OCSP plaintext.
connectivity. iii. 16 Rounds: Split block, expand,
 Significance: Maintains PKI trust. XOR with subkey, S-boxes,
permute.
38. Explain the principles of Network Security iv. Final Permutation: Produce
in detail. ciphertext.

 Confidentiality: Protects data access (e.g., o Example: Plaintext

AES encryption). 1234567890ABCDEF, key
 Integrity: Prevents unauthorized changes 133457799BBCDFF1 → 64-bit
(e.g., SHA-256 hashing). ciphertext.
 Authentication: Verifies identity (e.g., o Security: Weak due to short key;
digital signatures). replaced by AES.
 Authorization: Controls access (e.g., role-
based access). 41. Explain RSA algorithm with proper
 Availability: Ensures system access (e.g., mathematical example.
DoS mitigation).
 Non-repudiation: Proves actions (e.g., RSA: Asymmetric, based on factoring difficulty.
digital signatures).
 Implementation: Cryptography, firewalls,  Steps:
IDS/IPS, secure protocols (SSL/TLS, i. Primes p=5, q=7.
IPSec). ii. n = 35.
 Challenges: Evolving threats, key iii. φ(n) = 24.
management, performance. iv. e=5 (coprime to 24).
v. d=5 (d × e ≡ 1 mod 24).
39. Define and explain the process of vi. Encrypt P=4: C = 4^5 mod 35 = 9.
generating a Digital Certificate. vii. Decrypt C=9: P = 9^5 mod 35 = 4.

Definition: Binds public key to identity, issued by o Security: Hard to factor n.

CA. o Applications: Key exchange,
signatures.
42. Define Secure Electronic Transaction (SET) 45. Write short notes on any two:
and explain its entire process. a) PKIX Services:

Definition: Visa/Mastercard system for secure o Standards for PKI (X.509).

online payments. o Services: Certificate issuance, CRL
distribution, OCSP, key
 Process: management.
i. Cardholder initiates purchase. o Components: CA, RA, repositories.
ii. Merchant requests authorization o Applications: SSL/TLS, VPNs.
via payment gateway.
iii. Cardholder signs with digital b) Biometric Authentication:
certificate.
iv. Gateway verifies certificate, checks o Uses biological traits (fingerprints,
with bank. iris).
v. Bank approves/denies. o Process: Enroll template, verify
vi. Merchant completes order, sends sample.
receipt. o Advantages: Hard to forge.
o Challenges: Privacy, costs.
o Features: Dual signatures, o Applications: Smartphones,
confidentiality, non-repudiation. banking.
o Limitations: Complex, not widely
adopted.

43. Explain the architecture of IP Security.

IPSec: Secures IP communications.

 Components:
o AH: Authentication, integrity.
o ESP: Confidentiality,
authentication, integrity.
o IKE: Manages keys, security
associations.
 Modes: Transport (payload), Tunnel
(entire packet).
 Architecture: Security Associations,
Security Policy Database, Security
Association Database.
 Applications: VPNs, remote access.

44. Explain the architecture of VPN in detail.

Definition: Secure tunnel over public networks.

 Architecture:
o Client: Initiates connection.
o Server/Gateway: Authenticates, routes
traffic.
o Protocols: PPTP, L2TP/IPSec, OpenVPN.
o Encryption: AES, RSA.
o Authentication: Passwords, certificates.
 Types: Remote Access, Site-to-Site.
 Benefits: Secure, cost-effective.
 Challenges: Performance, complexity.