UNIT-1

2 Marks:
1. Define IT system security.
2. List two common threats to IT systems.
3. What are technical controls in IT system security?
4. Give an example of security measures in place for IT systems.
5. What is the purpose of a firewall in IT security?
6. Define the principle of least privilege.
6 Marks:
1. Explain the different types of threats to IT systems and provide examples.
2. A company’s IT department has recently been hit by a ransomware attack.
Describe how you would identify the vulnerabilities that led to this attack
and suggest immediate steps to mitigate future risks.
3. Describe the role of technical controls in IT system security.
4. Describe the steps involved in vulnerability analysis with reference to a
case study.
5. Explain the significance of threat analysis in IT system security.
6. Discuss the role of vulnerability mitigation in maintaining system security.
10 Marks:
1. Describe the role of technical controls in IT system security.
2. Explain how Microsoft Baseline Security Analyzer can be used for system
security assessment.
3. Conduct a threat analysis for an IT department’s system using a case
study approach.
4. Explain the primary threats to IT systems and their impact on
organizational security.
5. Discuss in detail the steps and importance of conducting a vulnerability
analysis and threat analysis on an IT system.
6. Explain how system security risk management is performed, providing an
example of risk mitigation strategies.
UNIT-2
2 Marks:
1. What does zero-day vulnerability mean?
2. What are the major threats to mobile operating systems?
3. Name two key security features of operating systems.
4. What is the role of Tripwire SecureCheq in operating system security?
5. List two methods of securing an operating system.
6. What is the role of encryption in data protection?
6 Marks:
1. Explain the importance of server operating system security and how it
differs from workstation OS security.
2. Compare and contrast security features in UNIX and Windows operating
systems.
 3. Discuss the security risks associated with running outdated operating
systems. Suggest methods the firm can implement to mitigate these risks
while continuing to use their legacy applications
4. Describe the security challenges in mobile operating systems and
potential solutions.
5. Explain the role of secure configurations in operating system security.
10 Marks:
1. Discuss the unique security challenges faced by mobile operating
systems.
2. A small business’s website is altered to display unauthorized content, and
the attackers gain control over the site’s admin panel. What type of
cyberattack does this represent, and what steps should the business take
to secure its website?
3. A company’s servers running on an outdated operating system were
recently targeted by a malware attack, causing critical data loss. security
vulnerabilities in the outdated OS could have led to this attack, and what
steps should the company take to prevent future OS security attacks?
4. Explain the guidelines for securing server and workstation operating
systems.
5. Discuss the role of security features in operating systems and how they
mitigate changing threats.
6. Evaluate the role of server and workstation OS security guidelines in
protecting against attacks.
UNIT-3
2 Marks:
1. What are the three pillars of endpoint security?
2. List two challenges of implementing endpoint security.
3. How can endpoint security solutions address growing security threats?
4. What is the importance of mobile application security testing.
5. What is endpoint security?
6. Name two types of endpoint protection tools.
6 Marks:
1. Analyse the role of endpoint encryption in securing enterprise data.
2. A retail company allows employees to use personal devices (BYOD) for
work purposes. What security challenges might arise from this policy, and
how would you implement endpoint security measures to protect company
data?
3. Explain the challenges faced in endpoint security and propose possible
solutions.
4. A healthcare company is securing mobile devices used by doctors to
access patient records, to meet regulations on protecting patient
data.What challenges might the company face in securing these mobile
devices, and how can they use encryption, access control, and device
management to protect the data?
5. Explain the steps the company should have taken to secure the lost
device, focusing on encryption and endpoint security measures for the
 given scenario, an employee working remotely loses their company-issued
laptop, which contains sensitive client data.
6. Discuss the importance of endpoint security in a BYOD environment.
10 Marks:
1. Discuss the pillars of endpoint security and their importance in modern
networks.
2. Discuss Gartner’s Magic Quadrant and its importance in evaluating
endpoint security solutions.
3. Discuss the major challenges associated with securing endpoints in a
corporate environment.
4. Compare two endpoint security solutions, focusing on their strengths and
limitations.
5. Discuss the challenges of implementing endpoint encryption and propose
strategies to overcome these challenges. Provide a plan for ensuring
secure data handling while maintaining user efficiency.
6. Discuss the key features of Gartner’s Magic Quadrant for endpoint security
UNIT-4
2 Marks:
1. What is the difference between authentication and authorization?
2. What are the key components of Oracle Application Server portal security?
3. What are the key steps in identifying and protecting against mobile app
threats?
4. List out two common types of database attacks.
5. What is the function of an antivirus software?
6. What are the key steps in identifying and protecting against mobile app
threats?
6 Marks:
1. Describe the security architecture of Oracle Application Server.
2. Discuss the best practices for securing web application servers.
3. Explain the steps involved in testing mobile application security and
provide real-time examples.
4. What are the security measures necessary for Oracle HTTP Server?
5. How does OWASP contribute to mobile application security testing?
6. Summarize the security architecture of Oracle Application Server.
10 Marks:
1. Explain the importance of SSL keys and certificates in securing application
servers.
2. A retail company’s website crashes due to overwhelming traffic from
unknown sources, disrupting online sales for hours. What kind of
cyberattack is this, and how can the company defend against it in the
future?
3. Discuss the importance of OWASP and mobile application security testing.
4. A web application hosted on an application server has recently been
targeted by attackers using SQL injection and cross-site scripting (XSS)
 attacks. What steps can the organization take to protect its application
server from these security threats?
5. Discuss the key security measures such as encryption, device
management, and real-time monitoring.
6. Describe the steps you would take to protect the web application server
from SQL injection and other web-based threats. Include security tools and
techniques such as OWASP guidelines in your response.
UNIT-5
2 Marks:
1. What are the lifecycle stages of database security?
2. What are security checklists used for in database security?
3. What is involved in planning for security in the system lifecycle?
4. Why is database server security critical in modern IT systems?
5. What are security checklists used for in database security?
6. What are the key maintenance controls for database server security?
6 Marks:
1. Explain the various database server threats and propose
countermeasures.
2. An employee receives an email that looks like it's from their bank, asking
them to click a link and update their account details. What type of
cyberattack is this, and how should the employee avoid falling victim to it?
3. What are the best practices to secure a database server? Provide detailed
guidelines.
4. Explain the importance of contingency planning and maintenance controls
in database server security.
5. Explain the countermeasures to be implemented to mitigate SQL injection
vulnerabilities.
6. Discuss how you would secure the database server and prevent future
injection attacks
10 Marks:
1. Explain the architecture of database systems and the need for securing
databases.
2. Explain how system vulnerabilities are identified and prioritized for
database servers.
3. Discuss common threats to database servers and the countermeasures
that can be applied.
4. Explain the steps involved in a comprehensive database security
assessment.
5. Design a comprehensive database security framework for the company.
Include strategies for securing data at rest and in transit, access control
policies, encryption, and database auditing
6. Explain how you would integrate lifecycle security measures into the
organization’s overall IT security processes and ensure ongoing
compliance with security standards.