Executive MSc in Information Security

Application Security

FINAL EXAM

Date :
Time : 09.00 am to 11.30 am (150 minutes)
__________________________________________________________

INSTRUCTIONS TO CANDIDATES:

1. You have to answer FOUR (4) out of FIVE (5) Questions.

2. Each question will carry a maximum of 25 marks for the answer.
3. Since this is an open book exam, you can use printed and written materials.
4. Any form of electronic devices is not allowed inside the exam hall. You are
expected to leave the devices outside the exam hall.
5. Candidates are not permitted to take any question paper or answer script
from the examination hall.
6. Cases of Plagiarism will be penalized.
[Q-01]
1. State the advantages and disadvantages of compiling intermediate code
over native code.
[2 Marks]

2. What is REST? Define.

[3 Marks]

3. List Two (2) advantages and disadvantages of Scrum and Waterfall

software development methodology.
[4 Marks]

4. Describe how you can apply threat modelling for a mobile application.
[6 Marks]

5. As an application security specialist, what are the best practices that you
will recommend to your organization’s application secure development
lifecycles. Describe any Five with justifications.
[10 Marks]

[Q-02]
1. What is CSRF? Define and briefly explain how it works.
[4 Marks]

2. List Three different types of XSS attacks and briefly describe how a
developer can protect your website from them.
[4 Marks]

3. Briefly describe ‘cookies’ and their features.

[5 Marks]

4. You have noticed that most of the staff of your organization use web
banking applications through their mobiles and computers. As an
information security specialist, what are your key advices to them. Justify
your recommendations.
[4 Marks]

5. Explain precautionary measures appropriate to avoid SQL injections

[8 Marks]
[Q-03]
1. State the difference between JSP and Servlet
[2 marks]

2. List Four (4) different HTTP request methods

[4 marks]

3. List Three (3) Java Programming Language Platforms and briefly describe
[3 marks]

4. Briefly describe different types of Enterprise Java Beans (EJB)

[6 Marks]

5. Explain J2EE architecture along with security features

[10 Marks]

[Q-04]
1. What is managed and unmanaged code in .NET? Define
[2 marks]

2. What are the security features of CLR in .NET?

[4 marks]

3. How will you achieve application level security in .NET. Briefly explain.
[4 Marks]

4. Compare the difference between .NET and Java security

[6 Marks]

5. Describe how data integrity can be achieved by digital certificate. Illustrate

your answer with a diagram
[9 Marks]
[Q-05]
1. What is application whitelisting? Define.
[2 marks]

2. Briefly explain the reasons for the hopping ports of applications

[3 Marks]

3. Briefly describe how profiles and templates are used to control application
behavior.
[4 Marks]

4. Explain different ways to control behavior of the application running on

computer.
[8 marks]

5. How the application network communication can be controlled? Explain.

[8 marks]