Professional Documents
Culture Documents
Sse - QB
Sse - QB
GITAM
GITAM Institute of Technology
Programme : B.Tech Branch: Computer Science & Engineering
Sub Code : 19ECS448
Sub Name : Secure Software Engineering
Semester : VIII
Admitted Batch : 2019-2020
SECTION – A
(Short Answer Questions for 2 marks)
Unit – 1 :
Q.No. Question CO PO BL Marks
Category – 1: Easy Questions
1 What properties should be followed
3 1 1 2
throughout SDLC to assure security?
2 What are requirements engineering? 1 1 1 2
3 List the core properties of secure 4 1 2
1
software.
4 Why is security a software issue? 1 1 2 2
5 What are the sources of software
2 1 1 2
insecurity?
Category – 2: Moderate Questions
1 List the processes and practices that
2 1,2 1 2
affect software security.
2 Bring out the difference between
1 1 2 2
cyclomatic complexity and NPath.
3 How threats during software operation 1
1,3
2 2
can affect its security? Explain.
4 Compare functional and non- 5 2 2
1
functional requirements.
5 How threats during software
development can affect its security? 1 1,3 4 2
Explain.
Unit – 2 :
Q.No. Question CO PO BL Marks
Category – 1: Easy Questions
1 Draw a misuse case diagram for ATM 1 1,3 3 2
security.
2 Brief the importance of requirements 5 1 1 2
engineering
3 Draw a misuse case diagram for car 1 1,3 3 2
security.
4 What are the problems encountered 5 1,2 1 2
by requirements engineering?
5 Compare any 2 requirements 3 1 3 2
elicitation methods.
Category – 2: Moderate Questions
1 Draw a misuse case diagram for 1 1,3 3 2
money theft from one’s bank account
using OTP.
Question Bank template for Admitted Batches - 2019-20, 2020-21 & 2021-22
Unit – 3 :
Q.No. Question CO PO BL Marks
Category – 1: Easy Questions
1 Bring out the differences between
structured and unstructured external 2 1 2 2
threats?
2 List the CAPEC attack classes. 4 1 1 2
3 How three aspects of risk impact
determination help in quantifying the 5 1 2 2
risk?
4 Why mapping of threats and
vulnerabilities is important in risk 2 1 3 2
classification?
5 Bring out the differences between
2 1 2 2
external and internal threat actors?
Category – 2: Moderate Questions
1 What factors are considered in the risk
likelihood 5 1,4 2 2
Estimation? Why?
2 How to find all the areas in the
software that operate at an elevated 1 1,3,4 3 2
privilege level.
3 List the activities of risk analysis
2 1 1 2
methodology.
4 Analyse the advantage when
conducting vulnerability assessment 5 1,4 3 2
at the architectural level.
5 How software characterization helps
5 1,2 3 2
in risk analysis? Identify.
Unit – 4 :
Q.No. Question CO PO BL Marks
Category – 1: Easy Questions
1 What are the three main categories of
2 1 4 2
race conditions? Enumerate.
2 What is a race condition bug? How it
2,4 1,2,3 4 2
can be avoided?
3 What is a buffer overflow bug? How it
2,4 1,2,3 4 2
can be avoided?
4 Categorize the problems detected by
static code analysers with at least 5 3,5 1 4 2
problems.
5 Distinguish the two classes of
3,5 1 4 2
quantitative software metrics.
Question Bank template for Admitted Batches - 2019-20, 2020-21 & 2021-22
Unit – 5 :
Q.No. Question CO PO BL Marks
Category – 1: Easy Questions
1 Organizational resilience is achieved
through the following outcome,
1 1,3 5 2
“Reduced risk of a business
interruption”. Justify.
2 Compile the five fundamental activity
1 1,3 6 2
stages of RMF.
3 Security is considered an integral part
2,3 1,3 5 2
of normal strategic. Justify.
4 Discuss the don’ts by an organization
2,3 1,3 6 2
in composing its ESSF.
5 Security is managed as an enterprise
2,3 1,3 5 2
issue. Justify.
Category – 2: Moderate Questions
1 Security is addressed as part of any
2,3 1,3 5 2
new project initiation. Justify.
2 Discuss the common pitfalls in
2 1,3 6 2
adopting an ESSF.
3 Security is treated as a business
2,3 1,3 5 2
requirement. Justify.
4 Discuss the list of goals achieved by an
organization using risk measurement 1 1,3 6 2
metrics.
5 Plan a list of activity for resisting
4,5 1,3 6 2
attack in a software.
SECTION – B
(Essay Questions for 8 Marks)
Unit – 1:
Q.No. Question CO PO BL Marks
Category – 1: Easy Questions
1 Explain the core properties of secure
4 1 1 8
software with a neat diagram
2 Write a detailed note on different types 1 8
5 1
of requirements.
3 What is an attack pattern? Compare
attack resistance, attack tolerance, 1 1,3 2 8
and attack resilience
Question Bank template for Admitted Batches - 2019-20, 2020-21 & 2021-22
Unit – 3:
Q.No. Question CO PO BL Marks
Category – 1: Easy Questions
1 Explain the 6 activities of risk
3 1,2 2 8
analysis methods
2 Explain any 5 principles of software
security. How does one compensate 3 1 2 8
the other?
3 What are the issues and challenges
faced by a software architect during
3 1,2 2 8
design phase? Explain the concerns
and its associated process.
4 What is threat analysis? How NIST
framework is used in this context? 3 1,2 2 8
Describe.
Category – 2: Moderate Questions
1 What is risk likelihood estimation and
their factors? Describe the model for
3 1,2 3 8
calculating likelihood from those
factors.
2 Bring out the differences between 5
threat sources in NIST framework for
threat identification and
3 1,2 2 8
characterization with a neat table.
Compare each source against its
motivation and threat actions.
3 What is risk impact determination?
Explain its methods. How risk
3 1,2 2 8
exposure statement can be generated?
Draw a neat table to illustrate it.
Category- 3: Standard Questions
1 How risk analysis is carried out?
Explain it with a one-page system
software architecture diagram which
3 1,2 3 8
shows major components, their
interactions, trust zones, potential
attackers and attack vectors.
2 List the 2 largest concurrency-related
vulnerabilities and explain it.
3 1,2 3 8
Construct a set of rules that can be
applied to avoid those 2 vulnerabilities
3 Compare the following. Attack
Resistance Analysis Ambiguity 3 1,2 2 8
Analysis Dependency Analysis
Unit – 4:
Unit – 5: