Scribd
Upload
44 views4 pages

Final Exam: Application Security MSc

This document contains instructions for a final exam for an Executive MSc in Information Security program. The exam covers application security topics and consists of 5 questions, with students required to answer 4 out of the 5 questions. Each question is worth 25 marks and students have 150 minutes to complete the exam. Electronic devices are prohibited and academic integrity policies regarding plagiarism are in effect.

Uploaded by

Sampath Ekanayake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
44 views4 pages

Final Exam: Application Security MSc

This document contains instructions for a final exam for an Executive MSc in Information Security program. The exam covers application security topics and consists of 5 questions, with students required to answer 4 out of the 5 questions. Each question is worth 25 marks and students have 150 minutes to complete the exam. Electronic devices are prohibited and academic integrity policies regarding plagiarism are in effect.

Uploaded by

Sampath Ekanayake
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Executive MSc in Information Security

Application Security

FINAL EXAM

Date :
Time : 09.00 am to 11.30 am (150 minutes)
__________________________________________________________

INSTRUCTIONS TO CANDIDATES:

1. You have to answer FOUR (4) out of FIVE (5) Questions.


2. Each question will carry a maximum of 25 marks for the answer.
3. Since this is an open book exam, you can use printed and written materials.
4. Any form of electronic devices is not allowed inside the exam hall. You are
expected to leave the devices outside the exam hall.
5. Candidates are not permitted to take any question paper or answer script
from the examination hall.
6. Cases of Plagiarism will be penalized.
[Q-01]
1. State the advantages and disadvantages of compiling intermediate code
over native code.
[2 Marks]

2. What is REST? Define.


[3 Marks]

3. List Two (2) advantages and disadvantages of Scrum and Waterfall


software development methodology.
[4 Marks]

4. Describe how you can apply threat modelling for a mobile application.
[6 Marks]

5. As an application security specialist, what are the best practices that you
will recommend to your organization’s application secure development
lifecycles. Describe any Five with justifications.
[10 Marks]

[Q-02]
1. What is CSRF? Define and briefly explain how it works.
[4 Marks]

2. List Three different types of XSS attacks and briefly describe how a
developer can protect your website from them.
[4 Marks]

3. Briefly describe ‘cookies’ and their features.


[5 Marks]

4. You have noticed that most of the staff of your organization use web
banking applications through their mobiles and computers. As an
information security specialist, what are your key advices to them. Justify
your recommendations.
[4 Marks]

5. Explain precautionary measures appropriate to avoid SQL injections


[8 Marks]
[Q-03]
1. State the difference between JSP and Servlet
[2 marks]

2. List Four (4) different HTTP request methods


[4 marks]

3. List Three (3) Java Programming Language Platforms and briefly describe
[3 marks]

4. Briefly describe different types of Enterprise Java Beans (EJB)


[6 Marks]

5. Explain J2EE architecture along with security features


[10 Marks]

[Q-04]
1. What is managed and unmanaged code in .NET? Define
[2 marks]

2. What are the security features of CLR in .NET?


[4 marks]

3. How will you achieve application level security in .NET. Briefly explain.
[4 Marks]

4. Compare the difference between .NET and Java security


[6 Marks]

5. Describe how data integrity can be achieved by digital certificate. Illustrate


your answer with a diagram
[9 Marks]
[Q-05]
1. What is application whitelisting? Define.
[2 marks]

2. Briefly explain the reasons for the hopping ports of applications


[3 Marks]

3. Briefly describe how profiles and templates are used to control application
behavior.
[4 Marks]

4. Explain different ways to control behavior of the application running on


computer.
[8 marks]

5. How the application network communication can be controlled? Explain.


[8 marks]

You might also like