CYBER SECURITY

PYQ(2021)
Q(1).Diffrentiate between vulnerability,threat and attack with
the use of suitable example for each :
Here's a simplified explanation of vulnerability, threat, and attack:
1. Vulnerability:
• A vulnerability is like a weakness in a system or network.
• It's like leaving a door unlocked or using an easy-to-guess password.
• These weaknesses can be taken advantage of by bad actors to cause harm
or gain unauthorized access.
Example: Leaving your phone unattended without a lock screen is a vulnerability
because someone could easily access your personal information.
2. Threat:
• A threat is like a potential danger or risk that can harm a system or
network.
• It can come from hackers, malware, or even system failures.
Example: A threat could be a hacker attempting to steal your credit card
information by exploiting a vulnerability in an online shopping website.
3. Attack:
• An attack is the actual action taken to exploit a vulnerability or carry out a
threat.
• It's like someone breaking into a house through an open window.
Example: If a hacker successfully breaches a company's network and steals
sensitive customer data, it would be considered an attack.

Q(2).Explain with the help of example the information

gathering(social engineering,footprinting and scanning) :
The concepts of information gathering in the context of social engineering,
footprinting, and scanning with some examples:
 1) Social Engineering: Social engineering is a technique used by attackers to
manipulate individuals into sensitive information or performing actions
that can be exploited for malicious purposes.
Example : A stranger who calls you on the phone and pretends to be a bank
representative. They say your account has been compromised and that they
need your login credentials to fix the issue. You give them your password, and
they have gathered valuable information through social engineering.
2) Footprinting: Footprinting involves gathering information about a target or
their technology infrastructure to gain insights and identify potential
weakness that can be targeted.
Example : A hacker who wants to gain access to a company's network by first
researching the organization. They visit the company's website, check out
employee LinkedIn profiles, and search for online reviews. By piecing together
this information, they have gathered insights to help identify potential
weakness in the company's security.
3) Scanning: Scanning is the process of actively probing a target network or
system to identify open ports, available services or weaknesses that can be
exploited.
Example : A hacker who wants to target a particular website. They might use
a scanning tool to check if the website has any open ports. If they find an
open port, they could then proceed to exploit that weakness and gain
unauthorized access to the website's backend.
So, these are the simple examples of information gathering techniques that can
be used to gather sensitive information and exploit it for malicious purposes.

Q(3).Describe some working of the following tools with the

help of example :
a) Nmap
b) Zenmap
c) Port Scanner
d) ISM
 a) Nmap (Network Mapper): Nmap is a powerful and versatile open-source
tool used for network exploration and security auditing. It allows you to
discover hosts, services, and weakness on a network.
Example: Imagine you have a home network with multiple connected devices,
such as computers, smartphones, and smart devices. You want to identify all the
active devices on your network. You can use Nmap by running a scan with the
command, and it will send packets to each IP address in your network range. By
analyzing the responses received, Nmap will determine which devices are active
and accessible on your network.
b) Zenmap: Zenmap is a graphical user interface (GUI) version of Nmap,
making it easier to visualize the results of network scans performed using
Nmap. It provides a user-friendly interface for analyzing the data collected
by Nmap.
Example: Let's say you have used Nmap to perform a network scan and
collected the results in a text file. Now, you can use Zenmap, the graphical user
interface version of Nmap, to open the file and visualize the scan results.
Zenmap presents the information in a user-friendly format, including a network
topology map, a list of hosts discovered, their open ports, services running on
those ports, and additional details for further analysis.
c) Port Scanner: A port scanner is a tool used to identify open ports on a
target system. It scans a range of ports on a target IP address to determine
which ports are open and accessible.
Example: Imagine you want to check the security of a web server. You can use a
port scanner tool to scan the server's IP address and identify which ports are
open and accessible. For example, if the web server is running on port 80, the
port scanner will detect that port 80 is open, indicating that the web server is
active and can accept incoming connections.
d) ISM (Information Security Management):
• ISM refers to a set of processes and practices used to manage and protect
information assets within an organization.
• ISM is a framework that helps protect important data in a company by
setting up policies, training, encryption, and other safeguards
Example: Let's say you work for a small business that handles sensitive customer
data, such as personal information and credit card details. To protect this data,
you implement an ISM framework. This includes setting up security policies and
guidelines, conducting regular risk assessments, training employees on secure
data handling practices, implementing access controls and encryption, and
having an incident response plan in place in case of a data breach. The ISM
framework ensures that your organization takes a systematic approach to
manage and protect its information assets.

Q(4).Describe how a one-way hash function may be used for

message authentication:
1. A one-way hash function can be used for message authentication by
generating a unique fixed-size hash value from the original message.
2. This hash value acts as a digital fingerprint of the message.
3. It indicates that the message has not been altered during transmission,
ensuring its integrity and authenticity.
4. When the receiver receives the message, they also apply the same hash
function to the received message to generate a hash value.
5. By comparing the hash values, the receiver can authenticate the message.
If the hash values match, it provides assurance that the message was
indeed sent by the sender and has not been modified during transmission.
6. A good one-way hash function has a high collision resistance, making it
extremely unlikely for two different messages to produce the same hash
value.
7. One-way hash functions are designed to be non-invertible, meaning it is
computationally infeasible to retrieve the original message from the hash
value alone.
In summary, a one-way hash function serves as a vital component for message
authentication, ensuring the integrity, non-invertibility, collision resistance, and
authentication of the message.
Q(5).Write a short notes on :
a) Mobile and IOT security
b) Open web application security project
a) Mobile and IoT Security:
Mobile and IoT security refer to the measures taken to protect smartphones,
tablets, smartwatches, and other internet-connected devices, including those
used in the Internet of Things (IoT), from potential cyber threats and attacks.
Mobile security includes defense mechanisms that help to secure mobile
devices and protect against mobile malware, cyber attacks, and data breaches.
IoT security, on the other hand, encompasses a broader range of devices and
technologies that are connected to the internet, such as home automation
systems, smart thermostats, and wearable technology.
Overall, Mobile and IoT security are critical aspects of cybersecurity, as the
proliferation of mobile devices and IoT has opened up new attack vectors and
expanded the potential threat landscape. It is crucial to take appropriate
security measures to reduce the risks and protect these devices and
technologies from cyber attacks.
b) Open Web Application Security Project (OWASP):
• OWASP is a non-profit organization that focuses on improving the security of
software and web applications.
• It provides resources, tools, and guidelines to help developers, security
professionals, and organizations enhance the security posture of their web
applications.
• OWASP's Top Ten project lists the most critical web application security risks,
providing a prioritized guide for addressing common weakness like injection
attacks, broken authentication, cross-site scripting (XSS), and more.
• OWASP offers a wide range of open-source tools, frameworks, and libraries to
assist with various aspects of web application security, such as weakness
scanning, code analysis, and secure testing.
Q(6). “Having proper employee hiring practices, security
clearance and employee termination practices can enhance
the security of the IT infrastructure of a company and its
information."
Do you agree with this statement? Justify your answer by
explaining why the statement is correct or incorrect :
When a company wants to make sure their information and computer systems
are safe, it's important to do a few things with their employees. First, they need
to hire people who are trustworthy and good at their job. They might do
background checks and interviews to make sure they're making the right
choices. This way, they can be confident that the people they hire are reliable
and won't cause any harm.
Next, they should give special permission, called security clearance, to
employees who need to see important or secret information. This means they've
been checked and are allowed to access it. It's like having a special key to a
locked room - only certain people can get in.
Lastly, it's important to take away access from employees who leave the
company. They should no longer have the ability to use company systems or
look at the company's private information. By doing this, the company can
prevent any problems that might happen if someone with bad intentions were
to keep access.
By following these steps, a company can reduce the chances of things like
secrets getting leaked, people using information they shouldn't, or other bad
things happening. It helps everyone feel safer and more secure in the workplace.
Q(7). Shivi loves old Hindi movie songs and has a large
collection of such songs which she wants to share with anyone
who is interested. She comes up with the idea of converting
the songs into MP3 format and putting up a website where she
will list the titles of the songs. Each user can then request her
for specific song(s) which he wants. Shivi can then specifically
permit copying of that song to the user's hard disk. Shivi
approaches Shivesh who agrees to develop the software and
host the website to execute the idea. Do Shivi and Shivesh
have any legal liability if they implement this idea? Discuss. If
this not legal liability, then define the name of computer crime
happen. This crime is come under in which cyber law section?
If Shivi and Shivesh proceed with the idea of converting and sharing
copyrighted old Hindi movie songs without obtaining proper authorization, they
could face legal liability for copyright infringement. Copyright infringement
occurs when someone uses, reproduces, or distributes copyrighted material
without the permission of the copyright owner.
Under copyright law, the copyright owner has the exclusive rights to control the
reproduction, distribution, and public performance of their work. In this case,
the copyrighted songs belong to the original creators or production companies,
and Shivi and Shivesh would need permission from these rights holders to
legally share and distribute the songs.
If they don't have the necessary licenses or permissions, they could be held
legally responsible for infringing upon the copyright holder's rights. The
copyright holder might take legal action against them, seeking damages for the
unauthorized use of their copyrighted material.
To avoid legal liability, it is important for Shivi and Shivesh to obtain proper
authorization and licenses from the copyright owners before proceeding with
their idea. They should consult with legal experts to ensure that they are
complying with copyright laws and protecting themselves from any legal
consequences.
As for the computer crime you mentioned, if Shivi and Shivesh engage in
unauthorized activities like copyright unauthorized access to copyrighted
material, they could potentially be accused of committing a cybercrime. These
crimes can fall under various sections of cyber law, such as the unauthorized
access of computer systems, copyright infringement, or even digital piracy.

Q(8). You get a call from a high school student named Mohan
who claims he has just received an e-mail from another
student threatening to commit suicide. Mohan isn't sure
where the student sent the e-mail from. Write a brief report
on how you should proceed, including what you should do first
in this situation.
In a situation where a high school student like Mohan receives an email from
another student threatening to commit suicide, it is crucial to approach the
matter responsibly and take appropriate action immediately.
Here's a brief report outlining the steps to be taken:
1. Support Mohan: Firstly, it is important to provide immediate support to
Mohan, as he may be feeling distressed by the situation. Offer a listening ear
and assure him that he has done the right thing by reaching out for help.
2. Report to Authorities: Mohan should be report the incident to a trusted
adult, such as a teacher, counselor, or school administrator. They have the
experience and knowledge to handle such situations effectively and can involve
the appropriate authorities.
3. Preserve Evidence: It is crucial to preserve any evidence related to the email,
including the content, sender details, and any other relevant information. This
evidence may be useful for the investigation and potential intervention by
concerned professionals.
4. Contact Authorities: The responsible adult or Mohan should contact the local
authorities, such as the police or emergency services. Provide them with all the
available information and follow their guidance on how to proceed further.
5. Inform School Administration: The school administration should be promptly
informed about the situation. They can help coordinate efforts with the
appropriate authorities, initiate necessary protocols, and provide support to the
students involved.
6. Maintain Confidentiality: It is essential to maintain confidentiality throughout
the process. Sharing information should be limited to those directly involved in
handling the situation and ensuring the safety and well-being of the individuals
affected.
Remember, this is a serious matter, and immediate action is crucial to ensure the
safety of the student involved. It is always recommended to involve
professionals who are trained to handle these situations effectively, such as law
enforcement personnel, mental health professionals, and school authorities.
 PYQ(2022) :
Q(9). Consider a scenario where you receive the following
email from an email ID:
Dear XYZ Email user,
Beginning next week, we will be deleting all inactive email
accounts in order create space for more users, You are
required to send the following information in order to
continue using your email account. If we do not receive this
information from you by the end of the wee, your email
account will be closed
• Name (first and last)
• Email Id
• Password:
• Alternate Email:
Please contact the Webmail Team with any questions.
Thank you for your immediate attention.
What should you do? What type of cybercrime is it? List and
explain in detail with major risks associated with this scenario :
The email you received is an example of a phishing attempt, which is a type of
cybercrime. Phishing is when malicious individuals impersonate legitimate
entities to trick people into providing sensitive information. In this scenario, the
email falsely claims that inactive email accounts will be deleted and asks for
personal details such as your name, email ID, password, and alternate email.
Here's what you should do and the risks associated with this situation:
1. Identify Suspicious Elements: Notice the urgent tone and the request for
sensitive information. These are common tactics used in phishing emails to
create a sense of urgency and pressure you into responding.
2. Do NOT Respond or Provide Information: Never reply to such emails or
provide any personal information. Legitimate organizations would never ask for
passwords or sensitive details via email.
3. Verify the Source: Check the sender's email address carefully and make sure it
matches the official domain of the organization. Phishing attempts often use
deceptive addresses that resemble genuine ones.
4. Report and Delete: Flag the email as spam or phishing within your email
client. This helps protect others from falling victim to the same scam. Then
delete the email to avoid accidental interaction.
5. Raise Awareness: Inform others, such as friends, colleagues, or your
organization's IT department, about this phishing attempt to prevent them from
falling prey to such scams.
Risks Associated with This Scenario:
1. Unauthorized Access: If you provide your password, cybercriminals could gain
access to your email account. This allows them to read your emails, steal
personal data, or use your account for malicious purposes.
2. Identity Theft: By acquiring your personal information, such as your name and
email ID, cybercriminals can engage in identity theft or impersonation, deceiving
others or conducting fraudulent activities.
3. Spread of Malware: Phishing attempts often include links or attachments
that, when clicked, can download malware onto your device. This compromises
your security and privacy.
4. Financial Loss: Phishing attempts may lead to financial loss by deceiving you
into providing credit card details or banking information. This information can be
used for fraudulent transactions.
Remember, it is crucial to remain vigilant and skeptical of such emails. Always
verify the authenticity of any request for sensitive information, and never
provide personal or financial details through email unless you have confirmed
the legitimacy of the request through a secure communication channel.

Q(10).What is digital signature?How it is different from digital

certificate?Explain in detail.
Digital Signature :
• A digital signature is like a virtual version of a handwritten signature.
• It's a method to make sure electronic data hasn't been modified or tampered
with during transmission by using a cryptographic technique.
• A digital signature includes the sender's encrypted unique identifier, which is
verified with the corresponding public key to ensure authenticity, integrity
and non-repudiation of the data.
• Digital signatures are often used to sign individual files, messages or
transactions.
Digital Certificate :
• A digital certificate is an electronic document that binds a public key to a real-
life entity provides trustworthiness to the public key.
• It is issued by a trusted third-party called a Certificate Authority (CA) and
contains information about the entity, its public key and the CA's digital
signature.
• Digital certificates are used to establish secure communication channels,
authenticate websites and ensure the trustworthiness of digital transactions.
Digital signature Digital Certificate

1. A digital signature secures the 1. Digital certificate is a file that

integrity of a digital document ensures holder’s identity and
in a similar way as a fingerprint provides security.
or attachment.
 2. Its working is based on the
Digital Signature Standard
(DSS).
3. These signatures are used to
verify the validity of
documents.
4. It follows Digital Signature
Standard (DSS).
5. It utilizes the hashing function.
2. Its working is based on
encryption securities and
cryptographic keys.
3. These certificates are installed
on websites to verify the
owner's identity.
4. It follows X.509 Standard
Format.
5. It utilizes cryptographic keys.

Q(11).Define an insider attack? Explain it with an example :

Insider attack :
1. It refers to a situation where someone who has authorized access to a
company's systems or data misuses that access for harmful purposes.
2. The insider uses their authorized access to carry out actions that are not
allowed or intended, such as stealing sensitive information, causing damage
to systems, or disrupting operations.
3. Insider attacks involve deliberate actions with the intention to benefit
themselves or harm the organization, such as stealing valuable data for
personal gain or sabotage.
4. Insider attacks can result in significant damage to a company's reputation,
financial stability, and customer trust. They can also lead to legal
repercussions for both the insider and the organization.
It is important for companies to implement strong security measures,
monitoring systems, and employee awareness programs to prevent and detect
insider attacks.
For example, imagine a company where an employee named John has access to
sensitive customer information. Instead of using this access responsibly, John
decides to steal customer data and sell it to a competitor. He may do this by
secretly copying the data onto a USB drive and then sharing it outside the
company.
John's actions are considered an insider attack because he is misusing his
authorized access to harm the company. Insider attacks can have serious
consequences, including financial loss, damage to the company's reputation,
and compromise of sensitive information. That's why it's important for
organizations to have strong security measures in place to detect and prevent
such attacks.

Q(12).Explain the impact of cybercrime on cloud computing?

Cloud computing is a popular technology that allows companies to store and
access their data through the internet rather than on local servers. However, this
also makes cloud computing vulnerable to cybercrime, which can result in
various negative impacts, such as:
1. Cybercriminals may target cloud storage systems and gain unauthorized
access to sensitive information, such as financial data, personal identifiable
information, or trade secrets.
2. Cloud computing services are often used for critical business operations, such
as customer transactions, inventory management, and communication.
3. A cyber-attack in the cloud can result in legal and regulatory compliance
issues, leading to significant consequences.
4. A cyber-attack on a cloud provider can damage its reputation and cause
customers to lose confidence in its ability to provide secure services.
The impact of cybercrime on cloud computing, companies should implement
robust security measures, such as encryption, firewalls, and multi-factor
authentication, as well as frequent monitoring of cloud services.

Q(13).What is credit card fraud ? Mention the tips to prevent

credit card frauds?
• Credit card fraud refers to the unauthorized use of someone else's credit card
or card information to make fraudulent transactions or obtain goods/services
illegally.
• It is a form of identity theft and can result in financial losses and potential
damage to the victim's credit history.
Here are some tips to help prevent credit card fraud:
1. Protect your card information: Keep your credit card physically secure and
never share your card details unless you trust the recipient. Avoid writing down
your card details and keep them confidential.
2. Regularly monitor your accounts: Keep a close eye on your credit card
transactions by regularly reviewing your account statements and monitoring
online banking platforms or mobile apps. Report any suspicious or unauthorized
transactions immediately to your card issuer.
3. Enable transaction alerts: Many credit card issuers provide transaction alert
services via email or text message. Enable these alerts to receive real-time
notifications about transactions made using your card. This allows you to
identify unauthorized transactions promptly.
4. Regularly update passwords and PINs: Choose strong and unique passwords
for your online banking and credit card accounts, and update them regularly.
Additionally, avoid using easily guessable PINs, such as your birthdate or
sequential numbers.
5. Be wary of phishing attempts: Be cautious of phishing emails or messages
attempting to trick you into revealing your credit card details. Avoid clicking on
suspicious links or providing personal information through unsolicited channels.
By following these preventive measures, you can reduce the risk of falling victim
to credit card fraud and protect your financial well-being.

Q(14).Explain about Trojan Horses and Backdoors in details

with examples :
Trojan horses and backdoors are types of malicious software (malware) that
pose a serious threat to computer systems and user privacy. Here's a detailed
explanation of each:
1. Trojan Horses:
• Trojan horses are deceptive software programs that appear harmless or
useful but contain hidden malicious code that allows unauthorized access or
control over a victim's computer.
• They often as legitimate applications, tempting users to download and install
them. Once installed, they can perform various harmful activities, including
data theft, unauthorized access, system damage, and remote control by the
attacker.
Examples of Trojan horses:
a) Zeus (Zbot): This Trojan targets online banking systems and steals sensitive
financial information, such as login credentials and credit card details.
b) Emotet: Emotet is a widespread Trojan that primarily spreads through
malicious email attachments.
2. Backdoors:
• Backdoors refer to secret entry points intentionally created by attackers or
developers to bypass authentication mechanisms and gain unauthorized
access to a system or network.
• Backdoors are typically hidden weakness intentionally inserted by developers
for legitimate purposes, such as system maintenance or debugging.
• If discovered by malicious individuals, backdoors can open up a system to
unauthorized access, data theft, or further compromise.
Examples of Backdoors:
a) NetBus: NetBus is a classic example of a backdoor, used to gain remote access
to a victim's computer. It allows attackers to control various functions, such as
file operations, keystroke logging, and monitoring.
b) DarkComet: DarkComet is a remote administration tool (RAT) that can be
used as a backdoor. It enables an attacker to perform various unauthorized
actions on an infected system.
Both Trojan horses and backdoors pose significant threats to computer security
and user privacy.
Q(15).Differentiate between Worms & virus with example :
Worms
1. A Worm is a form of malware
that replicates itself and can
spread to different computers
via Network.
2. The main objective of worms is
to eat the system resources.
3. Worms can be detected and
removed by the Antivirus and
firewall.
4. It is less harmful as compared.
5. Worms can be controlled by
remote.
6. It does not need human action
to replicate.
7. Examples of worms include
Morris worm, storm worm, etc.
Virus
1. A Virus is a malicious executable
code attached to another
executable file which can be
harmless or can modify or delete
data.
2. The main objective of viruses is
to modify the information.
3. Antivirus software is used for
protection against viruses.
4. It is more harmful.
5. Viruses can’t be controlled by
remote.
6. It needs human action to
replicate.
7. Examples of viruses include
Creeper, Blaster, Slammer, etc.

Q(16).How should risk management in information security

system be improved on social media portals ?
Risk management in information security on social media portals can be
improved by following these steps:
1. Develop a comprehensive security policy: Have a clear, well-communicated
security policy that outlines the security measures that are necessary to address
the risks posed by social media portals.
2. Conduct regular security audits: Regular security audits can help identify
weakness in your system and provide a framework for addressing them
proactively.
3. Implement access controls: Implementing access controls to limit access to
sensitive data or operations to only those who need to have it can help minimize
the risk of unauthorized access.
4. Train your employees: Employees should be trained to identify and report
suspicious activities on social media platforms. They should also be alert to
phishing attacks and other cyber threats.
5. Monitor activities: Regularly monitoring social media activities can help to
detect and prevent potential security breaches. Automated monitoring software
can be used to identify and alert administrators to suspicious activity.
6. Enforce password policies: Password policies can help to ensure that user
passwords are strong and changed regularly. This can decrease the risk of
password cracking and unauthorized access.
By taking these steps, you can significantly reduce the risks associated with using
social media portals and ensure the security of your sensitive data.

Q(17).What does DOos attack ?Explain How to protect from

DOos attack ?
• A DDoS (Distributed Denial of Service) attack is when someone tries to
overwhelm a website or online service by sending a huge amount of fake
traffic to it.
• This makes the website or service unavailable to legitimate users.
• The fake traffic comes from multiple sources and is coordinated by the
attacker.
To protect against DDoS attacks, you can do a few things:
1. Use a DDoS protection service: These services can detect and block the fake
traffic before it reaches your website or service.
2. Keep your network secure: Regularly update and protect your servers and
network devices. Use firewalls and other security systems to filter out malicious
traffic.
3. Limit the traffic: Set up limits on how much traffic can come from one source.
This helps to prevent a single attacker from overwhelming your website.
4. Monitor your traffic: Use tools to keep an eye on your network traffic. Look
for any unusual spikes that might indicate a DDoS attack so you can respond
quickly.
5. Have a plan: Be prepared for a DDoS attack by having a plan in place. Know
what steps to take and how to recover to minimize the impact on your website
or service.
By following these steps, you can better protect your website or online service
from DDoS attacks and keep it running smoothly for your users.

Q(18).Discuss about the intrusion Detection and prevention

technique in detail :
Intrusion detection and prevention techniques are used to safeguard computer
networks from unauthorized access, malicious attacks, and security breaches.
These techniques are designed to detect and prevent hacking attempts,
malware, viruses, and other threats to the network.
Intrusion Detection Techniques:
1. This technique uses known patterns, also known as signatures, to recognize
threats. It checks incoming traffic against a database of known signatures to
identify and block suspicious activity.
2. Technique is designed to identify traffic that deviates from normal patterns. It
detects attacks that do not match predefined signatures or that have never
been seen before.
3. This technique uses a set of rules or conditions to identify unusual or
suspicious behavior. It looks for activity patterns that indicate an attack is
taking place and takes action to stop it.
Intrusion Prevention Techniques:
1. This technique is designed to detect and block malicious traffic before it
reaches the target network. It examines network traffic for signs of attacks
and takes action to stop them.
2. This technique creates a secure tunnel between two devices over the
Internet. It is used to securely access the network from remote locations.
3. This technique splits a network into smaller, isolated subnetworks. It limits
the potential impact of an attack on the entire network by containing it in a
smaller area.
In conclusion, intrusion detection and prevention techniques are critical to
protecting computer networks from malicious attacks. A combination of
different techniques can be used to create a layered defense that can detect and
prevent a wide range of threats.

Q(19).Discuss about SQL injection in detail :

1. SQL injection is a type of cyber attack that is used to exploit weakness in web
applications that use SQL databases.
2. It involves inserting malicious code, or SQL statements, into user input fields
of a web form.
3. SQL injection is a popular attack vector because it is relatively easy to perform
and can be very effective.
4. Attackers can use automated tools to scan for vulnerable websites and exploit
them without needing extensive technical skills.
5. To prevent SQL injection attacks, web developers need to ensure that user
input is properly validated and sanitized.
For example, if a web application has a login form that asks for a username and
password, an attacker may enter a malicious SQL statement into the username
field. This statement is designed to manipulate the database in a way that allows
the attacker to gain unauthorized access to sensitive information or modify, add,
or delete data from the database.
Overall, SQL injection attacks can pose a serious threat to the security of web
applications that use SQL databases. By implementing proper validation and
sanitization techniques, however, developers can take steps to prevent these
attacks from occurring.
Q(20).Describe Access control . Differentiate between
Discretionary Access control(DAC) and Mandotoray Access
Control(Mac) :
• Access control is a security mechanism that is used to regulate who has
access to specific resources or data within a system.
• It involves identifying users and groups, defining policies that specify what
actions they can perform, and enforcing those policies through
authentication and authorization mechanisms.
• Discretionary Access Control (DAC) and Mandatory Access Control (MAC) are
two common types of access control mechanisms used in computer security.
DAC :
• DAC is a type of access control where the owner of a resource decides who
can access it.
• In this model, the owner of the resource has complete control over who can
access it and what actions they can perform on it.
Mac :
• MAC, on the other hand, is a more strict access control mechanism where
access is determined by a set of predefined rules or policies.
• In this model, access to a resource is "mandated" by the system and not by
the individual owner of the resource.

DAC MAC

1. DAC stands for Discretionary 1. MAC stands for Mandatory Access

Access Control. Control.

2. DAC is easier to implement. 2. MAC is difficult to implement.

3. DAC is less secure to use. 3. MAC is more secure to use.

 DAC MAC

4. DAC has high flexibility with 4. MAC is not flexible as it contains

no rules and regulations. lots of strict rules and regulations.

5. DAC has complete trust in 5. MAC has trust only in

users. administrators.

6. DAC is supported by 6. MAC is not supported by

commercial DBMSs. commercial DBMSs.

7. DAC can be applied in all 7. MAC can be applied in the military,

domains. government, and intelligence.

Q(21).Write a shorts notes on :

a) CIA Triad :
b) Steganography
c) Cyber security safeguards
d) Cyber forensics
a) CIA Triad:
• The CIA Triad is a fundamental concept in information security, consisting
of three principles: Confidentiality, Integrity, and Availability.
o Confidentiality ensures that information is accessed only by authorized
individuals or systems
o Integrity ensures that information is not modified, altered, or tampered
with by unauthorized individuals or processes.
o Availability ensures that information and systems are accessible and
usable by authorized individuals or systems when needed.
b) Steganography:
• Steganography is a technique used to hide or encrypt information within
another form of data, such as an image, audio, or video file. The hidden data
is embedded in a way that it is not easily detectable by casual observers.
• The goal of steganography is to conceal the existence of the hidden data,
rather than encrypting it.
• This technique can be used to covertly transmit sensitive information or to
hide data from unauthorized individuals.
c) Cybersecurity safeguards:
• Cybersecurity safeguards refer to measures and practices implemented to
protect digital systems, networks, and information from unauthorized access,
damage, or disruption.
• The purpose of cybersecurity safeguards is to reduce the risks and threats
posed by cyberattacks, such as unauthorized access, data breaches, malware
infections, and other malicious activities.
d) Cyber forensics:
• Cyber forensics, also known as digital forensics, is the process of collecting,
analyzing, and preserving digital evidence from computer systems, networks,
and digital devices in order to investigate and prevent cybercrimes.
• The goal of cyber forensics is to gather information and evidence that can be
used to understand how a cybercrime occurred, identify the responsible
parties, and support legal actions or prevent future incidents.
 ANOTHER PYQ
Q(22).What are the challenges in cyber crime ? Discuss the
different types of cyber crime?
Cybercrime poses several challenges in today's digital world. Here are some of
the main challenges:
1. Global nature: Cybercrime knows no boundaries and can be committed from
anywhere in the world. This creates jurisdictional challenges for law
enforcement agencies, as different countries may have varying laws and
regulations regarding cybercrime.
2. Rapid evolution: Cybercriminals constantly adapt and develop new
techniques to exploit weakness in technology.
3. Lack of awareness: This lack of awareness can make them more susceptible
to falling victim to cyberattacks.
Now, let's discuss some types of cybercrime:
1. Phishing: Phishing involves tricking individuals into providing sensitive
information, such as passwords or credit card details, by posing as a trustworthy
entity via email, text messages, or fake websites.
2. Malware: Malicious software, or malware, is designed to gain unauthorized
access to computer systems and steal information or disrupt normal operations.
Examples include viruses, ransomware, and spyware.
3. Identity theft: Cybercriminals steal personal information, such as social
security numbers or credit card details, to impersonate someone else for
financial gain or to commit fraudulent activities.
4. Online scams: Online scams involve tricking individuals into providing money
or valuable information under false pretenses. Common scams include lottery
scams, romance scams, and investment scams.
5. Hacking: Hacking involves gaining unauthorized access to computer systems
or networks to steal or manipulate data, disrupt services, or carry out malicious
activities.
These are just a few examples of the types of cybercrime that exist. It's
important to stay vigilant and practice good cybersecurity habits to protect
yourself and your digital assets.

Q(23).Explain the terms : cyber extortion and cyber terrorism

in detail :
1. Cyber Extortion:
1. Cyber extortion refers to the act of using electronic communication, such as
emails or online messages, to threaten or blackmail individuals, organizations,
or even governments.
2. It involves demanding money, sensitive information, or other forms of
compensation in exchange for not carrying out a malicious act.
3. Cyber extortionists often use advanced tactics to remain anonymous, making
it difficult for law enforcement agencies to track and catch them.
2. Cyber Terrorism:
1. Cyber terrorism involves the use of technology to carry out acts of terror that
can cause significant harm to individuals, organizations, or governments.
2. It typically involves targeting critical infrastructures such as power grids,
financial systems, transportation networks, or government databases with
the intention of causing disruption, chaos, or fear.
3. Cyber terrorists may engage in activities like hacking into systems, launching
DDoS (Distributed Denial of Service) attacks, or spreading propaganda
through social media platforms.
Both cyber extortion and cyber terrorism are serious threats in the digital age. It
is essential to have robust cybersecurity measures in place to protect against
such activities and to collaborate with law enforcement agencies to prevent and
respond to cyber threats effectively.

Q(24).What are the information assurance core principle ?

Explain various aspects of information assurance :
Assurance refers to the measures and practices taken to ensure the
confidentiality, integrity, and availability of information.
The core principles of information assurance are:
1. Confidentiality: This principle involves controlling who has access to data,
implementing encryption techniques, and implementing strong authentication
measures to ensure that only authorized individuals can access confidential
information.
2. Integrity: This principle involves preventing unauthorized modifications or
alterations to data, ensuring that information is stored and transmitted securely,
and implementing techniques such as data validation and checksums to detect
and prevent data tampering.
3. Availability: Availability involves implementing measures to prevent service
disruptions, deploying redundant systems and backups to reduce the impact of
hardware or software failures, and establishing disaster recovery plans to
minimize downtime in the event of an incident.
Other aspects of information assurance include:
1. Risk Assessment: It involves identifying potential weakness and threats to
information systems, evaluating their potential impacts, and implementing
appropriate controls to reduce risks.
2. Security Awareness: This aspect focuses on educating and training users
about information security best practices, including the importance of strong
passwords, safe browsing habits, and recognizing and reporting potential
security threats such as phishing emails.
4. Compliance: Compliance involves ensuring that systems and processes meet
legal requirements, industry guidelines, and organizational policies.
By implementing these core principles and addressing various aspects of
information assurance, organizations can safeguard their information assets,
protect against potential threats, and ensure the trust and confidence of their
stakeholders.
Q(25).What are the challenges in digital forensics ? Explain
digital forensics life cycle :
The field of digital forensics involves the investigation and analysis of digital
evidence to uncover and interpret information for legal or investigative
purposes. While it is a valuable tool in fighting cybercrime.
There are a few challenges that digital forensics professionals face:
1. Digital Complexity: use of digital devices and technologies, the volume and
complexity of digital evidence have increased exponentially. Analyzing large
amounts of data from different sources can be time-consuming and challenging.
2. Rapid Technological Advancements: The constant evolution of technology
presents challenges to digital forensics professionals. New devices, encryption
techniques, and online platforms require continuous learning and staying up-to-
date with new forensic tools and techniques.
3. Anti-Forensic Techniques: These anti-forensic techniques can range from
deleting files, using steganography techniques to hide data, or employing
advanced data wiping tools.
The digital forensics life cycle consists of several stages, including:
1. Identification: This stage involves recognizing and documenting potential
sources of digital evidence, such as computers, mobile devices, or cloud storage.
2. Preservation: This stage involve creating forensic images or making a bit-by-
bit copy of the device.
3. Analysis: In this stage, digital forensics experts examine the collected
evidence using specialized tools and techniques.
4. Interpretation: After the analysis, the extracted information is interpreted to
reconstruct the sequence of events, identify potential suspects, and determine if
any digital evidence is relevant to the case.
5. Reporting: The findings and conclusions of the investigation are documented
in a comprehensive report.
The digital forensics life cycle helps ensure a systematic and thorough approach
to investigating digital evidence, allowing for the accurate and reliable extraction
of information for legal or investigative purposes.

Q(26).Why do we need cyber laws ? Explain in detail cyber law

in india.what are their strength and limitations ?
Cyber laws :
• Cyber laws are needed to regulate and govern the use of technology, devices,
and networks to ensure legal and ethical use of digital resources.
• Cyber laws help to prevent cyber attacks, hacking, online fraud, cyberbullying,
cyber terrorism, and other cyber crimes.
In India, cyber laws are regulated by the Information Technology Act, 2000 (IT
Act), which was amended in 2008. The Act defines cyber crimes and their
penalties and provides legal sanctions against computer-related offenses like
hacking, phishing, data theft, and cyber stalking among others.
The strength of cyber laws in India,
1. Cyber laws give legal validity to electronic transactions, contracts, and digital
signatures, ensuring their enforceability in courts.
2. Cyber laws safeguard the privacy and confidentiality of personal data by
regulating its collection, storage, and disclosure.
3. Cyber laws establish procedures for the collection, preservation, and
presentation of electronic evidence in court, enabling effective investigation
and prosecution of cybercrimes.
cyber laws in India have some limitations:
1. Many people are still not fully aware of cyber laws and their implications,
leading to potential vulnerabilities and a lack of reporting of cybercrimes.
2. Cyber laws need to keep pace with the fast-changing landscape of technology
to effectively address emerging cyber threats and challenges.
3. Cyber laws can be complex and technical, making it difficult for the general
public to understand and navigate the legal framework.
Cyber laws in India are helpful in reducing cyber crimes, but they have
limitations and areas of improvement for a more effective approach to tackling
cyber crime.

Q(27).Explain the types of cyber attacks and their motives ?

There are several types of cyber attacks, each with its own motive and way of
functioning.
Here are some of the most common types of cyber attacks and their motives
explained in simple language:
1. Malware attacks:
• Malware is a type of software that, when installed on a computer or network,
can harm, damage or steal data. Hackers use it to gain unauthorized access to
systems for their personal gain or to launch further attacks.
2. Phishing attacks:
• Phishing is a common form of social engineering attack, where scammers
obtain sensitive information like username,passwords or financial details by
posing as trust worthy entities through use emails, messages,website or
phone calls.
3. Ransomware attacks:
• Ransomware is a type of malware that holding files hostage until a ransom is
paid to unlock them.The purpose of a ransomware attack is to extort money
from the victim.
4. Distributed Denial of Service (DDoS) attacks:
• DDoS attacks refers to a type of cyber attack where a malicious actor or group
attempts to make a computer system or network unavailable to its intended
users.
5. Insider attacks:
• Insider attacks are launched by an organization's own employees or
contractors who have access to sensitive information or systems. These
attacks can be motivated by financial gain, revenge, or accidental release of
confidential information.
The motives behind cyber attacks can vary from financial gain to political
purposes to personal vendettas. It is essential to understand different types of
cyber attacks and their motives to adopt appropriate cybersecurity measures to
safeguard systems and data.

Q(28).List the reasons,”why cyber security is important “ ?

Cybersecurity is important for many reasons, as it helps protect our digital world
and keeps our personal and sensitive information safe.
Here are some simple reasons why cybersecurity is important:
1. Cybersecurity ensures that our personal data, such as bank account details,
social media accounts, and online identities, remains private and secure..
2. Cybersecurity protects us from scams, phishing attacks, and credit card fraud
attempts, ensuring our hard-earned money remains safe.
3. Cybersecurity is crucial for businesses, as it protects sensitive business data,
trade secrets, and customer information.
4. Cybersecurity is vital for maintaining national security, as cyber attacks can
target critical infrastructure, government systems, and defense networks.
5. Cybersecurity enables us to enjoy the benefits of technology while minimizing
the risks.
6. Cybersecurity builds trust in digital technologies and encourages their
adoption.
Cybersecurity is not just the responsibility of individuals but also of
governments, organizations, and service providers. By collectively prioritizing
cybersecurity, we can create a safer and more secure digital landscape for
everyone.

Q(29).What is Malicious Software ? Explain The types of

Malicious Software in detail :
• Malicious software, also known as malware, refers to harmful software
designed to disrupt, damage, or gain unauthorized access to computer
systems and networks.
• Malware can cause various problems, ranging from data theft and financial
loss to system crashes and privacy breaches.
Here are different types of malware in simple language:
Types of Malware:
1. Viruses: Self-replicating programs that attach themselves to legitimate
programs or files. Viruses spread by infecting other files and can cause various
harmful effects, such as data corruption or system crashes.
2. Worms: Self-contained programs that can replicate and spread across
networks without user interaction. Worms exploit vulnerability or security
loopholes to propagate and can consume network bandwidth or carry out
malicious activities.
3. Trojans: Disguised as legitimate software, Trojans deceive users into executing
them. Once executed, these programs can perform unauthorized actions like
data theft, remote control, or installation of additional malware.
4. Ransomware: This type of malware encrypts users' files or locks their
systems, demanding a ransom to restore access. Ransomware is highly
disruptive and can cause significant financial and operational damage.
It is crucial to have robust security measures like antivirus software, regular
system updates, and user awareness to reduce the risks posed by malware and
prevent infections.

Q(30).How do you Perform a risk analysis ?Explain the process

of risk analysis on details :
• Performing a risk analysis is an important process for identifying and
assessing potential risks to a system, organization, or project.
• It helps in understanding the potential impact and likelihood of risks so that
appropriate measures can be taken to reduce or manage them.
Here is a simplified explanation of the risk analysis process:
1. Identify Assets and Risks: Begin by identifying the assets, such as information,
systems, or processes, that need to be protected. Then, identify potential risks
that could pose a threat to these assets.
2. Risk Evaluation: This evaluation helps in understanding which risks need
immediate attention and which can be addressed later.
3. Identify Controls: This can include physical security measures, backup
systems, access controls, disaster recovery plans, or cybersecurity measures.
Assess the effectiveness of these controls in mitigating the identified risks.
4. Develop Risk Mitigation Strategies: Based on the evaluation of risks and the
effectiveness of existing controls, develop appropriate risk mitigation strategies.
This could involve implementing additional security measures, training
employees on security protocols, creating redundancy in systems, or updating
policies and procedures. The aim is to minimize the impact or likelihood of the
risks.
5. Implement and Monitor: Implement the identified risk mitigation strategies
and monitor their effectiveness. Regularly review and reassess the risks to
ensure that the mitigation strategies remain effective and address any new or
changing threats.
By following this risk analysis process, organizations can identify and address
potential risks, strengthening their resilience and reducing the likelihood of
negative impacts on their.

Q(31).How DOS and DOOS Attacks are different from each

other ?
In simple language, DOS (Denial of Service) and DOOS (Distributed Denial of
Service) attacks are both types of cyber attacks that aim to disrupt or render a
computer system or network unavailable.
1. DOS Attack:
• A DOS attack typically involves a single source or a relatively small group of
attackers targeting a computer system or network.
• The attacker overwhelms the targeted system with an overwhelming amount
of traffic, requests, or data, causing it to become overloaded and unable to
respond to legitimate user requests. This makes the system slow down or
crash, denying access to legitimate users.
 2. DOOS Attack (Distributed Denial of Service):
• A DDoS (Distributed Denial of Service) attack is when someone tries to
overwhelm a website or online service by sending a huge amount of fake
traffic to it.
• This makes the website or service unavailable to legitimate users.
• The fake traffic comes from multiple sources and is coordinated by the
attacker.
Overall, a DOS attack is carried out by a single source or a small group of
attackers, while a DOOS attack is executed using a network of compromised
devices spread across various locations.DOOS attacks are typically more difficult
to reduce due to their distributed nature, making them more effective at
overwhelming targeted systems or networks.

Q(32).What steps will you take to secure a server ?

Securing a server is crucial to protect it from unauthorized access, data
breaches, and other potential threats.
Here are some steps you can take to secure a server:
1. Ensure that you use strong, unique passwords for all user accounts on the
server. A strong password consists of a combination of uppercase and
lowercase letters, numbers, and special characters.
2. Keep the server's operating system, software, and applications up to date
with the latest security patches.
3. Install and configure a firewall to monitor and control incoming and outgoing
network traffic.
4. Enable multi-factor authentication (MFA) to add an extra layer of security for
user logins.
5. Encrypt sensitive data and communications to protect them from
unauthorized access.
6. Take regular backups of server data to recover in case of any unforeseen
events.
7. Install intrusion detection and prevention systems (IDPS) to monitor and
detect any suspicious activity on the server.
By following these steps, you can enhance the security of your server and
reduce the risk of unauthorized access or data breaches.

Q(33).What do you mean by intellectual property ?

1. Intellectual property refers to the legal rights that individuals or organizations
have over creations or inventions of their minds.
2. intellectual property protects the original ideas and creations that people
come up with.
3. intellectual property is considered that the creators have exclusive rights to
use, reproduce, distribute, or profit from their intellectual property.
4. It allows to control and receive recognition or financial benefits from their
creative works or inventions.
5. Intellectual property rights are crucial for encouraging innovation, creativity,
and economic growth.
6. Intellectual property provide incentives for individuals or organizations to
invest time, effort, and resources into developing new ideas, products, or
technologies.
7. Examples of intellectual property rights include patents for inventions,
copyrights for literary or artistic works, trademarks for brand names or logos,
and trade secrets for confidential business information.

Q(34).Explain briefly about Application development security

with guidelines ?
• Application development security refers to the practices and measures taken
to ensure the security of software applications during their development and
deployment.
• It involves identifying and addressing weakness, protecting sensitive data,
and preventing unauthorized access or attacks.
Here are some guidelines for application development security:
1. Developers should follow secure coding guidelines to write robust and secure
code.
2. Implement proper user authentication mechanisms, such as strong
passwords and multi-factor authentication, to verify the identity of users.
3. Use encryption techniques to protect sensitive data both at rest and in
transit.
4. Implement proper error handling mechanisms to prevent the disclosure of
sensitive information in error messages.
5. Keep the application and its underlying software components up to date with
the latest security patches. This helps in addressing known weakness and
reducing the risk of attacks.
6. Ensure that network communications between the application and external
systems are secure. This involves using secure protocols like HTTPS and
implementing proper validation and verification mechanisms.
7. Validate and sanitize all user input to prevent common security weakness like
SQL injection and cross-site scripting attacks. This helps in preventing
malicious code or data from being executed or affecting the application.
By following these guidelines, developers can enhance the security of their
applications, protect user data, and reduce the risk of security breaches or
unauthorized access.

Q(35).What do you understand by security structure and

design ?
1. Security structure and design refers to the systematic approach of
incorporating security measures and considerations into the overall design
and architecture of a system or infrastructure.
2. security structure and design involves planning and building a secure
foundation for a system or network.
3. security structure and design Identifying potential threats and risks that the
system may face in order to understand the security requirements.
4. security structure and design provide guidelines for secure practices and
behavior.
5. Implementing this mechanisms to control access to system resources,
ensuring that only authorized individuals or entities can access sensitive
information or perform certain actions.
6. security structure and design helps in ensuring that individuals are aware of
their role in maintaining security and are equipped to handle potential
threats.
7. It helps in reducing the potential for security breaches, unauthorized access,
and data loss or compromise.
8. Security structure and design is an essential aspect of developing and
maintaining secure systems and networks in today's interconnected digital
landscape.

Q(36).Explain the Firewall,its type and its work :

1. A firewall is a security device or software that acts as a barrier between a
computer network and the outside world (such as the internet).
2. Its main purpose is to monitor and control incoming and outgoing network
traffic based on predetermined security rules.
3. firewall helps to protect your computer or network from malicious activities
like hacking attempts, malware, and unauthorized access.
4. It also helps in preventing the spread of threats within your network.
There are different types of firewalls, but let's focus on two common ones:
1. Network firewall:
1. This type of firewall is typically placed at the boundary between an internal
network (like a company's network) and the internet.
2. It examines incoming and outgoing network packets to determine whether to
allow or block them based on predefined rules.
3. It can be either hardware or software-based.
2. Host-based firewall:
1. This type of firewall is installed on individual computers or servers and
provides protection at the specific device level.
2. It monitors network traffic on the host and applies rules to allow or block
connections based on the configured settings.
3. It provides an added layer of security for the specific device.
Now, let's understand how a firewall works:
• A firewall inspects individual network packets by examining their source and
destination addresses, ports, and protocols. For example, it may block
incoming requests from unknown or suspicious sources.
• The firewall keeps track of the state of network connections to ensure that
incoming packets belong to an established connection. It helps prevent
unauthorized access by checking the continuity and legitimacy of network
traffic.
• Advanced firewalls can analyze the content of network packets at the
application layer. They can identify specific applications or protocols and
apply additional security checks.
• Firewalls can also enable secure remote access using VPNs. They can establish
encrypted connections between remote users and the internal network,
ensuring that data transmitted between them is secure.
Overall, firewalls play a crucial role in protecting networks and systems by
controlling and filtering network traffic. They act as a gatekeeper, allowing
authorized traffic and blocking potentially harmful or unauthorized traffic. By
implementing firewalls, organizations can enhance their network security and
reduce the risk of unauthorized access or malicious activities.