Cyber Security
Cyber Security
PYQ(2021)
Q(1).Diffrentiate between vulnerability,threat and attack with
the use of suitable example for each :
Here's a simplified explanation of vulnerability, threat, and attack:
1. Vulnerability:
• A vulnerability is like a weakness in a system or network.
• It's like leaving a door unlocked or using an easy-to-guess password.
• These weaknesses can be taken advantage of by bad actors to cause harm
or gain unauthorized access.
Example: Leaving your phone unattended without a lock screen is a vulnerability
because someone could easily access your personal information.
2. Threat:
• A threat is like a potential danger or risk that can harm a system or
network.
• It can come from hackers, malware, or even system failures.
Example: A threat could be a hacker attempting to steal your credit card
information by exploiting a vulnerability in an online shopping website.
3. Attack:
• An attack is the actual action taken to exploit a vulnerability or carry out a
threat.
• It's like someone breaking into a house through an open window.
Example: If a hacker successfully breaches a company's network and steals
sensitive customer data, it would be considered an attack.
Q(8). You get a call from a high school student named Mohan
who claims he has just received an e-mail from another
student threatening to commit suicide. Mohan isn't sure
where the student sent the e-mail from. Write a brief report
on how you should proceed, including what you should do first
in this situation.
In a situation where a high school student like Mohan receives an email from
another student threatening to commit suicide, it is crucial to approach the
matter responsibly and take appropriate action immediately.
Here's a brief report outlining the steps to be taken:
1. Support Mohan: Firstly, it is important to provide immediate support to
Mohan, as he may be feeling distressed by the situation. Offer a listening ear
and assure him that he has done the right thing by reaching out for help.
2. Report to Authorities: Mohan should be report the incident to a trusted
adult, such as a teacher, counselor, or school administrator. They have the
experience and knowledge to handle such situations effectively and can involve
the appropriate authorities.
3. Preserve Evidence: It is crucial to preserve any evidence related to the email,
including the content, sender details, and any other relevant information. This
evidence may be useful for the investigation and potential intervention by
concerned professionals.
4. Contact Authorities: The responsible adult or Mohan should contact the local
authorities, such as the police or emergency services. Provide them with all the
available information and follow their guidance on how to proceed further.
5. Inform School Administration: The school administration should be promptly
informed about the situation. They can help coordinate efforts with the
appropriate authorities, initiate necessary protocols, and provide support to the
students involved.
6. Maintain Confidentiality: It is essential to maintain confidentiality throughout
the process. Sharing information should be limited to those directly involved in
handling the situation and ensuring the safety and well-being of the individuals
affected.
Remember, this is a serious matter, and immediate action is crucial to ensure the
safety of the student involved. It is always recommended to involve
professionals who are trained to handle these situations effectively, such as law
enforcement personnel, mental health professionals, and school authorities.
PYQ(2022) :
Q(9). Consider a scenario where you receive the following
email from an email ID:
Dear XYZ Email user,
Beginning next week, we will be deleting all inactive email
accounts in order create space for more users, You are
required to send the following information in order to
continue using your email account. If we do not receive this
information from you by the end of the wee, your email
account will be closed
• Name (first and last)
• Email Id
• Password:
• Alternate Email:
Please contact the Webmail Team with any questions.
Thank you for your immediate attention.
What should you do? What type of cybercrime is it? List and
explain in detail with major risks associated with this scenario :
The email you received is an example of a phishing attempt, which is a type of
cybercrime. Phishing is when malicious individuals impersonate legitimate
entities to trick people into providing sensitive information. In this scenario, the
email falsely claims that inactive email accounts will be deleted and asks for
personal details such as your name, email ID, password, and alternate email.
Here's what you should do and the risks associated with this situation:
1. Identify Suspicious Elements: Notice the urgent tone and the request for
sensitive information. These are common tactics used in phishing emails to
create a sense of urgency and pressure you into responding.
2. Do NOT Respond or Provide Information: Never reply to such emails or
provide any personal information. Legitimate organizations would never ask for
passwords or sensitive details via email.
3. Verify the Source: Check the sender's email address carefully and make sure it
matches the official domain of the organization. Phishing attempts often use
deceptive addresses that resemble genuine ones.
4. Report and Delete: Flag the email as spam or phishing within your email
client. This helps protect others from falling victim to the same scam. Then
delete the email to avoid accidental interaction.
5. Raise Awareness: Inform others, such as friends, colleagues, or your
organization's IT department, about this phishing attempt to prevent them from
falling prey to such scams.
Risks Associated with This Scenario:
1. Unauthorized Access: If you provide your password, cybercriminals could gain
access to your email account. This allows them to read your emails, steal
personal data, or use your account for malicious purposes.
2. Identity Theft: By acquiring your personal information, such as your name and
email ID, cybercriminals can engage in identity theft or impersonation, deceiving
others or conducting fraudulent activities.
3. Spread of Malware: Phishing attempts often include links or attachments
that, when clicked, can download malware onto your device. This compromises
your security and privacy.
4. Financial Loss: Phishing attempts may lead to financial loss by deceiving you
into providing credit card details or banking information. This information can be
used for fraudulent transactions.
Remember, it is crucial to remain vigilant and skeptical of such emails. Always
verify the authenticity of any request for sensitive information, and never
provide personal or financial details through email unless you have confirmed
the legitimacy of the request through a secure communication channel.
DAC MAC