1. Define cybercrime and explain its relationship with information security.

Ans: Computer and internet crime can be defined as a criminal act that is carried out with the
use of a computer system or an internet connection. These can be either aimed at computer

networks and devices or can incorporate these networks into other unlawful deeds.

Cybercrime encompasses a number of actions such as the unauthorized access to or control

over computer systems or the unauthorized acquisition of money or information.

2. Describe the difference between active and passive cyber attacks.

Ans: Passive Attack: In this type of attack, hackers collect information without directly interacting
with the target. They might listen to data being transmitted or observe network traffic without
alerting the system.

Active Attack: This involves direct interaction with the target to cause harm or gain unauthorized
access. It's like a thief actively breaking into a house rather than just watching it.

3. What is social engineering in cybercrime?

Ans:Social Engineering: This involves tricking people into giving away sensitive access. It's like a
scammer pretending to be someone trustworthy to get a person to reveal their password.

4. Explain the concept of salami attacks.

Ans: A Salami Attack, also known as a Salami Slicing Attack, is a fraudulent method where a
cybercriminal commits a series of minor, inconspicuous actions or thefts that, when combined,
can lead to significant harm or a considerable compromise of data, resources, or assets.

5. Define cyberstalking and its types.

Ans:Cyberstalking is a crime committed when someone uses the internet and other technologies
to harass or stalk another person online.It includes1)sending unwanted messages,2)hacking
accounts,3)spreading lies online.The goal is often to scare or distress the victim. Cyberstalkers
often use social media,email, or other online platforms. Cyberstalking involves using digital
platforms to intimidate or control someone by continuously monitoring or harassing them
online, they can track the victim’s online activity.

Types of Cyberstalking:1.Email stalking:This type of stalking involves the sender sending hateful,
shocking, or threatening emails to the recipient. Sometimes the attacker may also include viruses
and spam in the email.

2.Internet stalking: This type of stalking occurs when an individual spreads rumors or tracks
victims on the internet. The goal of spreading rumors is to slander the victim.

3.Computer stalking: This type of stalking occurs when an individual hacks into a victim’s
computer and takes control of it. This requires advanced computer skills however, one can find
guidelines on the web.

7. What is phishing, and how does it work?

Ans:Mobile devices can be targeted by phishing scams, tricking users into revealing sensitive

information.
8.What is Cyber Security?& How we use this in real world?

Ans: Cybersecurity refers to the practice of defending computers, servers, networks, and data
from malicious attacks, damage, or unauthorized access. It encompasses a wide range of
measures and practices designed to protect digital assets and ensure that information systems
remain functional and secure. Cybersecurity refers to the practice of defending computers,
servers, networks, and data from malicious attacks, damage, or unauthorized access. It
encompasses a wide range of measures and practices designed to protect digital assets and
ensure that information systems remain functional and secure.

10.What is digital Forensics?

Ans: Cyber forensics is the science of collecting, analyzing, and preserving digital evidence from
computers, smartphones, and other electronic devices. It helps investigate cybercrimes, such as
hacking or online fraud, by finding and interpreting data related to the crime.

11.What is the impact of Cyber Crime?

Ans:Cybercrimes can have severe impacts, including: Financial Losses: The fraud and theft can
cause great losses not only for the given organizations but for individuals also.Reputation
Damage: Some people may realize that reputation becomes an issue they may lose depending on
the legal outcomes resulting from lawsuits. Operational Disruption: As will be highlighted later
such an occurrence leads to a shutdown and consequently a loss of productivity. Consequences:
In the cases where clients have been involved in some legal cases or even regulatory fines, they
may have to go through another phase of legal he said that clients have to spend considerable
amount of money on protecting their data.
1. Discuss the classifications of cybercrimes and provide examples.

Ans:1. Fraud: Fraud in the cyber context involves deceptive practices aimed at gaining financial
or personal benefits by misleading or deceiving individuals or organizations. The perpetrators use
various methods to trick victims into giving up money or sensitive information.Examples:Phishing
Scams: Cybercriminals send fraudulent emails or messages that appear to be from legitimate
sources, such as banks or service providers, to trick individuals into personal information like
passwords, Social Security numbers, or credit card details. These scams often use fake websites
that look similar to legitimate ones.

2. Theft:Definition: Theft in cybercrime refers to the unauthorized acquisition of information or

digital assets. This can involve accessing, copying, or removing sensitive data or intellectual
property without permission.
3. Vandalism:Definition: Vandalism in the cyber world involves the intentional destruction,
defacement, or disruption of digital assets and systems. The goal is to cause damage or
disrupt services rather than to gain financial or personal benefit. Defacing Websites:
Cybercriminals alter the appearance or content of websites to display messages or images,
often as a form of protest or to embarrass the organization.

4. What is the role of botnets in cybercrime?

Ans:Botnets are a significant threat in cybersecurity, serving as a powerful tool for

cybercriminals.A botnet is a network of infected computers or devicesn controlled by a hacker,
known as a "botmaster."These infected devices, called "bots" or "zombies," can be anything from
computers to smartphones or even Internet of Things (IoT) devices like smart TVs or security
cameras.Once a device is part of a botnet, it can be used to carry out various cybercrimes
without the owner's knowledge.

How Botnets Work:Infection: The botmaster infects computers through various means, such as
phishing emails, malicious downloads, or exploiting vulnerabilities in software. Once infected,
the computer becomes part of the botnet.

Command and Control (C2): The botmaster uses a Command and Control server to send
instructions to the infected machines. These instructions could involve carrying out attacks,
stealing data, or spreading the malware further.

Execution of Malicious Activities: The infected computers execute the commands, performing
tasks that can range from sending spam emails to launching distributed denial-of-service (DDoS)
attacks.

4. Explain the security challenges posed by mobile devices.

Ans:1. Data Breaches: Mobile devices can store sensitive information, which can be accessed by
hackers if the device is lost, stolen, or infected with malware.

2. Malware and Viruses: Mobile devices can be vulnerable to malware and viruses, which can
steal data or damage the device.

3.Unsecured Networks: Using public Wi-Fi networks can expose mobile devices to hacking and
data interception.
4. Lost or Stolen Devices: Losing a mobile device can lead to unauthorized access to sensitive
information.

5. Outdated Software: Failing to update mobile device software can leave devices vulnerable to
known security risks.

6. Phishing Attacks: Mobile devices can be targeted by phishing scams, tricking users revealing
sensitive information.

7. Insider Threats: Authorized users can intentionally or unintentionally compromise mobile

device security.

8. Lack of Encryption: Failing to encrypt data on mobile devices can make it easily accessible to
hackers.

9. App Security Risks: Downloading unauthorized or malicious apps can compromise mobile
device security.

5. Describe the key differences between virus, worms, and Trojan horses.

Ans:1)Virus:

 Viruses can be spread from one computer to another inside files.

 For the virus to be activated, someone has to trigger it with an external action.

 For example, a virus can be embedded inside a spreadsheet.

 If you download the spreadsheet, your computer will not necessarily be infected.

 The virus gets activated once you open the spreadsheet.

2)Worm:

 With a worm, there is no need for the victim to open up any files or even click on anything.

 The worm can both run and spread itself to other computers.

 Because a worm has the ability to automatically propagate itself, you can get a worm in your
computer just because it is on the same network as another infected device.

3)Trojan Horses:

 "what is Trojan" is it is a type of malware that typically gets hidden as an attachment in an

email or a free-to-download file, then transfers onto the user’s device.

 Once downloaded, the malicious code will execute the task the attacker designed it for, such
as gain backdoor access to corporate systems, spy on users’ online activity, or steal sensitive
data.
6. What is SQL injection, and how does it work?

Ans: SQL Injection is a type of cyber attack where an attacker uses malicious SQL code to
manipulate a database.

Here’s a simple breakdown:

 Input Fields: The attacker finds an input field in a web application, like a login form or search
bar.

 Injecting Code: Instead of entering normal data, the attacker inputs SQL commands. For
example, they might enter something like '; DROP TABLE users; --. This code can tell the
database to delete a table.
 Executing Malicious Commands: If the web application doesn’t properly check or sanitize
the input, the database executes the attacker's code as if it were a legitimate command.
 Consequences: This can lead to unauthorized access, data theft, data loss, or even
complete control over the database.

8. Explain the importance of digital signatures in cybersecurity.

 Ans: A digital signature is a way to verify that a message or document is from a specific
person and hasn’t been changed.

 It works like a handwritten signature but is used for electronic documents.

 When someone signs a document digitally, a unique code is created using the signer’s private
key (a secret code).

 This code is linked to the document, making it secure.

Role of Digital Signatures in the Indian IT Act

1. Legal Recognition: The IT Act recognizes digital signatures as valid and legal, just like
traditional handwritten signatures. This means you can use them in contracts and official
documents.

2. Security: Digital signatures help ensure that the information in a document is secure and has
not been altered. This is important for maintaining trust in online transactions.

3. Authentication: They confirm the identity of the person signing the document. This prevents
impersonation and fraud, making online dealings safer.
4.Discuss the challenges in computer forensics and digital evidence collection.

Ans:Encryption: Many devices and files are encrypted, making it hard to access data.

Volume of Data: There can be a huge amount of data to sift through, making analysis time-
consuming. Rapid Technology Changes: New technologies and software can make old methods
outdated quickly.

Legal Issues: There are laws regarding privacy and data protection that must be followed.

Skill Gap: There’s a constant need for skilled professionals, and the demand often exceeds the
supply.

7. Compare different types of cyber attacks (DoS, DDoS, phishing, etc.).

Ans:DoS Attack (Denial-of-service attack):A DoS Attack is a malicious attempt to degrade the
performance of a server or disrupt its availability. This is when one person tries to make a website or
online service stop working by sending it too many requests at once. It’s like a single person yelling at
a shopkeeper to distract them, making it hard for them to help other customers.

Types of Dos Attack:

1. Flood Attacks:The attacker sends a huge amount of data to a website, overwhelming it and
making it unable to respond to real users.

2. Application Layer Attacks: An application layer attack targets the software applications
running on a server, rather than the network itself.

3. SYN Flood: The attacker sends a lot of connection requests to a server but never completes
the process, causing the server to get stuck waiting for them.

 DDoS Attack(Distributed Denial-of-service):A DDoS attack is when many computers try to

use a website all at once. This makes the website slow or even crash, so real users can’t
access it. It's like too many people trying to get into a store at the same time!

9. Explain CIA Tired in detail.

Ans:Confidentiality, Integrity, Availability (CIA Triad):The three letters in "CIA triad" stand
for Confidentiality, Integrity, and Availability. TheCIA triad is a common model that forms the basis for
the development of security systems. They are used for finding vulnerabilities and methods for
creating solutions.The confidentiality, integrity, and availability of information is crucial to the
operation of a business, and the CIA triad segments these three ideas into separate focal points. This
differentiation is helpful because it helps guide security teams as they pinpoint the different ways in
which they can address each concern. Ideally, when all three standards have been met, the security
profile of the organization is stronger and better equipped to handle threat incidents.
1. Confidentiality:Confidentiality involves the efforts of an organization to make sure data is kept
secret or private. To accomplish this, access to information must be controlled to prevent the
unauthorized sharing of data—whether intentional or accidental. A key component of maintaining
confidentiality is making sure that people without proper authorization are prevented from accessing
assets important to your business. Conversely, an effective system also ensures that those who need
to have access have the necessary privileges.

2. Integrity:Integrity involves making sure your data is trustworthy and free from tampering. The
integrity of your data is maintained only if the data is authentic, accurate, and reliable. For example,
if your company provides information about senior managers on your website, this information
needs to have integrity. If it is inaccurate, those visiting the website for information may feel your
organization is not trustworthy. Someone with a vested interest in damaging the reputation of your
organization may try to hack your website and alter the descriptions, photographs, or titles of the
executives to hurt their reputation or that of the company as a whole.

3. Availability:Even if data is kept confidential and its integrity maintained, it is often useless unless it
is available to those in the organization and the customers they serve. This means that systems,
networks, and applications must be functioning as they should and when they should. Also,
individuals with access to specific information must be able to consume it when they need to, and
getting to the data should not take an inordinate amount of time.