CSQB2
CSQB2
Question Bank
What is Phishing?
Phishing is a type of online scam where attackers pretend to be someone you trust—like a
bank, a popular website, or even a friend—to trick you into sharing personal information,
such as passwords, credit card details, or other sensitive data.
Types of Phishing:
1. Email Phishing:
o Attackers send fake emails that look like they’re from real
companies (like your bank).
o The email often asks you to click a link and enter your details on
a fake website that looks real.
2. Spear Phishing:
o A more personalized type of phishing.
o Attackers gather information about you and customize the
message to make it feel more believable.
o For example, they might use your name or mention a project
you're working on.
3. Whaling:
o Targets high-ranking people like company executives (CEOs).
o The fake message might involve important topics like business
transactions to trick them into revealing information.
4. Smishing (SMS Phishing):
o Phishing through text messages.
o The attacker sends a message that looks like it’s from a known
company, asking you to click a link or provide info.
5. Vishing (Voice Phishing):
o Phishing done through phone calls.
o The caller pretends to be from a trusted organization (like a
bank) and asks for information.
6. Clone Phishing:
o The attacker copies a real email you received before and makes a
few changes, like adding a fake link.
o It looks almost identical to the original email, making it harder to
spot the trick.
7. Pharming:
o Instead of tricking you with a fake message, attackers redirect
you to a fake website, even if you type the correct web address.
o This way, they can steal your details without you realizing it.
Viruses and worms are both types of malware—malicious software designed to harm or
exploit computer systems. While they share some similarities, their methods of spreading
and causing damage are different.
1. What is a Virus?
2. What is a Worm?
Keyloggers and spyware are types of malicious software (malware) designed to gather
information from a user’s device without their knowledge. They are used for stealing
sensitive information, such as passwords, banking details, or other private data, which can
lead to identity theft or financial loss.
1. What is a Keylogger?
Cyber law is like the rules of the internet that help keep people, businesses, and their data
safe when they are online. It deals with protecting personal information, preventing online
crimes, and making sure that digital activities are secure.
India's cyber law is essential for several reasons, reflecting the growing significance of
digital technology and the internet in various aspects of life. Here are some key points
explaining the need for cyber law in India:
The IT Act 2000 is a law in India that aims to promote and regulate the use of digital
technology and online communication. It addresses issues like electronic transactions,
cybercrime, and data protection.
Key Features:
Importance:
In cyber law, the aspect of evidence is crucial, especially given the unique
challenges posed by digital communication and online activities. Here’s
an overview of the key points related to evidence in cyber law:
2. Legal Recognition:
3. Admissibility of Evidence:
4. Authentication:
5. Forensic Analysis:
6. Challenges:
A Denial of Service (DoS) attack is a malicious attempt to disrupt the normal functioning
of a targeted server, service, or network by overwhelming it with a flood of traffic or
sending it malicious data. The primary goal is to make the target unavailable to its intended
users.
Key Characteristics:
Key Characteristics:
Identity theft is a crime where someone steals another person's personal information, like
their name, Social Security number, or credit card details, to commit fraud or other illegal
activities without their permission.
Key Points:
The IT Amendment Act, 2008 updated the original IT Act of 2000 to improve laws
around cybersecurity, data protection, and cybercrimes in India.
1. Purpose: ISO creates guidelines that help organizations improve their processes
and products. These standards are not mandatory but are widely used to enhance
quality and safety.
2. Global Presence: Founded in 1947 and based in Geneva, Switzerland, ISO has
published over 23,000 standards and works with organizations from 165 countries.
3. Types of Standards:
o Quality Management: ISO 9001 focuses on ensuring quality in
products and services.
o Environmental Management: ISO 14001 helps organizations
minimize their environmental impact.
o Information Security: ISO/IEC 27001 provides a framework for
managing information security risks.
4. Benefits of ISO Standards:
o Efficiency: Helps organizations streamline their processes and
reduce waste.
o Customer Satisfaction: Ensures higher product quality, leading
to more satisfied customers.
o Market Access: Compliance with ISO standards can help
businesses enter new markets and attract more customers.
5. Certification: Organizations can get certified by accredited bodies to show that
they meet ISO standards, although ISO itself does not provide certification.