1. What is Cyber Security?

Cyber security is the practice of protecting systems, networks, and programs from digital attacks,
theft, or damage. It ensures the confidentiality, integrity, and availability of data.

2. What are the types of Cyber Security?

The types of cyber security include:

• Network Security: Protects network infrastructure.

• Application Security: Secures applications against threats.

• Information Security: Safeguards data integrity and privacy.

• Operational Security: Focuses on protecting business processes.

• Cloud Security: Protects cloud computing environments.

• Endpoint Security: Secures individual devices.

3. Mention some reasons for cybercrime.

Some reasons for cybercrime include:

• Financial gain.

• Political motives or activism.

• Revenge or personal conflicts.

• Lack of awareness or security measures.

• Exploitation of system vulnerabilities.

4. What is the need for Cyber Security?

The need for cyber security arises to:

• Protect sensitive data from breaches.

• Prevent financial and reputational loss.

• Safeguard against unauthorized access.

• Ensure safe use of online services and digital infrastructure.

5. What are the classifications of Cyber Criminals?

Cyber criminals are classified into:

• Hackers: Gain unauthorized access to systems.

 • Hacktivists: Promote political or social agendas.

• Cyber Terrorists: Cause panic or disruption for ideological motives.

• Insiders: Employees exploiting internal access.

• Script Kiddies: Inexperienced attackers using pre-made tools.

1. Define OWASP

OWASP (Open Web Application Security Project) is a non-profit organization focused on improving
the security of software. It provides freely available resources, tools, and guidelines for web
application security.

2. What is meant by a security breach?

A security breach is an incident where unauthorized access to data, networks, or systems occurs,
often leading to theft, exposure, or corruption of sensitive information.

3. What are the most common types of malware attacks?

The most common types of malware attacks include:

• Viruses: Infect files and spread across systems.

• Worms: Spread autonomously through networks.

• Ransomware: Locks data and demands payment.

• Spyware: Monitors user activity and steals information.

• Trojan Horses: Masquerade as legitimate software.

4. List out some of the most common attack vectors.

Common attack vectors include:

• Phishing: Fraudulent emails to steal information.

• SQL Injection: Exploiting database vulnerabilities.

• Cross-Site Scripting (XSS): Injecting malicious scripts into web applications.

• Denial of Service (DoS): Overloading systems to make them unavailable.

• Weak Passwords: Exploiting poorly secured credentials.

5. List some common web application attacks.

Common web application attacks include:

 • Cross-Site Scripting (XSS): Injecting malicious code into a webpage.

• SQL Injection: Manipulating SQL queries to access unauthorized data.

• Cross-Site Request Forgery (CSRF): Forcing users to perform unwanted actions.

• Directory Traversal: Gaining access to restricted directories.

• Broken Authentication: Exploiting weaknesses in session management.

1. What is the use of the Harvester?

The Harvester is an open-source intelligence (OSINT) tool used to gather information such as email
addresses, domain names, IP addresses, and URLs from public sources like search engines and online
databases.

2. What are the three types of scanning?

The three types of scanning are:

• Port Scanning: Identifies open ports and services on a target system.

• Network Scanning: Discovers active hosts and their IP addresses in a network.

• Vulnerability Scanning: Detects weaknesses in systems and applications.

3. Which tool is used for port scanning?

Nmap (Network Mapper) is the most commonly used tool for port scanning. It identifies open ports
and running services on a target system.

4. List out the techniques for port scanning.

The common techniques for port scanning include:

• TCP Connect Scan: Establishes a full TCP connection to test open ports.

• SYN Scan (Half-Open Scan): Sends SYN packets to detect open ports without completing the
handshake.

• UDP Scan: Probes UDP ports by sending packets.

• Xmas Scan: Sends packets with unusual flag combinations.

• NULL Scan: Sends packets with no flags set to check responses.

5. How to detect a port scan?

Port scans can be detected by:

• Monitoring unusual traffic patterns using Intrusion Detection Systems (IDS).

• Analyzing logs for repeated connection attempts to multiple ports.

• Using tools like Wireshark or Snort to observe suspicious network activity.

1. Define Intrusion Detection System (IDS).

An Intrusion Detection System (IDS) is a security tool that monitors network or system activity to
identify and alert on suspicious activities or potential security breaches.

2. Give an example of IDS.

An example of an IDS is Snort, an open-source network-based IDS that detects and prevents
malicious network activities.

3. List out the advantages of Honeypot.

The advantages of a honeypot include:

• Attracting and analyzing attacker behavior.

• Detecting new and emerging threats.

• Reducing false positives compared to traditional IDS.

• Diverting attackers from actual systems.

4. What are the types of Honeypots?

The types of honeypots are:

• Production Honeypots: Used to improve security by detecting attacks in real systems.

• Research Honeypots: Used for studying attack methods and understanding hacker behavior.

5. What are the advantages of a Host-Based Intrusion Detection System (HIDS)?

The advantages of HIDS include:

• Monitors specific host activities for detailed security analysis.

• Detects attacks that bypass network-based systems.

• Provides detailed logs for auditing and forensic purposes.

 • Protects against insider threats by analyzing local system behavior.

1. What is an Intrusion Prevention System (IPS)?

An Intrusion Prevention System (IPS) is a security tool that monitors network traffic to detect and
prevent malicious activities by actively blocking threats in real-time.

2. What are the types of Intrusion Prevention System?

The types of IPS include:

• Network-Based IPS (NIPS): Monitors network traffic for suspicious activity.

• Host-Based IPS (HIPS): Protects individual devices by analyzing system logs and application
behavior.

• Wireless IPS (WIPS): Detects and prevents wireless network threats.

• Content-Based IPS: Monitors and blocks harmful content in data packets.

3. Difference between IDS and IPS

• IDS (Intrusion Detection System): Monitors and alerts on malicious activities but does not
take action to block them.

• IPS (Intrusion Prevention System): Actively blocks threats in addition to monitoring and
alerting.

4. What are the characteristics of a firewall?

The characteristics of a firewall include:

• Controls inbound and outbound traffic based on predefined security rules.

• Provides network segmentation and isolation.

• Blocks unauthorized access while permitting legitimate communication.

• Logs traffic and alerts on suspicious activity.

5. Define Firewall.

A firewall is a network security device or software that filters and controls traffic based on security
policies, protecting networks and devices from unauthorized access or threats.