Exam Paper Solution

Section – I
Q -1.
i. Cyber
Cyber is a prefix that denotes a relationship with information technology (IT). Anything relating
to computing, such as the internet, falls under the cyber category.

ii. Steganography
Steganography is the technique of hiding secret data within an ordinary, non-secret, file
or message in order to avoid detection.
Steganography is the practice of concealing information within another message or
physical object to avoid detection

iii. Virus
Virus stands for Vital Information Resources under Siege.
A computer virus is a type of malicious software, or malware, that spreads between
computers and causes damage to data and software.

iv. Scareware
Scareware is a type of malware attack that claims to have detected a virus or other issue
on a device and directs the user to download or buy malicious software to resolve the
problem

v. Botnet
Botnet refers to a network of hijacked internet-connected devices that are installed
with malicious codes known as malware.

Q – 2(A)What is Cyber Threat? List cyber threat

and explain any one of it.
A cyber security threat refers to any possible malicious attack that seeks to
unlawfully access data, disrupt digital operations or damage information. Cyber threats can

Page 1 of 18
originate from various actors, including corporate spies, hacktivists, terrorist groups, hostile
nation-states, criminal organizations, lone hackers and disgruntled employees.

7 Types of Cyber Security Threats

Cyber security professionals should have an in-depth understanding of the following
types of cyber security threats.
1. Malware
Malware is malicious software such as spyware, ransomware, viruses and worms.
Malware is activated when a user clicks on a malicious link or attachment, which leads to
installing dangerous software. Cisco reports that malware, once activated, can:
Block access to key network components (ransomware)
Install additional harmful software
Covertly obtain information by transmitting data from the hard drive (spyware)
Disrupt individual parts, making the system inoperable
2. Emotet
The Cybersecurity and Infrastructure Security Agency (CISA) describes Emotet as “an
advanced, modular banking Trojan that primarily functions as a downloader or dropper of
other banking Trojans. Emotet continues to be among the most costly and destructive
malware.”
3. Denial of Service
A denial of service (DoS) is a type of cyber attack that floods a computer or network
so it can’t respond to requests. A distributed DoS (DDoS) does the same thing, but the attack
originates from a computer network. Cyber attackers often use a flood attack to disrupt the
“handshake” process and carry out a DoS. Several other techniques may be used, and some
cyber attackers use the time that a network is disabled to launch other attacks. A botnet is a
type of DDoS in which millions of systems can be infected with malware and controlled by a
hacker, according to Jeff Melnick of Netwrix, an information technology security software
company. Botnets, sometimes called zombie systems, target and overwhelm a target’s
processing capabilities. Botnets are in different geographic locations and hard to trace.
4. Man in the Middle
A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a
two-party transaction. After interrupting the traffic, they can filter and steal data, according
to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network.
Attackers insert themselves between the visitor and the network, and then use malware to
install software and use data maliciously.

Page 2 of 18
 5. Phishing
Phishing attacks use fake communication, such as an email, to trick the receiver into
opening it and carrying out the instructions inside, such as providing a credit card number.
“The goal is to steal sensitive data like credit card and login information or to install malware
on the victim’s machine,” Cisco reports.
6. SQL Injection
A Structured Query Language (SQL) injection is a type of cyber attack that results
from inserting malicious code into a server that uses SQL. When infected, the server releases
information. Submitting the malicious code can be as simple as entering it into a vulnerable
website search box.
7. Password Attacks
With the right password, a cyber attacker has access to a wealth of information.
Social engineering is a type of password attack that Data Insider defines as “a strategy cyber
attackers use that relies heavily on human interaction and often involves tricking people into
breaking standard security practices.” Other types of password attacks include accessing a
password database or outright guessing.

Q – 2(B)What is DDOS attack? How DDOs occurs?

List tools of DDOS Attack.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the
normal traffic of a targeted server, service or network by overwhelming the target or its
surrounding infrastructure with a flood of Internet traffic.
DDoS is short for distributed denial of service. A DDoS attack occurs when a threat
actor uses resources from multiple, remote locations to attack an organization's online
operations.
Common DDoS attack tools include tools for IP address spoofing, Ping of Death,
ICMP, UDP flood and DNS flood attack, amplification attacks, TCP SYN flood, HTTP flood,
reflection attacks, volumetric attacks, and connection-based attacks.

OR
Q – 2(A)What is Malvertising? How Malvertising
works? List Step to prevent it.
Malvertising is a malicious advertisement, which can appear on almost any level of
interaction between the user and web application.

Page 3 of 18
 Malvertising is a new form of attack adopted by cyber attackers that makes use of
online advertisements for spreading malicious software into computer systems.
Malvertising is the synonym for malware advertising.
Malvertising attacks can be complex in nature and use many other techniques to
execute the attack. Typically, attackers first compromise a third-party server that allows
cybercriminals to inject malicious code into display ads or their elements, such as Banner
ads, creative images, or video content.
Once a website visitor clicks on it, the broken code in the ad installs malware
(malware) or adware on the user’s computer.
How to prevent malware

• Keep your computer and software updated. ...

• Use a non-administrator account whenever possible. ...
• Think twice before clicking links or downloading anything. ...
• Be careful about opening email attachments or images. ...
• Don't trust pop-up windows that ask you to download software. ...
• Limit your file-sharing.

Q – 2(B)Discuss Cyber Warfare and its types.

Cyberwarfare is typically defined as a set of actions by a nation or organization to
attack countries or institutions' computer network systems with the intention of disrupting,
damaging, or destroying infrastructure by computer viruses or denial-of-service attacks.
Cyberwarfare refers to the use of digital attacks -- like computer viruses and hacking -
- by one country to disrupt the vital computer systems of another, with the aim of creating
damage, death and destruction.
i. Espionage
ii. Sabotage
iii. Denial-of-service (DoS) Attacks
iv. Electrical Power Grid
v. Propaganda Attacks
vi. Economic Disruption
vii. Surprise Attacks

Q – 3(A)What is internet Governance? Explain

Governance bodies of internet.
[Internet governance is] the development and application by Governments, the
private sector and civil society, in their respective roles, of shared principles, norms, rules,
decision-making procedures, and programmes that shape the evolution and use of the
Internet.

Page 4 of 18
 Internet governance is the complementary development and application by
governments, the private sector, civil society and the technical community, in their
respective roles, of shared principles, norms, rules, decision-making procedures, and
activities that shape the evolution and use of the Internet. For UNESCO, Internet
Governance is a central issue because of Internet’s potential to foster sustainable human
development and the building of inclusive knowledge societies, and enhancing the free flow
of information and ideas throughout the world.
In addition to the below agencies some W3C ( World Wide Web Consortium ) , which
is the body responsible for the regulation and develop standards for the World Wide Web (
WWW ) . WWW is often considered to be the same as the Internet as a whole , although it is
actually a part of the Internet application is arguably the most important . W3C is currently
headed by Tim Berners Lee , the creator of the World Wide Web .

• Internet and Mobile Association of India (IAMAI)

–IAMAI is the only specialized industry body in India representing the interests of
online and mobile value added services industry.

• Internet Service Providers Association of India (ISPAI)

–ISPAI is the collective voice of the ISP fraternity and by extension the entire Internet
community. Over the years ISPAI has helped influence, shape and mould the telecom
policies, so that ISPs and entrepreneurs in the business of Internet can setup and grow their
services in an environment that is supportive and enabling.
Following are the bodies responsible for standardization in order to control and
regulate the Internet is still going and growing for the better :
1 . International Internet Society ( ISOC )
Is a professional body with membership open to anyone whether personal ,
corporate , university , and government . ISOC is the body that the Internet facilitates ,
supports , and promotes the use of and access to the Internet . The agency is dealing not
only with the technical aspects , but also aspects of political , social , educational , economic
, etc. from the internet . ISOC aims to ensure the development of an open Internet , so that
the evolution and use of the Internet can be beneficial for all human beings on earth .
2 . Internet Architecture Board ( IAB )
Is a coordinating body and the technical advisor of the ISOC . The agency acts as a
technical review and editorial end all Internet standards . IAB has the authority to issue the
document known as the Internet standard RFC ( Request For Comment ) created by the IETF
, IEEE and other organizations are entitled to make a proposal . Another task of the IAB is to
arrange the numbers and constants used in the Internet protocol ( TCP port numbers , IP
protocol codes , etc. ) .
3 . Internet Engineering Task Force ( IETF )

Page 5 of 18
 Is a unit under the IAB is comprised of people who are concentrating to develop
applications and future Internet architecture . The agency is tasked to establish an Internet
standard . One of its tasks is published RFC ( Request For Comment ) over a proposed
standard protocol or by a person for comment by the public with the consent of the IAB .
Website is http://www.ietf.org . The IETF is divided into nine working groups ( eg
applications , routing and addressing , computer security ) .

Q – 3(B)What is Vulnerability Scanning? Explain

types of Vulnerability Scanners.
Vulnerability scanning is the process of discovering, analyzing, and reporting on
security flaws and vulnerabilities. Vulnerability scans are conducted via automated
vulnerability scanning tools to identify potential risk exposures and attack vectors across an
organization's networks, hardware, software, and systems.
1. Host-based vulnerability scanning
Host-based security refers to the creation of a perimeter around each user
workstation, server, or other network hosts, that interact with the IT network.
Host-based vulnerability scanning is the process of scanning a network host for
security loopholes. A scan of this kind can reveal
The history of security patches in said host

• Vulnerabilities incurred through outdated patches

• The damage that can be caused by the detected vulnerabilities
• The level of access a hacker can gain by infecting the said host
• Possible ways of mitigating the situation.
2. Network Scanning
Network vulnerability scanning is the process of identifying the security
vulnerabilities in an organization’s network infrastructure.
It Identifies all systems and devices operating in your network infrastructure
Then it determines how the different devices and systems are connected
After preparing an inventory of all the devices and systems under
consideration, the scanner analyzes the said assets to detect common
vulnerabilities.
• Then it scans for exploitable ports and services
• It identifies weak passwords and authentication errors
3. Database vulnerability scanning
A database vulnerability scanner is a tool specially designed for scanning your
database for vulnerabilities like faulty security configuration, and lack of encryption.
Database vulnerability scanning helps you evaluate the overall data security
health of your organization, detect vulnerabilities, and mitigate them before they
are exploited by hackers.
4. Cloud vulnerability scanning

Page 6 of 18
 Cloud vulnerability scanning is a part of the holistic cloud security strategy
that can be implemented to monitor, manage, and improve the overall security of
cloud infrastructure.
Server misconfigurations such as misconfigured S3 buckets are one of the
most common cloud vulnerabilities.
Using weak passwords can expose your cloud accounts to brute-force attacks.
SQLi, XSS, and CSRF bugs are quite common in cloud-based applications, and
they can be exploited easily by hackers.
Running outdated, unpatched software on your cloud platform can
compromise the cloud services
5. Application Vulnerability Assessment
Application vulnerability scanning is one of the most widely used vulnerability
scanning types. It involves scanning your web apps and mobile apps for security
vulnerabilities.

• The current state of security of your application

• The existing vulnerabilities and the risk posed by them
• The amount of potential damage caused by the vulnerabilities.

OR
Q – 3(A)What is OWASP? List Top 10 Web
Application Security risks.
The Open Worldwide Application Security Project is an online community that
produces freely-available articles, methodologies, documentation, tools, and technologies in
the field of web application security.
1. Broken Access Control
2. Cryptographic Failures
3. Injection
4. Insecure Design
5. Security Misconfiguration
6. Vulnerable and Outdated Components
7. Identification and Authentication Failures
8. Software and Data Integrity Failures
9. Security Logging and Monitoring Failures
10. Server-Side Request Forgery

Page 7 of 18
Q – 3(B) Discuss the principles of Intrusion
detection.
A system called an intrusion detection system (IDS) observes network traffic
for malicious transactions and sends immediate alerts when it is observed. It is software that
checks a network or system for malicious activities or policy violations. Each illegal activity or
violation is often recorded either centrally using a SIEM system or notified to an
administration. IDS monitors a network or system for malicious activity and protects a
computer network from unauthorized access from users, including perhaps insiders. The
intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of
distinguishing between ‘bad connections’ (intrusion/attacks) and ‘good (normal)
connections.

Q – 4 Discuss DVWA, Zenmap, Wireshark.

• DVMA -
Damn Vulnerable Web Application, shorter DVWA, is a PHP/MySQL web application
that is damn vulnerable. The main goal of this pretesting playground is to aid penetration
testers and security professionals to test their skills and tools. In addition it can aid web devs
better understand how to secure web apps, but also to aid students/teachers to learn all
about web app security and possible vulnerabilities.
DVWA Attacks:
Brute-force
Command Injection
CSRF
File Inclusion

• Zenmap -
Zenmap is an official Nmap Security scanner GUI (graphical user interface). It is a
multi-platform , free and open source application which gives users a friendly interface. It
has advanced features for experienced users. It has a command creator which lets
interactive creation of Nmap command lines. Results of scans can be saved to review later
and can be compared with one another (results of scans are stored in a database). It is a
cross platform application available for Linux, Windows, and OS X.

• Wireshark -
Wireshark is a network protocol analyzer, or an application that captures packets
from a network connection, such as from your computer to your home office or the internet.

Page 8 of 18
Packet is the name given to a discrete unit of data in a typical Ethernet network. Wireshark is
the most often-used packet sniffer in the world.
Wireshark is a safe tool used by government agencies, educational institutions,
corporations, small businesses and nonprofits alike to troubleshoot network issues.
Additionally, Wireshark can be used as a learning tool.

Section – II

Q – 1.
i. Cyberspace
Cyberspace refers to the virtual computer world, and more specifically, an
electronic medium that is used to facilitate online communication

ii. CERT
A Computer Emergency Response Team (CERT) is a group of information
security experts responsible for the protection against, detection of and response
to an organization's cybersecurity incidents.

iii. Cyber Security

Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks.

iv. Cryptography
Cryptography is a method of protecting information and communications through
the use of codes, so that only those for whom the information is intended can read and
process it.

v. Cyber Law
Cyber law is any law that applies to the internet and internet-related
technologies. Cyber law is one of the newest areas of the legal system. This is
because internet technology develops at such a rapid pace. Cyber law provides legal
protections to people using the internet.

Page 9 of 18
Q – 2(A) Explain types of Firewalls.
1. Packet-filtering Firewalls
2. Circuit-level Gateways
3. Application-level Gateways (Proxy Firewalls)
4. Stateful Multi-layer Inspection (SMLI) Firewalls
5. Next-generation Firewalls (NGFW)
6. Threat-focused NGFW
7. Network Address Translation (NAT) Firewalls
8. Cloud Firewalls
9. Unified Threat Management (UTM) Firewalls

Types of Firewall
1. Packet-filtering Firewalls
A packet filtering firewall is the most basic type of firewall. It acts like a management
program that monitors network traffic and filters incoming packets based on configured
security rules. These firewalls are designed to block network traffic IP protocols, an IP
address, and a port number if a data packet does not match the established rule-set.
2. Circuit-level Gateways
Circuit-level gateways are another simplified type of firewall that can be easily
configured to allow or block traffic without consuming significant computing resources.
These types of firewalls typically operate at the session-level of the OSI model by verifying
TCP (Transmission Control Protocol) connections and sessions. Circuit-level gateways are
designed to ensure that the established sessions are protected.
3. Application-level Gateways (Proxy Firewalls)
Proxy firewalls operate at the application layer as an intermediate device to filter
incoming traffic between two end systems (e.g., network and traffic systems). That is why
these firewalls are called 'Application-level Gateways'.
4. Stateful Multi-layer Inspection (SMLI) Firewalls
Stateful multi-layer inspection firewalls include both packet inspection technology
and TCP handshake verification, making SMLI firewalls superior to packet-filtering firewalls
or circuit-level gateways. Additionally, these types of firewalls keep track of the status of
established connections.
5. Next-generation Firewalls (NGFW)
Many of the latest released firewalls are usually defined as 'next-generation
firewalls'. However, there is no specific definition for next-generation firewalls. This type of
firewall is usually defined as a security device combining the features and functionalities of

Page 10 of 18
other firewalls. These firewalls include deep-packet inspection (DPI), surface-level packet
inspection, and TCP handshake testing, etc.
6. Threat-focused NGFW
Threat-focused NGFW includes all the features of a traditional NGFW. Additionally,
they also provide advanced threat detection and remediation. These types of firewalls are
capable of reacting against attacks quickly. With intelligent security automation, threat-
focused NGFW set security rules and policies, further increasing the security of the overall
defense system.
7. Network Address Translation (NAT) Firewalls
Network address translation or NAT firewalls are primarily designed to access
Internet traffic and block all unwanted connections. These types of firewalls usually hide the
IP addresses of our devices, making it safe from attackers.
When multiple devices are used to connect to the Internet, NAT firewalls create a
unique IP address and hide individual devices' IP addresses. As a result, a single IP address is
used for all devices. By doing this, NAT firewalls secure independent network addresses from
attackers scanning a network for accessing IP addresses. This results in enhanced protection
against suspicious activities and attacks.
8. Cloud Firewalls
Whenever a firewall is designed using a cloud solution, it is known as a cloud firewall
or FaaS (firewall-as-service). Cloud firewalls are typically maintained and run on the Internet
by third-party vendors. This type of firewall is considered similar to a proxy firewall. The
reason for this is the use of cloud firewalls as proxy servers. However, they are configured
based on requirements.
9. Unified Threat Management (UTM) Firewalls
UTM firewalls are a special type of device that includes features of a stateful
inspection firewall with anti-virus and intrusion prevention support. Such firewalls are
designed to provide simplicity and ease of use. These firewalls can also add many other
services, such as cloud management, etc.

Q – 2(B) Discuss Cybercrime against organization.

Cyber crimes are majorly of 4 types:
1. Against Individuals: These include e-mail spoofing, spamming, cyber defamation, cyber
harassments and cyber stalking.
2. Against Property: These include credit card frauds, internet time theft and intellectual
property crimes.

Page 11 of 18
 3. Against Organisations: These include unauthorized accessing of computer, denial Of
service, computer contamination / virus attack, e-mail bombing, salami attack, logic bomb,
trojan horse and data diddling.
4. Against Society: These include Forgery, CYber Terrorism, Web Jacking.
Classification Of Cyber Crimes Cyber crimes can be classified in to 4 major categories as the
following:
(1) Cyber crime against Individual
(2) Cyber crime Against Property
(3) Cyber crime Against Organization
(4) Cyber crime Against Society

(1) Against Individuals

(i) Email spoofing : A spoofed email is one in which the e-mail header is forged so that the
mail appears to originate from one source but actually has been sent from another source.
(ii) Spamming : Spamming means sending multiple copies of unsolicited mails or mass e-
mails such as chain letters.
(iii) Cyber Defamation : This occurs when defamation takes place with the help of
computers and/or the Internet.
E.g. someone publishes defamatory matter about someone on a website or sends e-mails
containing defamatory information. (iv) Harassment & Cyber stalking : Cyber Stalking Means
following an individual's activity over internet. It can be done with the help of many
protocols available such as e- mail, chat rooms, user net groups.

(2) Against Property

(i) Credit Card Fraud : As the name suggests, this is a fraud that happens by the use of a
credit card. This generally happens if someone gets to know the card number or the card
gets stolen.
(ii) Intellectual Property crimes : These include Software piracy: Illegal copying of programs,
distribution of copies of software. Copyright infringement:
Using copyrighted material without proper permission. Trademarks violations: Using
trademarks and associated rights without permission of the actual holder. Theft of computer
source code: Stealing, destroying or misusing the source code of a computer.
(iii) Internet time theft : This happens by the usage of the Internet hours by an
unauthorized person which is actually paid by another person.

(3) Against Organisations

Page 12 of 18
 (i) Unauthorized Accessing of Computer: Accessing the computer/network without
permission from the owner. It can be of 2 forms:
a) Changing/deleting data: Unauthorized changing of data.
b) Computer voyeur: The criminal reads or copies confidential or proprietary
information, but the data is neither deleted nor changed.
(ii) Denial Of Service : When Internet server is flooded with continuous bogus
requests so as to denying legitimate users to use the server or to crash the server.
(iii) Computer contamination / Virus attack :
A computer virus is a computer program that can infect other computer programs by
modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be file
infecting or affecting boot sector of the computer. Worms, unlike viruses do not need the
host to attach themselves to.
(iv) Email Bombing : Sending large numbers of mails to the individual or company or
mail servers thereby ultimately resulting into crashing.
(v) Salami Attack : When negligible amounts are removed & accumulated in to
something larger. These attacks are used for the commission of financial crimes.
(vi) Logic Bomb : It is an event dependent program. As soon as the designated event
occurs, it crashes the computer, release a virus or any other harmful possibilities.
(vii) Trojan Horse : This is an unauthorized program which functions from inside what
seems to be an authorized program, thereby concealing what it is actually doing.
(viii) Data diddling : This kind of an attack involves altering raw data just before it is
processed by a computer and then changing it back after the processing is completed.

(4) Against Society

(i) Forgery : Currency notes, revenue stamps, mark sheets etc. can be forged using
computers and high quality scanners and printers.
(ii) Cyber Terrorism : Use of computer resources to intimidate or coerce people and
carry out the activities of terrorism.
(iii) Web Jacking : Hackers gain access and control over the website of another, even
they change the content of website for fulfilling political objective or for money.

OR
Q – 2(A) What is Firewall? What a firewall can do?

Page 13 of 18
 A firewall system analyses network traffic based on pre-defined rules. It then
filters the traffic and prevents any such traffic coming from unreliable or suspicious sources.
It only allows incoming traffic that is configured to accept.
A firewall determines which internet traffic is trustworthy enough to pass through it and
which traffic is not. But just before diving into more detail, we must first comprehend how a
firewall performs to filter among web-based networks.
The primary use of a firewall in networking is to secure the network from
cyberattacks. For example, a firewall prevents malicious and unwanted content from
entering your environment. As well, a firewall protects vulnerable systems and private data
in the network from unauthorized access–such as hackers or insiders.

Q – 2(B) Explain Cybercrime against Society.

Cybercrime is a crime that is committed online. In essence, it is an offence to
use a computer or the internet with the intention of libellous behaviour against a person or
group of people or to hurt them mentally or physically via a social media platform.
Hacking, child pornography, forgeries, cyberbullying, cyberstalking, denial of service,
spam, cyberterrorism, phishing, software piracy, malware, defamation, spyware, hoaxes,
online gambling, identity theft, and other forms of cybercrime are just a few examples.
Causes of cybercrime:
Simple access:
The problem with protecting a computer system from unauthorised access is that due to the
complexity of technology, there are numerous ways for a breach to occur. Hackers can steal
access codes, retina images, advanced voice recorders, and other devices that can easily fool
biometric systems and circumvent firewalls, allowing them to circumvent many security
systems.
Negligence:
Because most people do not like to use strong passwords on their computers, it is easy to
hack them

Q – 3(A)Discuss Indian IT Act 2000.

The Information Technology Act, 2000 also Known as an IT Act is an act
proposed by the Indian Parliament reported on 17th October 2000. This Information
Technology Act is based on the United Nations Model law on Electronic Commerce 1996
(UNCITRAL Model) which was suggested by the General Assembly of United Nations by a
resolution dated on 30th January, 1997. It is the most important law in India dealing with
Cybercrime and E-Commerce.

Page 14 of 18
 The main objective of this act is to carry lawful and trustworthy electronic, digital and
online transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90
sections. The last four sections that starts from ‘section 91 – section 94’, deals with the
revisions to the Indian Penal Code 1860.

The IT Act, 2000 has two schedules:

First Schedule –
Deals with documents to which the Act shall not apply.

Second Schedule –
Deals with electronic signature or electronic authentication method.

Q – 3(B)What is Attack Vector? Explain types of it.

An attack vector is a path or means by which an attacker or hacker can gain
access to a computer or network server in order to deliver a payload or malicious outcome.
Attack vectors enable hackers to exploit system vulnerabilities, including the human
element.

1. Malware
Malware is a term that describes various strands of malicious software, which include
ransomware, spyware, Trojans, and viruses. Cyber criminals use malware as a threat vector
to help them gain access to corporate networks and devices, then steal data or damage
systems.

2. Phishing
Phishing is an email, Short Message Service (SMS), or telephone-based attack vector
that sees the attacker pose as a trusted sender to dupe the target into giving up sensitive
data, such as login credentials or banking details.

3. Insider Threats
Some security attacks come from inside the organization, through employees
exposing confidential information to attackers. While this can be accidental, malicious
insiders expose corporate data or vulnerabilities to third parties. These are often unhappy or
disgruntled employees with access to sensitive information and networks.

4. Missing or Weak Encryption

Encryption is a technique that hides the true meaning of a message and protects
digital data by converting it into a code or ciphertext. This ensures that the data within a
message cannot be read by an unauthorized party, which helps prevent cyber criminals from
stealing sensitive information.

Page 15 of 18
 5. Unpatched Applications or Servers
Cyber criminals are always on the lookout for potential open doors or vulnerabilities
in software and servers. When they find and exploit a vulnerability that no one is aware of
until the breach occurs, this is known as a zero-day attack.

6. Distributed Denial of Service (DDoS)

A DDoS attack occurs when an attacker overloads a server with internet traffic using
multiple machines, also known as a botnet. This prevents users from accessing services and
can force the organization’s site to crash.
A DDoS attack can be mitigated through the use of firewalls to filter and prevent
malicious traffic. Other defense tools include regular risk assessments, traffic differentiation
to scatter traffic and prevent a targeted attack, and rate-limiting to restrict the number of
requests a server can receive.

OR
Q – 3(A) What is Cyber Forensics?
Cyber forensics is a process of extracting data as proof for a crime
(that involves electronic devices) while following proper investigation rules to nab the culprit
by presenting the evidence to the court. Cyber forensics is also known as computer
forensics. The main aim of cyber forensics is to maintain the thread of evidence and
documentation to find out who did the crime digitally. Cyber forensics can do the following:

• It can recover deleted files, chat logs, emails, etc

• It can also get deleted SMS, Phone calls.
• It can get recorded audio of phone conversations.
• It can determine which user used which system and for how much time.
• It can identify which user ran which program.

Q – 3(B) List the Traditional problem for enforcing

cyber security.
Q – 4 What the need of international conventions
on cyber space.
Cyberspace has created new opportunities for global attacks on the infrastructure of
sovereign states, and other serious cybercrime. The global cyberattacks may even constitute
a threat to international peace and security, and need a global framework to promote peace,
security and justice. A global framework on cybersecurity and cybercrime is necessary for

Page 16 of 18
harmonizing measures against risks and threats in cyberspace, and may reduce the
cybersecurity digital divide for developing countries.
Strategies for a common understanding on cybersecurity and cybercrime are needed among
countries at all stages of economic development. A cybersecurity framework may reduce
risks and threats in cyberspace, and provide for essential architecture in national and
international solutions.
Dialogues and cooperation between governments on norms and standards in cyberspace
must best be achieved through a United Nations framework. Regional and bilateral
agreements may not be sufficient. International law is necessary to make the global society
able to respond to cyberattacks and cybercrimes. In order to reach for a common
understanding, a United Nations Convention or Declaration for Cyberspace that includes
solutions aimed at addressing the global challenges need be established.

Page 17 of 18
Page 18 of 18