1

Question:-1 Define
1. Password Cracking:- Password cracking is the process of using
an application program to identify an unknown or forgotten
password to a computer or network resource. It can also be
used to help a threat actor obtain unauthorized access to
resources.

2. Insecure Network connection:- Smartphones and other

mobile devices have proliferated in the past five years.
The
expectation of mobile device users to always be online has led
to Wi-Fi networks being offered by a variety of providers. Using
these networks introduces multiple security risks.

3. Malicious Code :- Malicious code is the term used to

describe any code in any part of a software system or script
that is intended to cause undesired effects, security breaches
or damage to a system.
4. Programming Bugs:- "an unexpected defect, fault, flaw, or
imperfections." In programming jargon, “errors” are known
as “bugs”. There are many apocryphal stories about the
origin of this term and how it got applied to programming.

5. Information Warfare and Surveillance:-

Information Warfare: Any action to deny, exploit, corrupt, or
destroy the enemy’s information and its functions; protecting
ourselves against those actions; and exploiting our own military
information functions.
2

6. Confidentiality:- Confidentiality is roughly equivalent to

privacy and avoids the unauthorized disclosure of
information.

7. Integrity :- Integrity refers to the methods for ensuring that

data is real, accurate and safeguarded from unauthorized
user
Modification

8. Availability:- Availability is the property in which

information is accessible and modifiable in a timely fashion by
those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.

9. Network Security:- Network security is a broad term that

covers a multitude of technologies, devices and processes. In
its simplest term, it is a set of rules and configurations designed
to protect the integrity, confidentiality and accessibility of
computer networks and data using both software and
hardware technologies

10. Application Security:- Application security is the use

of software, hardware, and procedural methods to
protect applications from external threats.

11. Operational Security:- Operational security (OPSEC),

also known as procedural security, is a risk management
process that encourages managers to view operations from the
perspective of an adversary in order to protect sensitive
information from falling into the wrong hands
3

12. Mobile Security:- mobile security is cybersecurity for

mobile devices. It involves protecting smartphones, tablets,
and laptops from cyber threats such as data loss, credential
theft, account compromise, and so forth.

13. Cloud Security:- Cloud security is a collection of

procedures and technology designed to address external and
internal
threats to business security. Organizations need cloud security
as they move toward their digital transformation strategy and
incorporate cloud-based tools and services as part of their
infrastructure.

14. Threat:- A Threat is a possible security violation that

might exploit the vulnerability of a system or asset.

15. Cyber terrorism:- Cyber terrorism is a phrase used to

describe the use of Internet based attacks in terrorist
activities, including acts of deliberate, large-scale disruption of
computer networks, especially of personal computers
attached to the Internet, by the means of tools such as
computer viruses.

16. Cyber Extortion:- Cybeíextoítion is a cíime involving an attack oí

thíeat of an attack coupled with a demand foí money oí some otheí
íesponse in íetuín foí stopping oí íemediating the attack.
Cybeíextoítion attacks aíe about gaining access to an oíganization's systems
and identifying points of weakness oí taígets of value.
4

17. IPR:- Intellectual property is refers to creations of the

human mind e.g. a story, a song, a painting, a design etc.
The facets of intellectual property that relate to cyber space
are covered by cyber law.

18. Copyright:- Copyright is a term that describes ownership

of control of the rights to the use and distribution of certain
works of creative expression, including books, video, movies,
music and computer programs.

19. Patent:- A patent gives its owner the right to exclude

others from making, using, selling, and importing an invention
for a limited period of time. The patent rights are granted in
exchange for enabling public disclosure of the invention.

20. Trademark:- A Trademark is a Graphical representation that

is used to distinguish the goods and services of one party from
those of others. A Trademark may consist of a letter, number,
word, phrase, logo, graphic, shape, smell, sound or
combination of these things

21. Trade-Secret:- Trade secret describes about the general

formula of any product and the key behind any organization’s
progress. It also includes various firms’ different secret
formula for same products which differ around quality.
5

22. Geographical Indication:- A geographical indication (GI) is a

sign used on products that have a specific geographical origin
and possess qualities or a reputation that are due to that
origin. In order to function as a GI, a sign must identify a
product as originating in a given place.

23. Vulnerability:- the susceptibility of a system to attacks. It's

not just being hacked, it's how easy or hard it is for someone
to hack into your system. A cyber vulnerability is a weakness in
computer or software that can be exploited by an attacker.

24. WIPO:- the intellectual property rights are laid down by the
World Intellectual Property Organization (WIPO).

25. Worm :- A worm in cybersecurity is a standalone malware

computer program that replicates itself to spread from one
computer to other devices. A worm leverages security
loopholes to access a target system. Once a worm reaches
one computer in a network, it uses the machine as a host to
scan and infect other computers.

26. Cyber Stalking:- Cyberstalking is the use of electronic

communications to stalk and harass another individual. The
perpetrator will use different methods to contact their
victims such as using email, text messages, social media, and
phone calls.
6

27. Trojan horse:- A ľíojan Hoíse Viíus is a type of malwaíe that

downloads onto a computeí disguised as a legitimate píogíam. ľhe
deliveíy method typically sees an attackeí use social engineeíing to hide
malicious code within legitimate softwaíe to tíy and gain useís' system
access with theií softwaíe.

28. Ransomware:- Ransomware is a type of malware, or

malicious software, that locks up a victim’s data or computing
device and threatens to keep it locked — or worse — unless
the victim pays the attacker a ransom.

29. DoS Attack:- A Denial of Service attack is a hacking

technique of taking down a site or server by flooding that site
or server with a huge amount of traffic so that the server is
unable to process all the requests in realtime and finally
crashes down

30. Policy Audit:- Security documents are living

documents. Therefore, they ought to be updated at
specific intervals in response to changing business and
customer requirements.

Question:2:-- Define Information Security and Cyber security.

Differences between Information Cyber Security.

Answer:---
Information Securtiy: Information security simply referred to as
InfoSec, is the practice of defending information from unauthorized
access, use, disclosure, disruption, modification, perusal, inspection,
recording or destruction.
7

Cyber Security:- "Cyber security is primarily about people, processes,

and technologies working together to encompass the full range of
threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and
activities, including computer network operations, information
assurance, law enforcement, etc."

Difference between cyber security and information security:-

Parameters CYBER SECURITY INFORMATION SECURITY

It is all about protecting information

It is the practice of
from unauthorized users, access, and
protecting the data from
Basic data modification or removal in order
outside the resource on
Definition to provide confidentiality, integrity,
the internet.
and availability.

It is about the ability to

protect the use of It deals with the protection of data
Protect
cyberspace from cyber from any form of threat.
attacks.

Cybersecurity to protect Information security is for

Scope anything in the cyber information irrespective of the
realm. realm.

Cybersecurity deals with Information security deals with the

Threat the danger in protection of data from any form of
cyberspace. threat.

Cybersecurity strikes Information security strikes

against Cyber crimes, against unauthorized access,
Attacks
cyber frauds, and law disclosure modification, and
enforcement. disruption.

Cyber security Information security professionals are

professionals deal with the foundation of data security and
Professionals
the prevention of active security professionals associated with
threats or it are responsible
8

Parameters CYBER SECURITY INFORMATION SECURITY

Advanced Persistent for policies, processes, and

threats (APT). organizational roles and responsibilities
that assure confidentiality, integrity,
and availability.

It deals with threats that

may or may not exist in
the cyber realm such as
It deals with information Assets
protecting your social
Deals with and integrity, confidentiality, and
media account, personal
availability.
information, etc.

Acts as first line of Comes into play when security is

Defense
defense. breached.

Questine 3:-- State the objective of Cyber Security and explain

Cyber Security Policies.

Answer:-
• The objective of Cyber security is to protect information
from being stolen, compromised or attacked. Cyber security
can be measured by at least one of three
goals:-
• Protect the confidentiality of data.
• Preserve the integrity of data.
• Promote the availability of data for authorized users.
9

Cyber Security objective:-

C.I. A:-- Confidentiality, Integrity, Availability

Confidentiality :-
• Confidentiality is roughly equivalent to privacy and avoids
the unauthorized disclosure of information.
• It involves the protection of data, providing access for those who
are allowed to see it while disallowing others from learning
anything about its content.
• It prevents essential information from reaching the wrong people
while making sure that the right people can get it. Data encryption
is a good example to ensure confidentiality.
Confidentiality tools:-
• Encryption
• Access control
• Authentication
• Authorization
• Physical Security

Integrity :--
• Integrity refers to the methods for ensuring that data is real,
accurate and safeguarded from unauthorized user
modification.
• It is the property that information has not be altered in an
unauthorized way, and that source of the information is
genuine.
1

Integrity tools:-
• Backups
• Checksums
• Data Correcting Codes

Availability:-
• Availability is the property in which information is accessible and
modifiable in a timely fashion by those authorized to do so. It is
the guarantee of reliable and constant access to our sensitive data
by
authorized people.
• Tools for Availability
• Physical Protections
• Computational Redundancies
Availability tools :--
• Physical Protections
• Computational Redundancies
1

CYBER SECURITY POLICIES:--

Security policy :-
Security policy is the statement of responsible decision
makers about the protection mechanism of a company crucial
physical and information assets.
Overall, it is a document that describes a company’s
security controls and activities.
Security policy does not specify a technological solution,
instead, specifies sets of intentions and conditions that will aid
to protect assets along with its proficiency to organize
business.
Policy makers :-
 Security policy development is a joint or collective operation of
all entity of an organization that is affected by its rules.
security policies should not be developed by IT team itself as it
is a responsibility of everyone that has a stake in the security
policy should be involved in its development so that they could
too, mold the policy according to their requirement
1

During policy creating following entity typically involves:-

• Board: Company board members must render their advice
to some form of a review of policies in response to exceptional
or abnormal running condition of business.
• IT Team: IT team members usually are the biggest
consumers of the policy information in any company, as it
involves making standard around the usage of the computer
system, especially security controls.
• Legal Team: This team ensure the legal points in the
document and guide a particular point of appropriateness
in the company.
• HR Team: HR team typically obtain a certified T&C
certificate from each employee that they have read and
understood the stipulated policy, as the HR team deals with
reward and punishment related issues of employees to
implement discipline
Policy audience :-
 Security policy applies to all senior management, employees,
stockholders, consultants, and service providers who use
company assets.
More importantly, the security policy must be readable,
concise, and illustrated, to be effectively comprehensible to its
audience and all employees so that everyone adheres to
policies and fulfills their defined role
Policy classification :-
Every organization typically has three policies:
1. First that is drafted on paper,
2. second, that is in employees’ minds
3. finally that it is actually implemented.
1

The security policies are a part of the hierarchy of

management control, addresses its audience what to be done
according to the stipulated terms and conditions of a company.
Policy generally requires what must be done, never address
how it should be done.

Physical security: It mandates what protection should be wielded to

safeguard the physical asset from both employees and
management, applies to the prevail facilities including doors, entry
point,
surveillance, alarm, etc.
Personnel management: they are supposed to tell their employees
how to conduct or operate day to day business activities in a
secure manner, for instance, password management, confidential
information security, etc., applies to individual employees.
Hardware and software: It directs the administrator what type of
technology to use and what and how network control should be
configured and applies to system and network administrators.

Policy audit :-
• Security documents are living documents. Therefore, they ought
to be updated at specific intervals in response to changing business
and customer requirements.
• Once, policies are well-established and ready to dictate typical
operations, an audit may be performed by outsiders or insider
agencies to compare existing practices to the intentions of
policy.
• Security policy audits assist the company to understand better
the threat the organization is exposed to and the effectiveness of
your
current protection
1

Policy enforcement :-
Enforcement of security policies ensures compliance with the
principle and practices dictated by the company because policy,
procedure do not work if there are violated.
Enforcement is arguably the most significant aspect of a
company; it dissuades anyone from deliberately, accidentally
violates policies rules

Policy awareness :-
Company employees are often perceived as “soft” target to be
compromised, as the human elements the least predictable and
easiest to exploit.
Trusted employees either “disgruntle” or are framed to provide
valuable information of a company.
Therefore, one of the most robust storage to combat this
exposure of information by employees is “education.”

Question-4: Explain: Cyber security Principles in detail.

Answer:-
1

Economy of mechanism :-
This principle states that Security mechanisms should be as
simple and small as possible.
The Economy of mechanism principle simplifies the design and
implementation of security mechanisms.
If the design and implementation are simple and small, fewer
possibilities exist for errors.
The checking and testing process is less complicated so that
fewer components need to be tested
Fail-safe defaults :-
The Fail-safe defaults principle states that the default
configuration of a system should have a conservative protection
scheme.
This principle also restricts how privileges are initialized when a
subject or object is created.
1

Whenever access, privileges/rights, or some security-related

attribute is not explicitly granted, it should not be grant access
to that object.
Example: If we will add a new user to an operating system, the
default group of the user should have fewer access rights to
files and services

Least Privilege :-
This principle states that a user should only have those
privileges that need to complete his task.
Its primary function is to control the assignment of rights
granted to the user, not the identity of the user.
This means that if the boss demands root access to a UNIX
system that you administer, he/she should not be given that
right unless he/she has a task that requires such level of access.
If possible, the elevated rights of a user identity should be
removed as soon as those rights are no longer needed

Open Design :-
This principle states that the security of a mechanism should
not depend on the secrecy of its design or implementation.
It suggests that complexity does not add security.
This principle is the opposite of the approach known as
"security through obscurity.”
Example: DVD player & Content Scrambling System (CSS)
protection.
The CSS is a cryptographic algorithm that protects the DVD
movie disks from unauthorized copying.
1

Complete mediation :-
The principle of complete mediation restricts the caching of
information, which often leads to simpler implementations of
mechanisms.
The idea of this principle is that access to every object must be
checked for compliance with a protection scheme to ensure
that they are allowed.
As a consequence, there should be wary of performance
improvement techniques which save the details of previous
authorization checks, since the permissions can change over
time.

Separation of Privilege:-
This principle states that a system should grant access
permission based on more than one condition being satisfied.
This principle may also be restrictive because it limits access to
system entities.
Thus before privilege is granted more than two verification
should be performed.
Example: To su (change) to root, two conditions must be met-
1 The user must know the root password.
2 The user must be in the right group (wheel)
Least Common Mechanism :-
This principle states that in systems with multiple users, the
mechanisms allowing resources shared by more than one user
should be minimized as much as possible.
This principle may also be restrictive because it limits the
sharing of resources.
Example: If there is a need to be accessed a file or
application by more than one user, then these users should
use separate channels to access these resources, which helps
to prevent
1

from unforeseen consequences that could cause security

problems.

Psychological acceptability :-
This principle states that a security mechanism should not make
the resource more complicated to access if the security
mechanisms were not present.
At the same time, applications should not impart unnecessary
information that may lead to a compromise in security.
Example: When we enter a wrong password, the system should
only tell us that the user id or password was incorrect. It should
not tell us that only the password was wrong as this gives the
attacker information

Work Factor :-
This principle states that the cost of circumventing a security
mechanism should be compared with the resources of a
potential attacker when designing a security scheme.
In some cases, the cost of circumventing ("known as work
factor") can be easily calculated.
Example: Suppose the number of experiments needed to try all
possible four character passwords is 244 = 331776. If the
potential attacker must try each experimental password at a
terminal, one might consider a four-character password to be
satisfactory.
1

Compromise Recording :-
The Compromise Recording principle states that sometimes it
is more desirable to record the details of intrusion that to
adopt a more sophisticated measure to prevent it.
Example: The servers in an office network may keep logs for all
accesses to files, all emails sent and received, and all browsing
sessions on the web. Another example is that Internet-
connected surveillance cameras are a typical example of a
compromise recording system that can be placed to protect a
building.

Question- 5: Describe Cybercrime in brief

Answer:
Cyber crime is not an old sort of crime to the world.
It is defined as any criminal activity which takes place on or over the
medium of computers or internet or other technology recognised
by the Information Technology Act.
Cyber crime is the most prevalent crime playing a devastating role
in Modern India.
Not only the criminals are causing enormous losses to the society
and the government but are also able to conceal their identity to a
great extent

There are number of illegal activities which are committed over the
internet by technically skilled criminals.
2

Taking a wider interpretation it can be said that, Cyber crime includes

any illegal activity where computer or internet is either a tool or
target or both.
Cyber crime is an uncontrollable evil having its base in the misuse of
growing dependence on computers in modern life.

Questiion :6 - Explain: Classifications of Cybercrimes in brief..

DDoS Attacks:-
These are used to make an online service unavailable and take
the network down by overwhelming the site with traffic from
a variety of sources.
Large networks of infected devices known as Botnets are
created by depositing malware on users’ computers.
The hacker then hacks into the system once the network is
down.
Botnets:-
Botnets are networks from compromised computers that are
controlled externally by remote hackers.
The remote hackers then send spam or attack other computers
through these botnets.
Botnets can also be used to act as malware and perform
malicious tasks.
Identity Theft :-
This cybercrime occurs when a criminal gains access to a user’s
personal information to steal funds, access confidential
information, or participate in tax or health insurance fraud.
They can also open a phone/internet account in your name, use
your name to plan a criminal activity and claim government
benefits in your name.
2

They may do this by finding out user’s passwords through

hacking, retrieving personal information from social media, or
sending phishing emails.
Cyber stalking :-
This kind of cybercrime involves online harassment where the
user is subjected to a plethora of online messages and
emails.
Typically cyberstalkers use social media, websites and search
engines to intimidate a user and instill fear.
Usually, the cyberstalker knows their victim and makes the
person feel afraid or concerned for their safety.
Social Engineering :-
Social engineering involves criminals making direct contact with
you usually by phone or email.
They want to gain your confidence and usually pose as a
customer service agent so you’ll give the necessary information
needed.
This is typically a password, the company you work for, or bank
information.
Cybercriminals will find out what they can about you on the
internet and then attempt to add you as a friend on social
accounts.
Once they gain access to an account, they can sell your
information or secure accounts in your name.

PUPs:-
PUPS or Potentially Unwanted Programs are less threatening
than other cybercrimes, but are a type of malware.
They uninstall necessary software in your system including
search engines and pre-downloaded apps.
2

They can include spyware or adware, so it’s a good idea to

install an antivirus software to avoid the malicious download.

Phishing:-
This type of attack involves hackers sending malicious email
attachments or URLs to users to gain access to their accounts or
computer.
Cybercriminals are becoming more established and many of
these emails are not flagged as spam.
Users are tricked into emails claiming they need to change their
password or update their billing information, giving criminals
access.
Prohibited/Illegal Content
This cybercrime involves criminals sharing and distributing
inappropriate content that can be considered highly distressing
and offensive.
Illegal content includes materials advocating terrorism-related
acts and child exploitation material.
This type of content exists both on the everyday internet and
on the dark web, an anonymous network.

Online Scams:-
These are usually in the form of ads or spam emails that include
promises of rewards or offers of unrealistic amounts of money.
Online scams include enticing offers that are “too good to be
true” and when clicked on can cause malware to interfere and
compromise information.
2

Exploit Kits:-
Exploit kits need a vulnerability (bug in the code of a software)
in order to gain control of a user’s computer.
They are readymade tools criminals can buy online and use
against anyone with a computer.
The exploit kits are upgraded regularly similar to normal
software and are available on dark web hacking forums.

Question-7: Define security threats. Explain it with

example Answer:-
What is Threat ?
A Threat is a possible security violation that might exploit
the vulnerability of a system or asset. ...
What is Attack ?
Attack is an deliberate unauthorized action on a system or
asset. Attack can be classified as active and passive attack

A potential for violation of security, which exists when there

is an entity, circumstance, capability, action, or event that
could cause harm.
An event or condition that has the potential for causing asset
loss and the undesirable consequences or impact from such
loss.
Security Threat is defined as a risk that which can potentially
harm computer systems and organization.
The cause could be physical such as someone stealing a
computer that contains vital data.
The cause could also be non-physical such as a virus attack.
2

Cyber threats are sometimes incorrectly confused with

vulnerabilities.

Looking at the definitions, the keyword is “potential”.

The threat is not a security problem that exists in an

implementation or organization.

Instead it is something that can violate the security.

This can be compared to a vulnerability which is an actual

weakness that can be exploited.

The threat always exist, regardless of any countermeasures.

However, countermeasures can be used to minimize the
probability of it being realized.

Example of Security Threat:

Recall that a threat is very general. It does not include how to
realize it, or even if it is possible in the current system.
Here are a few examples.
1. A malicious user reads the files of other users.
2. An attacker redirects queries made to a web server to
his own web server.
3. An attacker modifies the database.
4. A remote attacker runs commands on the server.
5. Each of these examples can easily be mapped to a
category in STRIDE.
6. Other examples would be malware, Trojans and worms
2

Question- 8 : Define vulnerabilities. Explain it with example

Answer:
In cyber security, a vulnerability is a weakness which can be
exploited by a cyber attack to gain unauthorized access to or
perform unauthorized actions on a computer system.
For example, a vulnerability can allow attackers to run code,
access a system’s memory, install malware, and steal, destroy or
modify sensitive data.
Some common types of vulnerabilities include
misconfigurations, unsecured APIs, outdated or unpatched
software, zero-day vulnerabilities, weak or stolen user
credentials, access control or unauthorized access and
misunderstanding the “Shared Responsibility Model” (i.e.,
Runtime Threats)
vulnerabilities include missing data encryption, lack of security
cameras, unlocked doors at businesses, unrestricted upload of
dangerous files, code downloads without integrity checks, using
2

broken algorithms, URL redirection to untrustworthy websites

and weak and unchanged passwords.
Vulnerabilities can allow cybercriminals to gain unauthorized
access and cause harm.
For instance, in June 2021, Cognyte, a cyber analytics firm failed
to secure the company’s database, exposing five billion records
that revealed previous data incidents.
These records were posted online without any authentication
like passwords.
Cognyte’s database was exposed for four days

Question- 9 : Explain: Hacking techniques in details.

Answer:
Hacking Techniques :--
• Bait and Switch
• Cookie theft
• Click Jacking Attacks
• Virus, Trojan, etc.
• Phishing
• Eavesdropping (Passive Attacks)
• Fake WAP
• Waterhole attacks
• Denial of Service (DoS\DDoS)
• Keylogger

Bait and Switch :-

2

• Using Bait and Switch hacking technique, an attacker can

buy advertising spaces on the websites.
• Later, when a user clicks on the ad, he might get directed to a
page that’s infected with malware.
• This way, they can further install malware or adware on
your computer.
• The ads and download links shown in this technique are very
attractive and users are expected to end up clicking on the
same.
• The hacker can run a malicious program that the user believes to
be authentic.
• This way, after installing the malicious program on your
computer, the hacker gets unprivileged access to your computer.

Cookie theft:--
• The cookies in our browser store personal data such as
browsing history, username, and passwords for different sites we
access.
• Once the hacker gets access to your cookie, he can
even authenticate himself as you on a browser.
• A popular method to carry out this attack is to manipulate a
user’s IP packets to pass through attacker’s machine.
• Also known as SideJacking or Session Hijacking, this attack is easy
to carry out if the user is not using SSL (HTTPS) for the complete
session.
• On the websites where you enter your password and banking
details, it’s of utmost importance for them to make their
connections encrypted.
Click Jacking Attacks:--
2

• Click Jacking is also known by a different name, UI Redress. In this

attack, the hacker hides the actual UI where the victim is supposed
to click.
• This behaviour is very common in-app download, movie
streaming, and torrent websites.
• While they mostly employ this technique to earn
advertising dollars, others can use it to steal your personal
information.
• In other words, in this type of hacking, the attacker hijacks the
clicks of the victim that aren’t meant for the exact page, but for
a page where the hacker wants you to be.
• It works by fooling an internet user into performing an
undesired action by clicking on the hidden link.Virus, Trojan, etc.
• Viruses or Trojans are malicious software programs that get
installed into the victim’s system and keep sending the victim’s
data to the hacker.
• They can also lock your files, serve fraud advertisement divert
traffic, sniff your data, or spread on all the computers connected
to your network.
• You can read the comparison and difference between
various malware, worms, trojans, etc., to know more.

Phishing:--
• Phishing is a hacking technique using which hacker replicates
the most-accessed sites and traps the victim by sending that
spoofed link.
2

• Combined with social engineering, it becomes one of the

most commonly used and deadliest attack vectors.
• Once the victim tries to login or enters some data, the hacker
gets the private information of the target victim using the Trojan
running on the fake site.
• Phishing via iCloud and Gmail account was the attack route
taken by hackers who targeted the “Fappening” leak, which
involved numerous Hollywood female celebrities.

Eavesdropping (Passive Attacks):--

• Unlike other attacks that are active in nature, using a passive
attack, a hacker can monitor the computer systems and networks to
gain some unwanted information.
• The motive behind eavesdropping is not to harm the system but
to get some information without being identified.
• These types of hackers can target email, instant messaging
services, phone calls, web browsing, and other methods of
communication.
• Those who indulge in such activities are generally black hat
hackers, government agencies, etc.

Fake WAP:--
• Just for fun, a hacker can use software to fake a wireless
access point.
• This WAP connects to the official public place WAP. Once you get
connected to the fake WAP, a hacker can access your data, just like
in the case above.
• It’s one of the easier hacks to accomplish and one needs a
simple software and wireless network to execute it.
3

• Anyone can name their WAP as some legit name like

“Heathrow Airport WiFi” or “Starbucks WiFi” and start spying on
you.
• One of the best ways to protect yourself from such
attacks is by using a quality VPN service.

Waterhole attacks:---
• If you are a big fan of Discovery or National Geographic channels,
you could relate easily with the waterhole attacks.To poison a
place, in this case, the hacker hits the most accessible physical
point of the victim.
• For example, if the source of a river is poisoned, it will hit the
entire stretch of animals during summer. In the same way, hackers
target he most accessed physical location to attack the victim. That
point could be a coffee shop, a cafeteria, etc.
• Once the hacker is aware of your timings, they can use this type
of attack to create a fake Wi-Fi access point. Using this they can
modify your most visited website to redirect them to you to get
your personal information. As this attack collects information on a
user from a specific place, detecting the attacker is even harder.
One of the best ways to protect yourself again such types of
hacking attacks is to follow basic security practices and keep your
software/OS updated.

Denial of Service (DoS\DDoS):--

• A Denial of Service attack is a hacking technique of taking down
a site or server by flooding that site or server with a huge amount
of
3

traffic so that the server is unable to process all the requests in

realtime and finally crashes down.
• In this popular technique, the attacker floods the targeted
machine with tons of requests to overwhelm the resources, which,
in turn,
restricts the actual requests from being fulfilled.
• For DDoS attacks, hackers often deploy botnets or zombie
computers that have only one task, that is, to flood your system
with request packets. With each passing year, as the malware
and types of hackers keep getting advanced, the size of DDoS
attacks keeps increasing.

Key logger:--
• A key logger is a simple software that records the key
sequence and strokes of your keyboard into a log file on
your machine.
• These log files might even contain your personal email IDs
and passwords. Also known as keyboard capturing, it can be
either software or hardware. While software-based keyloggers
target the programs installed on a computer, hardware
devices target keyboards, electromagnetic emissions,
smartphone sensors, etc.
• Keylogger is one of the main reasons why online banking
sites give you an option to use their virtual keyboards. So,
whenever you’re operating a computer in a public setting, try
3

to take extra caution.

Question: 10:- Describe Application security (Database, E-mail,

Internet)
Answer:--
Application Security:--
Application security describes security measures at the
application level that aim to prevent data or code within the
app from being stolen or hijacked.
It is the process of developing, adding, and testing security
features within applications to prevent security vulnerabilities
against threats such as unauthorized access and modification.
Application security may include hardware, software, and
procedures that identify or minimize security vulnerabilities
Database Security:-
Database security refers to the collective measures used to
protect and secure a database or database management
software from illegitimate use and malicious cyber threats and
attacks.
It concerns the use of a broad range of information
security controls to protect databases against
compromises of their confidentiality, integrity and
availability.
Database security may include hardware, software, and
procedures that identify or minimize security
vulnerabilities
E-mail Security:-
Email security is the practice of protecting email accounts and
communications from unauthorized access, loss, or
compromise.
3

It is a broad term that encompasses multiple techniques used

to secure an email service.
Organizations can enhance their email security posture by
establishing policies and using tools to protect against malicious
threats such as malware, spam, and phishing attacks.
Email security measures include strong passwords, password
rotations, spam filters, desktop-based anti-virus/anti-spam
applications.
Email security ensures the availability, integrity and
authenticity of email communications by protecting against the
risk of email threats
Internet Security:-
Internet security is a branch of computer security that
encompasses the Internet, browser security, web site security,
and network security as it applies to other applications or
operating systems as a whole.
Its objective is to establish rules and measures to use against
attacks over the Internet.
The Internet is an inherently insecure channel for information
exchange, with high risk of intrusion or fraud, such as phishing,
online viruses, trojans, ransomware and worms.
Many methods are used to protect the transfer of data,
including encryption and from-the-ground-up engineering.
Internet security involves browser security, the security of data
entered through a Web form, and overall authentication and
protection of data sent via Internet Protocol
3

Question: 11:- Define IPR. Explain IPR in detail

Answer:--
Intellectual Property rights mean providing property rights
through patents, copyrights and trademarks.
Holders of intellectual property rights have a monopoly on the
usage of property or items for a specified time period.
The term intellectual property began to be used in the
19th Century. Only in the 20th century did it become part
of the world’s legal systems.

The 4 main types of intellectual property are listed below.

1. Patents – It is used for protecting new inventions, ideas, or
processes. Patent holders need to pay periodic
government renewal fees. An approved patent is for a
limited time period.
2. Copyrights – It protects the ideas, examples would
be written works, music, art, etc.
3. Trademarks – It is something that protects the
symbols, colors, phrases, sounds, design etc.
4. Trade Secrets – It may be strategies, systems, formulas,
or other confidential information of an organization that
provides them a competitive advantage in the market.

Intellectual Property Rights are important to stimulate

and promote research and development.
If the inventions and ideas of individuals and organizations
are not protected then the concerned people or
organizations will not reap the benefits of their hard work
and naturally, it will
lead to discontent and reduce the efforts in the field of
research and development, which is extremely important for
the growth and development of humanity.
3

Question: 12:- Define Infringement. State the objective of

IPR Answer:--
Infringement- Infringement means the action of breaking the
terms of a law, agreement, etc.
It can also refer to an encroachment or trespass on a right or
privilege.

Objective of IPR:-
1. To create public awareness about the benefits of
Intellectual property among all section of society.
2. To stimulate the creation and growth of intellectual
property by undertaking relevant measures.
3. To have strong effective laws with regard to IP
rights consistent with international obligations.
4. To modernise and strengthen IP administration.
5. To catalyse commercialization of IP rights.
6. To strengthen the enforcement and adjudicatory
mechanisms for combating IP violations and to promote
awareness and respect for IP rights.

Question: 13:- Explain: All types of IPR in

brief. Answer:--
Intellectual Property Rights can be further
classified into the following categories −
1. Copyright
2. Patent
3. Trademark
4. Trade Secrets, etc
3

Copyright:- Copyright is a term that describes ownership of

control of the rights to the use and distribution of certain
works of creative expression, including books, video,
movies, music and computer programs.

Patent :- A patent gives its owner the right to exclude

others from making, using, selling, and importing an
invention for a limited period of time. The patent rights are
granted in
exchange for enabling public disclosure of the invention.

Trademark: A Trademark is a Graphical representation that is

used to distinguish the goods and services of one party from
those of others. A Trademark may consist of a letter, number,
word, phrase, logo, graphic, shape, smell, sound or
combination of these things.

Trade Secrets: Trade secret describes about the general formula

of any product and the key behind any organization’s progress.
It also includes various firms’ different secret formula for same
products which differ around quality.

Question : 14:- What are the benefits of

IPR? Answer:-
Provides exclusive rights to the creators or inventors.
Encourages individuals to distribute and share information and
data instead of keeping it confidential.
Provides legal defense and offers the creators the incentive of
their work.
Helps in social and financial development.
IPRs can help turn your ideas into money-makers
IPRs can enhance your business’ market value
3

IPRs can help you stand out from the competition

IPRs can be accessed to raise finances

Question: 15:- Define WIPO. When did India join WIPO? Describe
the WIPO & India in brief.
Answer:--
Define WIPO:- The World Intellectual Property Organization
(WIPO) is a specialized agency of the United Nations that aims
to promote and protect intellectual property (IP) across the
world.
India joined WIPO in 1975 and has acceded to several WIPO
treaties including IPO Convention (1975), Paris Convention
(1998), Berne Convention (1928), Patent Cooperation Treaty
(1998), Phonograms Convention (1975), Nairobi Treaty (1983),
Nice Agreement (2019), Locarno Agreement (2019), and Vienna
Agreement (2019)

Question: 16:- Advantages of IPR in

brief. Answer:-
Intellectual property rights are advantageous in the following
ways –
Provides exclusive rights to the creators or inventors.
Encourages individuals to distribute and share information and
data instead of keeping it confidential.
Provides legal defense and offers the creators the incentive of
their work.
Helps in social and financial development
3

Question: 17:- What are Offenses and

Penalties? Answer:-
Offences :-
 Cyber offences are the illegitimate actions,
whichare carried out in a classy manner where
either the computer is the tool or target or both.
 Cyber-crime usually includes the following −
 Unauthorized access of the computers
 Data diddling
 Virus/worms attack
 Theft of computer system
 Hacking
 Denial of attacks
 Logic bombs
 Trojan attacks
 Internet time theft
 Web jacking
 Email bombing
 Salami attacks
 Physically damaging computer system.
 The offences included in the I.T. Act 2000 are
 as follows −
 Tampering with the computer source documents.
 Hacking with computer system.
 Publishing of information which is obscene
in electronic form.
 Power of Controller to give directions.
 Directions of Controller to a subscriber to
extend facilities to decrypt information.
 Protected system.
 Penalty for misrepresentation.
3

 Penalty for breach of confidentiality and privacy.

 Penalty for publishing Digital Signature
Certificate false in certain particulars.
 Publication for fraudulent purpose.
 Act to apply for offence or contravention
committed outside India Confiscation.
 Penalties or confiscation not to interfere with
other punishments.
 Power to investigate offences

Question: 18 :- When India joined WIPO? List out the convention &
treaties that India attended or part of its.
Answer:-
India, the country with the world's second largest population,
became a member of WIPO in 1975 and is currently party to six
treaties administered by WIPO, namely, WIPO Convention
(1975), Paris Convention (1998), Berne Convention (1928),
Patent Cooperation Treaty (1998), Phonograms Convention
(1975) and Nairobi Treaty (1983).

Question: 19:- Explain in brief about White Hat Hacker, Grey Hat
Hacker and Black Hat Hacker.
Answer:--
A Hacker is a person who is familiar with Computer Networks, Linux,
Cryptography, and other skills
White Hat Hackers:-
 White-Hat Hackers are also known as Ethical Hackers.
 They are certified hackers who learn hacking
from courses.
4

 These are good hackers who try to secure our data,

websites. With the rise of cyberattacks,
organizations and governments have come to
understand that they need ethical hackers.
 They protect databases, software from
Malware, Phishing, and SQL injection attacks.
 The government hires white hat hackers to
protect their websites and databases.
 These hackers also work for space organizations.
Some ethical hackers work with organizations
that find weaknesses in their software.
 They take permission from the system owners and
use hacking techniques identical to black hat hackers,
but they do so legally.
 They make people aware of cyber threats and ways
to prevent them.

Black-Hat Hackers:
 Black-Hat Hackers are those hackers who enter the
system without taking owners’ permission.
 These hackers use vulnerabilities as entry points.
 They hack systems illegally.
 They use their skills to deceive and harm people.
 They conduct various attacks, write malware, and
damage system security.
 They steal users’ passwords, data, and credit card
information by damaging system security.
 Black-hat hackers make money by selling data and
credit card information on the dark web.
 They are also ruining anyone’s reputation to take
revenge.
 Sometimes they steal the personal data of users and
blackmail them.
4

 They also hack social media profiles by sending links or

attachments.
 Some countries (China, Russia, and the USA) hires black
hat hacker to steal data related to militaries from other
countries.

 Gray-Hat Hackers:
 Gray-Hat Hackers are a mix of both black and white hat
hackers.
 These types of hackers find vulnerabilities in systems without
the permission of owners.
 They don’t have any malicious intent.
 However, this type of hacking is still considered illegal. But
they never share information with black hat hackers.
 They find issues and report the owner, sometimes requesting a
small amount of money to fix it.
 But some organizations disregard gray hat hackers because the
hacker is not bound by ethical hacking policies. These type of
hackers does not put someone at risk.

Question: 20 :- What is Property? Describe tangible and intangible

properties

Answer:-
In law, property refers to anything that can be owned or
possessed by a person or entity.
Tangible property refers to physical property that can be
touched such as buildings, cars, furniture, etc. On the other
hand, intangible property refers to non-physical property such
as patents, trademarks, copyrights, etc.

In cybersecurity, tangible properties refer to physical assets

such as servers, routers, switches, etc., while intangible
properties refer to non-physical assets such as software
programs, data files, etc.