Q.

1 Attempt any Four

a) Write short note on DOS.
Ans: A DOS, or disk operating system, is an operating system that runs from a
disk drive. The term can also refer to a particular family of disk operating systems,
most commonly MS-DOS, an acronym for Microsoft DOS. An operating system
(OS) is the software that controls a computer's hardware and peripheral devices
and allows other software programs to function.
b) What is computer security and it’s need.
Ans: Computer network security is an important aspect in today's world. Now
days due to various threats designing security in organization is an important
consideration. It is essential to understand basic security principles, various
threats to security and techniques to address these threats.
c) Explain access control policies..
Ans: Considered a key component in a security plan, access control policies refer
to rules or policies that limit unauthorized physical or logical access to sensitive
data. An access control policy secures sensitive data and minimizes the risk of an
attack. Access control policies function by authenticating user credentials,
proving their identity, and allowing the pre-approved permissions associated with
their username and IP address.
d) Describe the term Identification and Authentication.
Ans: When user logged on to a computer, he performs two tasks.
Identification:- Enter username & password
Authentication : Prove that you are who claim to be
After entering & password, the computer will compare this input against the
entries stored in password
input Login is successful if username login is fail. password. is valid and if wrong
then login is fail
Many systems count the foil login attempts & prevent or deny next attemp when
threshold has been reached.
Now a day, many computer systems use identification & authentication through
username and password as first step of protection
e) Define virus and list any two types of virus
Ans: A computer virus is a program which can harm our device and files and
infect them for no further use. When a virus program is executed, it replicates
itself by modifying other computer programs and instead enters its own coding.
Boot Sector Virus - It is a type of virus that infects the boot sector of floppy disks
or the Master Boot Record (MBR) of hard disks. The Boot sector comprises all
the files which are required to start the Operating system of the computer. ne virus
either overwrites the existing program or copies itself to another part of the disk.
Direct Action Virus - When a virus attaches itself directly to a .exe or .com file
and enters the device while its execution is called a Direct Action Virus. If it gets
installed in the memory, it keeps itself hidden. It i also known as Non-Resident
Virus.
Q. 2 Attempt any Three
a) Define the terms i) Encryption ii) Decryption.
Ans: i) Enceyption-: Encryption is used to protect data from being stolen,
changed, or compromised and works by scrambling data into a secret code that
can only be unlocked with a unique digital key. Encrypted data can be protected
while at rest on computers or in transit between them, or while being processed,
regardless of whether those computers are located on-premises or are remote
cloud servers.
ii) Definition: The conversion of encrypted data into its original form is called
Decryption. It is generally a reverse process of encryption. It decodes the
encrypted information so that an authorized user can only decrypt the data
because decryption requires a secret key or password.
b) Explain Man-in- Middle attack with help of diagram.
Ans: A MITM attack is a form of cyber-attack where a user is introduced with
some kind of meeting between the two parties by a malicious individual,
manipulates both parties and achieves access to the data that the two people were
trying to deliver to each other. A man-in-the-middle attack also helps a malicious
attacker, without any kind of participant recognizing till it's too late, to hack the
transmission of data intended for someone else and not supposed to be sent at all.
In certain aspects, like MITM, MitM, MiM or MIM, MITM attacks can be
referred. If an attacker puts himself between a client and a webpage, a Man-in-
the-Middle (MITM) attack occurs. This form of assault comes in many different
ways.
 c) Explain CIA Model of computer security
Ans: Explain CIA rule in computer security.
i. Confidentiality, integrity and availability, aho known as the CIA triad, in a
model designed to guide policies for information security within an
organization.
ii. The following is a breakdown of the three key concepts that form the CIA
triad:
iii. Confidentiality is coughly equivalent to privacy. Confidentiality measures are
designed to prevent sensitive information from unauthorized access attempts.
It is common for data to be categorized according to the amount and type of
damage that could be done if it fell into the wrong hands. More or less stringent
measures can then be implemented according to those categories.
iv. Integrity involves maintaining the consistency, accuracy and trustworthiness
of data over its entire lifecycle. Data must not be changed in transit, and steps
must be taken to ensure data cannot be altered by unauthorized people (for
example, in a breach of confidentiality)
v. Availability means information should be consistently and readily accessible
for authorized parties. This involves properly maintaining hardware and
technical infrastructure and systems that hold and display the information.
vi. Non-Repudiation is associated with verifying the identities of individuals or
companies who are participating in an on-line transaction. The main purpose
of authenticating identities online is to prevent one party or the other from
denying the transaction.
vii. Accountability is an essential part of an information security plan. The phrase
means that every individual who works with an information system should
have specific responsibilities for information assurance.
viii. Authentication is an access control method (s) used to verify the fentity of an
individual who is attempting to gain access into an information asset.

d) Describe piggybacking and shoulder surfing.

Ans: i) Shoulder surfing: It is using direct observation techniques, such as looking
over someone's shoulder, to get information. Shoulder surfing is a similar
procedure in which attackers position themselves in such a way as to- be-able to
observe the authorized user entering the correct access code.
• Shoulder surfing is an effective way to get information in crowded places
because it's relatively easy to stand next to someone and watch as they fill out a
form, enter a PIN number at an ATM machine, or use a calling card at a public
pay phone. Shoulder surfing can also be done long distance with the aid of
binoculars or other vision-enhancing devices.
ii) Piggybacking: Piggybacking on Internet access is the practice of establishing
a wireless Internet connection by using another subscriber's wireless Internet
access service without the subscriber's explicit permission or knowledge.