KEMBAR78
2022 Pyq Cyber Security-Output | PDF | Security | Computer Security
0% found this document useful (0 votes)
37 views11 pages

2022 Pyq Cyber Security-Output

The document provides detailed solutions to multiple-choice questions related to cybercrime, cybersecurity concepts, and IT regulations. It covers topics such as types of cybercrimes, the CIA triad, phishing attacks, digital signatures, and cloud computing risks. Additionally, it discusses insider attacks, credit card fraud, and preventative measures against various cyber threats.

Uploaded by

kashyapalok69
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
37 views11 pages

2022 Pyq Cyber Security-Output

The document provides detailed solutions to multiple-choice questions related to cybercrime, cybersecurity concepts, and IT regulations. It covers topics such as types of cybercrimes, the CIA triad, phishing attacks, digital signatures, and cloud computing risks. Additionally, it discusses insider attacks, credit card fraud, and preventative measures against various cyber threats.

Uploaded by

kashyapalok69
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

2022 PYQ DETAILED SOLUTION (d) Which of the following does NOT require a host program

and is independent?
Question 1: Solutions (MCQs with ❌
1. Trap Door (Backdoor) – A secret way to access a system, but it depends on an existing

Explanations) program.

2. Virus – Needs a file or program to attach itself.
✔️
3. Trojan Horse – (Correct Answer) A Trojan looks like a normal program but contains
(a) Which of the following is NOT a type of cybercrime? malware. It works independently.

1. Data Theft – (Cybercrime) Stealing confidential data (e.g., hacking into a bank account). ✔️ Correct Answer: (3) Trojan Horse
2. Forgery – (Cybercrime) Faking documents or signatures online.
3. Damage to Data and Systems – (Cybercrime) Using viruses to destroy data.
🔹 Explanation: A Trojan Horse disguises itself as a useful software, like a fake game or app
4. ❌
Installing Antivirus for Protection – (Not a cybercrime, it's a protection method). that secretly steals data.

✔️ Correct Answer: (4) Installing antivirus for protection (e) Which element is NOT considered in the CIA
🔹 Explanation: Installing an antivirus helps prevent cybercrimes, so it is not a type of (Confidentiality, Integrity, Availability) triad?
cybercrime.
1. ✅
Availability – (Part of CIA, ensures systems are accessible when needed).

(b) Which of the following is considered as unsolicited


2. ❌
Authenticity – (Not part of CIA, but an important security factor).
3. ✅
Integrity – (Part of CIA, ensures data is not changed or corrupted).
commercial email? 4. ✅
Confidentiality – (Part of CIA, ensures data is private).


1. Malware – Malware is a virus, not an email. ✔️ Correct Answer: (2) Authenticity
✔️
2. Spam – (Correct Answer) Spam is unwanted emails sent in bulk, usually
🔹 Explanation: The CIA Triad includes:
advertisements or scams.

3. Virus – A virus is a malicious program, not an email.

4. All of the above – Not correct because malware and viruses are not emails.
Confidentiality (Keeps data secret).
Integrity (Keeps data accurate and unchanged).
✔️ Correct Answer: (2) Spam Availability (Keeps data accessible).
But Authenticity is NOT part of the CIA triad (though it is important for security).
🔹 Explanation: Spam emails flood inboxes with advertisements, phishing links, and scams.
(f) When information is modified in unauthorized ways, what
(c) What is the process of determining whether a user or is the result?
system has the right to access certain data or run a program?

1. Loss of Confidentiality – Data is exposed, but not changed.

1. Non-repudiation – Ensures a person cannot deny an action they performed. ✔️
2. Loss of Integrity – (Correct Answer) If information is modified without permission,
✔️
2. Authorization – (Correct Answer) Determines what actions a user is allowed to integrity is lost.
perform (e.g., read, write, delete a file). ❌
3. Loss of Availability – Data is not lost or unavailable, just altered.

3. Authentication – Confirms if a user is real (e.g., logging in with a password). ❌
4. All of the above – Not correct because only integrity is affected.

4. All of the above – Not correct as only authorization fits the definition.
✔️ Correct Answer: (2) Loss of Integrity
✔️ Correct Answer: (2) Authorization 🔹 Explanation: Integrity means keeping data accurate. If a hacker modifies exam results in a
🔹 Explanation: Authorization is used after authentication. First, you log in (authentication), school database, it’s a loss of integrity.
then the system checks what you can do (authorization).
(g) Under which section of the IT Act is stealing any digital Explanation:

asset or information considered a cybercrime? The network layer (Layer 3 of the OSI model) is responsible for routing, addressing, and
packet forwarding.
1. ❌
Section 65 – Related to tampering with computer source documents. Some vulnerabilities affect this layer, but Identity & Resource ID vulnerability belongs to the
2. ❌
Section 65-D – No such section in IT Act.
3. ❌
Section 67 – Deals with publishing obscene material online.
Application Layer (Layer 7).

4. ✔️
Section 70 – (Correct Answer) Deals with stealing, hacking, or damaging critical digital
assets. Q.2 (a) Email Scam Scenario – Phishing Attack
✔️ Correct Answer: (4) Section 70 Understanding the Email
🔹 Explanation: Section 70 of the IT Act, 2000 protects government and private digital This email is a fake message (scam) that tries to trick you into sharing your personal
infrastructure from cybercrime. information (name, email, password, etc.).

(h) What is the full form of ITA-2000? What Should You Do?

1. ❌
Information Tech Act-2000 – Incorrect. ✔️ Do NOT reply to the email – It is a scam.
2. ❌
Indian Technology Act-2000 – Incorrect. ✔️ Do NOT share your password – No genuine email service will ever ask for your password.
3. ❌
International Technology Act-2000 – Incorrect. ✔️ Mark the email as spam/phishing – This helps prevent others from falling for the scam.
4. ✔️
Information Technology Act-2000 – (Correct Answer) ✔️ Verify with the official website – If you are unsure, go to the real email provider's website
✔️ Correct Answer: (4) Information Technology Act-2000 and check for announcements.
✔️Delete the email immediately – It is a phishing attempt.
🔹 Explanation: The Information Technology Act, 2000 (ITA-2000) is India’s first law to
regulate cyber activities, online crimes, and data protection. What Type of Cybercrime Is It?

This is a Phishing Attack. Phishing is when hackers send fake emails pretending to be from a
(i) ______ is a technique used by penetration testers to real company to steal personal information.
compromise any system within a network for targeting other
Major Risks Associated with Phishing Attacks
systems.
1. Identity Theft – Hackers steal your personal data and use it for illegal activities.
Correct Answer: IV. Pivoting 2. Banking Fraud – If hackers get your email password, they might access your bank
accounts or PayPal.
Explanation: 3. Hacked Social Media Accounts – Many people use the same password for email and
Facebook, Instagram, etc..
Pivoting is a hacking technique where a penetration tester (or hacker) gains access to
4. Malware Infection – Clicking on fake links in phishing emails can install viruses on your
one system within a network and then uses that system to attack other computers in the
computer.
same network.
5. Loss of Confidential Information – Hackers might steal work-related or personal data
This method allows hackers to move deeper into an organization’s network without
from your email.
raising suspicion.

(j) Which of the following is not a vulnerability of the network Q.2 (b) What is a Digital Signature? How is it
layer? Different from a Digital Certificate?
Correct Answer: II. Identity & Resource ID Vulnerability
What is a Digital Signature?
A digital signature is like an electronic fingerprint that ensures a document is authentic and A bank employee steals customer financial data and sells it to hackers.
hasn’t been tampered with. It helps in verifying the sender’s identity.
How Insider Attacks Happen?
🔹 Example: 1. Disgruntled Employees – An angry worker steals company secrets before quitting.
When you receive a digitally signed PDF, it proves that the sender is real and the 2. Accidental Leaks – An employee accidentally shares confidential data in an email.
document hasn’t been changed. 3. Malicious Insiders – A worker secretly helps hackers by giving them internal access.

What is a Digital Certificate? How to Prevent Insider Attacks?

A digital certificate is like an electronic passport that proves the identity of a website or ✔️ Use Access Control – Only give employees access to the data they need.
company. It is issued by a trusted organization called a Certificate Authority (CA). ✔️ Monitor Employee Activities – Use logging and monitoring to track unusual behavior.
✔️ Use Strong Security Policies – Employees should sign confidentiality agreements.
🔹 Example:
When you visit HTTPS websites, they use a digital certificate to prove that they are real Q.3 (b) Impact of Cybercrime on Cloud
and secure.
Computing
Difference Between Digital Signature and Digital Certificate
What is Cloud Computing?
Feature Digital Signature Digital Certificate
Cloud computing is when you store and access data over the internet instead of a physical
computer.
Purpose Verifies the authenticity of Verifies the identity of a
a document or message. website or organization. 🔹 Example:
Used in Emails, legal documents, Websites, online banking, Google Drive, Dropbox, and AWS are cloud storage services.
software updates. and e-commerce.
Cybersecurity Risks in Cloud Computing

Issued By The sender of the Certificate Authority (CA) 1. Data Breaches – Hackers steal sensitive information stored in the cloud.
document. like Verisign, DigiCert. 2. DDoS Attacks – Attackers overload cloud servers, causing websites to crash.
3. Unauthorized Access – Weak passwords allow hackers to break into cloud accounts.
4. Malware Injection – Hackers upload infected files to the cloud, spreading viruses.
Example A signed contract HTTPS security for banking
document. websites. How to Secure Cloud Data?

✔️ Use Strong Passwords & Two-Factor Authentication (2FA)


✔️ Encrypt Important Data before storing it in the cloud.
Q.3 (a) What is an Insider Attack? ✔️ Regularly Update Security Settings to block unauthorized access.
Definition: Q.2 (a) Email Scam Scenario – Phishing Attack
An Insider Attack happens when an employee or trusted person misuses their access to steal Understanding the Email
or damage data.
This email is a fake message (scam) that tries to trick you into sharing your personal
🔹 Example: information (name, email, password, etc.).
What Should You Do? When you visit HTTPS websites, they use a digital certificate to prove that they are real
and secure.
✔️ Do NOT reply to the email – It is a scam.
✔️ Do NOT share your password – No genuine email service will ever ask for your password. Difference Between Digital Signature and Digital Certificate
✔️ Mark the email as spam/phishing – This helps prevent others from falling for the scam.
✔️ Verify with the official website – If you are unsure, go to the real email provider's website Feature Digital Signature Digital Certificate
and check for announcements.
✔️ Delete the email immediately – It is a phishing attempt. Purpose Verifies the authenticity of Verifies the identity of a
a document or message. website or organization.
What Type of Cybercrime Is It?

This is a Phishing Attack. Phishing is when hackers send fake emails pretending to be from a Used in Emails, legal documents, Websites, online banking,
real company to steal personal information. software updates. and e-commerce.

Major Risks Associated with Phishing Attacks Issued By The sender of the Certificate Authority (CA)
document. like Verisign, DigiCert.
1. Identity Theft – Hackers steal your personal data and use it for illegal activities.
2. Banking Fraud – If hackers get your email password, they might access your bank
accounts or PayPal. Example A signed contract HTTPS security for banking
3. Hacked Social Media Accounts – Many people use the same password for email and document. websites.
Facebook, Instagram, etc..
4. Malware Infection – Clicking on fake links in phishing emails can install viruses on your
computer.

Q.3 (a) What is an Insider Attack?


5. Loss of Confidential Information – Hackers might steal work-related or personal data
from your email.

Q.2 (b) What is a Digital Signature? How is it Definition:

An Insider Attack happens when an employee or trusted person misuses their access to steal
Different from a Digital Certificate? or damage data.

What is a Digital Signature? 🔹 Example:


A digital signature is like an electronic fingerprint that ensures a document is authentic and A bank employee steals customer financial data and sells it to hackers.
hasn’t been tampered with. It helps in verifying the sender’s identity.
How Insider Attacks Happen?
🔹 Example: 1. Disgruntled Employees – An angry worker steals company secrets before quitting.
When you receive a digitally signed PDF, it proves that the sender is real and the 2. Accidental Leaks – An employee accidentally shares confidential data in an email.
document hasn’t been changed. 3. Malicious Insiders – A worker secretly helps hackers by giving them internal access.

What is a Digital Certificate? How to Prevent Insider Attacks?

A digital certificate is like an electronic passport that proves the identity of a website or ✔️ Use Access Control – Only give employees access to the data they need.
company. It is issued by a trusted organization called a Certificate Authority (CA). ✔️ Monitor Employee Activities – Use logging and monitoring to track unusual behavior.
✔️ Use Strong Security Policies – Employees should sign confidentiality agreements.
🔹 Example:
Q.3 (b) Impact of Cybercrime on Cloud
5. Fake Websites – Some scam websites pretend to sell products but actually steal card
information.

Computing Tips to Prevent Credit Card Fraud

What is Cloud Computing? ✔️ 1. Use Secure Websites


Cloud computing is when you store and access data over the internet instead of a physical 🔒
Always shop on HTTPS websites (look for in the URL).
computer. Example: Use trusted sites like Amazon, Flipkart, PayPal.

🔹 Example: ✔️ 2. Enable OTP & Two-Factor Authentication (2FA)


Google Drive, Dropbox, and AWS are cloud storage services. OTP (One-Time Password) adds extra security before making a payment.
Example: Banks send an OTP to your phone before approving a transaction.
Cybersecurity Risks in Cloud Computing
✔️ 3. Avoid Public Wi-Fi for Banking
1. Data Breaches – Hackers steal sensitive information stored in the cloud.
Public Wi-Fi can be hacked easily.
2. DDoS Attacks – Attackers overload cloud servers, causing websites to crash.
Example: Never enter credit card details while using airport or café Wi-Fi.
3. Unauthorized Access – Weak passwords allow hackers to break into cloud accounts.
4. Malware Injection – Hackers upload infected files to the cloud, spreading viruses. ✔️ 4. Check Your Bank Statements Regularly
How to Secure Cloud Data? If you see any suspicious transactions, report them immediately.

✔️ Use Strong Passwords & Two-Factor Authentication (2FA) Example: If ₹5,000 was charged to your card but you didn’t buy anything, call your bank.

✔️ Encrypt Important Data before storing it in the cloud. ✔️ 5. Never Share Your Card Details
✔️ Regularly Update Security Settings to block unauthorized access.
Banks never ask for your PIN or CVV number over the phone or email.

Q.4 (a) What is Credit Card Fraud? How to


Example: If someone calls pretending to be from your bank, do not share any
information.

Prevent It? ✔️ 6. Set Spending Limits


What is Credit Card Fraud? Set a limit on your card so large transactions need extra approval.
Example: If your card has a ₹10,000 limit, fraudsters cannot make bigger purchases.
Credit card fraud happens when someone steals your credit card details and makes
unauthorized transactions without your permission. Q.4 (b) Overview of National Cyber Security
🔹 Example: Policy (NCSP 2013)
A hacker steals your credit card number from an online shopping website and buys
expensive items without your knowledge. What is the National Cyber Security Policy (NCSP)?

How Does Credit Card Fraud Happen? The Government of India introduced NCSP in 2013 to protect Indian cyberspace from
hacking, data theft, and cyber threats.
1. Phishing Emails – Fake emails trick users into entering their credit card details. It ensures safe and secure online transactions for businesses, government, and
2. Card Skimming – Hackers attach a hidden device to ATMs or POS machines to steal card individuals.
data.
3. Online Data Breaches – Hackers steal card details from unsecured websites. Key Objectives of NCSP 2013
4. Lost or Stolen Cards – If someone finds your lost credit card, they can use it for fraud.
1. Protect Critical Information – Secures government websites, banks, and telecom 🔹 Example:
networks.
2. Prevent Cyber Attacks – Develops stronger security measures against hacking. A "Free Movie Download" app that secretly steals your bank details.
3. Train Cybersecurity Professionals – India aims to train 500,000 cybersecurity experts. A fake game that secretly records your passwords.
4. Encourage Awareness – Educates people about password safety, phishing, and data
security.
How Trojans Work?
5. Improve Cybercrime Investigation – Helps law enforcement track and punish
1. A user downloads a Trojan thinking it's useful.
cybercriminals.
2. The Trojan installs malware that can steal data, delete files, or spy on users.
Key Initiatives Under NCSP 2013 What is a Backdoor?
✔️ 1. CERT-In (Computer Emergency Response Team - India) A backdoor is a hidden entry point in a software or system that allows hackers to enter
Monitors and prevents cyber threats in India. secretly without detection.

✔️ 2. Cyber Swachhta Kendra 🔹 Example:


A program that helps users remove malware (viruses) from their devices. A hacker installs a backdoor on a company server and later uses it to steal customer
data.
✔️ 3. National Cyber Coordination Centre (NCCC)
Difference Between Trojan and Backdoor
Tracks cyber threats in real time and alerts companies about possible attacks.

✔️ 4. Digital India Initiative Feature Trojan Horse Backdoor

Encourages secure online services like Aadhaar, e-governance, and online banking. How it Enters? Installed by the user Hidden by hackers inside a
thinking it is useful. system.
Challenges in Indian Cybersecurity

Increase in Cyber Crimes – Hacking, phishing, and data breaches are rising. Purpose Steals information, Allows hackers to access
Lack of Awareness – Many people don’t know about cyber threats and online safety. damages files. the system later.
Shortage of Cyber Experts – India needs more cybersecurity professionals.

🔹 Example: Example Fake antivirus software


that installs a virus.
A secret entry in a
company’s server for
In 2021, hackers leaked the personal data of 110 million Indians from a government hacking.
database.
A major Indian bank was hacked, and customer details were stolen.

Q.5 (a) What are Trojan Horses and Q.5 (b) Difference Between Worms and
Backdoors? Viruses
What is a Trojan Horse?

A Trojan Horse (Trojan) is a fake program that looks harmless but contains malware.

Users install it thinking it is useful, but it secretly steals data or controls the system.
Feature Virus Worm
✔️ 1. Strong Passwords & Two-Factor Authentication (2FA)
Always use a strong password and enable OTP or 2FA for extra security.
Needs a Host File? ✅ Yes ❌ No Example: Instagram sends a verification code to your phone when logging in.

Spreads Automatically? ❌ No ✅ Yes ✔️ 2. Privacy Settings


Adjust privacy settings to control who can see your posts, friends, and information.
How It Spreads? Attaches to files and needs Spreads over networks Example: On Facebook, change your profile settings to "Friends Only" instead of
users to run them. without user action. "Public".

Damage Corrupts or deletes files. Overloads networks,


✔️ 3. Be Careful with Unknown Messages & Links
slowing down systems. Hackers send fake links in messages to steal login details.
Example: A fake message says, "You won a lottery! Click here to claim"—but it’s a scam!
Example "ILOVEYOU" virus infected
email attachments.
"WannaCry" worm spread
through Windows
✔️ 4. Report & Block Fake Accounts
networks. Many hackers create fake profiles to scam people. Always report suspicious accounts.
Example: If you receive a friend request from someone pretending to be your friend,
report it.

Examples of Virus and Worm Attacks


✔️ 5. Avoid Sharing Sensitive Information
✔️ Example of a Virus Attack Never post your address, phone number, or bank details on social media.
Example: Posting a picture of your credit card or boarding pass can be dangerous.
The ILOVEYOU virus (2000) spread through email attachments and deleted files on
infected computers.
✔️ 6. Keep Social Media Apps Updated
✔️ Example of a Worm Attack Updates fix security issues that hackers might exploit.
Example: Updating WhatsApp prevents hackers from spying on calls.
The WannaCry worm (2017) spread through Windows computers, locking users out and
demanding ransom
✔️ 7. Educate Users About Cyber Threats
Many users do not know about online risks. Awareness programs help protect people.
Q.6 (a) How Should Risk Management in Example: Companies train employees on phishing attacks and password security.

Information Security Be Improved on Social Q.6 (b) What Steps Will You Take to Secure a
Media Portals? Server?
What is Risk Management in Social Media? What is a Server?
Risk management means identifying, preventing, and reducing security risks on social A server is a powerful computer that stores websites, apps, and company data.
media platforms like Facebook, Instagram, Twitter, LinkedIn, etc. Hackers try to break into servers to steal data or crash websites.
Social media contains personal information, making it a target for hackers, fake
accounts, and cybercriminals. Steps to Secure a Server

Ways to Improve Security on Social Media ✔️ 1. Use Strong Passwords & Two-Factor Authentication (2FA)
Weak passwords make it easy for hackers to break in. ✔️ 1. Use a DDoS Protection Service
Solution: Use a strong password (mix of letters, numbers, and symbols).
Example: Instead of "password123", use "A$8c!9@Xyz". Companies like Cloudflare and AWS Shield detect and block DDoS traffic.
Example: Amazon uses DDoS protection to keep its website running during attacks.
✔️ 2. Install Security Updates & Patches
✔️ 2. Limit Requests from One IP Address
Hackers target old software with known security flaws.
Solution: Always update the operating system (Windows/Linux) and software. Servers can block too many requests from a single computer.
Example: A website limits logins to 5 attempts per user.
✔️ 3. Enable Firewalls
✔️ 3. Increase Server Capacity
A firewall blocks unauthorized traffic and prevents attacks.
Example: A firewall stops hackers from accessing company data. If a website has a strong server, it can handle more traffic and avoid crashing.
Example: Google has large-scale servers that prevent shutdowns.
✔️ 4. Use Secure Communication (SSL/TLS Encryption)
✔️ 4. Use Firewalls to Filter Traffic
Servers should use SSL certificates to secure data transfer.
Example: Websites with HTTPS are secure, but HTTP websites are risky. A firewall blocks unwanted traffic before it reaches the server.
Example: A firewall stops bots from overloading a gaming website.
✔️ 5. Backup Data Regularly
✔️ 5. Monitor Network Traffic for Unusual Activity
If a server is hacked, backups help restore lost data.
Example: A company saves its files on a backup server every day. If a website suddenly receives 1000x more visitors, it may be under attack.
Example: A bank’s security team notices a traffic spike and blocks suspicious users.
✔️ 6. Restrict Access to Trusted Users Only
Only authorized employees should have access to important files. Q.7 (b) Intrusion Detection and Prevention
Example: An IT admin creates separate accounts for each employee.
Techniques
✔️ 7. Monitor Server Activity
What is an Intrusion?
Regularly check who is logging in and what changes are made.
Example: If an unknown user logs in from another country, block access immediately. An intrusion is when a hacker tries to break into a system or network.
Intrusion Detection & Prevention Systems (IDPS) help identify and stop such attacks.
Q.7 (a) What Are DDoS Attacks? How to 1. Intrusion Detection System (IDS)
Protect from DDoS Attacks? IDS detects suspicious activity and sends an alert to the security team.
Example: If an employee logs in from Russia at 3 AM, IDS alerts the admin.
What is a DDoS Attack?
✔️ Types of IDS:
DDoS (Distributed Denial of Service) Attack is when hackers send too much traffic to a
website or server, making it slow or unavailable. 1. Network-Based IDS (NIDS) – Monitors network traffic.
This disrupts online services and can cause financial losses. 2. Host-Based IDS (HIDS) – Monitors specific computers/servers.

🔹 Example: 2. Intrusion Prevention System (IPS)

A hacker sends millions of fake requests to an online shopping website, causing it to IPS actively blocks threats instead of just detecting them.
crash on Black Friday. Example: If a hacker tries to log in 10 times, IPS automatically blocks them.

How to Protect Against DDoS Attacks? ✔️ Types of IPS:


1. Signature-Based IPS – Stops attacks based on known threats.
Feature Discretionary Access Mandatory Access Control
2. Anomaly-Based IPS – Detects new threats by monitoring unusual behavior.
Control (DAC) (MAC)
How IDPS Helps in Cybersecurity?
Definition Access is controlled by the Access is controlled by
✔️ 1. Detects and Blocks Hackers owner of the file or system. security policies set by
If a hacker tries to enter a network, IDPS immediately stops them. administrators.

✔️ 2. Prevents Malware Attacks Who Controls Access? The user or file owner The system or
decides who can access administrator decides
Stops viruses and ransomware from spreading.
files. access rules.
✔️ 3. Protects Sensitive Data
Flexibility More flexible (users can More strict (users cannot
Keeps banking and personal data safe.
share data with others). change access settings).
✔️ 4. Reduces Financial Losses
Example A Google Drive file shared A military database where
Protects businesses from data breaches and downtime. with specific people. only top officials can see
classified information.
Q.8 (a) What is Access Control? Difference
Security Level Less secure (can be More secure (users have no
Between DAC and MAC misused by employees). control over security
settings).
What is Access Control?

Access control is a security method that ensures only authorized people can access certain
data or systems.
When to Use DAC or MAC?
🔹 Example: ✔️ DAC is used in personal and business settings where file owners need flexibility.
In a company, only managers can access employee salary details. ✔️ MAC is used in military, government, and top-secret environments where security is the
In a university, only students with login credentials can access exam results. highest priority.

Types of Access Control


Q.8 (b) What is SQL Injection?
1. Discretionary Access Control (DAC)
2. Mandatory Access Control (MAC) What is SQL Injection?

Difference Between DAC and MAC SQL Injection is a hacking technique where attackers insert malicious SQL code into a
website to steal or modify data.

🔹 Example:
A hacker enters " OR 1=1 -- in a login form, which tricks the website into giving access
without a password.

How SQL Injection Works?


1. The hacker enters harmful SQL commands into an input field (like a login form). A firewall prevents hackers from accessing bank servers.
2. The database executes the command, allowing the hacker to view, delete, or steal data.
Types of Firewalls
Dangers of SQL Injection
✔️ Network Firewall – Protects an entire company network.
❌ Stealing confidential data – Hackers can steal usernames, passwords, and credit card ✔️ Personal Firewall – Installed on a PC or mobile for individual security.
details.
❌ Deleting important information – Attackers can delete entire databases. Why Firewalls Are Important?
❌ Taking control of a website – Hackers can modify admin access and lock out real users.
✅ Stops hackers from entering a system.
How to Prevent SQL Injection? ✅ Blocks malicious websites and malware.
✅ Filters traffic – Allows only safe communication.
✔️ Use Parameterized Queries – Ensures user input is separated from SQL commands.
✔️ Limit User Privileges – Restrict database access to only necessary actions. (II) Steganography
✔️ Use Firewalls – Detects and blocks malicious requests.
What is Steganography?
🔹 Example of Secure Code:
Instead of using this (bad): Steganography is the art of hiding secret information inside images, audio, or videos.

sql 🔹 Example:
CopyEdit A hidden message inside an image file that can only be decoded with special software.

SELECT * FROM users WHERE username = '" + user_input + "' AND password = '" + Uses of Steganography
password_input + "'";
✔️ Used for secure communication – Governments use it for covert messages.
Use this (secure): ✔️ Watermarking – Protects digital copyrights.
✔️ Hiding confidential files – Cybercriminals sometimes use it to smuggle illegal data.
sql

CopyEdit
(III) Cyber Security Safeguards

SELECT * FROM users WHERE username = ? AND password = ?;


What Are Cyber Security Safeguards?

This prevents hackers from inserting harmful SQL commands. Cyber security safeguards are steps taken to protect computers, networks, and data from
cyber threats.

Q.9 (a) Write Short Notes on Two of the 🔹 Example:


Following Using strong passwords and firewalls to prevent hacking.

Key Cyber Security Safeguards


(I) Firewall
✔️ Use Strong Passwords – Avoid simple passwords like "123456".
What is a Firewall? ✔️ Enable Two-Factor Authentication (2FA) – Adds extra protection.
✔️ Regular Software Updates – Fixes security flaws.
A firewall is a security system that blocks unauthorized access to a network or computer.
✔️ Be Cautious with Emails & Links – Avoid clicking on unknown links.
🔹 Example:
(IV) Cyber Forensics
What is Cyber Forensics?

Cyber forensics is the process of collecting, analyzing, and recovering digital evidence from
computers, phones, or networks to investigate cybercrimes.

🔹 Example:
If a hacker steals money from an online bank, cyber forensic experts trace the hacker’s
IP address and recover deleted files.

Why is Cyber Forensics Important?

✔️ Helps in Cyber Crime Investigation – Provides evidence in hacking and fraud cases.
✔️ Recovers Lost or Deleted Data – Useful in criminal investigations.
✔️ Prevents Future Cyber Attacks – Helps improve security systems.

You might also like