1. Compare virus and logic bomb.

Virus logic bomb

Activated when an infected file or program is Activated when specific conditions are satisfied (e.g., a
executed. date is reached, a user deletes a file).
Designed to spread from one system to another. Typically does not spread; it stays hidden inside a
system or application.
May eventually become noticeable when systems slow Remains completely hidden until triggered, making it
down or behave strangely. harder to detect beforehand.
To spread infection and often cause disruption or To execute a specific destructive or disruptive action,
damage widely. often targeted.
File-infecting virus that corrupts documents across a Malicious code that deletes critical files on a certain
network. date.

2. Identify any four individual user responsibilities in computer security.

 Use strong and unique passwords to protect accounts.
 Keep software and systems updated with the latest security patches.
 Avoid suspicious emails, links, and downloads to prevent phishing and malware.
 Regularly back up important data to secure against data loss.
 Lock computers and mobile devices when unattended.
 Use antivirus and security tools properly.

3. Define following terms : (i) Cryptography (ii) Cryptology

(i) Cryptography:
Cryptography is the science and art of creating methods (like codes and ciphers) to secure information
by converting it into an unreadable format, ensuring confidentiality, integrity, and authenticity during
communication.
(ii) Cryptology:
Cryptology is the broader field that includes both cryptography (the creation of secure
communication) and cryptanalysis (the study and breaking of those security methods).
(iii) Cryptanalysis
The study and practice of analyzing and breaking cryptographic systems—i.e., methods for recovering
plaintext or keys from ciphertext without authorized access. Cryptanalysis employs mathematical,
statistical, and algorithmic techniques to find weaknesses in ciphers and protocols.

4. Construct digital signature using cryptool.

 Open CrypTool and load your file.
 Go to Digital Signatures → Sign/Verify.
 Generate or select a private key.
 Click Sign to create the digital signature.
 Save the signed file.

5. List any four biometric mechanisms.

1) Fingerprint Recognition 2) Facial Recognition 3) Iris Recognition 4) Retina Scan
5) Voice Recognition 6) Hand Geometry Recognition 7) Palm Vein Recognition
 6. List any two types of active and passive attacks.
Active Attacks
1. Masquerade – An attacker pretends to be a legitimate user to gain unauthorized access.
2. Replay – Capturing valid data transmissions and retransmitting them to trick the receiver.
3. Modification of Messages – Intercepting and altering messages in transit.

Passive Attacks (involve monitoring or eavesdropping without altering data):

1. Eavesdropping – Secretly listening to private communications.
2. Traffic Analysis – Observing patterns (e.g., who’s talking to whom, when) to infer sensitive information.
3. Release of Message Contents – Extracting the actual data being transmitted (e.g., capturing clear-text).

7. State any two policies of the firewall.

 Default-Deny (Whitelist) Policy
All traffic is blocked unless it matches an explicit “allow” rule.
 Default-Allow (Blacklist) Policy
All traffic is permitted unless it matches an explicit “deny” rule.
 Implicit-Deny Policy
Any traffic that doesn’t match any rule in the policy is automatically dropped (often paired with Default-
Allow or Default-Deny).

8. List any four types of cybercrimes.

 Hacking / Unauthorized Access – Illegally breaching systems or networks.
 Phishing – Deceptive emails or websites to steal credentials or data.
 Malware Distribution – Spreading viruses, worms, trojans, or spyware.
 Ransomware Attacks – Encrypting a victim’s files and demanding payment for the key.
 Identity Theft – Stealing personal information to fraudulently impersonate someone.
 Denial-of-Service (DoS / DDoS) – Overloading systems to disrupt services.

9. List any four virus categories.

 File-Infector Viruses
Attach themselves to executable files (e.g., .exe, .com) and spread when the host program runs.
 Boot-Sector Viruses
Infect the master boot record (MBR) or boot sector of a disk, loading into memory during system startup.
 Macro Viruses
Written in macro languages (e.g., VBA) and embed in documents; they execute when the document is
opened.
 Polymorphic Viruses
Change their code (encrypt or mutate) on each infection to evade signature-based detection.
 Metamorphic Viruses
Rewrite their entire code with each generation, making detection extremely difficult.

10.State the two types of firewall with its use.

 Network-based (Hardware) Firewall
– Use: Deployed as a dedicated appliance at the boundary between internal and external networks to filter
traffic at line speed, enforce perimeter security, and protect an entire LAN or data center.
 Host-based (Software) Firewall
– Use: Installed on individual servers or workstations to control inbound/outbound traffic per application or
port, enforce host-level policies, and provide an additional layer of defense on each endpoint.
 11.List two protocols in IP Sec. State its function.
 Authentication Header (AH):
Provides integrity, data origin authentication, and optional anti-replay protection for IP packets by adding a
cryptographic hash over selected header and payload fields (but does not encrypt the payload).
 Encapsulating Security Payload (ESP):
Offers confidentiality by encrypting the IP packet’s payload, and can also provide integrity, authentication,
and anti-replay protection for that encrypted data.
 Internet Key Exchange (IKE):
Handles the secure negotiation and establishment of Security Associations (SAs) and cryptographic keys
between IPsec peers (using Diffie-Hellman exchanges, mutual authentication, etc.).

12.Classify the following cyber crime : (i) Cyber terrorism against a government organization (ii)
Cyber – Stalking (iii) Copyright infringement (iv) Email harassment
 Cyber-Terrorism against a government organization
– Category: Cybercrime against the State / Critical-Infrastructure Attack
– Nature: Politically motivated, aimed at disrupting or intimidating government operations.
 Cyber-Stalking
– Category: Cybercrime against the Person / Harassment
– Nature: Repeated, unwanted targeting of an individual via electronic means to threaten, intimidate or
invade privacy.
 Copyright Infringement
– Category: Intellectual-Property Crime
– Nature: Unauthorized copying, distribution or use of copyrighted material (software, media, publications).
 Email Harassment
– Category: Cybercrime against the Person / Harassment
– Nature: Sending abusive, threatening or obscene messages to intimidate or distress the recipient.

13.Differentiate between viruses & worms.

viruses Worms
Malicious code that attaches to a host file or program and Stand-alone malicious program that replicates
executes when that host runs. itself over networks.
Self-contained; spreads without attaching to other
Needs a host file or application to spread.
files.
Relies on user actions (e.g., opening an infected file, Exploits network vulnerabilities or automated
running a program). mechanisms to propagate.
Generally slower—limited by host execution and user Often rapid—scans and infects devices
behavior. autonomously across networks.
Network congestion (DoS), backdoors, mass
File corruption, data modification, stealth implants.
distribution of payloads.
May hide inside legitimate executables or use May use scanning throttling or encryption but less
polymorphism. commonly polymorphic.
CIH (Chernobyl), Melissa SQL Slammer, Blaster

14.Define term cyber crime.

Cybercrime is any illegal activity that involves computers, networks, or digital devices as tools, targets, or
places of criminal activity.
It includes offenses like hacking, identity theft, phishing, online fraud, and cyberstalking.
15.State any four advantages of Biometrics.
 High Accuracy and Reliability
Biometric traits (e.g., fingerprints, iris patterns) are unique to each individual, reducing false
acceptance/rejection rates.
 Non-Repudiation
Because biometric identifiers cannot be easily shared or forged, users cannot credibly deny having performed
an action.
 Convenience and Speed
Scanning a fingerprint or face is faster and more user-friendly than remembering and typing complex
passwords or carrying tokens.
 Eliminates Password Management
No need for users to create, remember, or periodically change passwords, reducing help-desk costs and
password-related security risks.

16.Explain the term cryptanalysis.

 Cryptanalysis is the process of breaking encryption to access hidden information without knowing the key.
 It finds weaknesses in cryptographic algorithms or implementations.
 Techniques include ciphertext analysis, pattern recognition, and exploiting vulnerabilities.
 The goal is to recover plaintext, keys, or compromise the security of a system.

17.Explain the term assets.

 Assets are valuable resources that need protection in an organization.
 They can be physical (like servers, computers) or digital (like data, software, databases).
 People (employees, customers) and reputation are also considered important assets.
 Assets are targets for threats, making them central to security planning and risk management.

18.State any four limitations of firewall.

 Cannot Protect Against Insider Threats
Firewalls mainly filter external traffic and may not detect malicious activities from within the organization.
 Cannot Prevent Malware Introduced via Portable Devices
Malware introduced through USB drives or other offline methods bypasses network firewalls.
 Limited Protection for Encrypted Traffic
Firewalls cannot inspect encrypted packets unless combined with specialized tools like deep packet
inspection.
 Cannot Protect Against Social Engineering Attacks
Firewalls cannot stop users from being tricked into giving away sensitive information (e.g., through phishing).

19.Explain working of Kerberos in short.

 Login Request:
The user logs in and requests access from the Authentication Server (AS).
 Ticket Granting Ticket (TGT):
AS verifies the user and issues a TGT, encrypted with the user's password key.
 Service Ticket Request:
The user presents the TGT to the Ticket Granting Server (TGS) to request access to a specific service.
 Service Ticket Issued:
TGS sends a Service Ticket, allowing the user to authenticate to the desired service.
 Access Service:
The user presents the Service Ticket to the Application Server, and if valid, access is granted.
20.Define CIA model of Security Basic.
 Confidentiality:
Ensuring that information is accessible only to authorized users and is protected from unauthorized access.
 Integrity:
Maintaining the accuracy and completeness of information, and protecting it from being altered or tampered
with.
 Availability:
Ensuring that authorized users have reliable and timely access to information and resources when needed.

21.Define firewall. Enlist the types of Firewalls.

Firewall Definition:
A firewall is a network security system that monitors and controls incoming and outgoing network traffic
based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted
external networks (such as the internet), helping to prevent unauthorized access and attacks.

 Packet-Filtering Firewall
 Stateful Inspection Firewall
 Proxy Firewall (Application-Level Gateway)
 Next-Generation Firewall (NGFW)
 Network Address Translation (NAT) Firewall
 Cloud Firewall (Firewall-as-a-Service)
 Unified Threat Management (UTM) Firewall

22.Explain the term Cryptography.

Cryptography is the science and art of securing information by converting it into a form that is unreadable to
unauthorized users.
It uses mathematical techniques (like encryption and decryption) to ensure confidentiality, integrity,
authentication, and non-repudiation of data.
In simple terms, cryptography protects information by making it accessible only to those who are authorized.

23.Define the term Honeypots.

Honeypots are security resources or systems intentionally set up to appear as vulnerable targets to attackers.
Their primary purpose is to lure cybercriminals, detect malicious activities, and gather information about their
techniques and methods.
They act as decoys, distracting attackers from valuable systems while providing insights for improving security
measures.

24.Enlist two Intrusion Detection System.

1) Network-Based Intrusion Detection System (NIDS)
 Monitors network traffic for suspicious activities and potential threats.
2) Host-Based Intrusion Detection System (HIDS)
 Monitors the activities of a specific host or device, detecting abnormal behavior or unauthorized access.
3) Signature-Based IDS
 Detects known threats by comparing incoming data to a database of predefined signatures (patterns of
known attacks).
4) Anomaly-Based IDS
 Monitors network or system behavior and alerts when deviations from a predefined baseline or normal
activity are detected
 25.Define following terms : (i) Confidentiality (ii) Accountability
 Confidentiality
Confidentiality refers to the protection of information from unauthorized access. It ensures that only
authorized individuals or systems can access sensitive data, preventing disclosure to unauthorized parties.
 Accountability
Accountability refers to the ability to trace actions to the responsible party. In security, it ensures that users'
actions are logged and can be traced back to them, so they can be held responsible for their activities.

26.Explain the terms : (i) Shoulder surfing (ii) Piggybacking

Shoulder Surfing
 Shoulder surfing is a type of social engineering attack where an attacker observes a person’s screen,
keyboard, or other input devices from a close distance to steal sensitive information (like passwords, PINs, or
other confidential data).
Piggybacking
 Piggybacking refers to an unauthorized individual gaining access to a restricted area or system by following
an authorized user. For example, a person may sneak through a security door by simply walking in behind
someone who has legitimate access.

27.Define term cryptography.

Cryptography is the practice and study of securing communication and data through the use of mathematical
techniques. It involves converting information into a secure format (ciphertext) so that it can only be read or
accessed by authorized users who have the appropriate key to decrypt it back into its original form (plaintext).
Cryptography ensures confidentiality, integrity, authentication, and non-repudiation of data.

28.Define AH & ESP with respect to IP security.

Authentication Header (AH) in IP Security:

 AH is a protocol within IPsec that provides data integrity, authentication, and anti-replay protection for IP
packets.
 It ensures that data has not been tampered with and that it comes from a legitimate source.
 AH does not provide encryption, meaning the data remains visible, but it ensures its authenticity and
integrity.

Encapsulating Security Payload (ESP) in IP Security:

 ESP is another protocol in IPsec that provides confidentiality (encryption) for the payload of IP packets, along
with optional data integrity and authentication.
 ESP can encrypt the entire payload of the IP packet (including the data and headers) to ensure that it is kept
secret.
 It also offers anti-replay protection to prevent the replay of old packets.