1. What is cyber security? Explain types of cybercrimes?

What are the key principles of

information security best practices?
1. Cyber Security
Cyber security is the practice of protecting computer systems, networks, and data from cyber
attacks, unauthorized access, theft, or damage. Its goal is to ensure the confidentiality,
integrity, and availability (CIA) of information.

2. Types of Cybercrimes

Type Explanation

Hacking Gaining unauthorized access to systems or networks.

Fake emails/websites to steal sensitive info (passwords, bank

Phishing
details).

Malware Attacks Viruses, worms, spyware, or ransomware that damage or steal data.

Identity Theft Using someone’s personal info for fraud.

Cyberstalking Online harassment, threats, or bullying.

Denial of Service (DoS) Flooding servers to make services unavailable.

Diagram Idea:
You can draw a simple flowchart like this:
Cybercrime
/ | \
Hacking Phishing Malware
| | |
Identity Theft Cyberstalking DoS

3. Key Principles of Information Security (Best Practices)

1. Confidentiality – Keep info secret; only authorized users access it.
2. Integrity – Data should not be altered by unauthorized users.
3. Availability – Systems and data must be accessible when needed.
4. Authentication – Verify user identity before access.
5. Non-repudiation – Actions and transactions cannot be denied later.
6. Regular Updates & Backups – Protect against attacks and data loss.
Diagram Idea:
Information Security
 |
---------------------------
| | | |
Conf Integrity Availability Auth Non-repudiation

Cheat Codes / Memory Shortcuts

• Cybercrime Types: H-P-M-I-C-D → Hacking, Phishing, Malware, Identity theft,
Cyberstalking, DoS.
o Memory trick: "Happy People Make Internet Connections Daily"
• CIA + ANR for Info Security:
o C = Confidentiality, I = Integrity, A = Availability
o Add Authentication & Non-repudiation → "CIAAN"
o Memory trick: "CIA Agents Never fail"
2. What is Cyber Stalking? Explain various types of Stalkers with a case study.
Cyber Stalking
Cyber stalking is the use of the internet, email, social media, or other electronic
communication to harass, threaten, or intimidate a person repeatedly. Unlike ordinary
stalking, it is virtual but can cause severe emotional and psychological harm.
Key Features:
• Repeated unwanted messages or contact
• Threats to personal safety
• Spreading rumors or personal information online
• Identity theft to harm the victim

Types of Stalkers
Type Characteristics
The Simple Obsessional Often a former partner or acquaintance; motivated by revenge
Stalker or obsession.
The Love Obsessional Targets someone they do not know personally; idealizes the
Stalker victim.
Believes the victim is in love with them despite no real
The Erotomanic Stalker
relationship.
The Vengeful Stalker Motivated by hatred or a desire to frighten or punish the victim.
Uses cyber tools to track and plan attacks; may commit sexual
The Predatory Stalker
assault.
Diagram Idea:
Cyber Stalkers
/ | \
Simple Love Erotomanic
Obsessional Obsessional
| | |
Vengeful Predatory

Case Study (Simple Exam Version)

Case: A woman received repeated threatening emails and social media messages from a
former colleague for six months. The stalker also created fake profiles to harass her online.
Law enforcement tracked the IP address, arrested the stalker, and prevented further
harassment.
Analysis:
• This is a Simple Obsessional Stalker case with cyber harassment.
• Highlights the importance of digital evidence, reporting, and legal action.

Cheat Code / Shortcut to Remember Stalkers

• Simple, Love, Erotomanic, Vengeful, Predatory → SLEVP
• Memory trick: "Some Lovers Easily Vent Passion"

3. What is cyber crime? List types of cyber criminals

Cyber Crime
Cyber crime is any illegal activity carried out using computers, networks, or the internet.
It involves unauthorized access, data theft, system damage, fraud, or harassment. Cyber crimes
can target individuals, organizations, or governments, causing financial loss, data
breaches, or reputational damage.

Types of Cyber Criminals by Target

1. Target: Individuals
These criminals aim to exploit or harass people personally.
• Identity Thief: Steals personal info (credit cards, PAN, Aadhaar) for financial fraud.
• Phisher: Sends fake emails or messages to trick victims into sharing sensitive data.
• Cyber Stalker: Harasses or threatens someone repeatedly online.
• Script Kiddie: Uses hacking tools to deface personal websites or social media
accounts.
2. Target: Organizations / Businesses
These criminals aim at financial gain, data theft, or disruption.
• Hacker: Gains unauthorized access to company systems or networks.
• Insider Threat: Employees misusing access to steal or leak confidential data.
• Cracker: Breaks software protections, bypasses security, or injects malware.
• Ransomware Attacker: Encrypts organizational data and demands ransom.
3. Target: Governments / Nations
These criminals aim at political, strategic, or national security goals.
• Cyber Terrorist: Hacks government websites, spreads propaganda, or disrupts
infrastructure.
 • State-Sponsored Hacker: Employed by a government to steal intelligence or disrupt
another nation.
• Hacktivist: Targets governments to protest policies or leak confidential data.

Diagram Idea (Flowchart)

Cyber Criminals
|
-----------------------------------
| | |
Individuals Organizations Governments
| | | | | | | | | | |
ID Phish CS SK Hacker Insider Cracker Ransom CyberT State Hacktivist
Legend: ID = Identity Thief, CS = Cyber Stalker, SK = Script Kiddie, CyberT = Cyber Terrorist

Shortcut / Memory Trick

• Individuals: I-P-CS-SK → Identity thief, Phisher, Cyber Stalker, Script Kiddie
• Organizations: H-I-C-R → Hacker, Insider, Cracker, Ransomware attacker
• Governments: CT-SS-H → Cyber Terrorist, State-sponsored, Hacktivist
• Memory trick: "I People Can’t Stop, Hackers In Companies Really Cheat, Cyber
Terrorists Spy Hackers" (funny but works!)
4. What is meant by Compromised computer? How to protect it from attacks?
Compromised Computer
A compromised computer is a system that has been breached or controlled by an
unauthorized user or malicious software. Attackers may use it to:
• Steal sensitive information (passwords, banking info)
• Spread malware to other systems
• Launch attacks (like DDoS) on other networks
Signs a computer is compromised:
• Slow performance or frequent crashes
• Unknown programs or pop-ups
• Unauthorized network activity
• Disabled antivirus or firewall
How to Protect a Computer from Attacks
1. Install Antivirus & Anti-Malware Software
o Detects and removes viruses, spyware, and trojans.
2. Keep System and Software Updated
o Apply security patches and updates regularly.
3. Use Strong Passwords & Authentication
o Use complex passwords and enable multi-factor authentication (MFA).
4. Firewall & Network Security
o Use firewalls to block unauthorized access.
o Secure Wi-Fi with strong encryption (WPA3/WPA2).
5. Avoid Suspicious Links & Emails
o Do not click on unknown attachments or phishing links.
6. Regular Backups
o Keep data copies on external drives or cloud storage.
7. Limit User Privileges
o Give admin rights only when necessary.

Flowchart Idea
Compromised Computer
|
-----------------------
| | |
Symptoms Causes Protection
(slow, popups) (malware, hackers) (antivirus, firewall, updates)

Memory Shortcut / Cheat Code

• Protection Steps: A-U-P-F-A-B-L → Antivirus, Updates, Passwords, Firewall,
Avoid links, Backups, Limit access
• Memory trick: "All Users Protect From Attacks By Limiting"

5. Write different forms of attacks through which attackers target computer systems.
Forms of Attacks on Computer Systems
Attackers target computer systems using various methods. These attacks can be classified
based on technique and impact:

1. Malware Attacks
Malicious software that harms or disrupts systems.
• Virus: Attaches to files and spreads when executed.
• Worm: Self-replicates and spreads across networks.
• Trojan Horse: Disguises as legitimate software to gain access.
• Ransomware: Encrypts files and demands ransom to unlock them.
• Spyware/Adware: Steals information or displays unwanted ads.

2. Phishing & Social Engineering

Tricking users into revealing sensitive information.
• Phishing Emails: Fake emails that steal credentials.
• Spear Phishing: Targeted attacks on specific individuals or organizations.
• Pretexting & Baiting: Using fake scenarios or promises to gain info.

3. Network Attacks
Targeting network infrastructure to steal data or disrupt services.
• Denial of Service (DoS/DDoS): Flooding a network to make it unavailable.
• Man-in-the-Middle (MITM): Intercepting communications between two parties.
• Packet Sniffing: Capturing data packets to extract sensitive info.

4. Password & Authentication Attacks

Breaking user authentication to gain unauthorized access.
• Brute Force Attack: Trying all possible password combinations.
• Dictionary Attack: Using common words or passwords.
• Keylogging: Recording keystrokes to steal credentials.

5. Physical & Hardware Attacks

Directly targeting the system hardware.
• USB-based Malware: Infected USB drives introduce malware.
 • Hardware Tampering: Modifying hardware to steal data or cause damage.

Diagram / Flowchart Idea

Computer Attacks
|
---------------------------------------
| | | | |
Malware Phishing Network Password Physical
Attacks Attacks Attacks
• Each category can have examples listed beside it in the exam.

Memory Shortcut / Cheat Code

• M-P-N-P-P → Malware, Phishing, Network, Password, Physical
• Memory trick: "My Perfect Network Protects Privacy"

6. What are the cyber laws? Explain role of intellectual property in digital age. What are
phases of Hacking?
1. Cyber Laws
Cyber laws are the legal regulations that govern activities in cyberspace, aiming to prevent
and punish cyber crimes. They provide a framework for digital transactions, online safety,
and protection of data and privacy.
Key Points:
• Regulate internet use, electronic commerce, and digital communication
• Prevent cyber crimes like hacking, phishing, identity theft, and cyberstalking
• Examples: Information Technology Act, 2000 (India)

2. Role of Intellectual Property (IP) in Digital Age

Intellectual Property protects creations of the mind such as software, digital content,
inventions, and designs. In the digital age:
• Copyrights: Protect software, digital media, and publications.
• Patents: Protect innovative technologies or software algorithms.
• Trademarks: Protect brand names, logos, and digital identities.
• Trade Secrets: Protect sensitive business information online.
Importance:
• Encourages innovation and creativity
• Prevents unauthorized copying, piracy, or distribution
• Supports business and digital economy growth

3. Phases of Hacking
Hacking is usually carried out in multiple systematic phases:

Phase Description

1. Reconnaissance Collect information about the target (IP, network, employees).

Identify vulnerabilities using tools like port scanners or network

2. Scanning
scanners.

Exploit weaknesses to enter the system (via malware, passwords,

3. Gaining Access
phishing).

4. Maintaining
Install backdoors or remote tools to stay in the system undetected.
Access

5. Covering Tracks Delete logs, hide malware, or modify timestamps to avoid detection.

Diagram Idea:
Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks

Memory Shortcut / Cheat Code

• Hacking Phases: R-S-G-M-C → Recon, Scan, Gain, Maintain, Cover
• Memory trick: "Really Smart Geeks Make Coverups"
• IP Types: C-P-T-S → Copyright, Patent, Trademark, Secret
• Memory trick: "Creativity Protects Tech Secrets"

7. Explain in detail about IT Act 2000.

1. Cyber Laws
Cyber laws are the legal regulations that govern activities in cyberspace, aiming to prevent
and punish cyber crimes. They provide a framework for digital transactions, online safety,
and protection of data and privacy.
Key Points:
• Regulate internet use, electronic commerce, and digital communication
• Prevent cyber crimes like hacking, phishing, identity theft, and cyberstalking
 • Examples: Information Technology Act, 2000 (India)

2. Role of Intellectual Property (IP) in Digital Age

Intellectual Property protects creations of the mind such as software, digital content,
inventions, and designs. In the digital age:
• Copyrights: Protect software, digital media, and publications.
• Patents: Protect innovative technologies or software algorithms.
• Trademarks: Protect brand names, logos, and digital identities.
• Trade Secrets: Protect sensitive business information online.
Importance:
• Encourages innovation and creativity
• Prevents unauthorized copying, piracy, or distribution
• Supports business and digital economy growth

3. Phases of Hacking
Hacking is usually carried out in multiple systematic phases:

Phase Description

1. Reconnaissance Collect information about the target (IP, network, employees).

Identify vulnerabilities using tools like port scanners or network

2. Scanning
scanners.

Exploit weaknesses to enter the system (via malware, passwords,

3. Gaining Access
phishing).

4. Maintaining
Install backdoors or remote tools to stay in the system undetected.
Access

5. Covering Tracks Delete logs, hide malware, or modify timestamps to avoid detection.

Diagram Idea:
Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks

Memory Shortcut / Cheat Code

• Hacking Phases: R-S-G-M-C → Recon, Scan, Gain, Maintain, Cover
• Memory trick: "Really Smart Geeks Make Coverups"
• IP Types: C-P-T-S → Copyright, Patent, Trademark, Secret
 • Memory trick: "Creativity Protects Tech Secrets"

8. What are the types of vulnerabilities? Explain penetration testing methodologies with
examples.
1. Types of Vulnerabilities
Vulnerabilities are weaknesses or flaws in a system, network, or software that attackers
can exploit.
Common Types:

Type Description & Example

Bugs or flaws in applications or operating

Software Vulnerability
systems.

Example: Buffer overflow in a web server.

Weaknesses in network design, configuration,

Network Vulnerability
or protocols.

Example: Open ports or unsecured Wi-Fi.

Hardware Vulnerability Weaknesses in physical devices.

Example: Unprotected USB ports or vulnerable

IoT devices.

Weaknesses due to social engineering or poor

Human Vulnerability
practices.

Example: Using weak passwords or clicking

phishing links.

Configuration Vulnerability Poorly configured systems or devices.

Example: Default admin credentials left

unchanged.

2. Penetration Testing (Pen Testing)

Penetration testing is the authorized simulation of cyber attacks to identify and fix system
vulnerabilities. It evaluates how secure a system is against real-world attacks.
Phases / Methodologies of Pen Testing:

Phase Description & Example

Collecting information about the target

1. Reconnaissance / Information Gathering
system or network.
Phase Description & Example

Example: Using tools like Nmap to scan IP

addresses and open ports.

Identify active systems, services, and

2. Scanning / Enumeration
vulnerabilities.

Example: Using Nessus to find unpatched

software.

Exploiting vulnerabilities to access the

3. Gaining Access / Exploitation
system.

Example: Using SQL injection to bypass login

forms.

Checking if attackers can remain in the

4. Maintaining Access / Post-Exploitation
system undetected.

Example: Installing a backdoor or creating a new

admin account.

Documenting findings and providing

5. Reporting / Analysis
mitigation strategies.

Example: A report showing vulnerabilities and

recommendations.

Types of Pen Testing:

• Black Box: Tester has no prior knowledge of the system.
• White Box: Tester has full knowledge (source code, network diagrams).
• Grey Box: Partial knowledge is provided to simulate real insider threats.

Diagram Idea
Penetration Testing
|
------------------------------------
| | | | |
Recon Scanning Gaining Maintaining Reporting
/ Access Access

Memory Shortcuts / Cheat Codes

 • Vulnerabilities Types: S-N-H-H-C → Software, Network, Hardware, Human,
Configuration
• Memory trick: "Some Naughty Hackers Hack Computers"
• Pen Testing Phases: R-S-G-M-R → Recon, Scan, Gain, Maintain, Report
• Memory trick: "Really Smart Guys Make Reports"

9. What is XSS attack, SQL injection? How to prevent it? What is the use of CAPTCHA?
1. XSS Attack (Cross-Site Scripting)
Definition:
XSS attack is a type of injection attack where an attacker injects malicious scripts into a
trusted website, which then executes in the browser of other users.
Example:
• Posting a script in a comment box like <script>alert('Hacked!')</script> that executes
when other users view it.
Prevention:
• Validate and sanitize user input
• Encode output before rendering in browsers
• Use security headers like Content Security Policy (CSP)

2. SQL Injection
Definition:
SQL Injection is a code injection technique where an attacker manipulates SQL queries to
access or modify a database.
Example:
• Inputting ' OR '1'='1 in a login form to bypass authentication.
Prevention:
• Use prepared statements / parameterized queries
• Validate and sanitize user input
• Limit database permissions (least privilege principle)

3. Use of CAPTCHA
Definition:
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans
Apart) is a tool to differentiate humans from automated bots.
Uses:
 • Prevent automated spam in forms and comments
• Protect login pages from brute force attacks
• Secure online polls or surveys from bot manipulation

Diagram Idea
Web Application Attacks
|
----------------------------
| |
XSS Attack SQL Injection
(Malicious Scripts) (Manipulate Database)
| |
Prevention: Sanitize input, Prevention: Prepared statements,
Encode output, CSP Validate input, Limit DB rights

CAPTCHA: Protects site from bots, automated spam & brute-force attacks

Memory Shortcuts / Cheat Codes

• XSS Prevention: S-E-C → Sanitize, Encode, CSP
• Memory trick: "Secure Every Code"
• SQL Injection Prevention: P-V-L → Prepared statements, Validate input, Least
privilege
• Memory trick: "Protect Valuable Logs"
• CAPTCHA Use: S-P-B → Spam, Polls, Brute-force
• Memory trick: "Stop Problem Bots"