Sessional Test I - Semester II

Total Number of pages:2

Roll No:
Time: 90 minutes
Date:
Max marks: 40
Department:
Title of the Course: Cyber Science and Ethical Hacking
Course Code: CS-150

Section Type Serial number of Number of Each question Attempt

questions questions carries marks
A MCQ 1-8 8 0.5 All
B MCQ 9-12 4 2 All
2 2 out of3
Subjective 13 15
MCQ 16-17 4 All
Subjective 18-19 4 1 out of2
D Subjective 20-22 6 2 out of3
Section-A (Each question carries 0.5 mark) (Out ofquestions 1-8, all are to be attempted)

1. In the CIA Triad, which one of the followingis not involved?

a) Availability b)ConfidentialitycAuthenticity d)Integrity
2. Which of the following is defined as an attempt to steal, spy, damage or destroy computer
_ystems, networks, or their associated information?
a Cyber attack b) Computer security c) Cryptography Digital hacking
3. Which of the following is not a Cyber-crime?
a) Denial of Service b)Man in the Middile c)Malware dAES
4 Term "Cyberspace" was coined by.
a) Richard Stallman bWilliam Gibson c) Andrew Tannenbaunm djScott Fahlman
5. What is the existence of weakness in a system or network is known as?
a) Attack b)Exploit culnerability dThreat
6.
hich of the following is not anb)advantage
Makes the system slower
of Cyber security?
Minimizes computer freezing and crashes
c Gives privacy to users d) Protects system against viruses
7. Which of the following act violates Cyber security?
a) Exploit bjAttack c)Threat GHVulnerability
8. Which of the following is not a type of
Cyber-crime?
a) Data theft b) Forgery c)Damage to data & systems, dylnstalling antivirus-protection

Section-B(Each question carries 2 marks) (Questions 9 12 are compulsory; multiple

options can be correct) (Out of questions 13-15, only 2 are to be attempted)

9. Which of the following are valid types of Cyber-crime?

i. Cyberextortion ii Cryptojacking iii Cyberespionage iv Civil offense
a) i,ii b) ii,ii c)i,i,ii d) i,ii,ii,iv
10. Which of the statement among following is/are FALSE about Indian Cyber act?
i. Legislation that deals with issues related to Internet
ii. Provide legal recognition-all Transactions, ii. Protects
online privacy & curb online crimes
iv. The IT act came into existence in 2010
a) iand i bJii and iii ci and iv d) ii and iv
11. Which of the statements
among following is/are TRUE about key loggers?
. hese are a form of spyware where users are unaware their actions are being tracked.
. These can be used for a variety of purposes; hackers may use them to maliciously gain
access to your private information, while employers might use them to monitor employee
activities.
ii. it is a tool that captures and records
a user's keystrokes. It can record instant messages,
email, passwords and any other information you type at any time using your keyboard.
IV. There are two common
types of key loggers. Software and Hardware key loggers
a) i,ii b) ii,ii c) i,i,iv d) iii,ii,iv
12. Select the correct
option for following matches:
Column A Column B
1. Digital Signature a Botnet
2. Block chain b. Hash
3. Command &Control1 C Cryptocurrency
4. Data Integrity d. Non-repudiation
a) 1-b, 2-c, 3-a, 4-d b) 1-d, 2-c, 3-a, 4-b c) 1-c, 2-a, 3-b, 4-d d) 1-b, 2-a, 3-d, 4-c
13. Define hacking. Explain different typesof hackers with an example.
14. Explain the difference between Virus, Worms and Trojan Horse?
15. What are the three pillars of security? Explain in brief.

Ssection-C(Each question carries 4 marks) (Questions 16-17 are compulsory; multiple

options can be correct) (Out of questions 18- 19, only 1 is to be attempted)
16. Match the following

(A) (B) (A) B)

(1Copying agamefile (a) Firewall (3) Network security (C) Software piracy
(2)Law relatedtointernet (b) Cyberthreat 4) System crashes suddenly |(d) Cyber Law
a) 1-c, 2-b, 3-a, 4-d b)1-b, 2-c, 3-a, 4-d c)1-c, 2-d, 3-a, 4-b d)1-b, 2-a, 3 4-c

17. Read following two statements carefully and select options which are correct about these
statements.:
Cyber security is a broad field that covers physical security, endpoint security, data
encryption, and network security. It is also closely related to information assurance, which
protects information from threats such as natural disasters and server failures.
ii. Information security primarily addresses technology-related threats, with practices and
tools that can prevent or mitigate them. Another category is data security, which focuses
on protecting an organization's data from accidental or malicious exposure to
unauthorized parties.
a) II and I are TRUE b)l is TRUE, II is FALSE c)l and ll are FALSE d)ll is TRUE, I is FALSE

18. Differentiate between Virus and Worm. (Any four)

19. Define sniffing and spoofing. How to prevent sniffing and spoofing attack?

Section-D (Each question-6 marks)(Out ofquestions 20-22, only 2 are to be attempted)

20. Apply and Explain features of IT Act 2000 in terms of Cyber attack.
21. Explain how to perform the investigations in Cyber crime. Discuss the skills required by
Cyber Forensic experts.
22. Elaborate Digital Forensic life-cycle in terms of digital evidence for Cyber crime.
CHITKARA
NIYERSU 2022-2023

Sessional Test l-August, 2022. Semester-3

Roll No:o9A1965 Time: 90 minutes

[Total No. of Pages: 4] Max. Marks: 40

Programme: BE Computer Science Engineering

Course Title: Cyber Science and Ethical Hacking
Course Code: CS-150

General Instructions:
Follow the instructions given in each section.
D o not write anything on the question paper, except your roll no.
Make sure that you attempt the questions in order.
Scientific/Non-programmable calculatoris NA
Assume necessary data if required
Use of codes (if any)..NA...s allowed
Use of graph paper/semi loggraph paper/smith chart/ table (if any) is allowed

Sectionn Type Serial number of Number of Each question Attempt

questions questions carries marks
MCQ 1-8 8 0.5 All
B MCQ 9-12 4 All
Subjective 13 15 3 2 out of 3
C MCQ 16-17 2 All
Subjective 18-19 1 out of 2
D Subjective 20-22 2 out of 3

Section-A
(Each question carries 0.5 marks)
(Out ofquestions 1-8, all are to be attempted)

1.The first step that hacker follows to gather information about a target system is.
a) Identifying active machines b) Maintaining access
Collecting initial data d)port scanning
2.Name the tool is used for mirroring the web sites available on the from the internet?
a) Whois b)HTTrack c)Nmap d)Wayback machine
3. A software program that contains commercial and marketing related advertisements.
a) Spyware b)Worm c)Adware d)Computer virus
4. Name the technique, when sensitive data is converted into unidentifiable values and
it is not actual encryption.
a) Data masking b)Hashing c)Authentication d)Encryption

5 A policy is a legal document that discloses the way a party gathe

uses, discloses, and manages a customer or client's data.
a) Security b)Exploitation c)Delivery d)Privacyy
5. The sum of total number of weak points on a network or system from where
attacker can gain unauthorized access.
a) Security breach b)Surface attack c)Data breach d)Malicious software

7.Select one among given well known Cyber weapon

a) Delivery b)Action c)Botnet d)Control

8. Find Copyright violated statement from given options

a) When an unauthorized individual does something that breaches the copyright
proprietor's rights.
b) When the mark is used by a person who is not authorized by the holder of the
registered trademark
When committed without the consent of the patent holder would constitute
infringement
d) The ideas and words of others and pretending they are your own, you are stealing
someone else's intellectual property

Section-B
(Each question carries 2 marks)
(Questions 9-12 are compulsory; multiple options can be correct)
(Out of questions 13-15, only 2 are to be attempted)

9. What would be the possible ways for maintaining access and clearing traces.
Choose correct option combination among four.
i) Deleting all logs i)Knowledge of SDLC i) Modifying certain values of logs
iv) Port scanning

a) iand iv b)ii and iv ci and ii di and ii

Identify the statement/s which describes the need of foorptinting

10.
i)Passwords i)Reduce focus area iiVPN points iv)Know security posture

a) ii and iv bi and iv cii and ii dii and iv

11. Which of the following options are included in IPR and not protected by IPR.
i)Patent i) Physical property ii) Public domain material iv)Trademark

a) i and ii b) i and iv cii and ii d ) ii and iv

12. Privacy policy must provide the following, choose correct option/s
i)purpose of collection and usage of such information i)}ldentify vulnerabilities
i)Reconnaissance iv) Reasonable security practices and procedures adopted by it.

a i a n dii bii and iv c)ii and iv di and iv

13. Differentiate between Man in the Middle attack and Denial of Service Attack.

14. Write down the key protocols must be considered by every ethical hacker.

15. Elaborate in detail: a) Interactive nslookup b) Non-Interactive nslookup

Section C
(Each question carries 4 marks)
(Questions 16-17 are compulsory; multiple options can be correct)
(Out of questions 18-19, only 1 is to be attempted)

16. Select the true statement/s "Which defines the Zero Day Vulnerability
i. Attack based on trial and error where the hacker attempts to determine passw
access encrypted data.
ii. A developer has not released a patch for the existing vulnerability
ii. A form of cyber-extortion in which users are unable to access their data until a
ransom is paid.
iv. The red team write POC exploits is a way to mitigate zero-day vulnerabilities.

a)i and ii b) ii and iv c) ii and ii d)i, i, and iv

17. Select correct statement/s for "how does virus attacks"

i. Installing free software and apps.
ii. Clicking on a malicious executable file.
ii. Downloading free games, toolbars, media players and other software.
iv. When an attacker prevents legitimate users from accessing specific
computer
systems or devices.

a)i, ii and ii bi, i and iv c)ii, ii and iv d)i, i and iv

18. List out the various social engineering attacks in detail.

19. Define Reconnaissance attacks. Differentiate between Passive reconnaissance and
Active reconnaissance.

Section D
(Each question carries 6 marks)
(Out of questions 20-22, only 2 are to be attempted)

20. Define social media marketing. Discuss the different types of risks involve in social
media marketing.

21. Explicate the various steps involved in footprinting with suitable diagram.

22. Elaborate the data privacy attacks with reference to medical domain.