1. What is Cybersecurity?

Cybersecurity = Protecting digital systems from attacks.

Main Goal → CIA Triad

Part	Meaning	Purpose
Confidentiality	Data is private	Only authorized people can access
Integrity	Data is accurate	No unauthorized changes
Availability	Data available anytime	Systems work when needed

2. Types of Cyber Threats

1. Malware

Malicious software that damages systems.
Examples: Virus, Worm, Trojan, Ransomware, Spyware, Adware, Rootkit, Botnet.

2. Phishing

Fake emails/messages to steal password or bank details.

3. Smishing / Vishing / Whaling

Smishing: Fake SMS
Vishing: Fake phone calls
Whaling: Targeting top executives (CEO, CFO)

4. DoS / DDoS Attacks

Attackers overload servers → Website goes down.

5. MITM (Man-in-the-Middle)

Attacker secretly intercepts communication.

6. SQL Injection

Injecting malicious code into databases to steal/alter data.

7. Zero-Day Exploit

Attack occurs before developer fixes the vulnerability.

8. Password Attacks

Brute-force, dictionary, credential stuffing.

9. Social Engineering

Tricking people to reveal confidential data.

3. Cyber Defense Measures

Technical Controls

Firewall → Blocks unwanted traffic.
Antivirus/Anti-malware → Detects, removes malware.
Encryption → Converts data into unreadable code.
VPN → Encrypted safe connection.
IDS/IPS → Detect and block intrusions.
DLP (Data Loss Prevention) → Prevent data leakage.
SIEM → Collects & analyses logs to detect threats.
Regular Software Updates → Fix vulnerabilities.

Access Control

MFA (Multi-Factor Authentication) → Password + OTP.
Least Privilege Principle → Minimum access needed.
Strong Password Policy.

Human Controls

Security Awareness Training
Safe email practices
Verifying links and downloads

4. Types of Hackers

Hacker Type	Description
White Hat	Ethical hackers, find vulnerabilities legally
Black Hat	Criminal hackers
Grey Hat	Hack without permission but may report flaws
Script Kiddies	Use ready-made tools, no deep skills
Hacktivists	Hack for social/political causes
Insiders	Employees misusing access
Red Hat	Hackers who fight black hats aggressively
Blue Hat	External testers before system launch

5. Key Cybersecurity Terms

Vulnerability → System weakness
Threat → Potential danger
Risk → Possibility of threat exploiting weakness
Exploit → Method used to attack vulnerability
Patch → Fix for a vulnerability

Common Cyber Attacks

Virus, Worm, Trojan
Ransomware
Spyware
Rootkit
Botnet
Phishing, Smishing, Vishing
MITM
SQL Injection
XSS (Cross-Site Scripting)
Brute Force
Spoofing

6. Cybersecurity Laws in India

Information Technology (IT) Act, 2000

Main law governing cybercrimes.

Important Sections:

Sec 43 → Unauthorized access, data theft
Sec 65 → Tampering with source code
Sec 66 → Hacking, identity theft
Sec 66C → Identity theft (Aadhaar misuse)
Sec 66D → Online cheating (phishing)
Sec 66F → Cyber terrorism (life imprisonment)
Sec 69A → Block websites
Sec 70B → CERT-In as National Nodal Agency

DPDPA, 2023 (Digital Personal Data Protection Act)

Protects personal data of users
Consent required before data usage
Breach reporting required
Heavy penalties for violations

CERT-In (Indian Computer Emergency Response Team)

Handles cyber incidents
Issues advisories
Coordinates national cybersecurity

International Standards

ISO 27001 → Global standard for information security management
NIST Framework → Identify → Protect → Detect → Respond → Recover
GDPR (EU Law) → Strong data privacy law

7. Common Cybersecurity Tools

Category	Tools
Antivirus	McAfee, Norton, Quick Heal
Firewall	Hardware/Software firewalls
Network Scanning	Nmap, Wireshark
Penetration Testing	Kali Linux, Metasploit, Burp Suite
Log Monitoring / SIEM	Splunk, QRadar
DLP	Symantec DLP
VPN	OpenVPN, Cisco AnyConnect

8. Social Engineering Attacks

Phishing → Fake emails
Spear Phishing → Targeted phishing
Whaling → Targeting VIPs/CEOs
Smishing → Fake SMS
Vishing → Voice-based scams
Pretexting → Fake story to trick a victim
Baiting → Free USB drives/software
Quid Pro Quo → “Help” in return for info
Tailgating → Entering behind authorized person
Shoulder Surfing → Watching someone type passwords

9. Emerging Trends in Cybersecurity

1. AI-based Attacks & Defense

AI used to create smarter malware and phishing
AI also used for threat detection.

2. Ransomware-as-a-Service (RaaS)

Attackers sell ransomware as subscription service.

3. Supply Chain Attacks

Targeting vendors to reach large organizations (e.g., SolarWinds).

4. Cloud Security Risks

Misconfigured storage, unauthorized access.

5. IoT Security Weakness

Smart devices often lack strong security.

6. Quantum Threats

Quantum computers may break traditional encryption in future.

7. Zero Trust Security

“Never trust, always verify.”

8. Human Error

Most breaches occur because of a mistake by users.

10. Basic Security Practices

✔ Use strong & unique passwords
✔ Enable 2FA / MFA
✔ Avoid clicking suspicious links
✔ Do not download unknown files
✔ Keep software updated
✔ Regularly backup data
✔ Use antivirus and firewall

11. Cybersecurity Certifications

CEH (Certified Ethical Hacker)
CISSP (Certified Information Systems Security Professional)
CompTIA Security+
CISA (Certified Information Systems Auditor)
CCSP (Cloud Security Professional)
OSCP (Offensive Security Certified Professional)

Quick Revision

Super-important for banking & internal promotion exams.

CIA Triad → Confidentiality, Integrity, Availability
Threats → Malware, Phishing, DoS, MITM, SQL Injection
Defense → Firewall, Antivirus, Encryption, MFA, Updates
Attackers → White Hat, Black Hat, Grey Hat, Hacktivists
Laws → IT Act 2000, Sec 66, 66F, 69A, CERT-In
Tools → Wireshark, Nmap, Kali Linux, SIEM
Trends → AI attacks, Ransomware, Cloud, IoT, Zero Trust

MCQ

What does the “CIA” in CIA triad stand for?
A. Confidentiality, Integrity, Availability
B. Cipher, Integrity, Access
C. Confidentiality, Identification, Authentication
D. Control, Integrity, Availability
Answer: A. Confidentiality, Integrity, Availability. — Core security goals.

Which of the following is a malware that encrypts user files and demands payment?
A. Worm
B. Trojan
C. Ransomware
D. Spyware
Answer: C. Ransomware. — Encrypts files and demands ransom.

What is phishing?
A. Network scanning tool
B. Sending fake emails to steal information
C. A type of firewall
D. Encrypted email protocol
Answer: B. Sending fake emails to steal information. — Social engineering via email.

Which Indian law primarily deals with cybercrime and electronic governance?
A. IT Act, 2000
B. IPC
C. Evidence Act
D. Data Protection Act, 2019
Answer: A. IT Act, 2000. — Main cyber law in India.

Which section of the IT Act deals with cyber terrorism?
A. Sec 43
B. Sec 66F
C. Sec 69A
D. Sec 70B
Answer: B. Sec 66F. — Cyber terrorism provisions.

What is CERT-In?
A. Banking regulator
B. Computer Emergency Response Team – India (national incident response agency)
C. Data protection authority
D. Encryption standard
Answer: B. Computer Emergency Response Team – India. — National cybersecurity agency.

Which of the following is NOT a phishing variant?
A. Spear phishing
B. Whaling
C. Smishing
D. Shimming
Answer: D. Shimming. — Shimming is payment-card related; others are phishing types.

What does MFA stand for?
A. Multi-Factor Authentication
B. Managed Firewall Access
C. Multiple Failover Architecture
D. Message Format Authorization
Answer: A. Multi-Factor Authentication. — Two or more authentication factors.

Which is a commonly recommended password storage method?
A. Plain text
B. Encrypted with AES only
C. Salted & iterated hash (e.g., bcrypt/Argon2)
D. Base64 encoding
Answer: C. Salted & iterated hash (e.g., bcrypt/Argon2). — Best practice for passwords.

Which hashing algorithm is considered weak and vulnerable to collisions?
A. SHA-256
B. MD5
C. SHA-512
D. Bcrypt
Answer: B. MD5. — MD5 is deprecated for security.

What is the purpose of a firewall?
A. Encrypt data at rest
B. Block/allow network traffic based on rules
C. Detect application bugs
D. Hash passwords
Answer: B. Block/allow network traffic based on rules. — Network traffic filter.

Which protocol is used for secure web browsing (HTTPS)?
A. FTP
B. HTTP only
C. TLS/SSL over HTTP
D. SMTP
Answer: C. TLS/SSL over HTTP. — HTTPS = HTTP over TLS.

Default port for HTTPS is:
A. 80
B. 21
C. 443
D. 25
Answer: C. 443. — Standard HTTPS port.

What is a Zero-Day vulnerability?
A. A patched vulnerability
B. A vulnerability known and fixed for years
C. A previously unknown vulnerability exploited before a patch is available
D. A vulnerability in zero-bit encryption
Answer: C. A previously unknown vulnerability exploited before a patch is available. — No prior fix.

Which attack involves intercepting communication between two parties?
A. SQL Injection
B. Man-in-the-Middle (MITM)
C. Brute-force
D. Ransomware
Answer: B. Man-in-the-Middle (MITM). — Attacker sits in the communication channel.

What does IDS stand for?
A. Intrusion Detection System
B. Internal Data Store
C. Internet Data Security
D. Identity Directory Service
Answer: A. Intrusion Detection System. — Detects suspicious activities.

Which of these additionally blocks threats (not just detect)?
A. IDS
B. IPS
C. NTP
D. DNS
Answer: B. IPS (Intrusion Prevention System). — Can block traffic in real-time.

What kind of attack is SQL Injection?
A. Network-layer attack
B. Application-layer attack targeting databases via malicious input
C. Physical attack on servers
D. Cryptographic attack
Answer: B. Application-layer attack targeting databases via malicious input. — Bad input exploited.

Which OWASP vulnerability deals with client-side script injection?
A. CSRF
B. XSS (Cross-Site Scripting)
C. SQLi
D. SSRF
Answer: B. XSS (Cross-Site Scripting). — Malicious scripts injected into web pages.

What is Social Engineering?
A. Engineering social networks
B. Manipulating people to reveal sensitive information
C. Creating social media accounts
D. A cryptographic technique
Answer: B. Manipulating people to reveal sensitive information. — Human-targeted attacks.

Which is an example of a DDoS attack vector?
A. Using a single laptop to ping a server
B. Using a botnet to flood a target with traffic
C. Encrypting files locally
D. Stealing credentials via phishing
Answer: B. Using a botnet to flood a target with traffic. — Distributed sources amplify attack.

What is “RTO” in incident response/business continuity?
A. Recovery Time Objective — maximum acceptable downtime
B. Reboot Time Option
C. Remote Transfer Order
D. Risk Transfer Offset
Answer: A. Recovery Time Objective — maximum acceptable downtime.

What is “RPO”?
A. Remote Protection Option
B. Recovery Point Objective — acceptable data loss measured in time
C. Repeated Password Operations
D. Risk Prioritization Order
Answer: B. Recovery Point Objective — acceptable data loss measured in time.

Which framework is commonly used globally for information security management?
A. COBIT only
B. ISO/IEC 27001
C. PCI-DSS only
D. IT Act
Answer: B. ISO/IEC 27001. — Global information security standard.

Which NIST function is NOT part of the 5 core functions?
A. Identify
B. Protect
C. Monitor (this is part of Detect)
D. Recover
Answer: C. Monitor. — NIST: Identify, Protect, Detect, Respond, Recover.

What is SIEM used for?
A. Encrypt email
B. Collect, correlate, and analyze security logs and alerts
C. Block network traffic
D. Backup data
Answer: B. Collect, correlate, and analyze security logs and alerts. — Security Information & Event Management.

Which of the following is a best practice to prevent credential stuffing?
A. Use the same password across sites
B. Enforce MFA and rate-limiting
C. Disable account lockout
D. Store passwords in plain text
Answer: B. Enforce MFA and rate-limiting. — Prevent automated logins.

What does VPN primarily provide?
A. Local file encryption
B. Secure, encrypted tunnel over public networks
C. Antivirus scanning
D. DNS resolution only
Answer: B. Secure, encrypted tunnel over public networks. — Remote secure access.

Which of these is an example of endpoint security?
A. Firewall at network edge only
B. Antivirus/EDR on user laptops
C. Data center cooling
D. Load balancing
Answer: B. Antivirus/EDR on user laptops. — Protect endpoints.

Which authentication protocol uses tickets and is widely used in enterprise networks?
A. OAuth 2.0
B. Kerberos
C. SAML
D. LDAP
Answer: B. Kerberos. — Ticket-based authentication system.

What is the purpose of HMAC?
A. Encrypts messages with RSA
B. Provides message authentication using a hash and secret key
C. Replaces SSL/TLS
D. Generates random numbers
Answer: B. Provides message authentication using a hash and secret key.

Which one provides confidentiality and integrity in one primitive (authenticated encryption)?
A. AES-CBC only
B. AES-GCM
C. MD5
D. RSA alone
Answer: B. AES-GCM. — Authenticated encryption mode.

Which of the following is TRUE about asymmetric encryption?
A. Uses same key for encrypt & decrypt
B. Uses public and private keys; ideal for key exchange and signatures
C. Always faster than symmetric
D. Cannot be used for digital signatures
Answer: B. Uses public and private keys; ideal for key exchange and signatures.

Which is a common protocol for email encryption/signing (S/MIME)?
A. FTP
B. S/MIME
C. TLS only for web
D. SMTP plain
Answer: B. S/MIME. — Secure/Multipurpose Internet Mail Extensions.

What is “certificate revocation list (CRL)”?
A. A list of valid certificates
B. A list containing revoked certificates published by CA
C. A list of public keys only
D. A firewall rule list
Answer: B. A list containing revoked certificates published by CA.

Which online protocol allows checking certificate status in real-time?
A. FTP
B. OCSP (Online Certificate Status Protocol)
C. DNSSEC
D. SMTP
Answer: B. OCSP. — Real-time revocation checking.

Which is a common symmetric encryption standard used today?
A. RSA
B. AES
C. MD5
D. SHA-1
Answer: B. AES. — Symmetric block cipher standard.

Which key size is commonly recommended as minimum for RSA today?
A. 512-bit
B. 1024-bit
C. 2048-bit
D. 128-bit
Answer: C. 2048-bit. — Minimum widely recommended.

What does “forward secrecy” ensure?
A. Future keys can be recovered from current keys
B. Session keys cannot be recovered if long-term keys are compromised
C. Certificates never expire
D. Hashes are reversible
Answer: B. Session keys cannot be recovered if long-term keys are compromised. — Achieved via ephemeral keys.

Which access control model assigns permissions based on roles?
A. DAC (Discretionary Access Control)
B. MAC (Mandatory Access Control)
C. RBAC (Role-Based Access Control)
D. HBAC
Answer: C. RBAC (Role-Based Access Control). — Role-centric permissions.

What is “patch management”?
A. Hiring contractors to fix servers
B. Process of applying updates/fixes to software to close vulnerabilities
C. Encrypting data at rest
D. Installing antivirus only once
Answer: B. Process of applying updates/fixes to software to close vulnerabilities.

Which of the following is a principle of least privilege?
A. Give all users admin rights by default
B. Users get minimum access required for their job
C. Never revoke permissions
D. Use default passwords always
Answer: B. Users get minimum access required for their job.

What is a honeypot in cybersecurity?
A. Secure database replica
B. Decoy system to attract attackers and study their behavior
C. Firewall configuration
D. Password manager
Answer: B. Decoy system to attract attackers and study their behavior.

Which is NOT a network device used in perimeter defense?
A. Router
B. Switch
C. Firewall
D. Compiler
Answer: D. Compiler. — Compiler is a software development tool.

Which standard governs payment card security?
A. ISO 27001
B. PCI DSS
C. GDPR
D. HIPAA
Answer: B. PCI DSS. — Payment Card Industry Data Security Standard.

Which of the following is a common technique to protect against SQL Injection?
A. Using user-supplied input directly in queries
B. Parameterized queries / prepared statements
C. Disabling logs
D. Using MD5 hashes only
Answer: B. Parameterized queries / prepared statements.

Which is used for identity federation and single sign-on (SSO) in enterprise?
A. FTP
B. SAML and OAuth / OpenID Connect
C. SNMP
D. ICMP
Answer: B. SAML and OAuth / OpenID Connect.

Which is true about cloud security responsibility?
A. Cloud provider is always responsible for everything
B. Customer is always responsible for physical infrastructure only
C. Security is shared between cloud provider and customer (shared responsibility model)
D. No security is required in the cloud
Answer: C. Security is shared between cloud provider and customer.

What does “SOC” (Security Operations Center) do?
A. Handles payroll for IT staff
B. Monitors security events, responds to incidents, and manages security operations
C. Manufactures security hardware
D. Issues certificates only
Answer: B. Monitors security events, responds to incidents, and manages security operations.

Which of the following is a primary goal of digital forensics?
A. Encrypt files
B. Investigate cyber incidents and preserve evidence for legal use (chain of custody)
C. Patch systems only
D. Send phishing emails
Answer: B. Investigate cyber incidents and preserve evidence for legal use.

Which of these is a common malware delivery vector?
A. Secure software update channels only
B. Malicious email attachments and drive-by downloads
C. Using strong passwords
D. Two-factor authentication
Answer: B. Malicious email attachments and drive-by downloads.

Which Indian Act provides for blocking of websites by government orders?
A. IT Act Sec 69A
B. IPC Sec 295A
C. Evidence Act
D. Companies Act
Answer: A. IT Act Sec 69A. — Blocking unlawful content.

What is the best defense against credential phishing?
A. Use weak passwords
B. Security awareness training + MFA + phishing simulations
C. Disable email encryption
D. Sharing passwords with colleagues
Answer: B. Security awareness training + MFA + phishing simulations.

Which is an example of application whitelisting?
A. Allow any program to run
B. Only allow pre-approved applications to execute on endpoints
C. Blocking the OS entirely
D. Disabling antivirus
Answer: B. Only allow pre-approved applications to execute on endpoints.

Which technique reduces risk of data exfiltration from USB devices?
A. Allow all USBs by default
B. Disable or restrict USB ports and use DLP tools
C. Share USBs widely
D. Use default usernames/passwords
Answer: B. Disable or restrict USB ports and use DLP tools.

Which cryptographic primitive is one-way and used for integrity?
A. Symmetric encryption
B. Hash function (e.g., SHA-256)
C. Asymmetric encryption
D. VPN tunneling
Answer: B. Hash function (e.g., SHA-256). — One-way mapping for integrity checks.

What is an advanced persistent threat (APT)?
A. Short-term unsophisticated attack
B. Long-term targeted attack by skilled adversaries often for espionage or data theft
C. A firewall rule
D. Antivirus update
Answer: B. Long-term targeted attack by skilled adversaries.

Which method helps mitigate Ransomware attacks?
A. No backups
B. Regular, isolated backups + patching + endpoint protection + least privilege
C. Clicking all email links
D. Keep all ports open
Answer: B. Regular, isolated backups + patching + endpoint protection + least privilege.

Which of the following is used to score the severity of vulnerabilities?
A. CVE
B. CVSS (Common Vulnerability Scoring System)
C. SIEM
D. IDS
Answer: B. CVSS. — Provides severity score; CVE is an identifier.

Which is a recommended password policy practice?
A. Require very long, unique passphrases and use MFA
B. Force short periodic password changes only
C. Allow password reuse
D. Store passwords in spreadsheets
Answer: A. Require very long, unique passphrases and use MFA.