CBSE/Karnataka PU Board PUC II CHAPTER 12 : SECURITY ASPECTS

50 MCQ Questions with Answers

A virus is a type of:
a) Hardware device
b) Malware
c) Protocol
d) Cookie
Answer: b
Which malware does not need a host program to spread?
a) Virus
b) Trojan
c) Worm
d) Adware
Answer: c
Ransomware often demands:
a) Password
b) Ransom
c) Hardware access
d) Software update
Answer: b
Which software detects and removes malware?
a) Protocol
b) Antivirus
c) DNS
d) Modem
Answer: b
Which malware disguises as legitimate software?
a) Virus
b) Worm
c) Trojan
d) Spyware
Answer: c
Keyloggers are designed to:
a) Encrypt files
b) Record keystrokes
c) Block access
d) Scan hardware
Answer: b
Which is harmless but annoying malware?
a) Trojan
b) Adware
c) Spyware
d) Worm
Answer: b
HTTPS is recommended because it:
a) Is faster than HTTP
b) Encrypts data
c) Uses cookies
d) Supports popups
Answer: b
Cookie files are mainly used for:
a) Data encryption
b) Storing browsing info
c) Preventing virus
d) Hardware updates
Answer: b
Which hacker type is ethical?
a) White hat
b) Black hat
c) Grey hat
d) No hat
Answer: a
DDoS stands for:
a) Digital Denial of Service
b) Distributed Denial of Service
c) Database Denial of Service
d) Dynamic Denial of Service
Answer: b
Network firewall protects against:
a) Hardware failure
b) Unauthorised access
c) Data entry errors
d) Slow internet
Answer: b
Which protocol is secure for sensitive transactions?
a) HTTP
b) FTP
c) HTTPS
d) SMTP
Answer: c
Antivirus works by:
a) Hiding data
b) Detecting threats
c) Increasing bandwidth
d) Updating passwords
Answer: b
Which malware tracks user’s internet activity?
a) Spyware
b) Trojan
c) Adware
d) Worm
Answer: a
What is a firewall?
a) Network device
b) Security software/hardware
c) Protocol
d) Virus
Answer: b
Denial of Service attack is meant to:
a) Speed up a network
b) Crash systems
c) Block resources
d) Repair software
Answer: c
The safest way to use passwords:
a) Share them
b) Change regularly
c) Keep unchanged
d) Write them on paper
Answer: b
CAPTCHA is used to:
a) Track websites
b) Stop spam bots
c) Encrypt data
d) Hack computers
Answer: b
A session cookie:
a) Tracks browsing session
b) Crashes computer
c) Encrypts files
d) Prevents malware
Answer: a
Grey hat hacker generally:
a) Is always ethical
b) Hacks for fun
c) Sells secrets
d) Steals money
Answer: b
Spam mainly affects:
a) RAM
b) Email inbox
c) Hard drive
d) Graphics card
Answer: b
Network intrusion refers to:
a) Software installation
b) Unauthorised access
c) Antivirus update
d) Firewall setup
Answer: b
Buffer overflow attacks:
a) Fill up system RAM
b) Overwrite memory areas
c) Delete files
d) Trigger antivirus
Answer: b
HTTPS depends on:
a) DNS
b) SSL certificates
c) MAC address
d) IP address
Answer: b
Spyware usually:
a) Encrypts computer
b) Spies on user activities
c) Crashes network
d) Loads popups
Answer: b
Which cookies restore themselves after deletion?
a) Session cookie
b) Authentication cookie
c) Zombie cookie
d) Secure cookie
Answer: c
Snooping means:
a) Broadcasting data
b) Secretly capturing network traffic
c) Encrypting URLs
d) Installing antivirus
Answer: b
Eavesdropping differs from snooping by:
a) Being real-time
b) Using cookies
c) Creating virus
d) Causing DoS
Answer: a
Adware is mainly created for:
a) Stealing passwords
b) Generating revenue
c) Encrypting files
d) Repairing system
Answer: b
Black hat hackers:
a) Help fix flaws
b) Exploit vulnerabilities
c) Design firewalls
d) Trace cookies
Answer: b
Antivirus detection via sandbox means:
a) Running file in virtual space
b) Running file directly
c) Scanning cookies
d) Deleting emails
Answer: a
Virus signature is:
a) Part of hardware
b) Unique code sequence
c) Cookie tracker
d) Password
Answer: b
Real-time protection by antivirus:
a) Prevents hardware failure
b) Scans active memory
c) Increases RAM speed
d) Blocks network
Answer: b
A bot-net is used for:
a) Secure transactions
b) Distributed attacks
c) Encrypting web traffic
d) Scanning for malware
Answer: b
Which is NOT a preventive measure?
a) Regular backups
b) Using unsecured Wi-Fi
c) Updating antivirus
d) Checking browser security
Answer: b
Malware can spread via:
a) Removable devices
b) Encrypted HTTPS
c) Changing passwords
d) Network firewall
Answer: a
Phishing attacks generally aim to:
a) Fix cookies
b) Steal credentials
c) Crash servers
d) Encrypt files
Answer: b
SMTP protocol is usually associated with:
a) Web browsing
b) Email transfer
c) Adware removal
d) Cookie management
Answer: b
Which malware spies and sells user information?
a) Spyware
b) Worm
c) Trojan
d) Adware
Answer: a
Antivirus using heuristics checks for:
a) Known virus code patterns
b) Cookie updates
c) Hard drive errors
d) RAM integrity
Answer: a
HTTPS is preferable to HTTP because:
a) It's free
b) Encrypts data
c) Loads faster
d) Blocks hackers
Answer: b
DDoS attacks are hard to prevent because:
a) They're from many sources
b) Only one source
c) Use HTTP
d) Are always from Trojan
Answer: a
Keylogger malware is used to:
a) Steal passwords
b) Encrypt files
c) Crash websites
d) Update cookies
Answer: a
CAPTCHA mainly prevents:
a) Human users
b) Automated bots
c) Utility software
d) Ransomware
Answer: b
Hackers exploit:
a) Network protocols
b) Vulnerabilities
c) Firewalls
d) Antivirus software
Answer: b
Using pirated software is risky because:
a) It can bring malware
b) Stops cookies
c) Blocks firewalls
d) Erases RAM
Answer: a
The safest network is:
a) Always connected
b) Isolated from internet
c) Using HTTP only
d) With all cookies enabled
Answer: b
Zombie computers are controlled for:
a) Network protection
b) Attacks by bot-nets
c) Email filtering
d) Encryption
Answer: b
Session cookies are used to:
a) Store temporary session data
b) Steal info
c) Crash device
d) Unlock ransomware
Answer: a

1 Mark Questions (20) with Answers

What is malware?
Answer: Malicious software intended to harm computer systems.
Name two malware types.
Answer: Virus, Worm.
What does antivirus do?
Answer: Detects and removes malware.
What is the function of a firewall?
Answer: Protects networks from unauthorized access.
What is HTTPS?
Answer: Secure HTTP protocol with encryption.
What does a cookie store?
Answer: User browsing information.
Who is a white hat hacker?
Answer: Ethical hacker.
What is a keylogger?
Answer: Software/hardware that records keystrokes.
What is adware mainly used for?
Answer: Displaying advertisements.
What is a DoS attack?
Answer: Attack that blocks access to resources by overloading them.
What is ransomware?
Answer: Malware that demands ransom to unlock encrypted data.
Name a malware that spreads without human action.
Answer: Worm.
What does CAPTCHA prevent?
Answer: Automated bots.
What is the role of SSL certificates?
Answer: Enable HTTPS encryption.
What is a session cookie?
Answer: Stores info for a browsing session.
What does spam affect most often?
Answer: Email inbox.
What is a virus signature?
Answer: Unique code pattern used to detect viruses.
What is buffer overflow?
Answer: Overwriting computer memory to execute code.
Define snooping.
Answer: Secretly monitoring network traffic.
What is network intrusion?
Answer: Unauthorized access of network resources.

2 Mark Questions (20) with Answers

Define virus and worm.
Answer: Virus is malware requiring a host program and human action; worm is standalone, self-replicating.
What is ransomware and how does it work?
Answer: Ransomware blocks or encrypts data and demands ransom for access.
Explain white hat and black hat hackers.
Answer: White hats ethically find and fix flaws; black hats exploit flaws for illegal gain.
What is a firewall and its main types?
Answer: Network security system; network and host-based firewalls.
How do session cookies enhance browsing?
Answer: Store temporary data and keep users logged in during sessions.
Explain signature-based antivirus detection.
Answer: Checks files for known unique virus signatures.
What is the role of sandbox detection?
Answer: Runs files in virtual environment to check malicious behavior.
What does HTTPS offer over HTTP?
Answer: Encryption and secure data transfer.
Differentiate spyware and adware.
Answer: Spyware spies on users; adware shows ads for revenue.
How does a keylogger threaten security?
Answer: Records sensitive info like passwords.
What is a DDoS attack?
Answer: Distributed attack using bot-nets to flood resources.
State a preventive measure against malware.
Answer: Regular antivirus and system updates.
Function of CAPTCHA.
Answer: Prevents unauthorized bot-based activity.
Briefly explain buffer overflow attack.
Answer: Overwrites system memory, allows arbitrary code execution.
Role of SSL certificates in security.
Answer: Enable encrypted site connections using HTTPS.
Define network snooping.
Answer: Capturing and analyzing network traffic secretly.
What is an authentication cookie?
Answer: Checks if user is already logged in.
What makes a zombie computer?
Answer: Controlled remotely for attacks via malware.
Name signs of malware infection.
Answer: Pop-up ads, slow computer, unknown programs starting.
Differentiate between physical and web-based virtual keyboard.
Answer: Physical is hardware; web-based online changes layout to avoid keyloggers.

3 Mark Questions (20) with Answers

Compare virus, worm, and trojan in terms of spreading.
Answer: Virus needs host and user action; worm spreads by itself via network; trojan tricks user into installing it, then acts like virus but doesn't self-replicate.
Explain DDoS attack with bot-net.
Answer: Bot-net uses compromised computers worldwide to send unwanted requests, overwhelming resources and preventing legitimate access.
How antivirus uses heuristics to detect malware?
Answer: Compares source code to known malware patterns to flag new threats based on similarities.
Ways malware is distributed.
Answer: Via downloads, spam email attachments, infected removable devices, network propagation.
Outline signs of malware infection.
Answer: Pop-up windows, homepage changes, mass emails sent, slow computer, unknown programs running.
Explain network firewall and host firewall.
Answer: Network firewall filters traffic between networks; host firewall protects individual computers.
Cookies: advantages and risks.
Answer: Improve user experience by storing info; risk privacy leaks or tracking via third-party cookies.
Techniques used by antivirus for real-time protection.
Answer: Monitors ongoing activity, scans files on execution, blocks suspicious behavior instantly.
Eavesdropping vs. snooping.
Answer: Eavesdropping is real-time interception (live calls/messages); snooping is stored/analysed data.
Describe ransomware and its impact.
Answer: Encrypts files, demands payment for access—may cause data loss and financial damage.
Explain malware propagation via email spam.
Answer: Spam emails contain malicious links or attachments, tricking users into installing malware.
Compare HTTPS and HTTP.
Answer: HTTP sends data as is; HTTPS encrypts data, preventing interception on sensitive sites.
How do keyloggers work and threaten privacy?
Answer: Record keystrokes, can send passwords, emails, or confidential info to attackers.
Methods for combating malware.
Answer: Use of antivirus, regular software updates, scanning devices, checking browser security.
Function of CAPTCHA and why is it important?
Answer: Prevents bots from accessing sites, protects against spam and automated attacks.
What are polymorphic viruses?
Answer: Viruses that change their code signature to avoid detection.
Role of online virtual keyboard in security.
Answer: Randomizes key layout, making logging keys difficult for malware/keyloggers.
Benefits and risks of cookies.
Answer: Store preferences and login info; risk misuse and privacy loss if shared without consent.
How can a user prevent network threats?
Answer: Use strong passwords, frequent updates, cautious downloads, and firewall protection.
Differentiate between white, black, and grey hat hackers.
Answer: White hats are ethical, black hats are malicious, grey hats hack for fun/challenge but not for illegal gains.

5 Mark Questions (20)

(Answers are detailed, min. five sentences each)

Explain the various types of malware discussed and their modes of spreading.
Malware includes viruses, worms, ransomware, trojans, spyware, adware, and keyloggers. Viruses attach to host programs and activate on user action, while worms independently spread through networks. Ransomware encrypts files or blocks user access until a payment is made, causing both data loss and financial damage. Trojans masquerade as legitimate software but open backdoors or steal information once installed, relying on user deception. Spyware quietly gathers and transmits personal info, adware displays advertisements for revenue, and keyloggers record every keystroke. Malware spreads through downloads, email attachments, removable media, and network propagation, making vigilance and updated defenses crucial.
Discuss the role and importance of encryption in web security and how HTTPS addresses HTTP risks.
Encrypting web traffic prevents unauthorized parties from accessing sensitive data during transmission. HTTP transfers information without encryption, making it vulnerable to snooping, eavesdropping, and interception by hackers. HTTPS, in contrast, uses SSL certificates to scramble data before sending it, ensuring only the intended recipient can decrypt and view the information. This protects login credentials, banking transactions, and personal details on the web. Websites dealing in sensitive information must use HTTPS to guarantee privacy and reduce risk of cyberattacks.
Describe the various methods of malware detection in antivirus software and their limitations.
Antivirus uses signature-based detection to scan for known virus code sequences, requiring regular updates as new threats emerge. Sandbox detection places new files in a virtual environment to observe their behavior before releasing them onto the system. Heuristic analysis compares suspicious code to familiar malware patterns to flag potentially harmful files, effective against unknown or polymorphic malware. Real-time protection monitors running processes and alerts users to suspicious activity instantly. However, intelligent and evolving malware can bypass these methods, indicating the need for layered defense and user awareness.
Explain the strategies and software tools used to prevent network threats and maintain cybersecurity.
Combating threats involves installing and maintaining reliable antivirus, enabling firewalls, and updating software with security patches. Users should configure browsers for heightened security, enable CAPTCHA on sensitive sites, scan removable storage on connection, and back up important data regularly. Avoiding pirated software and unknown downloads is vital. Antivirus software provides real-time and scheduled scanning for malware, while firewalls block unauthorized network traffic. Users can further protect accounts by using strong, unique passwords and periodic changes.
Describe the different types of hackers—white, black, and grey hats—their motives, and impact on society.
White hat hackers are ethical experts allowed by organizations to find and fix vulnerabilities, helping to strengthen digital security. Black hat hackers operate illegally, using their skills to exploit, steal, and disrupt information systems for personal gain, causing widespread losses and reputational damage. Grey hat hackers are neutral, hacking systems for the challenge but neither helping nor harming, often exposing flaws informally. The presence of white hats helps combat digital crime, while black hats pose constant threats requiring cybersecurity vigilance.
Discuss how cookies work, the types of cookies, and their security implications for users online.
Cookies are small data files stored by websites on user devices, primarily to remember login info, preferences, and browsing activity. Session cookies facilitate smooth experiences by keeping users logged in, expiring at session end. Authentication cookies verify identity across site pages, and persistent cookies retain info for revisit recognition. Risks arise from tracking and third-party cookies, which may share or misuse data for advertising. Some cookies, like zombie cookies, regenerate even after deletion, threatening privacy. Users should restrict cookie permissions and manage browser settings for privacy.
Explain what DDoS attacks are, how they operate, and why they are difficult to prevent.
DDoS, or Distributed Denial of Service, attacks use bot-nets of compromised computers worldwide to flood target resources with requests. This overwhelms web servers, making services inaccessible to legitimate users. Unlike simple DoS, which usually comes from one source, DDoS employs multiple, distributed sources, complicating detection and blocking. Attackers install bots on remote machines, scheduled to launch synchronized, large-scale attacks. Countermeasures include traffic filtering, network monitoring, and distributed defense systems, though persistent attacks remain challenging.
Discuss the importance of regular system and software updates in preventing cyber threats.
Regularly updating systems and software ensures vulnerabilities are patched, reducing the risk of malware exploitation. Outdated antivirus allows new threats to bypass detection, and obsolete operating systems lack protection for recent exploits. Updates frequently include new virus signatures, bug fixes, and improved real-time protection features. Automatic updates, if enabled, guarantee timely defenses without user intervention. Cybercriminals often target outdated systems, making consistent updating a cornerstone of security strategy.
Describe preventive actions users should take when accessing public Wi-Fi or shared computers.
Users should avoid entering sensitive credentials on public Wi-Fi, as such networks are prone to snooping or man-in-the-middle attacks. Always check for HTTPS and lock symbols on websites. Using virtual keyboards with randomized layouts and avoiding downloads from unknown sources helps prevent keyloggers and malware. Scanning devices after plugging into public computers and never sharing personal passwords also protect information. Vigilance in shared environments is critical for maintaining data privacy.
Explain how CAPTCHA works and its significance in maintaining web security.
CAPTCHA is a challenge-response test that helps distinguish human users from automated bots. It appears as distorted text, image selections, or audio prompts on websites, blocking mass account creation or unauthorized access. By preventing bots from submitting forms or logging in, CAPTCHA protects against spam, brute-force attacks, and service abuse. Its evolving complexity maintains effectiveness as bots become more sophisticated, making it an essential web security layer.

11. Explain key privacy features provided by modern web browsers and why they are important for users.
Modern web browsers integrate multiple privacy features to protect user data and browsing habits. Features like private or incognito mode ensure that browsing history, cookies, and cached data are not stored after a session ends, preventing subsequent users from seeing the visited sites. Tracking protection blocks or limits third-party trackers from collecting information about user activities across websites, reducing targeted advertising and minimizing privacy risks. Browsers now warn users about potentially insecure or malicious sites and automatically upgrade HTTP connections to HTTPS for encryption. Built-in password managers help generate and store strong, unique passwords while warning about breaches. Regular browser updates patch vulnerabilities and enhance privacy controls, making these features essential for user safety and confidence online.

12. Discuss various signs that indicate a computer may be infected with malware.
A computer infected with malware often displays several noticeable symptoms. One common sign is a sudden decrease in system performance; programs and overall system may run slowly or freeze unexpectedly. Frequent pop-up ads, especially when not browsing the web, indicate possible adware or spyware infections. Users may find their web browser's homepage or search engine altered without consent, or experience unwanted toolbars and extensions. Random system crashes, unrecognized apps launching at startup, or the inability to open security programs are further red flags. Additionally, contacts may report receiving suspicious emails from the user, suggesting a spreading worm or bot. Early recognition and prompt action are essential to prevent data theft or further propagation of malware.

13. Explain the function and benefits of real-time protection in modern antivirus software.
Real-time protection is a core feature of advanced antivirus software, safeguarding computers by constantly monitoring activities and files as they are accessed. Unlike scheduled scans, which only check for known threats at set intervals, real-time protection intercepts malware immediately before it can execute or spread. It scans downloads, opening files, running processes, and even web traffic for suspicious behavior or code signatures. This immediate detection is crucial in the face of constantly evolving threats, blocking not only known viruses but also new or polymorphic malware that tries to bypass scheduled scanning. The benefit is a continuously protected environment, minimizing the risk of infection, data loss, and security breaches as threats are neutralized before harm can occur.

14. Describe the differences between network snooping and eavesdropping, citing risks and prevention methods.
Snooping refers to unauthorized monitoring of data as it travels across networks, often through tools that analyze and log packet data for later inspection. Eavesdropping, on the other hand, is the real-time interception of private communications, such as live calls or instant messaging chats. Both techniques risk exposing sensitive information like passwords, personal messages, and financial data to attackers. To prevent these risks, users should employ strong encryption (HTTPS, VPNs), secure Wi-Fi with WPA2/WPA3 protocols, and configure firewalls to block unwanted traffic. Avoiding public or unsecured Wi-Fi networks, keeping software updated, and using security-conscious applications further reduce the chances of successful snooping or eavesdropping.

15. Discuss the concept of polymorphic viruses and the challenges they pose to traditional antivirus solutions.
Polymorphic viruses are sophisticated malware that alter their appearance or code each time they infect a new file or system, making signature-based detection difficult. This ability to change form means that no two copies are exactly the same, evading conventional antiviruses that rely on recognizing static, unique virus signatures. Instead, advanced solutions must employ heuristic or behavior-based detection, looking for patterns of malicious activity rather than specific code. Polymorphic viruses may also encrypt their payloads with variable keys, further complicating detection. Their dynamic nature allows them to spread widely before security firms can update databases, making rapid response and layered defense critical to combating such threats.

16. Explain how online virtual keyboards help protect users from keyloggers and describe their limitations.
Online virtual keyboards provide an on-screen interface for entering sensitive information such as passwords or PINs, bypassing the physical keyboard. Since many keyloggers operate by intercepting hardware keystrokes, using a virtual keyboard prevents logging of typed characters. Some advanced virtual keyboards randomize key positions to defeat screen-capturing or pattern-based keyloggers. However, their effectiveness is limited against sophisticated malware capable of capturing screen coordinates, video, or analyzing mouse movements. They may also be less user-friendly and are not a substitute for comprehensive security practices like maintaining updated antivirus and system security.

17. How do browser security warnings help users avoid online threats, and what limitations exist?
Browsers issue security warnings when users try to access websites with expired, invalid, or untrusted SSL certificates, or those flagged for hosting malware or phishing scams. Warnings may appear as alerts, blocked pages, or prompts encouraging users to return to safety, thereby preventing inadvertent sharing of personal or financial data with malicious actors. However, limitations include the potential for users to ignore warnings and proceed, “false positives” where trustworthy sites are flagged, and novel threats that evade detection. Browser warnings are a strong first line of defense, but users should also practice caution and be suspicious of unsolicited web links.

18. Compare the use and security of passwords versus biometrics for user authentication.
Passwords are widely used but vulnerable to reuse, weak choices, and exposure via phishing or data breaches. Complex, unique passwords combined with password managers increase security but can be inconvenient. Biometrics (such as fingerprint or facial recognition) offer convenience and eliminate memorization, providing a unique identifier that is difficult to forge. However, compromised biometric data cannot be changed like a password and may raise privacy concerns. Both methods have pros and cons; the most secure systems combine multi-factor authentication, requiring both password and biometric proof.

19. Outline the importance and function of regular data backup in protecting against ransomware and accidental loss.
Regular data backups create copies of essential files stored separately from the primary computer, whether on external drives or cloud services. In the event of ransomware, which encrypts or blocks access to files demanding payment, backups enable users to restore their data without yielding to demands. Backups also protect against accidental deletion, hardware failure, or disaster. Scheduling routine automatic backups and verifying their integrity assures that recent, critical information remains recoverable. Off-site and versioned backups (with multiple historical copies) add further resilience against data loss scenarios.

20. Discuss strategies for protecting personal data and digital identity while using online services.
Protecting personal data online requires a multi-faceted approach. Users should choose strong, unique passwords and avoid sharing sensitive information except on encrypted (HTTPS) sites. Enabling two-factor authentication adds a layer of security beyond passwords. Limiting permissions for apps, regularly reviewing privacy settings, and being mindful about what is posted on social or public forums help limit exposure. Using updated security software, avoiding suspicious emails and attachments, and confirming website legitimacy before entering credentials further safeguard identity. Finally, staying informed about evolving threats and cybersecurity best practices ensures long-term protection against identity theft and data breaches.

[NOTE: Kindly cross check answers once from other source also, Quantity and Quality of answers also kindly check before use, specially 5 marks answers are not sufficient kindly add from your side, this gives just quick review]

Habbit2Code

Search This Blog