Answer:- A botnet, which is also known as a robot network, is a malware that infects networks of computers and gets them under the control of a single attacker who is called a ‘bot herder.’ A bot is an individual machine that is under the control of bot herders. The attacker acts as a central party who can command every bot to perform simultaneous and coordinated criminal actions. The botnet is a large-scale attack since a bot herder can control millions of bots at a time. All the botnets can receive updates from the attacker to change their behavior in no time.

Answer:- When two users have the same password, it will result in the creation of the same password hashes. In such a case, an attacker can easily crack the password by performing a dictionary or brute-force attack. To avoid this, a salted hash is implemented. A salted hash is used to randomize hashes by prepending or appending a random string (salt) to the password before hashing. This results in the creation of two completely different hashes, which can be employed to protect the users’ passwords in the database against the attacker.

Answer:- • Secure Sockets Layer (SSL) It employs encryption algorithms to keep any sensitive data that is sent between a client and a server by scrambling the data in transit. This helps prevent hackers from reading any data, such as credit card details and personal and other financial information; it is done by keeping the Internet connection secure. • Transport Layer Security (TLS) TLS is the successor of SSL. It is an improved version protocol that works just like SSL to protect the information transfer. However, to provide better security, both TLS and SSL are often implemented together.

Answer:- • Data Protection in Transit • Data is transmitted across devices or networks • Protects the data in transit with SSL and TLS • You must protect the data in transit since it can become vulnerable to MITM attacks, eavesdropping, etc. • Data Protection at Rest • Data is stored in databases, local hard drives, or USBs • Protects the data at rest with firewalls, antiviruses, and good security practices • You should protect the data at rest to avoid possible data breaches even when stolen or downloaded

Answer:- Two-factor authentication (2FA) requires a password, along with a unique form of identification like a login code via text message (SMS) or a mobile application, to verify a user. When the user enters the password, he/she is prompted for the security code to log in to the website. If the code mismatches, the user will be blocked from entering the website. Examples of 2FA: Google Authenticator, YubiKey, Microsoft Authenticator, etc.

Answer:- Cognitive Cybersecurity is a way of using human-like thought mechanisms and converting them to be used by Artificial Intelligence technologies in cyber security to detect security threats. It is to impart human knowledge to the cognitive system, which will be able to serve as a self-learning system. This helps identify the threats, determine their impact, and manifest reactive strategies.

Answer:- • Virtual Private Network • Provides secure remote access to a company’s network resources • A network service • Companies wishing to connect with their remote employees will use a VPN • Virtual Local Area Network • Used to group multiple computers that are geographically in different domains into the same geographical broadcast domain • A way of subnetting the network • Companies wishing to employ traffic control and easier management will use a VLAN

Answer:- In phishing, an attacker masquerades as a trusted entity (as a legitimate person/company) to obtain sensitive information by manipulating the victim. It is achieved by any kind of user interaction, such as asking the victim to click on a malicious link and to download a risky attachment, to get confidential information such as credit card information, usernames, passwords, and network credentials. The following are some of the ways to prevent phishing: 1. Install firewalls 2. Rotate passwords frequently 3. Do not click on or download from unknown sources 4. Get free anti-phishing tools 5. Do not provide your personal information on an unsecured/unknown site

Answer:- SQL injection is an injection attack where an attacker executes malicious SQL commands in the database server, including MySQL, SQL Server, or Oracle, that runs behind a web application. The intent is to gain unauthorized access to sensitive data such as client information, personal information, intellectual property details, and so on. In this attack, the attacker can add, modify, and delete records in the database, which results in the data integrity loss of an organization. Ways to prevent SQL injection: 1. Limit providing read access to the database 2. Sanitize data with the limitation of special characters 3. Validate user inputs 4. Use prepared statements 5. Check for active updates and patches

Answer:- 1. Do not download the attachment as it may have malicious viruses, malware, or bugs, which might corrupt your system. 2. Do not visit any links as it might redirect you to an unintended page. 3. As fake email addresses are common and easy to create, you should not perform any action like clicking/downloading any links, unless you confirm it with the actual person. 4. Many websites masquerade as a legitimate site to steal sensitive information, so you should be careful not to fall into the wrong hands.

Answer:- It is highly likely that the above-mentioned three newsletters are from a parent company, which are distributed through different channels. It can be used to gather essential pieces of information that might look safe in the user’s eyes. However, this can be misused to sell personal information to carry out identity theft. It might further ask the user for the date of birth for the activation of the fourth newsletter. In many scenarios, questions that involve personal details are unnecessary, and you should not provide them to any random person, company, or website unless it is for a legitimate purpose.

Answer:- To avoid this situation, you should always sign out of all accounts, close the browser, and quit the programs when you use a shared or public computer. There are chances that an illegitimate user can retrieve your authorized data and perform actions on behalf of you without your knowledge when you keep the accounts in a logged-in state.

Answer:- There are two possible scenarios: 1. The attacker can visit the browser’s history to access her account if she hasn’t logged out. 2. Even if she has logged out but has not cleared the web cache (pages a browser saves to gain easy and quick access for the future)

Answer:- Any sensitive information cannot be shared via email as it can lead to identity theft. This is because emails are mostly not private and secure. Sharing or sending personal information along the network is not recommended as the route can be easily tracked. In such scenarios, the involved parties should call each other and work with ITS as a secure way of sending the information.