CYBER SECURITY IMPORTANT QUESTION FOR END SEM

Cyber Security

Unit 1: Information Security

1. What is Information Security? Why is it important in today’s digital world?
Ans.

Information Security refers to the practice of protecting digital information from

unauthorized access, use, disclosure, modification, or destruction. It ensures the
confidentiality, integrity, and availability (CIA) of data.

Importance in today’s digital world:

1. Data Protection – Prevents personal, financial, and organizational data from being
stolen or misused.
2. Prevents Cyber Attacks – Shields systems from threats like hacking, phishing, and
malware.
3. Maintains Trust – Helps businesses build trust with customers by safeguarding their
data.
4. Regulatory Compliance – Ensures organizations follow data protection laws (like
GDPR, HIPAA).
5. Business Continuity – Prevents disruptions by securing IT systems and backing up
data.

2. What are the components of an Information System? Explain with examples.

Ans.

Components of an Information System are the essential parts that work together to collect,
process, store, and distribute information. The five main components are:

1. Hardware – Physical devices like computers, servers, printers.

Example: A laptop used to access company records.
2. Software – Programs and applications that process data.
Example: MS Excel for managing spreadsheets.
3. Data – Raw facts and figures used for decision-making.
Example: Customer details stored in a database.
4. People – Users who interact with the system.
Example: Employees entering and analy–zing sales data.
 5. Processes – Procedures and rules to process and manage data.
Example: Steps to handle an online order from placement to delivery.

These components together help in achieving organizational goals efficiently.

3. Differentiate between Cybersecurity and Information Security.

Ans.

4. What is Information Assurance? Describe its goals.

Ans.

Information Assurance (IA) is the practice of managing risks related to the use, processing,
storage, and transmission of information. It ensures that data is protected, reliable, and
available to authorized users when needed.

Goals of Information Assurance:

1. Confidentiality – Ensuring that information is accessible only to authorized

individuals.
2. Integrity – Protecting information from being altered or tampered with.
3. Availability – Ensuring systems and data are available when needed.
4. Authentication – Verifying the identity of users and systems.
 5. Non-repudiation – Ensuring that actions or transactions cannot be denied later.

These goals help maintain trust and secure communication in digital environments.

5. Explain the types of Information Systems and how security is applied to them.
Ans.

Types of Information Systems and their security applications are as follows:

1. Transaction Processing System (TPS)

• Use: Handles day-to-day business transactions (e.g., sales, payroll).

• Security:
o Data encryption for financial transactions
o User authentication and access control
o Backup and recovery systems

2. Management Information System (MIS)

• Use: Provides summarized reports for decision-making.

• Security:
o Role-based access to protect sensitive reports
o Secure databases and audit trails
o Antivirus and malware protection

3. Decision Support System (DSS)

• Use: Helps in decision-making using data analysis and models.

• Security:
o Data integrity checks to ensure accuracy
o Secure access to models and analytical tools
o Restrict access to strategic data

4. Enterprise Resource Planning (ERP)

• Use: Integrates core business processes across departments.

• Security:
o Centralized access control and monitoring
o Regular software updates and patch management
o Data encryption and secure APIs

5. Customer Relationship Management (CRM)

• Use: Manages company’s interactions with customers.

 • Security:
o Encryption of customer data
o Secure login systems and multi-factor authentication
o Protection against data leakage

Applying proper information security practices to each system helps prevent data breaches,
ensure smooth operations, and protect business assets.

6. What are common threats to information systems?

Ans.

Common Threats to Information Systems (5 Marks):

1. Malware (Malicious Software):

o Includes viruses, worms, ransomware, and spyware that can damage or steal
data.
2. Phishing Attacks:
o Fake emails or websites trick users into revealing sensitive information like
passwords or bank details.
3. Unauthorized Access:
o Hackers or insiders gaining access to systems or data without permission.
4. Denial of Service (DoS) Attacks:
o Flooding a system or network with traffic to make it unavailable to users.
5. Data Breaches:
o Leakage or theft of confidential data due to weak security or insider threats.

These threats can disrupt operations, cause financial loss, and damage reputation, so strong
information security practices are essential.

7. What is Cybersecurity Risk Analysis? Why is it needed?

Ans.

Cybersecurity Risk Analysis is the process of identifying, evaluating, and prioritizing

potential threats and vulnerabilities that could harm an organization’s information systems,
data, or network. It helps determine the likelihood and impact of cyberattacks.

Why is it Needed?

1. Identifies Vulnerabilities: Helps discover weak points in systems that could be

exploited by attackers.
2. Prevents Data Breaches: Allows proactive action to avoid data theft and system
damage.
3. Prioritizes Risks: Focuses on the most critical threats first, saving time and resources.
 4. Supports Decision-Making: Aids in planning security investments and policies
effectively.
5. Ensures Compliance: Helps meet legal and industry standards (e.g., GDPR, ISO,
HIPAA).

In short, cybersecurity risk analysis is essential to protect data, reduce threats, and
maintain business continuity.

8. Differentiate between Data and Information with examples.

Ans.

9. Describe the development phases of an Information System.

Ans.

Development Phases of an Information System (also known as the System Development

Life Cycle - SDLC) are the steps followed to build and maintain an effective information
system:

1. Planning:

• Identify the need for a new system.

• Define goals, scope, and feasibility.
Example: Deciding to create a student attendance system.
 2. Analysis:

• Gather detailed requirements from users.

• Understand problems in the current system.
Example: Interviewing teachers to know attendance tracking issues.

3. Design:

• Create system architecture and interface design.

• Plan database, security, and user flow.
Example: Designing forms, database tables, and user interface.

4. Development (Implementation):

• Actual coding and building of the system.

Example: Writing code for login, data entry, and report generation.

5. Testing:

• Test the system for bugs, performance, and accuracy.

Example: Checking if student data is saved correctly.

6. Deployment:

• Install the system in the real environment for users.

Example: Launching the system in the school.

7. Maintenance:

• Fix bugs, update features, and ensure smooth operation.

Example: Adding a feature for SMS alerts to parents.

Each phase ensures the system is reliable, secure, and meets user needs.

10. Write a short note on the History of the Internet.

Ans.

The Internet began in the late 1960s as a research project by the U.S. Department of Defense
called ARPANET (Advanced Research Projects Agency Network). It was created to allow
communication between computers at different universities and research institutions.
In the 1970s, protocols like TCP/IP were developed, which became the standard for data
transmission. The Internet as we know it started to take shape in 1983 when ARPANET adopted
TCP/IP.

In the 1990s, the World Wide Web (WWW) was invented by Tim Berners-Lee, making the
internet accessible to the public with browsers and websites. This led to a global expansion of the
Internet.

Today, the Internet is a vital part of daily life, connecting billions of people and enabling
communication, commerce, education, and entertainment across the world.

Unit 2: System Vulnerability Scanning

11. Define Vulnerability, Banner Grabbing, and Traffic Probing.
Ans.
Definitions:

1. Vulnerability:
A vulnerability is a weakness or flaw in a system, application, or network that can be
exploited by attackers to gain unauthorized access, cause damage, or steal data.
Example: An outdated software version with known security bugs.
2. Banner Grabbing:
Banner grabbing is a technique used to gather information about a computer system
or network service. It collects details like software version, operating system, and
server type by reading the banner message sent by services like HTTP, FTP, or SMTP.
Example: Identifying a web server's software and version via HTTP headers.
3. Traffic Probing:
Traffic probing involves monitoring and analyzing network traffic to gather
intelligence about active systems, open ports, and running services. It helps identify
potential targets or vulnerabilities.
Example: Using tools like Nmap to scan a network for active hosts and ports.

These terms are commonly used in ethical hacking, penetration testing, and cybersecurity
assessments.

12. What is Vulnerability Scanning? Mention tools and give examples.

 Ans.
Vulnerability Scanning:

Vulnerability scanning is an automated process of identifying security weaknesses or

vulnerabilities in systems, networks, or applications. It helps detect flaws like outdated
software, misconfigurations, open ports, or missing patches that attackers can exploit.

Purpose:

• To detect and report known vulnerabilities.

• To enhance security posture before hackers find the flaws.

Popular Vulnerability Scanning Tools:

1. Nessus – Widely used tool for scanning servers and networks.

2. OpenVAS – Open-source tool for vulnerability assessment.
3. Qualys – Cloud-based scanner used by enterprises.
4. Nikto – Scans web servers for dangerous files, outdated software, etc.
5. Acunetix – Focuses on web application vulnerabilities like SQL injection, XSS.

Examples:

• Nessus detects that a server is running an old version of Apache with known bugs.
• Nikto finds a web application vulnerable to cross-site scripting (XSS).
• OpenVAS identifies an unpatched system with remote code execution vulnerability.

Vulnerability scanning is a crucial part of cybersecurity to keep systems safe and compliant.

13. Differentiate between Vulnerability Assessment and Penetration Testing (VAPT).

Ans.
14. Explain the classification of vulnerabilities with examples.
Ans.
Classification of Vulnerabilities (5 Marks)

Vulnerabilities can be classified into several types based on their nature and impact. Here are
the main categories:

1. Network Vulnerabilities:
o Weaknesses in network components like routers, firewalls, or open ports.
o Example: Open port 21 (FTP) allowing unauthorized access.
2. Operating System Vulnerabilities:
o Flaws in the OS that can be exploited.
o Example: Unpatched Windows OS vulnerable to remote code execution.
3. Application Vulnerabilities:
o Bugs or flaws in software applications.
o Example: SQL Injection in a web login form.
4. Configuration Vulnerabilities:
o Misconfigured systems or devices.
o Example: Default admin credentials left unchanged on a router.
5. Human-related Vulnerabilities:
o Caused by user mistakes or lack of awareness.
o Example: Falling for a phishing email and sharing passwords.

Conclusion:
Understanding the types of vulnerabilities helps organizations identify, prioritize, and
secure weak points in their systems effectively.

15. Define False Positives, False Negatives, and Zero-Day Vulnerabilities.

Ans.
Definitions:

1. False Positives:
A false positive occurs when a security system incorrectly identifies normal or safe
activity as a threat.
o Example: An antivirus flags a legitimate software file as malware.
o Impact: Can lead to unnecessary alerts and wasted time investigating non-issues.
2. False Negatives:
A false negative happens when a security system fails to detect an actual threat.
o Example: A malware file passes through a firewall undetected.
o Impact: Very dangerous, as it allows real threats to go unnoticed and cause harm.
3. Zero-Day Vulnerabilities:
A zero-day vulnerability is a software flaw that is unknown to the vendor and has no
patch available.
o Example: A hacker discovers a bug in a web browser and exploits it before the
company releases a fix.
o Impact: Highly critical, often used in advanced cyberattacks due to the lack of
defense.

These concepts are vital in cybersecurity for understanding the effectiveness and limitations
of threat detection systems.

16. What is Nmap and Netcat? State their uses in reconnaissance.

Ans.
Nmap and Netcat – Definition and Uses in Reconnaissance (5 Marks)
 1. Nmap (Network Mapper):

Definition:
Nmap is an open-source network scanning tool used for discovering hosts, services, and
vulnerabilities in a network.

Uses in Reconnaissance:

• Port scanning to detect open ports.

• Service detection (e.g., running software and version).
• OS fingerprinting to identify the target's operating system.
• Network mapping to find live hosts and connected devices.

Example: Scanning a target IP to find open ports like 22 (SSH), 80 (HTTP), etc.

2. Netcat (nc):

Definition:
Netcat is a versatile networking tool used for reading and writing data across network
connections using TCP or UDP.

Uses in Reconnaissance:

• Banner grabbing to gather information about services running on open ports.

• Port scanning to check which ports are open.
• Backdoor creation (in ethical hacking) for testing remote access.
• Data transfer between systems.

Example: Using Netcat to connect to port 80 of a web server and view the HTTP banner.

Conclusion:

Both tools are essential in the reconnaissance phase of ethical hacking to gather
information about the target system before exploiting vulnerabilities.

17. What is Network Sniffing? Name and explain tools like Wireshark and Hping.

Ans.
What is Network Sniffing? (5 Marks)

Network Sniffing is the process of monitoring and capturing data packets that travel
through a network. It helps network administrators and ethical hackers to analyze traffic,
troubleshoot issues, and detect malicious activities. However, attackers may also use sniffing
for spying or stealing sensitive information.

Common Tools for Network Sniffing:

1. Wireshark:

• Definition:
Wireshark is a popular open-source packet analyzer used for real-time network traffic
capture and detailed protocol analysis.
• Uses:
o Capture and inspect live network traffic.
o Analyze protocols like HTTP, TCP, DNS, etc.
o Troubleshoot network issues.
o Detect unusual traffic or attacks.
• Example: Identifying a DNS poisoning attack by analyzing DNS responses.

2. Hping:

• Definition:
Hping is a command-line network tool used to send custom TCP/IP packets and perform
security testing.
• Uses:
o Perform packet crafting and firewall testing.
o Conduct network scanning and tracerouting.
o Detect open/filtered ports using different scan types.
o Useful for stealthy reconnaissance.
• Example: Using Hping to send SYN packets and analyze the response to check if a port is
open or blocked.

Conclusion:

Network sniffing is crucial in ethical hacking and network analysis, and tools like
Wireshark and Hping provide powerful features for understanding and securing networks.
Unit 3: Network Defense Tools

18. What is a Firewall? Describe types: packet-filtering, stateful, and next-gen firewalls.
Ans.
What is a Firewall? (5 Marks)

A firewall is a network security device or software that monitors and controls incoming
and outgoing network traffic based on predefined security rules. Its main purpose is to create
a barrier between a trusted internal network and untrusted external networks (like the
internet) to prevent unauthorized access.

Types of Firewalls:
1. Packet-Filtering Firewall:

• Function:
Filters network traffic by inspecting individual packets based on IP addresses, ports, and
protocols.
• Pros:
Fast and simple.
• Cons:
Does not track connection state; can be bypassed easily.
• Example: Blocks traffic from a specific IP or port.

2. Stateful Inspection Firewall (Stateful Firewall):

• Function:
Tracks the state of active connections and makes decisions based on the context of the
traffic.
• Pros:
More secure than packet-filtering, as it understands whether a packet is part of an existing
connection.
• Cons:
Slower than basic firewalls due to deeper inspection.
• Example: Allows return traffic from a trusted request while blocking unsolicited
connections.

3. Next-Generation Firewall (NGFW):

• Function:
Combines traditional firewall functions with advanced features like deep packet
inspection, intrusion prevention systems (IPS), and application awareness.
• Pros:
Can detect and block modern threats like malware and application-layer attacks.
• Cons:
More complex and expensive.
• Example: Detects and blocks suspicious behavior in encrypted traffic, or controls access
to social media apps.

Conclusion:

Firewalls are essential tools for network defense, and each type provides different levels of
protection depending on an organization’s needs.

19. Differentiate between Stateless and Stateful Firewalls with examples.

Ans.

20. What is NAT (Network Address Translation)? Explain Static and Dynamic NAT.
Ans.
What is NAT (Network Address Translation)? (5 Marks)

NAT (Network Address Translation) is a method used in routers or firewalls to translate

private IP addresses (used inside a local network) into a public IP address (used on the
internet), and vice versa.
It helps conserve IP addresses and adds a layer of security by hiding internal IP structures.

Types of NAT:
1. Static NAT:

• Definition:
Maps one private IP address to one fixed public IP address.
• Use Case:
When a specific device (like a web server) must be accessible from the internet at a
constant address.
• Example:
Internal IP 192.168.1.10 is always mapped to public IP 203.0.113.5.

2. Dynamic NAT:

• Definition:
Maps a private IP to any available public IP from a pool of public addresses.
• Use Case:
Suitable for outgoing traffic where the specific public IP doesn't matter.
• Example:
Internal IP 192.168.1.15 could be mapped to 203.0.113.6 one time, and 203.0.113.7
the next.

Conclusion:

NAT helps with IP address management and security, and choosing between static or
dynamic NAT depends on whether the mapping needs to be fixed or flexible.

21. Explain Port Address Translation (PAT) and Port Forwarding.

Ans.
Port Address Translation (PAT) and Port Forwarding (5 Marks)
1. Port Address Translation (PAT):

• Definition:
PAT is a type of NAT that allows multiple devices on a local network to share a single
public IP address, using different port numbers to distinguish each connection.
• How it works:
Each outgoing request from a local device is assigned a unique port number with the
same public IP, so responses can be routed back correctly.
• Example:
o Internal devices: 192.168.1.2:1234, 192.168.1.3:1235
o Translated to: 203.0.113.5:55001, 203.0.113.5:55002
• Use Case:
Internet access for multiple users using one public IP.

2. Port Forwarding:

• Definition:
Port Forwarding is the process of redirecting a communication request from one
address and port number to another. It allows external users to access services on a
private/internal network.
• How it works:
Incoming traffic on a specific port of the public IP is forwarded to a specific device and
port inside the local network.
• Example:
Public IP 203.0.113.5:8080 is forwarded to internal IP 192.168.1.10:80 (web server).
• Use Case:
Hosting web servers, gaming servers, or remote desktop access from outside the network.

Conclusion:

• PAT is used for outgoing traffic (many-to-one IP sharing).

• Port Forwarding is used for incoming traffic to access internal services.
Both enhance connectivity and control over data flow in networks.

22. What is a VPN? Describe types: PPTP, SSTP, L2TP, Site-to-Site, Remote Access.

Ans.
What is a VPN (Virtual Private Network)? (5 Marks)

A VPN is a secure, encrypted connection over the internet that allows users to access
private networks and share data safely and anonymously. It hides the user's IP address and
encrypts the data, ensuring privacy, security, and bypassing geo-restrictions.

Types of VPNs:
1. PPTP (Point-to-Point Tunneling Protocol):

• One of the oldest VPN protocols.

• Easy to set up and fast, but less secure due to outdated encryption.
• Suitable for low-security needs.

2. SSTP (Secure Socket Tunneling Protocol):

• Developed by Microsoft, uses SSL/TLS encryption (port 443).

• Provides strong security and works well through firewalls.
• Suitable for Windows-based systems.

3. L2TP (Layer 2 Tunneling Protocol):

• Often combined with IPSec for encryption (L2TP/IPSec).

• More secure than PPTP but slower due to double encapsulation.
• Used for secure remote connections.

4. Site-to-Site VPN:

• Connects entire networks in different locations over the internet.

• Used by businesses to connect branch offices securely.
• No need for individual user VPN setups.

5. Remote Access VPN:

• Allows individual users to connect securely to a private network.

• Useful for employees working from home or remote areas.
• Requires a VPN client software.

Conclusion:

VPNs enhance privacy, security, and remote accessibility, and choosing the right type
depends on the use case, such as individual remote access or connecting business networks.
Unit 4: Cyber Crimes and Laws
23. What are different types of Cyber Crimes? Classify with examples.
Ans.
Types of Cyber Crimes (5 Marks)

Cyber crimes are illegal activities carried out using computers, networks, or the internet.
They can target individuals, organizations, or governments.

Classification of Cyber Crimes with Examples:

1. Hacking:

• Unauthorized access to systems or data.

• Example: Breaking into a bank's server to steal data.

2. Identity Theft:

• Stealing someone’s personal information for fraud.

• Example: Using stolen Aadhaar or PAN details to open a fake bank account.

3. Cyberbullying and Online Harassment:

• Sending threats, abusive messages, or spreading rumors online.

• Example: Harassing someone on social media platforms.

4. Phishing and Email Scams:

• Tricking users into giving away sensitive data via fake emails or websites.
• Example: An email pretending to be from a bank asking for login credentials.

5. Cyber Terrorism:

• Attacks aimed at causing fear, disruption, or damage to critical infrastructure.

• Example: Hacking into a country’s power grid or defense systems.

Conclusion:

Cyber crimes can range from personal data theft to national security threats, making
cybersecurity awareness and protection critically important in today’s digital age.
24. Differentiate between Hacking and Penetration Testing.
Ans.

25. Explain Phishing, Smishing, and Vishing attacks with differences.

Ans.
Phishing, Smishing, and Vishing Attacks (5 Marks)

These are types of social engineering attacks used by cybercriminals to trick individuals into
revealing sensitive information.

1. Phishing:

• Definition:
A cyberattack where attackers send fraudulent emails or fake websites pretending to be
trustworthy sources.
• Example:
An email that looks like it’s from a bank asking for login credentials.

2. Smishing (SMS Phishing):

• Definition:
A phishing attack via SMS/text messages, usually containing malicious links or asking
for sensitive info.
• Example:
A message saying “Your bank account is blocked, click here to verify.”

3. Vishing (Voice Phishing):

• Definition:
A phishing scam where attackers call victims and pretend to be from a legitimate
organization to steal personal details.
• Example:
A phone call from someone pretending to be tech support asking for OTP or bank details.

26. What is Incident Response? Mention the steps involved.

Ans.
What is Incident Response? (5 Marks)

Incident Response is the process of identifying, managing, and resolving security

incidents (such as cyber-attacks, data breaches, or system failures) to minimize damage,
restore normal operations, and prevent future incidents.

It ensures that organizations can respond quickly and effectively to security threats.
Steps Involved in Incident Response:

1. Preparation:
o Develop policies, response plans, and train staff.
o Set up necessary tools and systems for detection and response.
2. Identification:
o Detect and confirm the occurrence of a security incident.
o Gather evidence and assess the scope and impact.
3. Containment:
o Limit the spread of the incident.
o Apply short-term and long-term containment strategies.
4. Eradication:
o Find the root cause and remove malicious files or access.
o Fix vulnerabilities that were exploited.
5. Recovery:
o Restore systems and services to normal operation.
o Monitor to ensure systems are secure and functioning properly.
6. Lessons Learned:
o Document the incident and response.
o Analyze what went well and what needs improvement.

Conclusion:

Effective incident response helps reduce downtime, protect data, and improve cyber
resilience in organizations.

27. What is the Indian IT Act 2000? Mention key provisions.

Ans.
What is the Indian IT Act 2000?

The Information Technology (IT) Act 2000 is the first cyber law in India, enacted to
provide legal recognition to electronic transactions, and to address cybercrime and e-
commerce issues.
It ensures secure electronic communication and protects users from cyber threats.

Key Provisions of the IT Act 2000:

1. Legal Recognition of E-Documents & Digital Signatures:

o Electronic records and digital signatures are legally valid, just like physical
documents and handwritten signatures.
2. Cybercrime Punishments:
o Covers crimes like hacking, identity theft, cyberstalking, phishing, and data
breaches, with punishments including fines and imprisonment.
3. E-Governance:
 o
Enables government departments to deliver services and maintain records
electronically (e.g., e-filing of documents).
4. Certifying Authorities:
o Establishes authorities to issue Digital Signature Certificates for secure online
communication.
5. Amendments (2008):
o Introduced terms like cyber terrorism, child pornography, and expanded
penalties.
o Made provisions for data protection and privacy.

Conclusion:

The IT Act 2000 plays a crucial role in regulating cyber activities in India, ensuring legal
protection in the digital space and boosting trust in online transactions and e-governance.

Unit 5: Cybercrime Investigation and Attacks

28. What is the difference between Virus and Worms?
Ans.
Aspect Virus Worm
A worm is a self-replicating
A virus is a malicious program that attaches
malware that spreads
Definition itself to a file or program and needs user
automatically without user
action to spread.
interaction.
Spreads through networks and
Spreading Spreads when infected files or programs are
systems without needing to be
Method executed by the user.
run manually.
Independent – does not need a
Dependency Depends on host files to spread and function.
host file or program.
Can consume bandwidth, slow
Often corrupts or deletes files, slows down
Damage networks, or cause system
systems.
crashes.
Example Melissa, ILOVEYOU SQL Slammer, Conficker

Conclusion:

• Viruses require human action to spread, while worms spread automatically.

• Both are harmful, but worms can spread faster due to their network-based nature.

29. What is Steganography? How is it different from Cryptography?

Ans.
What is Steganography? How is it Different from Cryptography? (5 Marks)
Steganography:

• Definition:
Steganography is the technique of hiding secret information within a non-secret file or
message, such as an image, audio, or video, so that no one suspects the information
exists.
• Example:
Hiding a secret text message inside an image file using pixel manipulation.

Cryptography:

• Definition:
Cryptography is the technique of converting readable data (plaintext) into an
unreadable format (ciphertext) using algorithms and keys, to protect confidentiality.
• Example:
Using AES encryption to convert a message into an unreadable code.

Conclusion:

• Steganography hides the message, while cryptography scrambles it.

• For better security, both methods are often used together – encrypt first, then hide.

30. Define Trojan, Keyloggers, and Spyware with examples.

Ans.
 Trojan, Keyloggers, and Spyware – Definitions with Examples (5 Marks)
1. Trojan (Trojan Horse):

• Definition:
A Trojan is a type of malware that disguises itself as a legitimate program to trick users
into installing it. Once installed, it gives unauthorized access to attackers.
• Example:
A fake antivirus program that installs malware when run.

2. Keyloggers:

• Definition:
A keylogger is a type of spyware that records every keystroke a user types on their
keyboard, often used to steal usernames, passwords, and other confidential data.
• Example:
An attacker installs a keylogger to capture a user’s banking credentials.

3. Spyware:

• Definition:
Spyware is malicious software designed to monitor a user’s activity secretly, collecting
data like browsing habits, personal info, or system usage.
• Example:
A program that tracks and sends your web activity to advertisers without consent.

Conclusion:

• All three are malicious tools used for spying or unauthorized access.
• Trojan acts as a delivery method, while keyloggers and spyware focus on data theft
and surveillance.

4o