UGC NET Questions (Paper – 1)

Statements A, B and C accurately describe common security threats, whereas D is dangerous and false. Phishing, shoulder surfing and keyloggers are all techniques used to steal information by deception or covert surveillance. Downloading software from untrusted sources increases the risk of malware infection instead of improving security. Thus, the combination A, B and C only is the correct answer.

Option A:
Option A is incomplete because it includes only A and B and ignores C. While phishing and shoulder surfing are important threats, keyloggers are also a significant risk that learners need to recognise. Excluding C leaves the list of threats incomplete.

Option B:
Option B is correct because it gathers all three true statements and rejects D, which contradicts basic security guidelines. It reinforces the need for cautious behaviour and awareness of multiple attack vectors in ICT environments.

Option C:
Option C is incomplete because it lists only B and C as correct, omitting A. Phishing is one of the most prevalent online attacks, and leaving it out fails to provide a comprehensive picture of security threats.

Option D:
Option D is incorrect because it mixes A and C with D and therefore accepts D. Recommending unverified software installation contradicts best practices and may itself facilitate attacks, so this option cannot be accepted.

Statements A, B and C accurately summarise core ideas of cryptography, encryption and decryption. They show how information is transformed and restored using algorithms and keys. Statement D is dangerously false because private keys must be kept secret; sharing them openly destroys security. Thus, the correct answer is the combination A, B and C only.

Option A:
Option A is incorrect because it lists only A and B as correct, leaving out C. Statement C is also correct, since decryption reverses encryption to recover plaintext. Excluding C gives an incomplete picture of the cryptographic process.

Option B:
Option B is incorrect because it groups A, C and D as correct, thereby accepting D. Statement D contradicts the requirement to keep private keys secret and would compromise secure communication.

Option C:
Option C is correct because it recognises that protecting, encrypting and decrypting data are the three linked components specified in A, B and C. It excludes the unsafe recommendation in D.

Option D:
Option D is incorrect because it includes B, C and D only, omitting A and accepting D. This both weakens the conceptual definition and endorses insecure behaviour.

Statements B and D are the wrong statements because they promote unsafe security practices. Using the same simple password for all accounts increases vulnerability; if one account is compromised, many others can be accessed easily. Similarly, public Wi-Fi networks, even when password protected, may be insecure for sensitive transactions like online banking due to risks such as snooping and fake hotspots. Statements A and C are correct as they highlight the importance of applying security patches and recognising phishing attempts, so the correct option must include only B and D as wrong.

Option A:
Option A is correct because it groups exactly the two wrong statements, B and D. Both of these statements contradict established cyber security guidelines that advise unique strong passwords and caution when using public Wi-Fi for confidential activities. By excluding A and C, which are accurate, this option matches the requirement to select only the wrong statements.

Option B:
Option B is incorrect because it treats only B as wrong and ignores D. While B is indeed a wrong statement, D is also unsafe advice since public Wi-Fi networks can be compromised in various ways. Leaving out one of the wrong statements means this option does not satisfy the question's demand to identify all wrong statements.

Option C:
Option C is incorrect because it includes A along with B and D as wrong statements. Statement A is actually correct; applying updates and security patches is a recommended security practice. Including a correct statement among wrong ones makes this combination logically inconsistent.

Option D:
Option D is incorrect because it groups A, C and D as wrong statements. Both A and C present correct security principles related to patching systems and recognising phishing attacks. Only D is wrong among these three, so treating all three as wrong misrepresents the conceptual content of ICT security and cyber ethics.

Statement D is the only wrong statement because Internet connectivity actually increases exposure to malware instead of ensuring immunity. Statements A, B and C correctly define malware, emphasise the value of antivirus software and warn about risky attachments. No technology can make a system permanently immune to all attacks; continuous vigilance and updates are needed. Therefore the option that selects only D as wrong is the correct answer.

Option A:
Option A is incorrect because it groups A and D as wrong statements. Statement A is accurate in using malware as an umbrella term for various malicious software types. Including this correct statement among the wrong ones makes the option logically inconsistent.

Option B:
Option B is correct because it isolates D as the sole incorrect statement while accepting that A, B and C are valid security guidelines. It underlines that connecting to the Internet does not eliminate risk and that protective measures remain vital.

Option C:
Option C is incorrect because it labels C and D as wrong. C is true, as attachments from unknown senders frequently carry malware or phishing attempts. Combining one true statement with a false one produces an invalid set.

Option D:
Option D is incorrect because it treats B and D as wrong statements. Statement B is a sound recommendation about antivirus use, so grouping it with the false claim in D misrepresents good security practice.

Antivirus software scans files, memory and network activities to identify patterns associated with known or suspected malware. It can quarantine or delete infected files, block harmful downloads and provide real-time protection. These functions help maintain system integrity and reduce the risk of data loss or corruption in ICT environments. Therefore, the key purpose is to deal with malicious software.

Option A:
This option correctly emphasises detection, prevention and removal as the three main roles of antivirus tools. By regularly updating virus definitions and scanning, the software can respond to emerging threats. This is essential for securing educational laboratories and institutional networks.

Option B:
RAM capacity is a physical hardware attribute and cannot be increased by installing software alone. Although antivirus programs may help optimise performance indirectly, they do not change memory size. Hence, this statement is incorrect.

Option C:
Automatically converting all files into audio format is unrelated to security and could even damage data. Antivirus software does not perform such transformations. Therefore, this option is inappropriate.

Option D:
Blocking all Internet access might avoid some threats but would also remove many benefits of ICT. Antivirus software aims at safe usage of networks, not complete disconnection. Thus, the statement misrepresents its purpose.

Statements A, B and D are standard recommendations for email security, while C encourages risky behaviour and is wrong. Phishing attempts often mimic banks, universities or service providers to harvest credentials. Users should inspect URLs and report suspicious messages so that filters can be updated and warnings issued. Urgency cues are commonly abused in scams and do not guarantee safety of attachments.

Option A:
Option A is incomplete because it lists only A and B and omits D. While recognising phishing patterns and checking links is important, reporting incidents also strengthens organisational defences.

Option B:
Option B is incorrect because it includes A, B and C and thus accepts C. Since attackers deliberately send urgent messages with harmful attachments, this advice would expose users to unnecessary danger.

Option C:
Option C is correct because it combines awareness of phishing, verification of links and the organisational step of reporting suspicious emails. By excluding C, it rejects the unsafe idea that urgency alone can justify opening unknown attachments.

Option D:
Option D is incomplete because it groups B and D only and leaves out A. Statement A provides the basic description of phishing, without which the rationale for the other actions becomes less clear.

Two factor authentication combines two different categories of credentials, typically something the user knows (password) and something the user has (a mobile device or token). This greatly strengthens account security compared to single factor methods. ICT systems increasingly adopt 2FA to protect sensitive data and services. Therefore, the mechanism described is two factor authentication.

Option A:
Option A is correct because requiring both a password and a code from a separate device fits the definition of two factor authentication.

Option B:
Option B, single factor, authentication would rely on only one credential type, such as a password, and does not describe the extra verification step.

Option C:
Option C, biometric only, authentication uses physical characteristics like fingerprints but may still be single factor if used alone and does not necessarily involve one time codes.

Option D:
Option D, open, authentication has no clear meaning in security practice and certainly does not capture strengthened, multi step verification.

Authentication is the process of verifying that a user or system is who they claim to be before granting access to resources. Usernames and passwords are basic credentials used in this process. Strong authentication is fundamental to safeguarding ICT systems from unauthorised use. Hence, the login procedure described is an example of authentication.

Option A:
Option A is correct because authentication explicitly refers to identity verification using credentials such as passwords.

Option B:
Option B, authoring, refers to creating content and is not related to checking identity.

Option C:
Option C, archiving, is the long term storage of information, not controlling access to systems.

Option D:
Option D, advertising, aims to promote products or services and does not verify user identity.

Encryption transforms plain text into cipher text using algorithms and keys, protecting the confidentiality of information during storage or transmission. Only parties possessing the correct key can reverse the process through decryption. This practice is fundamental to secure communication over public networks. Consequently, the process described is encryption.

Option A:
Option A, decryption, is the reverse operation that converts cipher text back into readable form and does not describe the initial protection step.

Option B:
Option B is correct because encryption is defined as the act of encoding information so that only authorised users can access its content, matching the description in the question.

Option C:
Option C, compression, reduces file size to save space or bandwidth but does not prevent unauthorised reading.

Option D:
Option D, authentication, confirms the identity of users but does not itself convert data into unreadable form.

Encryption algorithms transform readable plaintext into ciphertext using a secret key. Intercepted ciphertext appears as random symbols to attackers, protecting confidentiality during transmission. The intended recipient uses the appropriate key to decrypt the data back into readable form. Thus, the core purpose of encryption is to ensure that only authorised parties can interpret the transmitted information.

Option A:
Compression aims to reduce file size but does not inherently prevent others from reading the content. Compressed data can often be decompressed without needing a secret key.

Option B:
This option correctly captures the idea of confidentiality and controlled readability, which underpins secure communication protocols like HTTPS and VPNs. It reflects standard practice in protecting sensitive data on public networks.

Option C:
Deleting data from the sender’s system is a separate action and is not achieved merely by encrypting it in transit. Encryption does not erase original copies.

Option D:
Making data freely readable to everyone contradicts the aim of encryption. Security mechanisms are designed to limit, not broaden, unauthorised access.

A digital signature is created using cryptographic techniques that bind an individual’s identity to an electronic document. It allows recipients to verify that the message has come from a genuine sender and has not been altered during transmission. In e-governance, this supports legal validity and trust in online transactions. Therefore, authentication and integrity are the central functions of digital signatures.

Option A:
Physically signing printed documents is a traditional practice unrelated to digital cryptographic signatures. While both serve to indicate approval, the technologies and verification methods differ. Hence, this statement does not describe digital signatures.

Option B:
This option correctly points out that digital signatures provide assurance about who signed a document and whether its content remains unchanged. Verification uses public key infrastructure, which checks the signature against the signer’s certificate. Such mechanisms are vital for electronic forms, tax filings and other e-governance applications.

Option C:
Increasing file size is not a goal of digital signatures and, in fact, larger files may be less efficient to store and transmit. Signatures add a small amount of metadata but are designed for security, not for consuming storage space.

Option D:
Converting documents into audio is a feature associated with text-to-speech tools or accessibility services. Digital signatures do not change the media format of a document; they add verifiable security information.

Statements A, B and D correctly describe digital signatures, while C confuses them with mere images. Digital signatures rely on cryptographic keys to verify both the sender and the integrity of the document. They are widely used in e-governance workflows to legally sign electronic forms. Graphical images of signatures do not provide cryptographic security, so C must be excluded from the correct set.

Option A:
Option A is correct because it includes A, B and D, which all reflect authentic properties and uses of digital signatures. It properly leaves out C, which treats digital signatures as simple pictures with no cryptographic basis. This option therefore matches the technological and legal understanding of digital signatures.

Option B:
Option B is incomplete because it selects only A and B and omits D. While A and B are true, ignoring the practical use of digital signatures in e-governance systems underestimates their institutional role. Since D is also correct, this combination does not list all the true statements.

Option C:
Option C is wrong because it combines B, which is true, with C, which is false. C equates digital signatures with pasted images, ignoring the essential role of cryptographic algorithms and keys. Any option that includes this misunderstanding cannot be accepted as correct.

Option D:
Option D is incorrect because it assumes that all four statements are correct and thus accepts C. Since C misrepresents digital signatures as non-cryptographic images, the presence of C makes this combination invalid.

Decryption applies a cryptographic key and algorithm to ciphertext to retrieve the original plaintext. It is the necessary counterpart of encryption in secure communication systems. Without decryption, authorised users could not read protected information. Thus, the process is called decryption.

Option A:
Option A is correct because decryption precisely denotes reversing encryption to recover the original data.

Option B:
Option B, encryption, is the forward process of encoding data and does not describe restoration to readable form.

Option C:
Option C, hashing, produces fixed length digests for integrity checking but is generally one way and not used to recover original data.

Option D:
Option D, scanning, may refer to searching or virus checking and is not related to cryptographic reversal.

A firewall acts as a barrier between a trusted internal network and untrusted external networks, inspecting traffic according to security policies. It can block unauthorised access while permitting legitimate communication, thereby reducing the risk of attacks. Firewalls may be hardware, software or a combination of both. Hence, the protective system described is a firewall.

Option A:
Option A is correct because firewall is the established term in ICT security for systems that filter network traffic based on rules.

Option B:
Option B, gateway, is a broader term for devices that connect networks and may or may not enforce security policies.

Option C:
Option C, modem, modulates and demodulates signals for communication over telephone lines or cable and is not primarily a security device.

Option D:
Option D, router, forwards packets between networks based on IP addresses but does not automatically apply security rules unless combined with firewall features.

A hash function maps variable length data to a fixed length hash value or digest. Small changes in input produce very different outputs, making hashes useful for integrity verification. In ICT security, hash functions support digital signatures and password storage. Therefore, the function described is a hash function.

Option A:
Option A is correct because hash function is the accepted term for algorithms producing fixed length digests from arbitrary data.

Option B:
Option B, encrypt, describes reversible transformation for confidentiality, which is different from hashing’s typical one way nature.

Option C:
Option C, compress, aims to reduce data size and still allow reconstruction, whereas hash functions do not support recovery of original data.

Option D:
Option D, randomise, suggests arbitrary change without determinism, while hash functions are deterministic for a given input.