VAPT Questions

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 46

Cyber security Theory

https://www.edureka.co/blog/interview-questions/cybersecurity-interview-questions/

1. What is Cryptography?

Cryptography is a technique of encrypting data to ensure that only the intended


recipient can read it. It involves using an algorithm and a key to transform plaintext into
ciphertext,

2. What is the difference between Symmetric and Asymmetric encryption?

Basis of
Symmetric Encryption Asymmetric Encryption
Comparison
Same key for encryption & Different keys for encryption &
Encryption key
decryption decryption
Encryption is fast but more Encryption is slow due to high
Performance
vulnerable computation
Algorithms DES, 3DES, AES and RC4 Diffie-Hellman, RSA
Often used for securely exchanging
Purpose Used for bulk data transmission
secret keys

4. Explain CIA triad.

CIA stands for Confidentiality, Integrity, and Availability. CIA is a model that is designed to
guide policies for Information Security. It is one of the most popular models used by
organizations.

Confidentiality

The information should be accessible and readable only to authorized personnel. It should not
be accessible by unauthorized personnel. The information should be strongly encrypted just
in case someone uses hacking to access the data so that even if the data is accessed, it is
not readable or understandable.

Integrity

Making sure the data has not been modified by an unauthorized entity. Integrity ensures that
data is not corrupted or modified by unauthorized personnel. If an authorized
individual/system is trying to modify the data and the modification wasn’t successful, then the
data should be reversed back and should not be corrupted.

Availability

The data should be available to the user whenever the user requires it. Maintaining Hardware,
upgrading regularly, Data Backups and Recovery, Network Bottlenecks should be taken care
of.

6. What is a Firewall and why is it used?

A Firewall is a network security system set on the boundaries of the system/network that
monitors and controls network traffic. Firewalls are mainly used to protect the system/network
from viruses, worms, malware, etc. Firewalls can also be used to prevent remote access and
content filtering.

7. What is the difference between VA(Vulnerability Assessment) and PT(Penetration


Testing)?

Vulnerability Assessment is the process of finding flaws on the target. Here, the
organization knows that their system/network has flaws or weaknesses and want to find these
flaws and prioritize the flaws for fixing.

Penetration Testing is the process of finding vulnerabilities on the target. In this case, the
organization would have set up all the security measures they could think of and would want
to test if there is any other way that their system/network can be hacked.

8. What is a three-way handshake?

A three-way handshake is a method used in a TCP/IP network to create a connection


between a host and a client. It’s called a three-way handshake because it is a three-step
method in which the client and server exchanges packets. The three steps are as follows:

1. The client sends a SYN(Synchronize) packet to the server check if the server is up or
has open ports
2. The server sends SYN-ACK packet to the client if it has open ports
3. The client acknowledges this and sends an ACK(Acknowledgment) packet back to
the server

9. What are the response codes that can be received from a Web Application?

1xx – Informational responses


2xx – Success
3xx – Redirection
4xx – Client-side error
5xx – Server-side error

10. What is traceroute? Why is it used?

Traceroute is a tool that shows the path of a packet. It lists all the points (mainly routers) that
the packet passes through. This is used mostly when the packet is not reaching its
destination. Traceroute is used to check where the connection stops or breaks to identify the
point of failure.

11. What is the difference between HIDS and NIDS?

HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for
the same purpose i.e., to detect the intrusions. The only difference is that the HIDS is set up
on a particular host/device. It monitors the traffic of a particular device and suspicious system
activities. On the other hand, NIDS is set up on a network. It monitors traffic of all device of
the network.

12. What are the steps to set up a firewall?

Following are the steps to set up a firewall:

1. Username/password: modify the default password for a firewall device


2. Remote administration: Disable the feature of the remote administration
3. Port forwarding: Configure appropriate port forwarding for certain applications to work
properly, such as a web server or FTP server
4. DHCP server: Installing a firewall on a network with an existing DHCP server will
cause conflict unless the firewall’s DHCP is disabled
5. Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is
enabled and understand how to view logs
6. Policies: You should have solid security policies in place and make sure that the
firewall is configured to enforce those policies.

13. Explain SSL Encryption

SSL(Secure Sockets Layer) is the industry-standard security technology creating encrypted


connections between Web Server and a Browser. This is used to maintain data privacy and to
protect the information in online transactions. The steps for establishing an SSL connection is
as follows:

1. A browser tries to connect to the webserver secured with SSL


2. The web server sends a copy of its SSL certificate to the browser
3. The browser checks if the SSL certificate is trustworthy or not. If it is trustworthy, then
the browser sends a message to the web server requesting to establish an encrypted
connection
4. The web server sends an acknowledgment to start an SSL encrypted connection
5. SSL encrypted communication takes place between the browser and the web server

14. What steps will you take to secure a server?

Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and
decryption to protect data from unauthorized interception.

Here are four simple ways to secure server:

Step 1: Make sure you have a secure password for your root and administrator users

Step 2: The next thing you need to do is make new users on your system. These will be the
users you use to manage the system

Step 3: Remove remote access from the default root/administrator accounts

Step 4: The next step is to configure your firewall rules for remote access

15. Explain Data Leakage

Data Leakage is an intentional or unintentional transmission of data from within the


organization to an external unauthorized destination. It is the disclosure of confidential
information to an unauthorized entity. Data Leakage can be divided into 3 categories based
on how it happens:

1. Accidental Breach: An entity unintentionally send data to an unauthorized person


due to a fault or a blunder
2. Intentional Breach: The authorized entity sends data to an unauthorized entity on
purpose
3. System Hack: Hacking techniques are used to cause data leakage

Data Leakage can be prevented by using tools, software, and strategies known as DLP(Data
Leakage Prevention) Tools.
16. What are some of the common Cyberattacks?

Following are some common cyber attacks that could adversely affect your system.

1. Malware
2. Phishing
3. Password Attacks
4. DDoS
5. Man in the Middle
6. Drive-By Downloads
7. Malvertising
8. Rogue Software

17. What is a Brute Force Attack? How can you prevent it?

Brute Force is a way of finding out the right credentials by repetitively trying all the
permutations and combinations of possible credentials. In most cases, brute force attacks
are automated where the tool/software automatically tries to login with a list of credentials.
There are various ways to prevent Brute Force attacks. Some of them are:

● Password Length: You can set a minimum length for password. The lengthier the
password, the harder it is to find.
● Password Complexity: Including different formats of characters in the password
makes brute force attacks harder. Using alpha-numeric passwords along with special
characters, and upper and lower case characters increase the password complexity
making it difficult to be cracked.
● Limiting Login Attempts: Set a limit on login failures. For example, you can set the
limit on login failures as 3. So, when there are 3 consecutive login failures, restrict the
user from logging in for some time, or send an Email or OTP to use to log in the next
time. Because brute force is an automated process, limiting login attempts will break
the brute force process.

18. What is Port Scanning?

Port Scanning is the technique used to identify open ports and service available on a
host. Hackers use port scanning to find information that can be helpful to exploit
vulnerabilities. Administrators use Port Scanning to verify the security policies of the
network. Some of the common Port Scanning Techniques are:

1. Ping Scan
2. TCP Half-Open
3. TCP Connect
4. UDP
5. Stealth Scanning

19. What are the different layers of the OSI model?

An OSI model is a reference model for how applications communicate over a network. The
purpose of an OSI reference is to guide vendors and developers so the digital communication
products and software programs can interoperate.
Following are the OSI layers:

Physical Layer: Responsible for transmission of digital data from sender to receiver through
the communication media,

Data Link Layer: Handles the movement of data to and from the physical link. It is also
responsible for encoding and decoding of data bits.

Network Layer: Responsible for packet forwarding and providing routing paths for network
communication.

Transport Layer: Responsible for end-to-end communication over the network. It splits the
data from the above layer and passes it to the Network Layer and then ensures that all the
data has successfully reached at the receiver’s end.

Session Layer: Controls connection between the sender and the receiver. It is responsible
for starting, ending, and managing the session and establishing, maintaining and
synchronizing interaction between the sender and the receiver.

Presentation Layer: It deals with presenting the data in a proper format and data structure
instead of sending raw datagrams or packets.

Application Layer: It provides an interface between the application and the network. It
focuses on process-to-process communication and provides a communication interface.

20. What is a VPN?

VPN stands for Virtual Private Network. It is used to create a safe and encrypted
connection. When you use a VPN, the data from the client is sent to a point in the VPN where
it is encrypted and then sent through the internet to another point. At this point, the data is
decrypted and sent to the server. When the server sends a response, the response is sent to
a point in the VPN where it is encrypted and this encrypted data is sent to another point in the
VPN where it is decrypted. And finally, the decrypted data is sent to the client. The whole
point of using a VPN is to ensure encrypted data transfer.
21. What do you understand by Risk, Vulnerability & Threat in a network?

Threat: Someone with the potential to harm a system or an organization


Vulnerability: Weakness in a system that can be exploited by a potential hacker
Risk: Potential for loss or damage when threat exploits a vulnerability

22. How can identity theft be prevented?

Here’s what you can do to prevent identity theft:

● Ensure strong and unique password

● Avoid sharing confidential information online, especially on social media

● Shop from known and trusted websites

● Use the latest version of the browsers

● Install advanced malware and spyware tools

● Use specialized security solutions against financial data

● Always update your system and the software

● Protect your SSN (Social Security Number)

23. What are black hat, white hat and grey hat hackers?

Black hat hackers are known for having vast knowledge about breaking into computer
networks. They can write malware which can be used to gain access to these systems. This
type of hackers misuse their skills to steal information or use the hacked system for malicious
purpose.

White hat hackers use their powers for good deeds and so they are also called Ethical
Hackers. These are mostly hired by companies as a security specialist that attempts to find
and fix vulnerabilities and security holes in the systems. They use their skills to help make the
security better.

Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look for
system vulnerabilities without the owner’s permission. If they find any vulnerabilities, they
report it to the owner. Unlike Black hat hackers, they do not exploit the vulnerabilities found.

25. How would you reset a password-protected BIOS configuration?

Since BIOS is a pre-boot system it has its own storage mechanism for settings and
preferences. A simple way to reset is by popping out the CMOS battery so that the memory
storing the settings lose its power supply and as a result, it will lose its setting.

26. Explain MITM attack and how to prevent it?

A MITM(Man-in-the-Middle) attack is a type of attack where the hacker places himself in


between the communication of two parties and steal the information. Suppose there are two
parties A and B having a communication. Then the hacker joins this communication. He
impersonates as party B to A and impersonates as party A in front of B. The data from both
the parties are sent to the hacker and the hacker redirects the data to the destination party
after stealing the data required. While the two parties think that they are communicating with
each other, in reality, they are communicating with the hacker.
You can prevent MITM attack by using the following practices:

● Use VPN

● Use strong WEP/WPA encryption

● Use Intrusion Detection Systems

● Force HTTPS

● Public Key Pair Based Authentication

27. Explain DDOS attack and how to prevent it?

A DDOS(Distributed Denial of Service) attack is a cyberattack that causes the servers to


refuse to provide services to genuine clients. DDOS attack can be classified into two types:

1. Flooding attacks: In this type, the hacker sends a huge amount of traffic to the
server which the server can not handle. And hence, the server stops functioning. This
type of attack is usually executed by using automated programs that continuously
send packets to the server.
2. Crash attacks: In this type, the hackers exploit a bug on the server resulting in the
system to crash and hence the server is not able to provide service to the clients.

You can prevent DDOS attacks by using the following practices:

● Use Anti-DDOS services

● Configure Firewalls and Routers

● Use Front-End Hardware

● Use Load Balancing

● Handle Spikes in Traffic

28. Explain XSS attack and how to prevent it?

XSS(Cross-Site Scripting) is a cyberattack that enables hackers to inject malicious client-


side scripts into web pages. XSS can be used to hijack sessions and steal cookies, modify
DOM, remote code execution, crash the server etc.

You can prevent XSS attacks by using the following practices:

● Validate user inputs

● Sanitize user inputs

● Encode special characters

● Use Anti-XSS services/tools

● Use XSS HTML Filter

29. What is an ARP and how does it work?


Address Resolution Protocol (ARP)is a protocol for mapping an Internet Protocol address
(IP address) to a physical machine address that is recognized in the local network.

When an incoming packet destined for a host machine on a particular local area network
arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC
address that matches the IP address.

The ARP program looks in the ARP cache and, if it finds the address, provides it so that the
packet can be converted to the right packet length and format and sent to the machine.

If no entry is found for the IP address, ARP broadcasts a request packet in a special format to
all the machines on the LAN to see if one machine knows that it has that IP address
associated with it.

30. What is port blocking within LAN?

Restricting the users from accessing a set of services within the local area network is called
port blocking.

Stopping the source to not to access the destination node via ports. As the application works
on the ports, so ports are blocked to restricts the access filling up the security holes in the
network infrastructure.

31. What protocols fall under TCP/IP internet layer?

TCP/IP TCP/IP Protocol Examples


NFS, NIS+, DNS, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, SNMP and
Application
others
Transport TCP, UDP
Internet IP, ARP, ICMP
Data Link PPP, IEEE 802.2
Physical
Ethernet (IEEE 802.3) Token ring, RS-232, others
Network

32. What is a Botnet?

A Botnet is a number of devices connected to the internet where each device has one or
more bots running on it. The bots on the devices are malicious scripts used to hack a victim.
Botnets can be used to steal data, send spams and execute a DDOS attack.

33. What are salted hashes?

Salt is a random data. When a properly protected password system receives a new
password, it creates a hash value of that password, a random salt value, and then the
combined value is stored in its database. This helps to defend against dictionary attacks and
known hash attacks.

Example: If someone uses the same password on two different systems and they are being
used using the same hashing algorithm, the hash value would be same, however, if even one
of the system uses salt with the hashes, the value will be different.

34. Explain SSL and TLS (Difference)

SSL (Secure Sockets Layer) is meant to verify the sender’s identity but it doesn’t search for
anything more than that. SSL can help you track the person you are talking to but that can
also be tricked at times.
TLS (Transport Layer Security) is also an identification tool just like SSL, but it offers better
security features. It provides additional protection to the data and hence SSL and TLS are
often used together for better protection.

35. What is data protection in transit vs data protection at rest?

Data Protection in transit Data protection at rest


When data just exists in its database or
When data is going from server to client
on its hard drive
Effective Data protection measures for in-transit
Data at rest is sometimes considered to
data are critical as data is less secure when in
be less vulnerable than data in transit
motion

36. What is 2FA and how can it be implemented for public websites?

An extra layer of security that is known as “multi-factor authentication“.

Requires not only a password and username but also something that only, and only, that user
has on them, i.e. a piece of information only they should know or have immediately to hand –
such as a physical token.

Authenticator apps replace the need to obtain a verification code via text, voice call or email.

37. What is Cognitive Cybersecurity?

Cognitive Cybersecurity is an application of AI technologies patterned on human thought


processes to detect threats and protect physical and digital systems.

Self-learning security systems use data mining, pattern recognition, and natural language
processing to simulate the human brain, albeit in a high-powered computer model.

38. What is the difference between VPN and VLAN?

VPN VLAN
Helps to group workstations that are
Related to remote access to the network of a
not within the same locations into the
company
same broadcast domain
Means to logically segregate networks
Used to connect two points in a secured and
without physically segregating them
encrypted tunnel
with various switches
Does not involve any encryption technique but it is
Saves the data from prying eyes while
only used to slice up your logical network into
in transit and no one on the net can
different sections for the purpose of management
capture the packets and read the data
and security

39. Explain Phishing and how to prevent it?

Phishing is a Cyberattack in which a hacker disguises as a trustworthy person or business


and attempt to steal sensitive financial or personal information through fraudulent email or
instant message.

You can prevent Phishing attacks by using the following practices:


● Don’t enter sensitive information in the webpages that you don’t trust

● Verify the site’s security

● Use Firewalls

● Use AntiVirus Software that has Internet Security

● Use Anti-Phishing Toolbar

40. Explain SQL Injection and how to prevent it?

SQL Injection (SQLi) is a code injection attack where an attacker manipulates the data being
sent to the server to execute malicious SQL statements to control a web application’s
database server, thereby accessing, modifying and deleting unauthorized data. This attack is
mainly used to take over database servers.

You can prevent SQL Injection attacks by using the following practices:

● Use prepared statements

● Use Stored Procedures

● Validate user input

Senario Based Questions

Part B – Scenario Based Cybersecurity Interview Questions

1. Here’s a situation- You receive the following email from the help desk:

Dear XYZ Email user,

To create space for more users we’re deleting all inactive email accounts. Here’s what you
have to send to save your account from getting deleted:

● Name (first and last):

● Email Login:

● Password:

● Date of birth:

● Alternate email

If we don’t receive the above information from you by the end of the week, your email account
will be terminated.

If you’re a user what do you do? Justify your answer.

This email is a classic example of “phishing” – trying to trick you into “biting”. The
justification is the generalized way of addressing the receiver which is used in mass spam
emails.

Above that, a corporate company will never ask for personal details on mail.
They want your information. Don’t respond to email, instant messages (IM), texts, phone
calls, etc., asking you for your password or other private information.

You should never disclose your password to anyone, even if they say they work for UCSC,
ITS, or other campus organizations.

2. A friend of yours sends an e-card to your mail. You have to click on the attachment
to get the card.

What do you do? Justify your answer

There are four risks here:

● Some attachments contain viruses or other malicious programs, so just in general, it’s
risky to open unknown or unsolicited attachments.
● Also, in some cases just clicking on a malicious link can infect a computer, so unless
you are sure a link is safe, don’t click on it.
● Email addresses can be faked, so just because the email says it is from someone you
know, you can’t be certain of this without checking with the person.
● Finally, some websites and links look legitimate, but they’re really hoaxes designed to
steal your information.

3. One of the staff members in XYZ subscribes to many free magazines. Now, to
activate her subscriptions one of the magazines asked for her month of birth, second
asked for her year of birth, the other one asked for her maiden name.

What do you infer from this situation? Justify.

All three newsletters probably have the same parent company or are distributed through the
same service. The parent company or service can combine individual pieces of seemingly-
harmless information and use or sell it for identity theft

It is even possible that there is a fourth newsletter that asks for a day of birth as one of the
activation questions

Often questions about personal information are optional. In addition to being suspicious about
situations like the one described here, never provide personal information when it is not
legitimately necessary, or to people or companies, you don’t personally know.

4. In our computing labs, print billing is often tied to the user’s login. Sometimes
people call to complain about bills for printing they never did only to find out that the
bills are, indeed, correct.

What do you infer from this situation? Justify.

Sometimes they realize they loaned their account to a friend who couldn’t remember his/her
password, and the friend did the printing. Thus the charges. It’s also possible that somebody
came in behind them and used their account

This is an issue with shared or public computers in general. If you don’t log out of the
computer properly when you leave, someone else can come in behind you and retrieve what
you were doing, use your accounts, etc. Always log out of all accounts, quit programs, and
close browser windows before you walk away.
5. There is this case that happened in my computer lab. A friend of mine used their
yahoo account at a computer lab on campus. She ensured that her account was not
left open before she left the lab. Someone came after her and used the same browser
to re-access her account. and they started sending emails from it.

What do you think might be going on here?

The first person probably didn’t log out of her account, so the new person could just go to
history and access her account.

Another possibility is that she did log out, but didn’t clear her web cache. (This is done
through the browser menu to clear pages that the browser has saved for future use.)

6. Two different offices on campus are working to straighten out an error in an


employee’s bank account due to a direct deposit mistake.

Office #1 emails the correct account and deposit information to office #2, which promptly fixes
the problem.

The employee confirms with the bank that everything has, indeed, been straightened out.

What is wrong here?

Account and deposit information is sensitive data that could be used for identity theft. Sending
this or any kind of sensitive information by email is very risky because email is typically not
private or secure. Anyone who knows how can access it anywhere along its route.

As an alternative, the two offices could have called each other or worked with ITS to send the
information a more secure way.

7. The mouse on your computer screen starts to move around on its own and click on
things on your desktop. What do you do?

a) Call your co-workers over so they can see

b) Disconnect your computer from the network

c) Unplug your mouse

d) Tell your supervisor

e) Turn your computer off

f) Run anti-virus

g) All of the above

Select all the options that apply.

Right answer is B & D.

This is definitely suspicious. Immediately report the problem to your supervisor and the ITS
Support Center: itrequest.ucsc.edu, 459-HELP (4357), [email protected] or Kerr Hall room 54,
M-F 8AM-5PM
Also, since it seems possible that someone is controlling the computer remotely, it is best if
you can disconnect the computer from the network (and turn off wireless if you have it) until
help arrives. If possible, don’t turn off the computer.

8. Below is a list of passwords pulled out a database.

A. @#$)*&^%

B. akHGksmLN

C.UcSc4Evr!

D.Password1

Which of the following passwords meets UCSC’s password requirements?

Answer is UcSc4Evr!

This is the only choice that meets all of the following UCSC requirements:

At least 8 characters in length

Contains at least 3 of the following 4 types of characters: lower case letters, upper case
letters, numbers, special characters

Not a word preceded or followed by a digit

9. You receive an email from your bank telling you there is a problem with your
account. The email provides instructions and a link so you can log into your account
and fix the problem.

What should you do?

Delete the email. Better yet, use the web client (e.g. gmail, yahoo mail, etc.) and report it as
spam or phishing, then delete it.

Any unsolicited email or phone call asking you to enter your account information, disclose
your password, financial account information, social security number, or other personal or
private information is suspicious – even if it appears to be from a company you are familiar
with. Always contact the sender using a method you know is legitimate to verify that the
message is from them.

10. A while back, the IT folks got a number of complaints that one of our campus
computers was sending out Viagra spam. They checked it out, and the reports were
true: a hacker had installed a program on the computer that made it automatically send
out tons of spam email without the computer owner’s knowledge.

How do you think the hacker got into the computer to set this up?

This was actually the result of a hacked password. Using passwords that can’t be easily
guessed, and protecting your passwords by not sharing them or writing them down can help
to prevent this. Passwords should be at least 8 characters in length and use a mixture of
upper and lower case letters, numbers, and symbols.

Even though in this case it was a hacked password, other things that could possibly lead to
this are:
● Out of date patches/updates

● No anti-virus software or out of date anti-virus software

Cyber security Theory

https://www.javatpoint.com/cyber-security-tnterview-questions

1) What is Cyber Security? / What do you know about Cyber Security?

Cyber Security is a practice of protecting internet-connected systems such as hardware,


software, programs, computers, servers, mobile devices, electronic systems, networks, and
data from malicious digital attacks. The main purpose of cyber security is to protect against
cyberattacks like accessing, changing, or destroying sensitive information from your computer
system.
The cyber attackers are mainly aimed at accessing, changing, or destroying sensitive
information, extorting money from users, or interrupting normal business processes. Cyber
Security is also known as computer security, information technology (IT) security,
cybersecurity etc. It is used to measure the combat threats against networked systems and
applications, whether those threats originate from inside or outside of an organization.
We can divide the term cyber security into two parts: cyber and security. Cyber refers to the
technology that includes systems, networks, programs, and data of an internet-connected
system. The word security specifies the protection of the systems, networks, applications, and
information.

2) What is Cyber Crime? Give some examples of Cyber Crime.

Cyber Crime is just like regular crime but happens on the Internet. Following are some
examples of Cyber Crime:
o Identity Theft
o Online Predators
o Hacking of sensitive information from the Internet
o BEC ("Business Email Compromise")
o Ransomware
o Stealing intellectual property

3) Why is Cyber Crime increasing day by day every year?

Cyber Crime is increasing day by day every year because of the following reasons:
o Cyber Crime is easy to accomplish. A person having good knowledge of computer
hacking can do Cybercrime.
o There is a lower risk of getting caught in Cybercrime.
o A cyber attackers can get huge money for their little work.
o Cyber attackers can target thousands of victims.
o With the introduction of cryptocurrencies, money laundering is getting easier.
4) What is the main goal of Cyber Security?

The main objective of cyber security is to protect data from cyber-attacks. It follows a principle
called CIA trio. It is a security sector that provides a triangle of three connected principles.
The CIA model is used to help organizations to develop policies for their information security
architecture. There are three main components Confidentiality, Integrity, and Availability of
this CIA model. One or more of these principles is broken when it finds a security breach. This
model provides a security paradigm to guide individuals through many aspects of IT security.

Let's see these three security aspects in detail:


Confidentiality: Confidentiality is used to provide privacy to prevent unauthorized access to
data. It ensures that the data is only accessible to those who are authorized to use it and
restricts access to others. It restricts vital information to be exposed to the wrong hands. A
good example of Confidentiality is Data encryption which is used to keep information private.
Integrity: The Integrity principle is used to assure that the data is genuine, correct, and safe
from unwanted threat actors or unintentional user alteration. It also specifies that the source
of information must be genuine. If any changes are made, precautions should be taken to
protect sensitive data from corruption or loss and recover from such an incident quickly.
Availability: The Availability principle ensures that the information is constantly available and
accessible to those who have access to it. It also ensures that any types of system failures or
cyber-attacks do not obstruct these accesses.

5) What are the main advantages of cyber security?

Following is a list of main advantages of cyber security:


o Cyber security protects online businesses and transactions against ransomware,
malware, online frauds, and phishing.
o It protects the end-users.
o It provides great protection for both data as well as networks.
o It can increase the recovery time after a breach.
o It prevents unauthorized users from accessing sensitive information.
6) What is the difference between IDS and IPS?

A list of differences between IDS and IPS:

IDS IPS

IDS stands for Intrusion Detection Systems. IPS stands for Intrusion Prevention Systems.

IDS can only detect intrusions, but it is unable to prevent IPS can detect as well as prevent intrusions.
intrusions.

IDS is a monitoring system. IPS is a control system.

IDS requires a human or another system to look at the IPS only requires a regularly updated database with
results. threat data.

7) What are the key elements of Cyber Security?

Following is the list of key elements of Cyber Security:


o Information security
o Network security
o Operational security
o Application security
o End-user security
o Business continuity planning

12) What is the difference between Encryption and Hashing? / How is Encryption
different from Hashing?

Encryption and Hashing are techniques used to convert readable data into an unreadable
data format, but they have some key differences.
Differences between Encryption and Hashing

Encryption Hashing

Encryption is used to make temporary data conversions. Hashing is used to make permanent data c
into message digest.

In Encryption, the encrypted data can be converted back to In Hashing, the hashed data cannot be
original data by the process of decryption. back to original data.

Encryption works in two ways, i.e. encode and decode the data. Hashing is a one-way encryption proc
example, it only encodes the data.

Encryption is used to secure sensitive data from the reach of third Hashing is used to protect the integrit
parties. information.

Encryption focuses on the confidentiality of the data. Hashing focuses on the integrity of the data
14) What are some common Hashing functions/algorithms?

Following is the list of some common and most used hashing functions/algorithms:
Message-Digest Algorithm (MD5)
Message-Digest Algorithm or MD5 is the latest and advanced form of MD4. It was introduced
after finding severe security issues in MD4. MD5 is used to generate 128-bit outputs for a
variable length of inputs.
MD5 is the advanced version and the successor to MD4. It covers a lot of security threats but
fails to provide full data security services. It is one of the most widely used algorithms, but the
main issue with using MD5 is its vulnerability and collisions.
Secure Hashing Algorithm (SHA)
Secure Hashing Algorithm, or SHA, was developed by the National Security Agency. Later it
was updated repeatedly to improve the security flaws in the old genre. Its latest and advanced
version is SHA-2 that many firms are using for cryptographic purposes.
Tiger Cipher Algorithm
Tiger cypher algorithm is a faster and more efficient algorithm compared to Message Digest
(MD5) and Secure Hashing Algorithm. It is mostly used in new generation computers and has
a 192-bit hashing system. Its latest and advanced version is the Tiger2 algorithm which is
more powerful than the Tiger algorithm.
RIPMEND Algorithm
Hans Dobbertin designed RIPMEND cryptographic hashing algorithm. It is created using the
EU project RIPE framework and has a 164-bit digest.
WHIRLPOOL Algorithm
Vincent Rijmenand Paul Barreto designed the WHIRLPOOL algorithm. It accepts any
messages of a length less than 2256 bits and returns a 512-bit message digest. Its first
version was whirlpool-0, the second version was named Whirlpool-T, and the latest and most
advanced version is Whirlpool.

15) What is the main purpose of Hashing?

Hashing is required when we have to compare a huge amount of data. We can create
different hash values for different data, and we can compare hashes too.
Following is a list of some most important usage of Hashing:
o Hashing facilitates us to keep and find records of hashed data.
o Hashing can be used in cryptographic applications such as a digital signature.
o With the use of hashing, we can create random strings to avoid data duplication.
o Geometric hashing is a type of hashing used in computer graphics to help find
proximity issues in planes.

24) What are the different types of Cyber Security?

Every organization has some assets that are made up of a variety of different systems. These
systems must have a strong Cyber Security aspect to make the organization work well.
According to the devices used in Cyber Security, it can be divided into the following types:
o Network security: Network security is one of the most important types of Cyber
security. In this process, we have to secure a computer network against unauthorized
access, intruders, attacks, disruption, and misuse using hardware and software. This
security also adds an extra layer in protecting an organization's assets from both
external and internal threats. An example of Network security is using a Firewall.
o Application security: Application security is used to safeguard software and devices
against malicious attacks. This can be achieved by regularly updating the apps to
ensure that they are secure against threats.
o Identity management & security: Identity management & security identifies each
individual's level of access inside an organization. For example, you can restrict and
allow access to data according to an individual's job role in the company.
o Data security: Data security is used to ensure that you put your data in a strong data
storage system to ensure data integrity and privacy while in storage and transport.
o Operational security: Operational security is used to analyze and make decisions
about handling and securing the data assets. For example: Storing data in an
encrypted form in the database is an example of Operational security.
o Mobile security: Mobile security is used to specify the protection of organizational
and personal data held on mobile devices such as cell phones, PCs, tablets, and
other similar devices against various hostile attacks. Examples of mobile security
threats are unauthorized access, device loss or theft, malware, and other threats that
can harm mobile devices.
o Cloud security: The main aim of cloud security is to safeguard the data held in a
digital environment or cloud infrastructures for an organization. It uses various cloud
service providers, including AWS, Azure, Google, and others, to assure protection
against a variety of threats.

27) What is Patch management in Cyber security? How often should we perform Patch
management?

In Cyber security, patch management is a process to keep the software on computers and
network devices up to date and make them capable of resisting low-level cyber attacks. It is
used in any software which is prone to technical vulnerabilities.
We should perform patch management as soon as it is released. For example, when a patch
is released for Windows, it should be applied to all machines as soon as possible. Same in
network devices, we should apply patch management as soon as it is released. We should
follow proper patch management for better security.

28) Which are the best Patch management tools or software? Why are they used?

Patch management tools or software are used to ensure that the components of a company's
software and IT infrastructure are up to date. The patch management tools work by tracking
updates of various software and middleware solutions, and then they alert users to make
necessary updates or execute updates automatically.
Following is a list of the top 10 best patch management software or tools:
o Atera
o NinjaRMM
o Acronis Cyber Protect Cloud
o Acronis Cyber Protect
o PDQ Deploy
o ManageEngine Patch Manager Plus
o Microsoft System Center
o Automox
o SmartDeploy
o SolarWinds Patch Manager
31) What is data leakage in the context of Cyber security?

In the context of Cyber security, data leakage is an unauthorized transfer of data to the
outside of the secure network. Data leakage can occur via email, optical media, laptops, and
USB keys etc.

32) What do you understand by honeypots?

Honeypots are the possible attack targets set up to see how different attackers attempt to
exploit a network. Private firms and governments use this concept to evaluate their
vulnerabilities, widely used in academic settings.

33) What do you understand by Shoulder Surfing?

Shoulder surfing is a form of physical assault used by fraudsters by physically peering at


people's screens to cheat while they type sensitive information in a semi-public area.

37) What is the difference between stored XSS and reflected XSS?

Difference between stored XSS attacks and reflected XSS attacks:

Stored XSS Attacks Reflected XSS Attacks

The attacks where the injected scripts are permanently The attacks where the user has to send the request
stored on the target servers are called stored XSS start running on the victim's browser, are called refle
attacks. attacks.

In stored XSS attacks, the victim retrieves the server's The reflected XSS attacks reflect results from the b
malicious script when requesting the stored information. the user who sent the request.

Cyber security Theory

https://mindmajix.com/cyber-security-interview-questions

23. What is the difference between hashing and salting?

● Hashing is majorly used for authentication and is a one-way function where data is
planned to a fixed-length value.
● Salting is an extra step for hashing, where it adds additional value to passwords that
change the hash value created.

25. What are the common methods of authentication for network security?

● Biometrics - It is a known and registered physical attribute of a user specifically used


for verifying their identity.
● Token - A token is used for accessing systems. It makes it more difficult for hackers
to access accounts as they have long credentials.
● Transaction Authentication - A one-time pin or password is used in processing
online transactions through which they verify their identity.
● Multi-Factor Authentication - It’s a security system that needs more than one
method of authentication.
● Out-of-Band Authentication - This authentication needs two different signals from
two different channels or networks. It prevents most of the attacks from hacking and
identity thefts in online banking.

Related Article: Cyber Security Career Path

26. Which is more secure SSL or HTTPS?


● SSL (Secure Sockets Layer) is a secure protocol that provides safer conversations
between two or more parties across the internet. It works on top of the HTTP to
provide security.
● HTTPS (Hypertext Transfer Protocol Secure) is a combination of HTTP and SSL to
provide a safer browsing experience with encryption.
● In terms of security, SSL is more secure than HTTPS.

33. What do you understand by compliance in Cybersecurity?

● Compliance means living by a set of standards set by an


organization/government/independent party.
● It helps in defining and achieving IT targets and also in mitigating threats through
processes like vulnerability management.

35. What is the difference between a false positive and a false negative in IDS?

● A false positive is considered to be a false alarm and a false negative is considered to


be the most complicated state.
● A false positive occurs when an IDS fires an alarm for legitimate network activity.

● A false negative occurs when IDS fails to identify malicious network traffic.

Compared to both, a false positive is more acceptable than a false negative as they lead to
intrusions without getting noticed.

Related Article: Top 10 Cybersecurity Tools In 2020

36 what is the difference between the Red Team and the Blue team?

● The red team and blue team refer to cyberwarfare. Many organizations split the
security team into two groups as red team and blue team.
● The red team refers to an attacker who exploits weaknesses in an organization's
security.
● The blue team refers to a defender who identifies and patches vulnerabilities into
successful breaches.

37. Explain System hardening?

● Generally, system hardening refers to a combination of tools and techniques for


controlling vulnerabilities in systems, applications, firmware, and more in an
organization.
● The purpose of system hardening is to decrease the security risks by reducing the
potential attacks and condensing the system’s attack surface.

The following are the various types of system hardening:

1. Database hardening
2. Operating system hardening
3. Application hardening
4. Server hardening
5. Network hardening

38. What is a cybersecurity risk assessment?

A cybersecurity risk assessment refers to detecting the information assets that are prone to
cyber-attacks(including customer data, hardware, laptop, etc.) and also evaluates various
risks that could affect those assets.

It is mostly performed to identify, evaluate, and prioritize risks across organizations.

The best way to perform cybersecurity risk assessment is to detect:

● Relevant threats in your organization

● Internal and external vulnerabilities

● Evaluate vulnerabilities impact if they are exploited

43. What are the several indicators of compromise(IOC) that organizations should
monitor?

The key indicators of compromise that organizations should monitor are listed below:

● Unusual Outbound Network Traffic

● HTML Response Sizes

● Geographical Irregularities

● Increases in Database Read Volume

● Log-In Red Flags

● Unexpected Patching of Systems

● Large Numbers of Requests for the Same File

● Web Traffic with Unhuman Behavior

● Suspicious Registry or System File Changes

● Unusual DNS Requests

● Mobile Device Profile Changes

● Bundles of Data in the Wrong Place

● Mismatched Port-Application Traffic

● Signs of DDoS Activity

● Anomalies in Privileged User Account Activity

44. What is Remote Desktop Protocol (RDP)?


● RDP (Remote Desktop Protocol) is a Microsoft protocol specifically designed for
application data transfer security and encryption between client devices, users, and a
virtual network server.
● It allows administrators to remotely evaluate and resolve issues individual subscribers
encounter.
● It supports up to 64,000 separate data channels with a provision for multipoint
transmission.

45. What is the difference between Diffie Hellman and RSA?

● Diffie-Helman: It’s a key exchange protocol where two parties exchange a shared
key that either one can use to encrypt/decrypt messages between them.
● RSA: It’s asymmetric key encryption where it has two different keys. The public key
can be given to anyone and decrypted with another, which is kept private.

Related Article: Cyber Security Best Practices

46. What is Forward Secrecy and how does it work?

● Forward secrecy is a feature of specific key agreement protocols which gives


assurance that even if the private key of the server is compromised the session keys
will not be compromised. It is also known as perfect forward secrecy(PFS).
● The Algorithm that helps in achieving this is called "Diffie–Hellman key exchange".

47. What is an active reconnaissance?

● Active reconnaissance is a kind of computer attack where an intruder engages the


target system for collecting data about vulnerabilities.
● The attackers mostly use port scanning to identify vulnerable ports and then exploit
the vulnerabilities of services that are associated with open ports.

Leave an Inquiry to learn Cyber Security Training in Houston

49. What is the difference between information protection and information assurance?

● Information protection: It protects the data using encryption, security software, etc.,
from unauthorized access.
● Information Assurance: It keeps the data reliable by ensuring availability,
authentication, confidentiality, etc.

50. What do you mean by Chain of Custody?

● Chain of custody refers to the probability of data provided as originally acquired and
has not been changed before admission into evidence.
● In legal terms, it’s a chronological documentation/paper trail that records a proper
sequence of custody, control, analysis, and disposition of electronic or physical
evidence.
Advanced Cyber Security Interview Questions and Answers

31. What are the protocols that fall under the TCP/IP Internet layer?

Application NFS, NIS, SNMP, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, DNS, LDAP, and
Layer others
Transport Layer TCP, SCTP, UDP, etc.
Internet IPv4, ARP, ICMP, IPv6, etc.
Data Link Layer IEEE 802.2, PPP, etc.
Physical Layer Ethernet (IEEE 802.3), FDDI, Token Ring, RS-232, and others

33. What are salted hashes?

When two users have the same password, it will result in the creation of the same password
hashes. In such a case, an attacker can easily crack the password by performing a dictionary
or brute-force attack. To avoid this, a salted hash is implemented.

A salted hash is used to randomize hashes by prepending or appending a random string (salt)
to the password before hashing. This results in the creation of two completely different
hashes, which can be employed to protect the users’ passwords in the database against the
attacker.

Scenario-based Questions

41. You have a suture from where you receive the following email from the help desk:

Dear YYY,
We are deleting all inactive emails to create space for other new users. If you want to
save your account data, please provide the following details:

First Name and Last Name:


Email ID:
Password:
Date of Birth:
Alternate Email:

Please submit the above detail by the end of the week to avoid any account
termination.

Considering the above scenario, how would you react as a user? Explain briefly.

The above email is an excellent illustration of phishing. Here are the reasons why:

1. A reputed organization will never ask for an employee’s personal information in the mail.
2. In a normal mail, the salutation is not done in a generalized manner. This happens only
in spam emails where the attacker tricks you into ‘biting.’

As a rule of thumb, you should never revert to a sender who demands personal information
and passwords via emails, phone calls, text messages, and instant messages (IMs). You
must not disclose your data to any external party even if the sender works for organizations
such as ITS or UCSC.

Want to learn more about Cyber Security? Enroll in our Cyber Security Course now
and practice essential cyber security interview questions!

42. You get an e-card in your mail from a friend. It asks you to download an attachment
to view the card. What will you do? Justify your answer.

1. Do not download the attachment as it may have malicious viruses, malware, or bugs,
which might corrupt your system.
2. Do not visit any links as it might redirect you to an unintended page.
3. As fake email addresses are common and easy to create, you should not perform any
action like clicking/downloading any links, unless you confirm it with the actual person.
4. Many websites masquerade as a legitimate site to steal sensitive information, so you
should be careful not to fall into the wrong hands.

43. A staff member in a company subscribes to various free magazines. To activate the
subscription, the first magazine asks her for her birth month, the second magazine
asks for her birth year, and the third magazine asks for her maiden name. What do you
deduce from the above situation? Justify your answer.

It is highly likely that the above-mentioned three newsletters are from a parent company,
which are distributed through different channels. It can be used to gather essential pieces of
information that might look safe in the user’s eyes. However, this can be misused to sell
personal information to carry out identity theft. It might further ask the user for the date of birth
for the activation of the fourth newsletter.

In many scenarios, questions that involve personal details are unnecessary, and you should
not provide them to any random person, company, or website unless it is for a legitimate
purpose.

44. To print billing, you have to provide your login credentials in your computing labs.
Recently, people started to get a bill for the print, which was never done by them.
When they called to complain, the bill turned out to be correct. How do you explain the
above situation?

To avoid this situation, you should always sign out of all accounts, close the browser, and quit
the programs when you use a shared or public computer. There are chances that an
illegitimate user can retrieve your authorized data and perform actions on behalf of you
without your knowledge when you keep the accounts in a logged-in state.

45. In our campus computer lab, one of my friends logged into her Yahoo account.
When she left the lab, she made sure that the account was not left open. Later, she
came to realize that someone re-accessed her account from the browser, which she
has used to send emails, by impersonating her. How do you think this happened?
There are two possible scenarios:

1. The attacker can visit the browser’s history to access her account if she hasn’t logged
out.
2. Even if she has logged out but has not cleared the web cache (pages a browser saves
to gain easy and quick access for the future)

46. An employee’s bank account faces an error during a direct deposit. Two different
offices need to work on it to straighten this out. Office #1 contacts Office #2 by email to
send the valid account information for the deposit. The employee now gives the bank
confirmations that the error no longer exists. What is wrong here?

Any sensitive information cannot be shared via email as it can lead to identity theft. This is
because emails are mostly not private and secure. Sharing or sending personal information
along the network is not recommended as the route can be easily tracked.

In such scenarios, the involved parties should call each other and work with ITS as a secure
way of sending the information.

47. You see an unusual activity of the mouse pointer, which starts to move around on
its own and clicks on various things on the desktop. What should you do in this
situation?

A. Call any of the co-workers to seek help


B. Disconnect the mouse
C. Turn your computer off
D. Inform the supervisor
E. Disconnect your computer from the network
F. Run anti-virus
G. Select all the options that apply?

Which options would you choose?

The answer is (D) and (E). This kind of activity is surely suspicious as an unknown authority
seems to have the access to control the computer remotely. In such cases, you should
immediately report it to the respective supervisor. You can keep the computer disconnected
from the network till help arrives.

48. Check out the list of passwords below, which are pulled out from a database:

A. Password1
B. @#$)*&^%
C. UcSc4Evr!
D. akHGksmLN

Choose the passwords that are in line with the UCSC’s password requirements.

The answer is C (UcSc4Evr!). As per the UCSC requirements, a password should be:

1. Minimum of 8 characters in length


2. Having any of the three from these four types of characters: lower case, upper case,
numbers, and special characters.
49. The bank sends you an email, which says it has encountered a problem with your
account. The email is provided with instructions and also a link to log in to the account
so that you can fix it. What do you infer from the above situation? Explain.

It appears to be an unsolicited email. You should report it as spam and move the email to the
trash immediately in the respective web client you use (Yahoo Mail, Gmail, etc.). Before
providing any bank-related credentials online, you should call the bank to check if the
message is legitimate and is from the bank.

50. In your IT company, employees are registering numerous complaints that the
campus computers are delivering Viagra spam. To verify it, you check the reports, and
it turns out to be correct. The computer program is automatically sending tons of spam
emails without the owner’s knowledge. This happened because a hacker had installed
a malicious program into the system. What are the reasons you think might have
caused this incident?

This type of attack happens when the password is hacked. To avoid this, whenever you set a
password, always use a proper standard, i.e., use passwords that are at least 8-character
length and have a combination of upper case/lower case letters, symbols/special characters,
and numbers.

Other scenarios of the above attack could be:

1. Dated antivirus software or the lack of it


2. Dated updates or security patches

Cyber security Theory

https://www.interviewbit.com/cyber-security-interview-questions/

1. What is the main objective of Cyber Security?

The primary goal of cyber security is to protect data. To safeguard data from cyber-attacks,
the security sector offers a triangle of three connected principles. The CIA trio is the name for
this principle. The CIA model is intended to help organizations develop policies for their
information security architecture. One or more of these principles has been broken when a
security breach is discovered. Confidentiality, Integrity, and Availability are the three
components of the CIA model. It's a security paradigm that guides individuals through many
aspects of IT security. Let's take a closer look at each section.

Confidentiality: Confidentiality is the same as privacy in that it prevents unauthorized access


to data. It entails ensuring that the data is only accessible to those who are authorized to use
it, as well as restricting access to others. It keeps vital information from getting into the wrong
hands. Data encryption is a great example of keeping information private.
Integrity: This principle assures that the data is genuine, correct, and safe from unwanted
threat actors or unintentional user alteration. If any changes are made, precautions should be
taken to protect sensitive data from corruption or loss, as well as to quickly recover from such
an incident. Furthermore, it denotes that the source of information must be genuine.
Availability: This principle ensures that information is constantly available and helpful to
those who have access to it. It ensures that system failures or cyber-attacks do not obstruct
these accesses.

12. What do you mean by a Null Session?

A null session occurs when a user is not authorized using either a username or a password. It
can provide a security concern for apps because it implies that the person making the request
is unknown.

Cyber Security Interview Questions for Experienced

23. What do you mean by perimeter-based and data-based protection?

Perimeter-based cybersecurity entails putting security measures in place to safeguard your


company's network from hackers. It examines people attempting to break into your network
and prevents any suspicious intrusion attempts.

The term "data-based protection" refers to the use of security measures on the data itself. It
is unaffected by network connectivity. As a result, you can keep track of and safeguard your
data regardless of where it is stored, who accesses it, or which connection is used to access
it.

28. What do you mean by Network Sniffing?

Sniffing is a technique for evaluating data packets delivered across a network. This can be
accomplished through the use of specialized software or hardware. Sniffing can be used for a
variety of purposes, including:

● Capture confidential information, such as a password.

● Listen in on chat messaging

● Over a network, keep an eye on a data package.

29. Differentiate between Black Box Testing and White Box Testing.

Black Box Testing White Box Testing


It's a type of software testing in which the It is a method of software testing in which the
program's or software's internal structure is tester is familiar with the software's internal
concealed. structure or code.
It is not necessary to have any prior It is not necessary to have prior experience with
experience with implementation. implementation.
On the basis of the requirement This form of software testing begins once the
specifications paper, this testing can begin. detailed design document has been completed.
It takes the least amount of time. It takes the most amount of time.
It is the software's behavior testing. It is the software's logic testing.
It is relevant to higher levels of software
It is relevant to lower levels of software testing.
testing.
32. What do you mean by Domain Name System (DNS) Attack?

DNS hijacking is a sort of cyberattack in which cyber thieves utilize weaknesses in the
Domain Name System to redirect users to malicious websites and steal data from targeted
machines. Because the DNS system is such an important part of the internet infrastructure, it
poses a serious cybersecurity risk.

These can be avoided by the following precautions:-

● Examine the DNS zones in your system.

● Make sure your DNS servers are up to current.

● The BIND version is hidden.

● Transfers between zones should be limited.

● To avoid DNS poisoning attempts, disable DNS recursion.

● Use DNS servers that are separated.

● Make use of a DDOS mitigation service.

33. Differentiate between Stream Cipher and Block Cipher.

The major distinction between a block cypher and a stream cypher is that a block cypher
turns plain text into ciphertext one block at a time. Stream cypher, on the other hand, converts
plain text into ciphertext by taking one byte of plain text at a time.

Block Cipher Stream Cipher


By converting plaintext into ciphertext one block
Stream Cipher takes one byte of plain text at
at a time, Block Cipher converts plain text into
a time and converts it to ciphertext.
ciphertext.
Either 64 bits or more than 64 bits are used in
8 bits are used in stream ciphers.
block ciphers.
The ECB (Electronic Code Book) and CBC CFB (Cipher Feedback) and OFB (Output
(Common Block Cipher) algorithm modes are Feedback) are the two algorithm types utilized
utilized in block cipher (Cipher Block Chaining). in stream cipher (Output Feedback).
The Caesar cipher, polygram substitution Stream cipher uses substitution techniques
cipher, and other transposition algorithms are such as the rail-fence technique, columnar
used in the block cipher. transposition technique, and others.
When compared to stream cipher, a block When compared to a block cipher, a stream
cipher is slower. cipher is slower.

34. Differentiate between spear phishing and phishing?

Spear phishing is a type of phishing assault that targets a small number of high-value targets,
usually just one. Phishing usually entails sending a bulk email or message to a big group of
people. It implies that spear-phishing will be much more personalized and perhaps more well-
researched (for the individual), whereas phishing will be more like a real fishing trip where
whoever eats the hook is caught.

35. What do you mean by ARP poisoning?


Address Resolution Protocol Poisoning is a sort of cyber-attack that uses a network
device to convert IP addresses to physical addresses. On the network, the host sends an
ARP broadcast, and the receiver machine responds with its physical address.
It is the practice of sending bogus addresses to a switch so that it can associate them with the
IP address of a legitimate machine on the network and hijack traffic.

37. What is the difference between virus and worm?

A virus is a piece of harmful executable code that is attached to another executable file and
can modify or erase data. When a virus-infected computer application executes, it takes
action such as removing a file from the computer system. Viruses can't be managed from
afar.
Worms are comparable to viruses in that they do not alter the program. It continues to multiply
itself, causing the computer system to slow down. Worms can be manipulated with remote
control. Worms' primary goal is to consume system resources.

38. What form of cookie might be used in a spyware attack?

A tracking cookie, instead of a session cookie, would be used in a spyware attack because it
would last through multiple sessions rather than just one.

39. How do you decide the placement of the encryption function?

We must decide what to encrypt and where the encryption mechanism should be situated if
encryption is to be used to counter attacks on confidentiality. Link and end-to-end encryption
are the two main ways of encryption placement.
End-to-end encryption, or E2EE, is a secure data transfer system in which data is encrypted
and decrypted only at the endpoints, regardless of how many points it passes through in the
middle of its virtual journey. This sort of encryption is an excellent technique to communicate
in a secure and confidential manner. Because no one else has the key to decode it, no one in
the middle will be able to read it.
The primary difference between link encryption and end-to-end encryption is that link
encryption encrypts and decrypts all traffic at all points, not just at the endpoints. All data is
encrypted as it travels along the communication line with this approach. When it reaches a
router or another intermediary device, however, it is decrypted so that the intermediator can
determine which direction to send it next.

40. What are Polymorphic viruses?

Polymorphic viruses are sophisticated file infectors that may build changed versions of
themselves in order to avoid detection while maintaining the same fundamental behaviors
after each infection. Polymorphic viruses encrypt their programming and employ various
encryption keys each time to alter their physical file makeup throughout each infection.
Mutation engines are used by polymorphic viruses to change their decryption routines every
time they infect a machine. Because typical security solutions do not use a static, unchanging
code, traditional security solutions may miss them. They are considerably more difficult to
detect because they use complicated mutation engines that generate billions of decryption
routines.

42. What do you mean by Forward Secrecy and how does it work?

Forward secrecy is a property of certain key agreement protocols that ensures that the
session keys will not be exposed if the server's private key is exposed. Perfect forward
secrecy is another name for it (PFS).
The "Diffie–Hellman key exchange" algorithm is used to accomplish this.

https://www.guru99.com/cyber-security-interview-questions.html

1) What is cybersecurity?

Cybersecurity refers to the protection of hardware, software, and data from attackers. The
primary purpose of cyber security is to protect against cyberattacks like accessing, changing,
or destroying sensitive information.

2) What are the elements of cybersecurity?

Major elements of cybersecurity are:

● Information security
● Network security

● Operational security

● Application security

● End-user education

● Business continuity planning

3) What are the advantages of cyber security?

Benefits of cyber security are as follows:

● It protects the business against ransomware, malware, social engineering, and


phishing.
● It protects end-users.

● It gives good protection for both data as well as networks.

● Increase recovery time after a breach.

● Cybersecurity prevents unauthorized users.

4) Define Cryptography.
It is a technique used to protect information from third parties called adversaries.
Cryptography allows the sender and recipient of a message to read its details.

5) Differentiate between IDS and IPS.

Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful while
preventing the intrusion. In the Intrusion Prevention System (IPS), the system finds the
intrusion and prevent it.

6) What is CIA?

Confidentiality, Integrity, and Availability (CIA) is a popular model which is designed to


develop a security policy. CIA model consists of three concepts:

● Confidentiality: Ensure the sensitive data is accessed only by an authorized user.

● Integrity: Integrity means the information is in the right format.

● Availability: Ensure the data and resources are available for users who need them.

7) What is a Firewall?

It is a security system designed for the network. A firewall is set on the boundaries of any
system or network which monitors and controls network traffic. Firewalls are mostly used to
protect the system or network from malware, worms, and viruses. Firewalls can also prevent
content filtering and remote access.

8) Explain Traceroute
It is a tool that shows the packet path. It lists all the points that the packet passes through.
Traceroute is used mostly when the packet does not reach the destination. Traceroute is used
to check where the connection breaks or stops or to identify the failure.

9) Differentiate between HIDS and NIDS.

Parameter HIDS NIDS


Usage HIDS is used to detect the intrusions. NIDS is used for the ne
What does it do? It monitors suspicious system activities and traffic of a specific device. It monitors the traffic of

10) Explain SSL


SSL stands for Secure Sockets Layer. It is a technology creating encrypted connections
between a web server and a web browser. It is used to protect the information in online
transactions and digital payments to maintain data privacy.

11) What do you mean by data leakage?

Data leakage is an unauthorized transfer of data to the outside world. Data leakage occurs via
email, optical media, laptops, and USB keys.

12) Explain the brute force attack. How to prevent it?

It is a trial-and-error method to find out the right password or PIN. Hackers repetitively try all
the combinations of credentials. In many cases, brute force attacks are automated where the
software automatically works to login with credentials. There are ways to prevent Brute Force
attacks. They are:

● Setting password length.

● Increase password complexity.

● Set limit on login failures.

13) What is port scanning?


It is the technique for identifying open ports and service available on a specific host. Hackers
use port scanning technique to find information for malicious purposes.

14) Name the different layers of the OSI model.

Seven different layers of OSI models are as follows:

1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer

15) What is a VPN?

VPN stands for Virtual Private Network. It is a network connection method for creating an
encrypted and safe connection. This method protects data from interference, snooping,
censorship.

16) What are black hat hackers?

Black hat hackers are people who have a good knowledge of breaching network security.
These hackers can generate malware for personal financial gain or other malicious reasons.
They break into a secure network to modify, steal, or destroy data so that the network can not
be used by authorized network users.

17) What are white hat hackers?

White hat hackers or security specialist are specialized in penetration testing. They protect
the information system of an organization.

18) What are grey hat hackers?

Grey hat hackers are computer hacker who sometimes violate ethical standards, but they do
not have malicious intent.

19) How to reset a password-protected BIOS configuration?

There are various ways to reset BIOS password. Some of them are as follows:

● Remove CMOS battery.

● By utilizing the software.

● By utilizing a motherboard jumper.

● By utilizing MS-DOS.

20) What is MITM attack?


A MITM or Man-in-the-Middle is a type of attack where an attacker intercepts communication
between two persons. The main intention of MITM is to access confidential information.
21) Define ARP and its working process.

It is a protocol used for finding MAC address associated with IPv4 address. This protocol
work as an interface between the OSI network and OSI link layer.

22) Explain botnet.

It’s a number of internet-connected devices like servers, mobile devices, IoT devices, and
PCs that are infected and controlled by malware.

23) What is the main difference between SSL and TLS?

The main difference between these two is that SSL verifies the identity of the sender. SSL
helps you to track the person you are communicating to. TLS offers a secure channel
between two clients.

24) What is the abbreviation of CSRF?

CSRF stands for Cross-Site Request Forgery.

25) What is 2FA? How to implement it for a public website?

TFA stands for Two Factor Authentication. It is a security process to identify the person who
is accessing an online account. The user is granted access only after presenting evidence to
the authentication device.

26) Explain the difference between asymmetric and symmetric encryption.

Symmetric encryption requires the same key for encryption and decryption. On the other
hand, asymmetric encryption needs different keys for encryption and decryption.

27) What is the full form of XSS?

XSS stands for cross-site scripting.

28) Explain WAF

WAF stands for Web Application Firewall. WAF is used to protect the application by filtering
and monitoring incoming and outgoing traffic between web application and the internet.

29) What is hacking?


Hacking is a process of finding weakness in computer or private networks to exploit its
weaknesses and gain access.

For example, using password cracking technique to gain access to a system.

30) Who are hackers?

A Hacker is a person who finds and exploits the weakness in computer systems,
smartphones, tablets, or networks to gain access. Hackers are well experienced computer
programmers with knowledge of computer security.

31) What is network sniffing?


Network sniffing is a tool used for analyzing data packets sent over a network. This can be
done by the specialized software program or hardware equipment. Sniffing can be used to:

● Capture sensitive data such as password.

● Eavesdrop on chat messages

● Monitor data package over a network

32) What is the importance of DNS monitoring?

Yong domains are easily infected with malicious software. You need to use DNS monitoring
tools to identify malware.

33) Define the process of salting. What is the use of salting?

Salting is that process to extend the length of passwords by using special characters. To use
salting, it is very important to know the entire mechanism of salting. The use of salting is to
safeguard passwords. It also prevents attackers testing known words across the system.

For example, Hash(“QxLUF1bgIAdeQX”) is added to each and every password to protect


your password. It is called as salt.

34) What is SSH?

SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system
administrators secure way to access the data on a network.

35) Is SSL protocol enough for network security?

SSL verifies the sender’s identity, but it does not provide security once the data is transferred
to the server. It is good to use server-side encryption and hashing to protect the server
against a data breach.

36) What is black box testing and white box testing?

● Black box testing: It is a software testing method in which the internal structure or
program code is hidden.
● White box testing: A software testing method in which internal structure or program is
known by tester.

37) Explain vulnerabilities in network security.

Vulnerabilities refer to the weak point in software code which can be exploited by a threat
actor. They are most commonly found in an application like SaaS (Software as a service)
software.

38) Explain TCP Three-way handshake.

It is a process used in a network to make a connection between a local host and server. This
method requires the client and server to negotiate synchronization and acknowledgment
packets before starting communication.

39) Define the term residual risk. What are three ways to deal with risk?
It is a threat that balances risk exposure after finding and eliminating threats.

Three ways to deal with risk are:

1. Reduce it
2. Avoid it
3. Accept it.

40) Define Exfiltration.

Data exfiltration refers to the unauthorized transfer of data from a computer system. This
transmission may be manual and carried out by anyone having physical access to a
computer.

41) What is exploit in network security?


An exploit is a method utilized by hackers to access data in an unauthorized way. It is
incorporated into malware.

42) What do you mean by penetration testing?

It is the process of checking exploitable vulnerabilities on the target. In web security, it is used
to augment the web application firewall.

43) List out some of the common cyber-attack.

Following are the common cyber-attacks which can be used by hackers to damage network:

● Malware

● Phishing

● Password attacks

● DDoS

● Man in the middle

● Drive-by downloads

● Malvertising

● Rogue software

44) How to make the user authentication process more secure?

In order to authenticate users, they have to provide their identity. The ID and Key can be used
to confirm the user’s identity. This is an ideal way how the system should authorize the user.

45) Explain the concept of cross-site scripting.

Cross-site scripting refers to a network security vulnerability in which malicious scripts are
injected into websites. This attack occurs when attackers allow an untrusted source to inject
code into a web application.

46) Name the protocol that broadcast the information across all the devices.
Internet Group Management Protocol or IGMP is a communication protocol that is used in
game or video streaming. It facilitates routers and other communication devices to send
packets.

47) How to protect email messages?

Use cipher algorithm to protect email, credit card information, and corporate data.

48) What are the risks associated with public Wi-Fi?

Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sniffing, war-
driving, brute force attack, etc.

Public Wi-Fi may identify data that is passed through a network device like emails, browsing
history, passwords, and credit card data.

49) What is Data Encryption? Why it is important in network security?

Data encryption is a technique in which the sender converts the message into a code. It
allows only authorized user to gain access.

50) Explain the main difference between Diffie-Hellman and RSA.

Diffie-Hellman is a protocol used while exchanging key between two parties while RSA is an
algorithm that works on the basis two keys called private and public key.

51) What is a remote desktop protocol?

Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect
two devices over a network.

The user uses RDP client software to serve this purpose while other device must run RDP
server software. This protocol is specifically designed for remote management and to access
virtual PCs, applications, and terminal server.

52) Define Forward Secrecy.

Forward Secrecy is a security measure that ensures the integrity of unique session key in
event that long term key is compromised.

53) Explain the concept of IV in encryption.

IV stands for the initial vector is an arbitrary number that is used to ensures that identical text
encrypted to different ciphertexts. Encryption program uses this number only once per
session.

54) Explain the difference between stream cipher and block cipher.

Parameter Stream Cipher Block Cipher


How does it work? Stream cipher operates on small plaintext units Block cipher works on large
Code requirement It requires less code. It requires more code.
Usage of key Key is used only once. Reuse of key is possible.
Application Secure Socket layer. File encryption and database
Usage Stream cipher is used to implement hardware. Block cipher is used to imple
55) Give some examples of a symmetric encryption algorithm.
Following are some examples of symmetric encryption algorithm.

● RCx

● Blowfish

● Rijndael (AES)

● DES

56) What is the abbreviation of ECB and CBC?

The full form of ECB is Electronic Codebook, and the full form of CBC is Cipher Block
Chaining.

57) Explain a buffer overflow attack.

Buffer overflow attack is an attack that takes advantage of a process that attempts to write
more data to a fixed-length memory block.

58) Define Spyware.

Spyware is a malware that aims to steal data about the organization or person. This malware
can damage the organization’s computer system.

59) What is impersonation?

It is a mechanism of assigning the user account to an unknown user.

60) What do you mean by SRM?

SRM stands for Security Reference Monitor provides routines for computer drivers to grant
access rights to object.

61) What is a computer virus?

A virus is a malicious software that is executed without the user’s consent. Viruses can
consume computer resources, such as CPU time and memory. Sometimes, the virus makes
changes in other computer programs and insert its own code to harm the computer system.

A computer virus may be used to:

● Access private data like user id and passwords

● Display annoying messages to the user

● Corrupt data in your computer

● Log the user’s keystrokes

62) What do you mean by Authenticode?

Authenticode is a technology that identifies the publisher of Authenticode sign software. It


allows users to ensure that the software is genuine and not contain any malicious program.

63) Define CryptoAPI


CryptoAPI is a collection of encryption APIs which allows developers to create a project on a
secure network.

64) Explain steps to secure web server.

Follow the following steps to secure your web server:

● Update ownership of file.

● Keep your webserver updated.

● Disable extra modules in the webserver.

● Delete default scripts.

65) What is Microsoft Baseline Security Analyzer?

Microsoft Baseline Security Analyzer or MBSA is a graphical and command-line interface that
provides a method to find missing security updates and misconfigurations.

66) What is Ethical hacking?

Ethical hacking is a method to improve the security of a network. In this method, hackers fix
vulnerabilities and weakness of computer or network. Ethical hackers use software tools to
secure the system.

67) Explain social engineering and its attacks.

Social engineering is the term used to convince people to reveal confidential information.

There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-
based, and 3) Computer-based.

● Human-based attack: They may pretend like a genuine user who requests higher
authority to reveal private and confidential information of the organization.
● Computer-based attack: In this attack, attackers send fake emails to harm the
computer. They ask people to forward such email.
● Mobile-based attack: Attacker may send SMS to others and collect important
information. If any user downloads a malicious app, then it can be misused to access
authentication information.

68) What is IP and MAC Addresses?

IP Address is the acronym for Internet Protocol address. An internet protocol address is used
to uniquely identify a computer or device such as printers, storage disks on a computer
network.

MAC Address is the acronym for Media Access Control address. MAC addresses are used to
uniquely identify network interfaces for communication at the physical layer of the network.

69) What do you mean by a worm?

A Worm is a type of malware which replicates from one computer to another.


70) State the difference between virus and worm

Parameter Virus Worm


How they infect a computer? It inserts malicious code into a specific file or program. Generate it’s copy and sp
Dependency Virus need a host program to work They do not require any h
Linked with files It is linked with .com, .xls, .exe, .doc, etc. It is linked with any file on
Affecting speed It is slower than worm. It faster compared to a vi
71) Name some tools used for packet sniffing.

Following are some tools used for packet sniffing.

● Tcpdump

● Kismet

● Wireshark

● NetworkMiner

● Dsniff

72) Explain anti-virus sensor systems

Antivirus is software tool that is used to identify, prevent, or remove the viruses present in the
computer. They perform system checks and increase the security of the computer regularly.

73) List out the types of sniffing attacks.

Various types of sniffing attacks are:

● Protocol Sniffing

● Web password sniffing

● Application-level sniffing

● TCP Session stealing

● LAN Sniffing

● ARP Sniffing

74) What is a distributed denial-of-service attack (DDoS)?

It is an attack in which multiple computers attack website, server, or any network resource.

75) Explain the concept of session hijacking.

TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most
common method of session hijacking. In this method, attackers use IP packets to insert a
command between two nodes of the network.

76) List out various methods of session hijacking.

Various methods of session hijacking are:


● Using packet Sniffers

● Cross-Site Scripting (XSS Attack)

● IP Spoofing

● Blind Attack

77) What are Hacking Tools?

Hacking Tools are computer programs and scripts that help you find and exploit weaknesses
in computer systems, web applications, servers, and networks. There are varieties of such
tools available on the market. Some of them are open source, while others are a commercial
solution.

78) Explain honeypot and its Types.

Honeypot is a decoy computer system which records all the transactions, interactions, and
actions with users.

Honeypot is classified into two categories: 1) Production honeypot and 2) Research honeypot.

● Production honeypot: It is designed to capture real information for the administrator to


access vulnerabilities. They are generally placed inside production networks to
increase their security.
● Research Honeypot: It is used by educational institutions and organizations for the
sole purpose of researching the motives and tactics of the back-hat community for
targeting different networks.

79) Name common encryption tools.

Tools available for encryptions are as follows:

● RSA

● Twofish

● AES

● Triple DES

80) What is Backdoor?

It is a malware type in which security mechanism is bypassed to access a system.

81) Is it right to send login credentials through email?

It is not right to send login credentials through email because if you send someone userid and
password in the mail, chances of email attacks are high.

82) Explain the 80/20 rule of networking?

This rule is based on the percentage of network traffic, in which 80% of all network traffic
should remain local while the rest of the traffic should be routed towards a permanent VPN.
83) Define WEP cracking.

It is a method used for a security breach in wireless networks. There are two types of WEP
cracking: 1) Active cracking and 2) Passive cracking.

84) What are various WEP cracking tools?

Well known WEP cracking tools are:

● Aircrack

● WebDecrypt

● Kismet

● WEPCrack

85) What is a security auditing?

Security auditing is an internal inspection of applications and operating systems for security
flaws. An audit can also be done via line by line inspection of code.

86) Explain phishing.

It is a technique used to obtain a username, password, and credit card details from other
users.

87) What is Nano-scale encryption?

Nano encryption is a research area which provides robust security to computers and prevents
them from hacking.

88) Define Security Testing?

Security Testing is defined as a type of Software Testing that ensures software systems and
applications are free from any vulnerabilities, threats, risks that may cause a big loss.

89) Explain Security Scanning.

Security scanning involves identifying network and system weaknesses and later provides
solutions for reducing these risks. This scanning can be performed for both Manual as well as
Automated scanning.

90) Name the available hacking tools.

Following is a list of useful hacking tools.

● Acunetix

● WebInspect

● Probably

● Netsparker

● Angry IP scanner:
● Burp Suite

● Savvius

91) What is the importance of penetration testing in an enterprise?

Here are two common application of Penetration testing.

● Financial sectors like stock trading exchanges, investment banking, want their data to
be secured, and penetration testing is essential to ensure security.
● In case if the software system is already hacked and the organization would like to
determine whether any threats are still present in the system to avoid future hacks.

92) What are the disadvantages of penetration testing?

Disadvantages of penetration testing are:

● Penetration testing cannot find all vulnerabilities in the system.

● There are limitations of time, budget, scope, skills of penetration testers.

● Data loss and corruption

● Down Time is high which increase costs

93) Explain security threat

Security threat is defined as a risk which can steal confidential data and harm computer
systems as well as organization.

94) What are physical threats?

A physical threat is a potential cause of an incident that may result in loss or physical damage
to the computer systems.

95) Give examples of non-physical threats

Following are some examples of non-physical threat:

● Loss of sensitive information

● Loss or corruption of system data

● Cyber security Breaches

● Disrupt business operations that rely on computer systems

● Illegal monitoring of activities on computer systems

96) What is Trojan virus?

Trojan is a malware employed by hackers and cyber-thieves to gain access to any computer.
Here attackers use social engineering techniques to execute the trojan on the system.

97) Define SQL Injection


It is an attack that poisons malicious SQL statements to database. It helps you to take benefit
of the design flaws in poorly designed web applications to exploit SQL statements to execute
malicious SQL code. In many situations, an attacker can escalate SQL injection attack in
order to perform other attack, i.e. denial-of-service attack.

98) List security vulnerabilities as per Open Web Application Security Project
(OWASP).

Security vulnerabilities as per open web application security project are as follows:

● SQL Injection

● Cross-site request forgery

● Insecure cryptographic storage

● Broken authentication and session management

● Insufficient transport layer protection

● Unvalidated redirects and forwards

● Failure to restrict URL access

99) Define an access token.

An access token is a credential which is used by the system to check whether the API should
be granted to a particular object or not.

100) Explain ARP Poisoning

ARP (Address Resolution Protocol) Poisoning is a type of cyber-attack which is used to


convert IP address to physical addresses on a network device. The host sends an ARP
broadcast on the network, and the recipient computer responds back with its physical
address.

ARP poisoning is sending fake addresses to the switch so that it can associate the fake
addresses with the IP address of a genuine computer on a network and hijack the traffic.

101) Name common types of non-physical threats.

Following are various types of non-physical threats:

● Trojans

● Adware

● Worms

● Spyware

● Denial of Service Attacks

● Distributed Denial of Service Attacks

● Virus

● Key loggers
● Unauthorized access to computer systems resources

● Phishing

102) Explain the sequence of a TCP connection.

The sequence of a TCP connection is SYN-SYN ACK-ACK.

103) Define hybrid attacks.

Hybrid attack is a blend of dictionary method and brute force attack. This attack is used to
crack passwords by making a change of a dictionary word with symbols and numbers.

104) What is Nmap?

Nmap is a tool which is used for finding networks and in security auditing.

105) What is the use of EtterPeak tool?

EtterPeak is a network analysis tool that is used for sniffing packets of network traffic.

106) What are the types of cyber-attacks?

There are two types of cyberattacks: 1) Web-based attacks, 2) System based attacks.

107) List out web-based attacks

Some web-based attacks are: 1) SQL Injection attacks, 2) Phishing, 3) Brute Force, 4) DNS
Spoofing, 4) Denial of Service, and 5) Dictionary attacks.

108) Give examples of System-based attacks

Examples of system-based attacks are:

● Virus

● Backdoors

● Bots

● Worm

109) List out the types of cyber attackers

There are four types of cyber attackers. They are: 1) cybercriminals, 2) hacktivists, 3) insider
threats, 4) state-sponsored attackers.

110) Define accidental threats

They are threats that are accidently done by organization employees. In these threats, an
employee unintentionally deletes any file or share confidential data with outsiders or a
business partner going beyond the policy of the company.

You might also like