VAPT Questions
VAPT Questions
VAPT Questions
https://www.edureka.co/blog/interview-questions/cybersecurity-interview-questions/
1. What is Cryptography?
Basis of
Symmetric Encryption Asymmetric Encryption
Comparison
Same key for encryption & Different keys for encryption &
Encryption key
decryption decryption
Encryption is fast but more Encryption is slow due to high
Performance
vulnerable computation
Algorithms DES, 3DES, AES and RC4 Diffie-Hellman, RSA
Often used for securely exchanging
Purpose Used for bulk data transmission
secret keys
CIA stands for Confidentiality, Integrity, and Availability. CIA is a model that is designed to
guide policies for Information Security. It is one of the most popular models used by
organizations.
Confidentiality
The information should be accessible and readable only to authorized personnel. It should not
be accessible by unauthorized personnel. The information should be strongly encrypted just
in case someone uses hacking to access the data so that even if the data is accessed, it is
not readable or understandable.
Integrity
Making sure the data has not been modified by an unauthorized entity. Integrity ensures that
data is not corrupted or modified by unauthorized personnel. If an authorized
individual/system is trying to modify the data and the modification wasn’t successful, then the
data should be reversed back and should not be corrupted.
Availability
The data should be available to the user whenever the user requires it. Maintaining Hardware,
upgrading regularly, Data Backups and Recovery, Network Bottlenecks should be taken care
of.
A Firewall is a network security system set on the boundaries of the system/network that
monitors and controls network traffic. Firewalls are mainly used to protect the system/network
from viruses, worms, malware, etc. Firewalls can also be used to prevent remote access and
content filtering.
Vulnerability Assessment is the process of finding flaws on the target. Here, the
organization knows that their system/network has flaws or weaknesses and want to find these
flaws and prioritize the flaws for fixing.
Penetration Testing is the process of finding vulnerabilities on the target. In this case, the
organization would have set up all the security measures they could think of and would want
to test if there is any other way that their system/network can be hacked.
1. The client sends a SYN(Synchronize) packet to the server check if the server is up or
has open ports
2. The server sends SYN-ACK packet to the client if it has open ports
3. The client acknowledges this and sends an ACK(Acknowledgment) packet back to
the server
9. What are the response codes that can be received from a Web Application?
Traceroute is a tool that shows the path of a packet. It lists all the points (mainly routers) that
the packet passes through. This is used mostly when the packet is not reaching its
destination. Traceroute is used to check where the connection stops or breaks to identify the
point of failure.
HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for
the same purpose i.e., to detect the intrusions. The only difference is that the HIDS is set up
on a particular host/device. It monitors the traffic of a particular device and suspicious system
activities. On the other hand, NIDS is set up on a network. It monitors traffic of all device of
the network.
Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and
decryption to protect data from unauthorized interception.
Step 1: Make sure you have a secure password for your root and administrator users
Step 2: The next thing you need to do is make new users on your system. These will be the
users you use to manage the system
Step 4: The next step is to configure your firewall rules for remote access
Data Leakage can be prevented by using tools, software, and strategies known as DLP(Data
Leakage Prevention) Tools.
16. What are some of the common Cyberattacks?
Following are some common cyber attacks that could adversely affect your system.
1. Malware
2. Phishing
3. Password Attacks
4. DDoS
5. Man in the Middle
6. Drive-By Downloads
7. Malvertising
8. Rogue Software
17. What is a Brute Force Attack? How can you prevent it?
Brute Force is a way of finding out the right credentials by repetitively trying all the
permutations and combinations of possible credentials. In most cases, brute force attacks
are automated where the tool/software automatically tries to login with a list of credentials.
There are various ways to prevent Brute Force attacks. Some of them are:
● Password Length: You can set a minimum length for password. The lengthier the
password, the harder it is to find.
● Password Complexity: Including different formats of characters in the password
makes brute force attacks harder. Using alpha-numeric passwords along with special
characters, and upper and lower case characters increase the password complexity
making it difficult to be cracked.
● Limiting Login Attempts: Set a limit on login failures. For example, you can set the
limit on login failures as 3. So, when there are 3 consecutive login failures, restrict the
user from logging in for some time, or send an Email or OTP to use to log in the next
time. Because brute force is an automated process, limiting login attempts will break
the brute force process.
Port Scanning is the technique used to identify open ports and service available on a
host. Hackers use port scanning to find information that can be helpful to exploit
vulnerabilities. Administrators use Port Scanning to verify the security policies of the
network. Some of the common Port Scanning Techniques are:
1. Ping Scan
2. TCP Half-Open
3. TCP Connect
4. UDP
5. Stealth Scanning
An OSI model is a reference model for how applications communicate over a network. The
purpose of an OSI reference is to guide vendors and developers so the digital communication
products and software programs can interoperate.
Following are the OSI layers:
Physical Layer: Responsible for transmission of digital data from sender to receiver through
the communication media,
Data Link Layer: Handles the movement of data to and from the physical link. It is also
responsible for encoding and decoding of data bits.
Network Layer: Responsible for packet forwarding and providing routing paths for network
communication.
Transport Layer: Responsible for end-to-end communication over the network. It splits the
data from the above layer and passes it to the Network Layer and then ensures that all the
data has successfully reached at the receiver’s end.
Session Layer: Controls connection between the sender and the receiver. It is responsible
for starting, ending, and managing the session and establishing, maintaining and
synchronizing interaction between the sender and the receiver.
Presentation Layer: It deals with presenting the data in a proper format and data structure
instead of sending raw datagrams or packets.
Application Layer: It provides an interface between the application and the network. It
focuses on process-to-process communication and provides a communication interface.
VPN stands for Virtual Private Network. It is used to create a safe and encrypted
connection. When you use a VPN, the data from the client is sent to a point in the VPN where
it is encrypted and then sent through the internet to another point. At this point, the data is
decrypted and sent to the server. When the server sends a response, the response is sent to
a point in the VPN where it is encrypted and this encrypted data is sent to another point in the
VPN where it is decrypted. And finally, the decrypted data is sent to the client. The whole
point of using a VPN is to ensure encrypted data transfer.
21. What do you understand by Risk, Vulnerability & Threat in a network?
23. What are black hat, white hat and grey hat hackers?
Black hat hackers are known for having vast knowledge about breaking into computer
networks. They can write malware which can be used to gain access to these systems. This
type of hackers misuse their skills to steal information or use the hacked system for malicious
purpose.
White hat hackers use their powers for good deeds and so they are also called Ethical
Hackers. These are mostly hired by companies as a security specialist that attempts to find
and fix vulnerabilities and security holes in the systems. They use their skills to help make the
security better.
Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look for
system vulnerabilities without the owner’s permission. If they find any vulnerabilities, they
report it to the owner. Unlike Black hat hackers, they do not exploit the vulnerabilities found.
Since BIOS is a pre-boot system it has its own storage mechanism for settings and
preferences. A simple way to reset is by popping out the CMOS battery so that the memory
storing the settings lose its power supply and as a result, it will lose its setting.
● Use VPN
● Force HTTPS
1. Flooding attacks: In this type, the hacker sends a huge amount of traffic to the
server which the server can not handle. And hence, the server stops functioning. This
type of attack is usually executed by using automated programs that continuously
send packets to the server.
2. Crash attacks: In this type, the hackers exploit a bug on the server resulting in the
system to crash and hence the server is not able to provide service to the clients.
When an incoming packet destined for a host machine on a particular local area network
arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC
address that matches the IP address.
The ARP program looks in the ARP cache and, if it finds the address, provides it so that the
packet can be converted to the right packet length and format and sent to the machine.
If no entry is found for the IP address, ARP broadcasts a request packet in a special format to
all the machines on the LAN to see if one machine knows that it has that IP address
associated with it.
Restricting the users from accessing a set of services within the local area network is called
port blocking.
Stopping the source to not to access the destination node via ports. As the application works
on the ports, so ports are blocked to restricts the access filling up the security holes in the
network infrastructure.
A Botnet is a number of devices connected to the internet where each device has one or
more bots running on it. The bots on the devices are malicious scripts used to hack a victim.
Botnets can be used to steal data, send spams and execute a DDOS attack.
Salt is a random data. When a properly protected password system receives a new
password, it creates a hash value of that password, a random salt value, and then the
combined value is stored in its database. This helps to defend against dictionary attacks and
known hash attacks.
Example: If someone uses the same password on two different systems and they are being
used using the same hashing algorithm, the hash value would be same, however, if even one
of the system uses salt with the hashes, the value will be different.
SSL (Secure Sockets Layer) is meant to verify the sender’s identity but it doesn’t search for
anything more than that. SSL can help you track the person you are talking to but that can
also be tricked at times.
TLS (Transport Layer Security) is also an identification tool just like SSL, but it offers better
security features. It provides additional protection to the data and hence SSL and TLS are
often used together for better protection.
36. What is 2FA and how can it be implemented for public websites?
Requires not only a password and username but also something that only, and only, that user
has on them, i.e. a piece of information only they should know or have immediately to hand –
such as a physical token.
Authenticator apps replace the need to obtain a verification code via text, voice call or email.
Self-learning security systems use data mining, pattern recognition, and natural language
processing to simulate the human brain, albeit in a high-powered computer model.
VPN VLAN
Helps to group workstations that are
Related to remote access to the network of a
not within the same locations into the
company
same broadcast domain
Means to logically segregate networks
Used to connect two points in a secured and
without physically segregating them
encrypted tunnel
with various switches
Does not involve any encryption technique but it is
Saves the data from prying eyes while
only used to slice up your logical network into
in transit and no one on the net can
different sections for the purpose of management
capture the packets and read the data
and security
● Use Firewalls
SQL Injection (SQLi) is a code injection attack where an attacker manipulates the data being
sent to the server to execute malicious SQL statements to control a web application’s
database server, thereby accessing, modifying and deleting unauthorized data. This attack is
mainly used to take over database servers.
You can prevent SQL Injection attacks by using the following practices:
1. Here’s a situation- You receive the following email from the help desk:
To create space for more users we’re deleting all inactive email accounts. Here’s what you
have to send to save your account from getting deleted:
● Email Login:
● Password:
● Date of birth:
● Alternate email
If we don’t receive the above information from you by the end of the week, your email account
will be terminated.
This email is a classic example of “phishing” – trying to trick you into “biting”. The
justification is the generalized way of addressing the receiver which is used in mass spam
emails.
Above that, a corporate company will never ask for personal details on mail.
They want your information. Don’t respond to email, instant messages (IM), texts, phone
calls, etc., asking you for your password or other private information.
You should never disclose your password to anyone, even if they say they work for UCSC,
ITS, or other campus organizations.
2. A friend of yours sends an e-card to your mail. You have to click on the attachment
to get the card.
● Some attachments contain viruses or other malicious programs, so just in general, it’s
risky to open unknown or unsolicited attachments.
● Also, in some cases just clicking on a malicious link can infect a computer, so unless
you are sure a link is safe, don’t click on it.
● Email addresses can be faked, so just because the email says it is from someone you
know, you can’t be certain of this without checking with the person.
● Finally, some websites and links look legitimate, but they’re really hoaxes designed to
steal your information.
3. One of the staff members in XYZ subscribes to many free magazines. Now, to
activate her subscriptions one of the magazines asked for her month of birth, second
asked for her year of birth, the other one asked for her maiden name.
All three newsletters probably have the same parent company or are distributed through the
same service. The parent company or service can combine individual pieces of seemingly-
harmless information and use or sell it for identity theft
It is even possible that there is a fourth newsletter that asks for a day of birth as one of the
activation questions
Often questions about personal information are optional. In addition to being suspicious about
situations like the one described here, never provide personal information when it is not
legitimately necessary, or to people or companies, you don’t personally know.
4. In our computing labs, print billing is often tied to the user’s login. Sometimes
people call to complain about bills for printing they never did only to find out that the
bills are, indeed, correct.
Sometimes they realize they loaned their account to a friend who couldn’t remember his/her
password, and the friend did the printing. Thus the charges. It’s also possible that somebody
came in behind them and used their account
This is an issue with shared or public computers in general. If you don’t log out of the
computer properly when you leave, someone else can come in behind you and retrieve what
you were doing, use your accounts, etc. Always log out of all accounts, quit programs, and
close browser windows before you walk away.
5. There is this case that happened in my computer lab. A friend of mine used their
yahoo account at a computer lab on campus. She ensured that her account was not
left open before she left the lab. Someone came after her and used the same browser
to re-access her account. and they started sending emails from it.
The first person probably didn’t log out of her account, so the new person could just go to
history and access her account.
Another possibility is that she did log out, but didn’t clear her web cache. (This is done
through the browser menu to clear pages that the browser has saved for future use.)
Office #1 emails the correct account and deposit information to office #2, which promptly fixes
the problem.
The employee confirms with the bank that everything has, indeed, been straightened out.
Account and deposit information is sensitive data that could be used for identity theft. Sending
this or any kind of sensitive information by email is very risky because email is typically not
private or secure. Anyone who knows how can access it anywhere along its route.
As an alternative, the two offices could have called each other or worked with ITS to send the
information a more secure way.
7. The mouse on your computer screen starts to move around on its own and click on
things on your desktop. What do you do?
f) Run anti-virus
This is definitely suspicious. Immediately report the problem to your supervisor and the ITS
Support Center: itrequest.ucsc.edu, 459-HELP (4357), [email protected] or Kerr Hall room 54,
M-F 8AM-5PM
Also, since it seems possible that someone is controlling the computer remotely, it is best if
you can disconnect the computer from the network (and turn off wireless if you have it) until
help arrives. If possible, don’t turn off the computer.
A. @#$)*&^%
B. akHGksmLN
C.UcSc4Evr!
D.Password1
Answer is UcSc4Evr!
This is the only choice that meets all of the following UCSC requirements:
Contains at least 3 of the following 4 types of characters: lower case letters, upper case
letters, numbers, special characters
9. You receive an email from your bank telling you there is a problem with your
account. The email provides instructions and a link so you can log into your account
and fix the problem.
Delete the email. Better yet, use the web client (e.g. gmail, yahoo mail, etc.) and report it as
spam or phishing, then delete it.
Any unsolicited email or phone call asking you to enter your account information, disclose
your password, financial account information, social security number, or other personal or
private information is suspicious – even if it appears to be from a company you are familiar
with. Always contact the sender using a method you know is legitimate to verify that the
message is from them.
10. A while back, the IT folks got a number of complaints that one of our campus
computers was sending out Viagra spam. They checked it out, and the reports were
true: a hacker had installed a program on the computer that made it automatically send
out tons of spam email without the computer owner’s knowledge.
How do you think the hacker got into the computer to set this up?
This was actually the result of a hacked password. Using passwords that can’t be easily
guessed, and protecting your passwords by not sharing them or writing them down can help
to prevent this. Passwords should be at least 8 characters in length and use a mixture of
upper and lower case letters, numbers, and symbols.
Even though in this case it was a hacked password, other things that could possibly lead to
this are:
● Out of date patches/updates
https://www.javatpoint.com/cyber-security-tnterview-questions
Cyber Crime is just like regular crime but happens on the Internet. Following are some
examples of Cyber Crime:
o Identity Theft
o Online Predators
o Hacking of sensitive information from the Internet
o BEC ("Business Email Compromise")
o Ransomware
o Stealing intellectual property
Cyber Crime is increasing day by day every year because of the following reasons:
o Cyber Crime is easy to accomplish. A person having good knowledge of computer
hacking can do Cybercrime.
o There is a lower risk of getting caught in Cybercrime.
o A cyber attackers can get huge money for their little work.
o Cyber attackers can target thousands of victims.
o With the introduction of cryptocurrencies, money laundering is getting easier.
4) What is the main goal of Cyber Security?
The main objective of cyber security is to protect data from cyber-attacks. It follows a principle
called CIA trio. It is a security sector that provides a triangle of three connected principles.
The CIA model is used to help organizations to develop policies for their information security
architecture. There are three main components Confidentiality, Integrity, and Availability of
this CIA model. One or more of these principles is broken when it finds a security breach. This
model provides a security paradigm to guide individuals through many aspects of IT security.
IDS IPS
IDS stands for Intrusion Detection Systems. IPS stands for Intrusion Prevention Systems.
IDS can only detect intrusions, but it is unable to prevent IPS can detect as well as prevent intrusions.
intrusions.
IDS requires a human or another system to look at the IPS only requires a regularly updated database with
results. threat data.
12) What is the difference between Encryption and Hashing? / How is Encryption
different from Hashing?
Encryption and Hashing are techniques used to convert readable data into an unreadable
data format, but they have some key differences.
Differences between Encryption and Hashing
Encryption Hashing
Encryption is used to make temporary data conversions. Hashing is used to make permanent data c
into message digest.
In Encryption, the encrypted data can be converted back to In Hashing, the hashed data cannot be
original data by the process of decryption. back to original data.
Encryption works in two ways, i.e. encode and decode the data. Hashing is a one-way encryption proc
example, it only encodes the data.
Encryption is used to secure sensitive data from the reach of third Hashing is used to protect the integrit
parties. information.
Encryption focuses on the confidentiality of the data. Hashing focuses on the integrity of the data
14) What are some common Hashing functions/algorithms?
Following is the list of some common and most used hashing functions/algorithms:
Message-Digest Algorithm (MD5)
Message-Digest Algorithm or MD5 is the latest and advanced form of MD4. It was introduced
after finding severe security issues in MD4. MD5 is used to generate 128-bit outputs for a
variable length of inputs.
MD5 is the advanced version and the successor to MD4. It covers a lot of security threats but
fails to provide full data security services. It is one of the most widely used algorithms, but the
main issue with using MD5 is its vulnerability and collisions.
Secure Hashing Algorithm (SHA)
Secure Hashing Algorithm, or SHA, was developed by the National Security Agency. Later it
was updated repeatedly to improve the security flaws in the old genre. Its latest and advanced
version is SHA-2 that many firms are using for cryptographic purposes.
Tiger Cipher Algorithm
Tiger cypher algorithm is a faster and more efficient algorithm compared to Message Digest
(MD5) and Secure Hashing Algorithm. It is mostly used in new generation computers and has
a 192-bit hashing system. Its latest and advanced version is the Tiger2 algorithm which is
more powerful than the Tiger algorithm.
RIPMEND Algorithm
Hans Dobbertin designed RIPMEND cryptographic hashing algorithm. It is created using the
EU project RIPE framework and has a 164-bit digest.
WHIRLPOOL Algorithm
Vincent Rijmenand Paul Barreto designed the WHIRLPOOL algorithm. It accepts any
messages of a length less than 2256 bits and returns a 512-bit message digest. Its first
version was whirlpool-0, the second version was named Whirlpool-T, and the latest and most
advanced version is Whirlpool.
Hashing is required when we have to compare a huge amount of data. We can create
different hash values for different data, and we can compare hashes too.
Following is a list of some most important usage of Hashing:
o Hashing facilitates us to keep and find records of hashed data.
o Hashing can be used in cryptographic applications such as a digital signature.
o With the use of hashing, we can create random strings to avoid data duplication.
o Geometric hashing is a type of hashing used in computer graphics to help find
proximity issues in planes.
Every organization has some assets that are made up of a variety of different systems. These
systems must have a strong Cyber Security aspect to make the organization work well.
According to the devices used in Cyber Security, it can be divided into the following types:
o Network security: Network security is one of the most important types of Cyber
security. In this process, we have to secure a computer network against unauthorized
access, intruders, attacks, disruption, and misuse using hardware and software. This
security also adds an extra layer in protecting an organization's assets from both
external and internal threats. An example of Network security is using a Firewall.
o Application security: Application security is used to safeguard software and devices
against malicious attacks. This can be achieved by regularly updating the apps to
ensure that they are secure against threats.
o Identity management & security: Identity management & security identifies each
individual's level of access inside an organization. For example, you can restrict and
allow access to data according to an individual's job role in the company.
o Data security: Data security is used to ensure that you put your data in a strong data
storage system to ensure data integrity and privacy while in storage and transport.
o Operational security: Operational security is used to analyze and make decisions
about handling and securing the data assets. For example: Storing data in an
encrypted form in the database is an example of Operational security.
o Mobile security: Mobile security is used to specify the protection of organizational
and personal data held on mobile devices such as cell phones, PCs, tablets, and
other similar devices against various hostile attacks. Examples of mobile security
threats are unauthorized access, device loss or theft, malware, and other threats that
can harm mobile devices.
o Cloud security: The main aim of cloud security is to safeguard the data held in a
digital environment or cloud infrastructures for an organization. It uses various cloud
service providers, including AWS, Azure, Google, and others, to assure protection
against a variety of threats.
27) What is Patch management in Cyber security? How often should we perform Patch
management?
In Cyber security, patch management is a process to keep the software on computers and
network devices up to date and make them capable of resisting low-level cyber attacks. It is
used in any software which is prone to technical vulnerabilities.
We should perform patch management as soon as it is released. For example, when a patch
is released for Windows, it should be applied to all machines as soon as possible. Same in
network devices, we should apply patch management as soon as it is released. We should
follow proper patch management for better security.
28) Which are the best Patch management tools or software? Why are they used?
Patch management tools or software are used to ensure that the components of a company's
software and IT infrastructure are up to date. The patch management tools work by tracking
updates of various software and middleware solutions, and then they alert users to make
necessary updates or execute updates automatically.
Following is a list of the top 10 best patch management software or tools:
o Atera
o NinjaRMM
o Acronis Cyber Protect Cloud
o Acronis Cyber Protect
o PDQ Deploy
o ManageEngine Patch Manager Plus
o Microsoft System Center
o Automox
o SmartDeploy
o SolarWinds Patch Manager
31) What is data leakage in the context of Cyber security?
In the context of Cyber security, data leakage is an unauthorized transfer of data to the
outside of the secure network. Data leakage can occur via email, optical media, laptops, and
USB keys etc.
Honeypots are the possible attack targets set up to see how different attackers attempt to
exploit a network. Private firms and governments use this concept to evaluate their
vulnerabilities, widely used in academic settings.
37) What is the difference between stored XSS and reflected XSS?
The attacks where the injected scripts are permanently The attacks where the user has to send the request
stored on the target servers are called stored XSS start running on the victim's browser, are called refle
attacks. attacks.
In stored XSS attacks, the victim retrieves the server's The reflected XSS attacks reflect results from the b
malicious script when requesting the stored information. the user who sent the request.
https://mindmajix.com/cyber-security-interview-questions
● Hashing is majorly used for authentication and is a one-way function where data is
planned to a fixed-length value.
● Salting is an extra step for hashing, where it adds additional value to passwords that
change the hash value created.
25. What are the common methods of authentication for network security?
35. What is the difference between a false positive and a false negative in IDS?
● A false negative occurs when IDS fails to identify malicious network traffic.
Compared to both, a false positive is more acceptable than a false negative as they lead to
intrusions without getting noticed.
36 what is the difference between the Red Team and the Blue team?
● The red team and blue team refer to cyberwarfare. Many organizations split the
security team into two groups as red team and blue team.
● The red team refers to an attacker who exploits weaknesses in an organization's
security.
● The blue team refers to a defender who identifies and patches vulnerabilities into
successful breaches.
1. Database hardening
2. Operating system hardening
3. Application hardening
4. Server hardening
5. Network hardening
A cybersecurity risk assessment refers to detecting the information assets that are prone to
cyber-attacks(including customer data, hardware, laptop, etc.) and also evaluates various
risks that could affect those assets.
43. What are the several indicators of compromise(IOC) that organizations should
monitor?
The key indicators of compromise that organizations should monitor are listed below:
● Geographical Irregularities
● Diffie-Helman: It’s a key exchange protocol where two parties exchange a shared
key that either one can use to encrypt/decrypt messages between them.
● RSA: It’s asymmetric key encryption where it has two different keys. The public key
can be given to anyone and decrypted with another, which is kept private.
49. What is the difference between information protection and information assurance?
● Information protection: It protects the data using encryption, security software, etc.,
from unauthorized access.
● Information Assurance: It keeps the data reliable by ensuring availability,
authentication, confidentiality, etc.
● Chain of custody refers to the probability of data provided as originally acquired and
has not been changed before admission into evidence.
● In legal terms, it’s a chronological documentation/paper trail that records a proper
sequence of custody, control, analysis, and disposition of electronic or physical
evidence.
Advanced Cyber Security Interview Questions and Answers
31. What are the protocols that fall under the TCP/IP Internet layer?
Application NFS, NIS, SNMP, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, DNS, LDAP, and
Layer others
Transport Layer TCP, SCTP, UDP, etc.
Internet IPv4, ARP, ICMP, IPv6, etc.
Data Link Layer IEEE 802.2, PPP, etc.
Physical Layer Ethernet (IEEE 802.3), FDDI, Token Ring, RS-232, and others
When two users have the same password, it will result in the creation of the same password
hashes. In such a case, an attacker can easily crack the password by performing a dictionary
or brute-force attack. To avoid this, a salted hash is implemented.
A salted hash is used to randomize hashes by prepending or appending a random string (salt)
to the password before hashing. This results in the creation of two completely different
hashes, which can be employed to protect the users’ passwords in the database against the
attacker.
Scenario-based Questions
41. You have a suture from where you receive the following email from the help desk:
Dear YYY,
We are deleting all inactive emails to create space for other new users. If you want to
save your account data, please provide the following details:
Please submit the above detail by the end of the week to avoid any account
termination.
Considering the above scenario, how would you react as a user? Explain briefly.
The above email is an excellent illustration of phishing. Here are the reasons why:
1. A reputed organization will never ask for an employee’s personal information in the mail.
2. In a normal mail, the salutation is not done in a generalized manner. This happens only
in spam emails where the attacker tricks you into ‘biting.’
As a rule of thumb, you should never revert to a sender who demands personal information
and passwords via emails, phone calls, text messages, and instant messages (IMs). You
must not disclose your data to any external party even if the sender works for organizations
such as ITS or UCSC.
Want to learn more about Cyber Security? Enroll in our Cyber Security Course now
and practice essential cyber security interview questions!
42. You get an e-card in your mail from a friend. It asks you to download an attachment
to view the card. What will you do? Justify your answer.
1. Do not download the attachment as it may have malicious viruses, malware, or bugs,
which might corrupt your system.
2. Do not visit any links as it might redirect you to an unintended page.
3. As fake email addresses are common and easy to create, you should not perform any
action like clicking/downloading any links, unless you confirm it with the actual person.
4. Many websites masquerade as a legitimate site to steal sensitive information, so you
should be careful not to fall into the wrong hands.
43. A staff member in a company subscribes to various free magazines. To activate the
subscription, the first magazine asks her for her birth month, the second magazine
asks for her birth year, and the third magazine asks for her maiden name. What do you
deduce from the above situation? Justify your answer.
It is highly likely that the above-mentioned three newsletters are from a parent company,
which are distributed through different channels. It can be used to gather essential pieces of
information that might look safe in the user’s eyes. However, this can be misused to sell
personal information to carry out identity theft. It might further ask the user for the date of birth
for the activation of the fourth newsletter.
In many scenarios, questions that involve personal details are unnecessary, and you should
not provide them to any random person, company, or website unless it is for a legitimate
purpose.
44. To print billing, you have to provide your login credentials in your computing labs.
Recently, people started to get a bill for the print, which was never done by them.
When they called to complain, the bill turned out to be correct. How do you explain the
above situation?
To avoid this situation, you should always sign out of all accounts, close the browser, and quit
the programs when you use a shared or public computer. There are chances that an
illegitimate user can retrieve your authorized data and perform actions on behalf of you
without your knowledge when you keep the accounts in a logged-in state.
45. In our campus computer lab, one of my friends logged into her Yahoo account.
When she left the lab, she made sure that the account was not left open. Later, she
came to realize that someone re-accessed her account from the browser, which she
has used to send emails, by impersonating her. How do you think this happened?
There are two possible scenarios:
1. The attacker can visit the browser’s history to access her account if she hasn’t logged
out.
2. Even if she has logged out but has not cleared the web cache (pages a browser saves
to gain easy and quick access for the future)
46. An employee’s bank account faces an error during a direct deposit. Two different
offices need to work on it to straighten this out. Office #1 contacts Office #2 by email to
send the valid account information for the deposit. The employee now gives the bank
confirmations that the error no longer exists. What is wrong here?
Any sensitive information cannot be shared via email as it can lead to identity theft. This is
because emails are mostly not private and secure. Sharing or sending personal information
along the network is not recommended as the route can be easily tracked.
In such scenarios, the involved parties should call each other and work with ITS as a secure
way of sending the information.
47. You see an unusual activity of the mouse pointer, which starts to move around on
its own and clicks on various things on the desktop. What should you do in this
situation?
The answer is (D) and (E). This kind of activity is surely suspicious as an unknown authority
seems to have the access to control the computer remotely. In such cases, you should
immediately report it to the respective supervisor. You can keep the computer disconnected
from the network till help arrives.
48. Check out the list of passwords below, which are pulled out from a database:
A. Password1
B. @#$)*&^%
C. UcSc4Evr!
D. akHGksmLN
Choose the passwords that are in line with the UCSC’s password requirements.
The answer is C (UcSc4Evr!). As per the UCSC requirements, a password should be:
It appears to be an unsolicited email. You should report it as spam and move the email to the
trash immediately in the respective web client you use (Yahoo Mail, Gmail, etc.). Before
providing any bank-related credentials online, you should call the bank to check if the
message is legitimate and is from the bank.
50. In your IT company, employees are registering numerous complaints that the
campus computers are delivering Viagra spam. To verify it, you check the reports, and
it turns out to be correct. The computer program is automatically sending tons of spam
emails without the owner’s knowledge. This happened because a hacker had installed
a malicious program into the system. What are the reasons you think might have
caused this incident?
This type of attack happens when the password is hacked. To avoid this, whenever you set a
password, always use a proper standard, i.e., use passwords that are at least 8-character
length and have a combination of upper case/lower case letters, symbols/special characters,
and numbers.
https://www.interviewbit.com/cyber-security-interview-questions/
The primary goal of cyber security is to protect data. To safeguard data from cyber-attacks,
the security sector offers a triangle of three connected principles. The CIA trio is the name for
this principle. The CIA model is intended to help organizations develop policies for their
information security architecture. One or more of these principles has been broken when a
security breach is discovered. Confidentiality, Integrity, and Availability are the three
components of the CIA model. It's a security paradigm that guides individuals through many
aspects of IT security. Let's take a closer look at each section.
A null session occurs when a user is not authorized using either a username or a password. It
can provide a security concern for apps because it implies that the person making the request
is unknown.
The term "data-based protection" refers to the use of security measures on the data itself. It
is unaffected by network connectivity. As a result, you can keep track of and safeguard your
data regardless of where it is stored, who accesses it, or which connection is used to access
it.
Sniffing is a technique for evaluating data packets delivered across a network. This can be
accomplished through the use of specialized software or hardware. Sniffing can be used for a
variety of purposes, including:
29. Differentiate between Black Box Testing and White Box Testing.
DNS hijacking is a sort of cyberattack in which cyber thieves utilize weaknesses in the
Domain Name System to redirect users to malicious websites and steal data from targeted
machines. Because the DNS system is such an important part of the internet infrastructure, it
poses a serious cybersecurity risk.
The major distinction between a block cypher and a stream cypher is that a block cypher
turns plain text into ciphertext one block at a time. Stream cypher, on the other hand, converts
plain text into ciphertext by taking one byte of plain text at a time.
Spear phishing is a type of phishing assault that targets a small number of high-value targets,
usually just one. Phishing usually entails sending a bulk email or message to a big group of
people. It implies that spear-phishing will be much more personalized and perhaps more well-
researched (for the individual), whereas phishing will be more like a real fishing trip where
whoever eats the hook is caught.
A virus is a piece of harmful executable code that is attached to another executable file and
can modify or erase data. When a virus-infected computer application executes, it takes
action such as removing a file from the computer system. Viruses can't be managed from
afar.
Worms are comparable to viruses in that they do not alter the program. It continues to multiply
itself, causing the computer system to slow down. Worms can be manipulated with remote
control. Worms' primary goal is to consume system resources.
A tracking cookie, instead of a session cookie, would be used in a spyware attack because it
would last through multiple sessions rather than just one.
We must decide what to encrypt and where the encryption mechanism should be situated if
encryption is to be used to counter attacks on confidentiality. Link and end-to-end encryption
are the two main ways of encryption placement.
End-to-end encryption, or E2EE, is a secure data transfer system in which data is encrypted
and decrypted only at the endpoints, regardless of how many points it passes through in the
middle of its virtual journey. This sort of encryption is an excellent technique to communicate
in a secure and confidential manner. Because no one else has the key to decode it, no one in
the middle will be able to read it.
The primary difference between link encryption and end-to-end encryption is that link
encryption encrypts and decrypts all traffic at all points, not just at the endpoints. All data is
encrypted as it travels along the communication line with this approach. When it reaches a
router or another intermediary device, however, it is decrypted so that the intermediator can
determine which direction to send it next.
Polymorphic viruses are sophisticated file infectors that may build changed versions of
themselves in order to avoid detection while maintaining the same fundamental behaviors
after each infection. Polymorphic viruses encrypt their programming and employ various
encryption keys each time to alter their physical file makeup throughout each infection.
Mutation engines are used by polymorphic viruses to change their decryption routines every
time they infect a machine. Because typical security solutions do not use a static, unchanging
code, traditional security solutions may miss them. They are considerably more difficult to
detect because they use complicated mutation engines that generate billions of decryption
routines.
42. What do you mean by Forward Secrecy and how does it work?
Forward secrecy is a property of certain key agreement protocols that ensures that the
session keys will not be exposed if the server's private key is exposed. Perfect forward
secrecy is another name for it (PFS).
The "Diffie–Hellman key exchange" algorithm is used to accomplish this.
https://www.guru99.com/cyber-security-interview-questions.html
1) What is cybersecurity?
Cybersecurity refers to the protection of hardware, software, and data from attackers. The
primary purpose of cyber security is to protect against cyberattacks like accessing, changing,
or destroying sensitive information.
● Information security
● Network security
● Operational security
● Application security
● End-user education
4) Define Cryptography.
It is a technique used to protect information from third parties called adversaries.
Cryptography allows the sender and recipient of a message to read its details.
Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful while
preventing the intrusion. In the Intrusion Prevention System (IPS), the system finds the
intrusion and prevent it.
6) What is CIA?
● Availability: Ensure the data and resources are available for users who need them.
7) What is a Firewall?
It is a security system designed for the network. A firewall is set on the boundaries of any
system or network which monitors and controls network traffic. Firewalls are mostly used to
protect the system or network from malware, worms, and viruses. Firewalls can also prevent
content filtering and remote access.
8) Explain Traceroute
It is a tool that shows the packet path. It lists all the points that the packet passes through.
Traceroute is used mostly when the packet does not reach the destination. Traceroute is used
to check where the connection breaks or stops or to identify the failure.
Data leakage is an unauthorized transfer of data to the outside world. Data leakage occurs via
email, optical media, laptops, and USB keys.
It is a trial-and-error method to find out the right password or PIN. Hackers repetitively try all
the combinations of credentials. In many cases, brute force attacks are automated where the
software automatically works to login with credentials. There are ways to prevent Brute Force
attacks. They are:
1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
VPN stands for Virtual Private Network. It is a network connection method for creating an
encrypted and safe connection. This method protects data from interference, snooping,
censorship.
Black hat hackers are people who have a good knowledge of breaching network security.
These hackers can generate malware for personal financial gain or other malicious reasons.
They break into a secure network to modify, steal, or destroy data so that the network can not
be used by authorized network users.
White hat hackers or security specialist are specialized in penetration testing. They protect
the information system of an organization.
Grey hat hackers are computer hacker who sometimes violate ethical standards, but they do
not have malicious intent.
There are various ways to reset BIOS password. Some of them are as follows:
● By utilizing MS-DOS.
It is a protocol used for finding MAC address associated with IPv4 address. This protocol
work as an interface between the OSI network and OSI link layer.
It’s a number of internet-connected devices like servers, mobile devices, IoT devices, and
PCs that are infected and controlled by malware.
The main difference between these two is that SSL verifies the identity of the sender. SSL
helps you to track the person you are communicating to. TLS offers a secure channel
between two clients.
TFA stands for Two Factor Authentication. It is a security process to identify the person who
is accessing an online account. The user is granted access only after presenting evidence to
the authentication device.
Symmetric encryption requires the same key for encryption and decryption. On the other
hand, asymmetric encryption needs different keys for encryption and decryption.
WAF stands for Web Application Firewall. WAF is used to protect the application by filtering
and monitoring incoming and outgoing traffic between web application and the internet.
A Hacker is a person who finds and exploits the weakness in computer systems,
smartphones, tablets, or networks to gain access. Hackers are well experienced computer
programmers with knowledge of computer security.
Yong domains are easily infected with malicious software. You need to use DNS monitoring
tools to identify malware.
Salting is that process to extend the length of passwords by using special characters. To use
salting, it is very important to know the entire mechanism of salting. The use of salting is to
safeguard passwords. It also prevents attackers testing known words across the system.
SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system
administrators secure way to access the data on a network.
SSL verifies the sender’s identity, but it does not provide security once the data is transferred
to the server. It is good to use server-side encryption and hashing to protect the server
against a data breach.
● Black box testing: It is a software testing method in which the internal structure or
program code is hidden.
● White box testing: A software testing method in which internal structure or program is
known by tester.
Vulnerabilities refer to the weak point in software code which can be exploited by a threat
actor. They are most commonly found in an application like SaaS (Software as a service)
software.
It is a process used in a network to make a connection between a local host and server. This
method requires the client and server to negotiate synchronization and acknowledgment
packets before starting communication.
39) Define the term residual risk. What are three ways to deal with risk?
It is a threat that balances risk exposure after finding and eliminating threats.
1. Reduce it
2. Avoid it
3. Accept it.
Data exfiltration refers to the unauthorized transfer of data from a computer system. This
transmission may be manual and carried out by anyone having physical access to a
computer.
It is the process of checking exploitable vulnerabilities on the target. In web security, it is used
to augment the web application firewall.
Following are the common cyber-attacks which can be used by hackers to damage network:
● Malware
● Phishing
● Password attacks
● DDoS
● Drive-by downloads
● Malvertising
● Rogue software
In order to authenticate users, they have to provide their identity. The ID and Key can be used
to confirm the user’s identity. This is an ideal way how the system should authorize the user.
Cross-site scripting refers to a network security vulnerability in which malicious scripts are
injected into websites. This attack occurs when attackers allow an untrusted source to inject
code into a web application.
46) Name the protocol that broadcast the information across all the devices.
Internet Group Management Protocol or IGMP is a communication protocol that is used in
game or video streaming. It facilitates routers and other communication devices to send
packets.
Use cipher algorithm to protect email, credit card information, and corporate data.
Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sniffing, war-
driving, brute force attack, etc.
Public Wi-Fi may identify data that is passed through a network device like emails, browsing
history, passwords, and credit card data.
Data encryption is a technique in which the sender converts the message into a code. It
allows only authorized user to gain access.
Diffie-Hellman is a protocol used while exchanging key between two parties while RSA is an
algorithm that works on the basis two keys called private and public key.
Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect
two devices over a network.
The user uses RDP client software to serve this purpose while other device must run RDP
server software. This protocol is specifically designed for remote management and to access
virtual PCs, applications, and terminal server.
Forward Secrecy is a security measure that ensures the integrity of unique session key in
event that long term key is compromised.
IV stands for the initial vector is an arbitrary number that is used to ensures that identical text
encrypted to different ciphertexts. Encryption program uses this number only once per
session.
54) Explain the difference between stream cipher and block cipher.
● RCx
● Blowfish
● Rijndael (AES)
● DES
The full form of ECB is Electronic Codebook, and the full form of CBC is Cipher Block
Chaining.
Buffer overflow attack is an attack that takes advantage of a process that attempts to write
more data to a fixed-length memory block.
Spyware is a malware that aims to steal data about the organization or person. This malware
can damage the organization’s computer system.
SRM stands for Security Reference Monitor provides routines for computer drivers to grant
access rights to object.
A virus is a malicious software that is executed without the user’s consent. Viruses can
consume computer resources, such as CPU time and memory. Sometimes, the virus makes
changes in other computer programs and insert its own code to harm the computer system.
Microsoft Baseline Security Analyzer or MBSA is a graphical and command-line interface that
provides a method to find missing security updates and misconfigurations.
Ethical hacking is a method to improve the security of a network. In this method, hackers fix
vulnerabilities and weakness of computer or network. Ethical hackers use software tools to
secure the system.
Social engineering is the term used to convince people to reveal confidential information.
There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-
based, and 3) Computer-based.
● Human-based attack: They may pretend like a genuine user who requests higher
authority to reveal private and confidential information of the organization.
● Computer-based attack: In this attack, attackers send fake emails to harm the
computer. They ask people to forward such email.
● Mobile-based attack: Attacker may send SMS to others and collect important
information. If any user downloads a malicious app, then it can be misused to access
authentication information.
IP Address is the acronym for Internet Protocol address. An internet protocol address is used
to uniquely identify a computer or device such as printers, storage disks on a computer
network.
MAC Address is the acronym for Media Access Control address. MAC addresses are used to
uniquely identify network interfaces for communication at the physical layer of the network.
● Tcpdump
● Kismet
● Wireshark
● NetworkMiner
● Dsniff
Antivirus is software tool that is used to identify, prevent, or remove the viruses present in the
computer. They perform system checks and increase the security of the computer regularly.
● Protocol Sniffing
● Application-level sniffing
● LAN Sniffing
● ARP Sniffing
It is an attack in which multiple computers attack website, server, or any network resource.
TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most
common method of session hijacking. In this method, attackers use IP packets to insert a
command between two nodes of the network.
● IP Spoofing
● Blind Attack
Hacking Tools are computer programs and scripts that help you find and exploit weaknesses
in computer systems, web applications, servers, and networks. There are varieties of such
tools available on the market. Some of them are open source, while others are a commercial
solution.
Honeypot is a decoy computer system which records all the transactions, interactions, and
actions with users.
Honeypot is classified into two categories: 1) Production honeypot and 2) Research honeypot.
● RSA
● Twofish
● AES
● Triple DES
It is not right to send login credentials through email because if you send someone userid and
password in the mail, chances of email attacks are high.
This rule is based on the percentage of network traffic, in which 80% of all network traffic
should remain local while the rest of the traffic should be routed towards a permanent VPN.
83) Define WEP cracking.
It is a method used for a security breach in wireless networks. There are two types of WEP
cracking: 1) Active cracking and 2) Passive cracking.
● Aircrack
● WebDecrypt
● Kismet
● WEPCrack
Security auditing is an internal inspection of applications and operating systems for security
flaws. An audit can also be done via line by line inspection of code.
It is a technique used to obtain a username, password, and credit card details from other
users.
Nano encryption is a research area which provides robust security to computers and prevents
them from hacking.
Security Testing is defined as a type of Software Testing that ensures software systems and
applications are free from any vulnerabilities, threats, risks that may cause a big loss.
Security scanning involves identifying network and system weaknesses and later provides
solutions for reducing these risks. This scanning can be performed for both Manual as well as
Automated scanning.
● Acunetix
● WebInspect
● Probably
● Netsparker
● Angry IP scanner:
● Burp Suite
● Savvius
● Financial sectors like stock trading exchanges, investment banking, want their data to
be secured, and penetration testing is essential to ensure security.
● In case if the software system is already hacked and the organization would like to
determine whether any threats are still present in the system to avoid future hacks.
Security threat is defined as a risk which can steal confidential data and harm computer
systems as well as organization.
A physical threat is a potential cause of an incident that may result in loss or physical damage
to the computer systems.
Trojan is a malware employed by hackers and cyber-thieves to gain access to any computer.
Here attackers use social engineering techniques to execute the trojan on the system.
98) List security vulnerabilities as per Open Web Application Security Project
(OWASP).
Security vulnerabilities as per open web application security project are as follows:
● SQL Injection
An access token is a credential which is used by the system to check whether the API should
be granted to a particular object or not.
ARP poisoning is sending fake addresses to the switch so that it can associate the fake
addresses with the IP address of a genuine computer on a network and hijack the traffic.
● Trojans
● Adware
● Worms
● Spyware
● Virus
● Key loggers
● Unauthorized access to computer systems resources
● Phishing
Hybrid attack is a blend of dictionary method and brute force attack. This attack is used to
crack passwords by making a change of a dictionary word with symbols and numbers.
Nmap is a tool which is used for finding networks and in security auditing.
EtterPeak is a network analysis tool that is used for sniffing packets of network traffic.
There are two types of cyberattacks: 1) Web-based attacks, 2) System based attacks.
Some web-based attacks are: 1) SQL Injection attacks, 2) Phishing, 3) Brute Force, 4) DNS
Spoofing, 4) Denial of Service, and 5) Dictionary attacks.
● Virus
● Backdoors
● Bots
● Worm
There are four types of cyber attackers. They are: 1) cybercriminals, 2) hacktivists, 3) insider
threats, 4) state-sponsored attackers.
They are threats that are accidently done by organization employees. In these threats, an
employee unintentionally deletes any file or share confidential data with outsiders or a
business partner going beyond the policy of the company.