Cyber security is an ever-growing employment segment that requires skilled professionals who

can handle the task of securing the information and data efficiently. If you are planning to
appear for a cybersecurity interview, then this article will provide you with some of the top
cyber security interview questions and answers to help you to succeed in your upcoming
interview.

Top Cyber Security Interview Questions and Answers

Q1. What are the different types of cybersecurity?

Ans. Different types of cyber security are –
 Application security
 Cloud security
 Data security
 Mobile security
 Network security
 Database and infrastructure security
 Disaster recovery/business continuity planning
 Endpoint security
 End-user education
 Identity management

Q2. Can you tell us the difference between a threat, vulnerability, and risk?
Ans. These are mixed up terms that need to be clearly defined –
 Threat – Threats are cybersecurity events that have the potential to pose danger to
information or systems.
 Vulnerability – This refers to weaknesses in any system. Any system can be exploited through
a vulnerability
 Risk – Often confused with a treat, the risk is mainly a combination of threats and losses,
usually monetary ones

Q3. What is data leakage?

Ans. It refers to an unauthorized data transmission, either electronically or physically from an
organization to any external destination or recipient. The most common forms of data leakage
are through web, email, and mobile data storage devices.
Q4. Which factors contribute to data leakage?
Ans. The most commonly experienced factors are –
 Outdated data security
 Human Error
 Technology error
 Malware
 Misuse
 Physical theft of data
 System misconfiguration
 Inadequate security control for shared drives
 Corrupt hard-drive
 Unprotected data back up

EXPLORE OUR CYBER SECURITY COURSES NOW!

Q5. How to prevent data leakage?
Ans. Since it’s a serious issue, it needs a proper strategy to tackle. Data Loss Prevention (DLP) is
a practice adopted by the organizations to safeguard their data. Under this practice, users are
not allowed to send confidential or sensitive information outside of the enterprise network. This
requires businesses to distinguish the rules that classify confidential and sensitive information
such that it doesn’t get disclosed maliciously or even accidentally by any user.

Q6. What is Security Misconfiguration?

Ans. Categorized as system vulnerability, security misconfiguration is a situation when a
device/application/network is misconfigured and is prone to exploited by an attacker. A few
simple examples of this include leaving systems unattended in public places, sharing passwords
of devices and accounts, etc.
Q7. What is CIA Triangle?
Ans. CIA triangle is a model for guiding information security policies in any organization. It
stands for –
 Confidentiality – Maintaining the secrecy of the information
 Integrity – Keeping the information unchanged
 Availability – Ensuring an all-time availability of the information to the authorized

Q8. What are the ways that a malicious user would crack any password?
Ans. The most common password cracking techniques are –
 Dictionary attacks
 Brute forcing attacks
 Hybrid attacks
 Syllable attacks
 Rule based attacks
 Rainbow table attacks
 Phishing
 Social engineering
 Shoulder surfing
 Spidering
 Guessing

Q9. Name some of the common password cracking tools.

Ans. It is a part of ethical hacking, and some of the commonly used password cracking tools are
–
 Aircrack-NG
 Brutus
 Cain and Abel
 DaveGrohl
 ElcomSoft
 Hashcat
 Hydra
 John the Ripper
 RainbowCrack
 Wfuzz

Q10. What is Cryptography?

Ans. Cryptography is a combination of two words, which are “crypt” meaning “hidden” and
“graphy” meaning “writing.” This is a practice of securing information and communication using
codes, and can only be accessible to those who are authorized to read and process it.
Q11. What is an XSS attack?
Ans. Cross-site Scripting (XSS) is another type of vulnerability that can be technically described
as a client-side code injection attack. In this particular attack, an attacker injects malicious data
into vulnerable websites. An attack happens when a user visits the web page, as malicious code
is then executed. This attack is very harmful to web application users.
Q12. What are the different types of XSS attacks?
Ans. There are three types of XSS attacks –
(i) Non-Persistent XSS attack – Here the data injected by the attacker is reflected in the
response and has a link with the XSS vector
(ii) Persistent XSS attack – The most harmful type of attack, where the script executes
automatically the moment a user opens the page
(iii) Document Object Model (DOM)-based XSS attack – An advanced type of XSS attack which
happens when a web application writes data to the DOM without any sanitization
Q13. Can you explain the ways to prevent an XSS attack?
Ans. Yes, we can prevent XSS attacks through three ways –
(i) Escaping – It is the process of stripping out unwanted data to secure the output.
(ii) Validating Input – This step ensures that the application is interpreting correct data while
preventing any malicious data from entering.
(iii) Sanitizing – This process involves cleaning or filtering your input data. It also changes
unacceptable user input to an acceptable format.
Q14. Explain the difference between Symmetric and Asymmetric encryption.
Ans. Symmetric encryption – A conventional Encryption method, executed by one secret
‘Symmetric Key’ possessed by both parties. This key is used to encode and decode the
information. Symmetric encryption is carried out using algorithms like AES, DES, 3DES, RC4,
QUAD, Blowfish, etc.
Asymmetric encryption – It is a complex mode of Encryption, executed using two cryptographic
keys, namely a Public Key and a Private Key to implement data security. Asymmetric encryption
is carried out using algorithms like Diffie-Hellman and RSA.

Q15. How would you handle antivirus alerts?

Ans. To answer this specific cybersecurity interview question, you would need to use your
expertise and experience. A possible reply could be –
On receiving an antivirus alert, one must refer to antivirus policy and then analyze it. If the alert
is sourced from a legitimate file, it should be directly whitelisted, but if it comes from a
malicious source, it should be deleted. It is mandatory to keep updating the firewall to receive
regular antivirus alerts.
Q16. What is SSL Encryption?
Ans. It is the acronym for Secure Sockets Layer. It is an industry-standard security technology
that creates encrypted connections between a web server and a browser. SSL is used to ensure
data privacy.

Q17. What is a Firewall?

Ans. A firewall is a network security system. It manages the network traffic using a defined set
of security rules, and prevents remote access and content filtering. Firewalls are used to protect
the systems or networks from viruses, worms, malware, etc.

Q18. What are cyber attacks?

Ans. Cyber attacks are potential security issues that are created and exploited by malicious users
to access or destroy sensitive information, to extort money from users, or to hamper the
functioning of the normal business processes.

Q19. What are ITSCM and BCP?

Ans. ITSCM – IT Service Continuity Management is a practice that allows information security
professionals to develop IT infrastructure recovery plans
BCP – Business Continuity Planning is the process by which a company creates a prevention and
recovery system from potential threats.

Q20. Why is information security policy necessary for the organizations?

Ans. Information security policy is necessary for the organizations because it clearly outlines the
responsibilities of employees about the safety and security of information, intellectual property,
and data from potential risks.

Q21. What are the most popular work-around recovery options?

Ans. The most popular work-around recovery options are –
 Fast recovery
 Gradual recovery
 Immediate recovery
 Intermediate recovery
 Manual workaround
 Reciprocal arrangements

Q22. What is ISO/IEC 27002?

Ans. ISO/IEC 27002:2013 is an information security standard. It is devised by the International
Organization for Standardization (ISO) and by the International Electrotechnical Commission
(IEC). This code of practice provides guidelines for organizational information security standards
and information security management practices.

Q23. What are the various response codes that can be received from a web application?
Ans. Response codes received from a web application include –
 1xx – Informational responses
 2xx – Success
 3xx – Redirection
 4xx – Client-side error
 5xx – Server-side error

Q24. What is the difference between IDS and IPS?

Ans. IDS or Intrusion Detection System detects only intrusions and the administrator has to take
care of preventing the intrusion. Whereas, in IPS, i.e., Intrusion Prevention System, the system
detects the intrusion and also takes actions to prevent the intrusion.

Q25. Give some examples of web-based service desk tools.

Ans. Some example of web-based service desk tools include –
 BMC
 CA service desk
 Oracle Service Cloud
 ServiceNow
 SolarWinds Web Help Desk
 Spiceworks Help Desk/Cloud Help Desk
 Tivoli

Q26. What is an asynchronous transmission?

Ans. Asynchronous transmission is a serial mode of transmission. It is the process of data
transmission, where every character is a self-contained unit. Each character in asynchronous
transmission has its start and stop bits, along with an uneven interval between them.

Q27. What is the synchronous transmission?

Ans. Synchronous transmission refers to continuous data streaming in the form of signals,
accompanied by regular timing signals. These signals are generated by the external clocking
mechanisms and ensure that senders and receivers are in synchrony.

Q28. What are the different types of transmission media?

Ans. Transmission media has two broad types –
 Guided media (wired)
 Unguided media (wireless)

Q29. What are proxy servers and how do they protect computer networks?
Ans. Proxy servers prevent external users from identifying the IP addresses of an internal
network. They make a network virtually invisible to external users, who cannot identify the
physical location of a network without knowledge of the correct IP address.

Q30. What are the types of errors?

Ans. There are two categories of errors –
 Single-bit error – One-bit error per data unit
 Burst error – Two or more bits errors per data unit

Q31. How would you differentiate between Firewall and Antivirus?

Ans. Firewall – A firewall prevents any unauthorized access in the private networks as intranets.
However, it does not protect against viruses, spyware, or adware.
Antivirus – An antivirus is a software that protects a computer from any malicious software,
virus, spyware, or adware.

Q32. How will you recover data from a Virus-infected system?

Ans. We will install an OS and updated antivirus in a system that is free of any viruses, and then
connect the hard drive of the infected system as a secondary drive. The hard drive will then be
scanned and cleaned. Data can now be copied into the system.

Q33. What is a traceroute?

Ans. A traceroute or popularly known as tracert are diagnostic commands of a computer
network and help the users spot any breakdown of communications. It shows the router’s path
and helps the users determine the reasons in case of disconnection.

Q34. What are rainbow tables?

Ans. Rainbow tables are the precomputed table to reverse cryptographic hash functions. These
rainbow tables contain a significant number of inputs of hash functions and corresponding
outputs.

Q35. What is ethical hacking?

Ans. Ethical Hacking is a method to evaluate the security of systems and identifying
vulnerabilities in them. It helps to determine if any unauthorized access or other malicious
activity is happening in a system, which may result in data or financial loss, or other potential
damages.

Q36. Explain Chain of Custody.

Ans. Chain of custody refers to the process of gathering evidence, digitally and physically. It
involves practices to ensure that the evidence has been legitimately gathered and not changed
before admission into evidence. Following best practices when collecting digital evidence is
important to protect the data from getting compromised as it is easy to erase or manipulate the
information. It involves the following steps:
 Collection
 Examination
 Analysis
 Reporting

Q37. How can you safeguard sensitive/confidential data?

Ans. Data can be safeguarded by:
 Encryption
 Encoding
 Data Loss Prevention Software
 Email Encryption
 Two-Factor Authentication
 Virtual Private Networks
 Anti-malware protection
 Cryptographic hashing
 Data fingerprinting
 Monitor usage of physical devices
 Periodic Reviews of IT Infrastructure
 Regularly update cyber-security policies
 Overwrite deleted files
 Make old computer’s hard drive unreadable
 Keep software up-to-date
 Practice good password management

Q38. Which methods are used in preventing a brute force login attack?
Ans. The following methods are used in preventing a brute force login attack:
 Strong password policy and frequent password changes.
 Account lockout policy – account is locked after a set number of failed login attempts. It is
locked until the administrator unlocks it.
 Use of Captcha – the user is asked to manually input some text or solve a simple problem.
 Progressive delays – account is locked for a certain period after three failed login attempts.
 Limit logins to a specified IP address or range – if you allow access only from a designated IP
address or range, it will be difficult for brute force attackers to gain access.
 Two-factor authentication (2FA) – it reduces the risk of a potential data breach.
 Monitor your server logs – ensure that you analyze your log files diligently.

Q39. Explain salted hashes.

Ans. Usually, a password is protected by creating a hash value of that password in the system. In
salted hashing, random data is added to the hash value. This helps in keeping the passwords
safe and defending against attacks.

Q40. What are DDoS attacks?

Ans. DDoS stands for Distributed-Denial-of-Service. A DDoS attack is a cyber-attack in which the
server is made unavailable by continuously flooding it with frequent data requests. Such attacks
attempt to disrupt normal traffic of a targeted server, service, or network, preventing legitimate
users from accessing the targeted website. DDoS attacks are often the result of multiple
compromised systems, like a botnet, flooding the targeted system with traffic.

Q41. Explain social engineering attacks.

Ans. Social engineering refers to a variety of malicious activities used to manipulate and trick
users into making security mistakes and giving away sensitive information. In social engineering,
a hacker manipulates a target using normal communication medium like calls, texts, and emails
and fetches the sensitive information without any technical expertise. Some of the examples of
social engineering are phishing, whaling attack, spear phishing, water holing, baiting, quid pro
quo, vishing, pretexting, and tailgating.

Q42. What is an OSI model? What are its different types?

Ans. OSI stands for Open System Interconnection. It is a reference model that shows how
information moves through a physical medium from a software application in one computer to
the software application in another computer. In the OSI reference model, the communication
between a computing system is split into seven different layers:
1. Application layer
2. Presentation layer
3. Network layer
4. Transport layer
5. Session layer
6. Data Link layer
7. Physical layer
Q43. What is Port Scanning? What are the different Port Scanning techniques?
Ans. Port Scanning is the method of probing a server or a host for open ports that may be
receiving or sending data. It sends packets to a specific port on a host and then examines
responses to determine vulnerabilities. The different Port Scanning techniques are:
 Ping Scan
 TCP half-open
 UDP
 TCP Connect
 Stealth Scanning

Q44. What is a Botnet?

Ans. A botnet refers to a group of Internet-connected devices infected by malware, like laptops,
desktops, IoT that run one or more bots for various purposes like stealing sensitive information,
crashing the targeted system, or spamming the targeted system. Some of the popular botnets
are Conficker, Zeus, Waledac, and Kelihos.

Q45. What are the different types of authentication?

Ans. Authentication is a method to verify the credentials of users that request access to a
system, network, or device. The different types of authentication are:
 Single-factor authentication – it is the simplest and most common way of authentication. This
method requires only one verification method, such as a password or a security pin, to grant
access to a system.
 Two-factor authentication (2FA) – it requires a second factor to verify a user’s identity. In this
method, you will have to enter the username, password, and OTP or PIN for verification.
 Multi-factor authentication (MFA) – it two or more independent ways to identify a user, such
as codes generated from the user’s smartphone, Captcha tests, fingerprints, or facial
recognition.
 Bio-metric authentication (BFA) – it requires the username, password, and biometric
verification, such as voice identification, fingerprint, eye, or face scan.

Q46. What do you know about Cyber Espionage?

Ans. Cyber espionage is the process of gaining unauthorized network or system access to obtain
sensitive business documents. It uses malicious practices to access confidential/sensitive
information of the company or government agency without the permission and knowledge of
the holder. The objective of Cyber Espionage is to damage or misuse the compromised data.
Q47. How to safeguard the IoT devices from cyberattacks?
Ans. The following security capabilities can safeguard IoT devices against cyberattacks by
making them more secure:
 Secure boot: use of cryptographic code signing techniques.
 Secure communication: it involves the use of security protocols like TLS, DTLS, and IPSec.
 Secure firmware update: it ensures that the device firmware is updated only with firmware
from the device OEM or other trusted party.
 Data protection: encryption of all sensitive data stored on the IoT device.
 Authentication: it verifies the credentials of users that request access to the device.

Q48. What are Meltdown and Spectre bugs?

Ans. Meltdown and Spectre are processor bugs that exploit critical vulnerabilities in modern
processors. They enable hackers to steal the currently processed data and store it in the cache
on the computer. Meltdown and Spectre, thus access the data stored in the memory of other
running programs. It may include the passwords stored in the browser, emails, instant
messages, and confidential business documents.
Q49. How can you reset a password-protected BIOS configuration?
Ans. Some of the ways to reset a password-protected BIOS configuration are:
 Using MS-DOS
 Removing CMOS battery
 Utilizing the software
 Using a motherboard jumper

Q50. Explain Black hat, White hat, and Grey hat hackers.
Ans. Black hat: Black hat hackers are those people who have a good knowledge of breaching
network security. They may work individually or may be backed by an organization to breach
into the corporate or public networks to access, encrypt, or destroy data illegally.
White hat: These are the security professionals specialized in penetration testing to identify the
vulnerabilities in an organization. They hack into organizations legally and protect the
information system of an organization.
Grey hat hackers: They are the hackers who violate ethical standards without any malicious
intent. They sometimes turn into black hat hackers based on their demand.