1.

IDS, IPS, WAF, VPC

Q1: What is the difference between IDS and IPS?

A:

●​ IDS (Intrusion Detection System): Detects malicious activity and alerts administrators
but does not take any action.
●​ IPS (Intrusion Prevention System): Detects and actively blocks malicious traffic.

Q2: How does a WAF protect a web application?

A:​
A Web Application Firewall (WAF) protects web applications from attacks like SQL Injection,
Cross-Site Scripting (XSS), and CSRF by filtering and monitoring HTTP traffic.

Q3: What is a VPC, and why is it used?

A:​
A Virtual Private Cloud (VPC) is an isolated cloud network that provides security,
segmentation, and control over networking configurations. It enables private subnets, security
groups, and network ACLs for secure resource deployment.

2. Linux Commands

Q4: What is the difference between ifconfig and ip?

A:

●​ ifconfig: Legacy command for configuring network interfaces (deprecated).

●​ ip: Modern alternative for managing network configurations.

Q5: How does traceroute work?

A:​
traceroute identifies the path packets take to reach a destination by sending packets with
incrementing TTL values and listening for ICMP "Time Exceeded" responses.

Q6: What does ls -al do?

A:​
Lists all files (-a for hidden files) in long format (-l) with permissions, ownership, size, and
modification date.

3. Python Code Snippet (Find Max Element)

Q7: How do you find the maximum element in a Python list?

A:

python
CopyEdit
numbers = [3, 8, 2, 10, 5]
max_value = max(numbers)
print("Maximum number:", max_value)

4. Git Commands & Repository

Q8: How do you create a new Git repository?

A:

bash
CopyEdit
git init

Q9: What is the difference between git pull and git fetch?

A:

●​ git pull: Fetches and merges remote changes.

●​ git fetch: Only downloads remote changes without merging.

5. SQL Query
Q10: Write an SQL query to find the second highest salary.

A:

sql
CopyEdit
SELECT MAX(salary) AS second_highest_salary
FROM employees
WHERE salary < (SELECT MAX(salary) FROM employees);

6. Cyber Kill Chain

Q11: What are the seven stages of the Cyber Kill Chain?

A:

1.​ Reconnaissance – Gathering information about the target.

2.​ Weaponization – Creating malware or exploit.
3.​ Delivery – Sending the payload via phishing, USB, etc.
4.​ Exploitation – Executing the malicious code.
5.​ Installation – Gaining persistence on the system.
6.​ Command & Control (C2) – Attacker communicates with the infected system.
7.​ Actions on Objectives – Data theft, destruction, or other malicious activities.

7. Common Attacks and Mitigations

Q12: How do you prevent SQL injection?

A:

●​ Use prepared statements and parameterized queries.

●​ Validate and sanitize user inputs.
●​ Implement WAF to detect and block attacks.

Q13: What is the difference between XSS and CSRF?

A:

●​ XSS: Injects malicious scripts into web pages to steal data.

 ●​ CSRF: Tricks users into performing unwanted actions on authenticated websites.

8. Spoofing and Sniffing

Q14: What is the difference between IP spoofing and ARP spoofing?

A:

●​ IP Spoofing: Faking an IP address to bypass security measures.

●​ ARP Spoofing: Sending fake ARP messages to associate attacker’s MAC address with
a target IP.

Q15: What is network sniffing, and how can it be prevented?

A:​
Sniffing captures network traffic to steal sensitive data. Prevention methods include:

●​ Using encryption (TLS, VPN)

●​ Deploying IDS/IPS
●​ Using switches instead of hubs

9. Encryption and Hashing

Q16: What is the difference between symmetric and asymmetric
encryption?

A:

●​ Symmetric Encryption: Uses a single key (e.g., AES).

●​ Asymmetric Encryption: Uses a public-private key pair (e.g., RSA).

Q17: What is the difference between encryption and hashing?

A:

●​ Encryption: Reversible process used for confidentiality.

●​ Hashing: Irreversible process used for integrity (e.g., SHA-256).
10. Digital Certificate and Digital Signature
Q18: What is a digital certificate?

A:​
A digital certificate verifies the identity of an entity and is issued by a Certificate Authority
(CA).

Q19: How does a digital signature ensure authenticity?

A:​
A digital signature uses asymmetric encryption (private key for signing, public key for
verification) to ensure integrity and non-repudiation.

11. Complete Request Process (www.google.com)

Q20: Explain the complete process when you enter www.google.com in a
browser.

A:

1.​ DNS Resolution – Translates domain to IP address.

2.​ TCP Handshake – Establishes connection with Google’s server.
3.​ TLS Handshake – If HTTPS is used, encryption is established.
4.​ HTTP Request – Browser sends GET request.
5.​ Server Response – Google sends the requested page.
6.​ Rendering – Browser renders the webpage.

12. DDoS Attack and Its Mitigation

Q21: How do you mitigate a DDoS attack?

A:

●​ Rate limiting
●​ Traffic filtering (WAF, IDS/IPS)
●​ CDN and load balancers
●​ Anycast routing
13. Protecting Web Applications from Attacks
Q22: How do you protect a web application?

A:

●​ Input validation & sanitization

●​ Using WAF & CSP (Content Security Policy)
●​ Secure authentication & access control
●​ Regular security patching

14. Protecting Networks from Attacks

Q23: How do you secure a network?

A:

●​ Firewalls & IDS/IPS

●​ Network segmentation (VLANs, subnets)
●​ Secure VPN & encryption
●​ Regular vulnerability assessments

15. Single Sign-On (SSO)

Q24: What is SSO and how does it work?

A:​
Single Sign-On (SSO) allows users to log in once and access multiple applications without
re-entering credentials. It works using OAuth, SAML, or OpenID Connect.

16. VLAN, VTP, and Trunking Protocols

Q25: What is VLAN and its purpose?
A:​
A VLAN (Virtual LAN) logically segments a network to improve security and performance.

Q26: What is VTP?

A:​
VLAN Trunking Protocol (VTP) propagates VLAN configurations across switches in a network.

17. IP Classes
Q27: What are the five IP classes?

A:

●​ Class A: 1.0.0.0 – 126.0.0.0

●​ Class B: 128.0.0.0 – 191.255.0.0
●​ Class C: 192.0.0.0 – 223.255.255.0
●​ Class D: 224.0.0.0 – 239.255.255.255 (Multicast)
●​ Class E: 240.0.0.0 – 255.255.255.255 (Experimental)

18. OSI Model

Q1: What are the 7 layers of the OSI model?

A: The OSI (Open Systems Interconnection) model has the following layers:

Layer No. Layer Name Function

7 Application End-user interface (HTTP, SMTP, FTP)

6 Presentatio Data formatting, encryption, compression

n

5 Session Manages sessions/connections between applications

4 Transport Ensures reliable data transmission (TCP, UDP)

3 Network Handles IP addressing, routing (IP, ICMP)

2 Data Link Manages MAC addresses, error detection (Ethernet,

ARP)
 1 Physical Deals with raw data transmission (Cables, Hubs, Bits)

Q2: What is the difference between TCP/IP and OSI model?

A:

●​ OSI Model: Theoretical model with 7 layers.

●​ TCP/IP Model: Practical model with 4 layers (Application, Transport, Internet, Network
Access).

Q3: At which layer do firewalls operate?

A:

●​ Network Firewalls: Operate at Layer 3 (Network).

●​ Stateful Firewalls: Operate at Layer 4 (Transport).
●​ Web Application Firewalls (WAF): Operate at Layer 7 (Application).

Q4: What is the role of the Transport layer?

A:

●​ Ensures reliable (TCP) or unreliable (UDP) communication.

●​ Manages segmentation, flow control, and error handling.

19. CIA Triad (Confidentiality, Integrity, Availability)

Q5: What is the CIA Triad?

A: The CIA Triad is a fundamental security model consisting of:

1.​ Confidentiality: Ensuring that data is accessible only to authorized users.

○​ Methods: Encryption, Access Control, Multi-Factor Authentication (MFA)
2.​ Integrity: Ensuring that data is not altered or tampered with.
○​ Methods: Hashing (SHA-256, MD5), Digital Signatures, Checksums
3.​ Availability: Ensuring data and resources are available when needed.
○​ Methods: Redundancy, Load Balancing, DDoS Mitigation, Backup Systems
Q6: How does encryption help in the CIA triad?

A: Encryption protects confidentiality by converting plaintext into unreadable ciphertext,

ensuring unauthorized users cannot access sensitive data.

Q7: What are some threats to the CIA Triad?

A:

●​ Confidentiality Threats: Data breaches, phishing, social engineering.

●​ Integrity Threats: Man-in-the-middle attacks, data tampering.
●​ Availability Threats: DDoS attacks, hardware failures, ransomware.
1. Cybersecurity Fundamentals
Q1: What is the difference between a vulnerability, threat, and risk?

A:

●​ Vulnerability: A weakness in a system (e.g., unpatched software).

●​ Threat: A potential attack that could exploit a vulnerability (e.g., malware).
●​ Risk: The likelihood and impact of a threat exploiting a vulnerability.

Q2: What is the difference between authentication and authorization?

A:

●​ Authentication: Verifies who you are (e.g., username/password, biometrics).

●​ Authorization: Grants access based on permissions (e.g., user roles in a system).

2. Networking & Security

Q3: What is the difference between a hub, switch, and router?

A:

●​ Hub: Broadcasts data to all connected devices (Layer 1).

●​ Switch: Sends data only to the intended recipient (Layer 2).
●​ Router: Directs data between different networks (Layer 3).

Q4: What is NAT (Network Address Translation), and why is it used?

A:​
NAT translates private IP addresses into a public IP to enable devices in a private network to
access the internet. It helps conserve IPv4 addresses.

Q5: What is a DMZ in network security?

A:​
A DMZ (Demilitarized Zone) is a network segment between an internal network and the public
internet that hosts public-facing services (e.g., web servers) while reducing risk to the internal
network.

3. Linux & System Administration

Q6: What is the difference between hard links and soft links in Linux?

A:

●​ Hard Link: Direct reference to the same inode as the original file (remains even if the
original file is deleted).
●​ Soft Link (Symbolic Link): A pointer to another file’s location (breaks if the original file
is deleted).

Q7: How do you check system resource usage in Linux?

A:

●​ top or htop – Show CPU/memory usage.

●​ free -m – Check memory usage.
●​ df -h – Show disk space usage.
●​ iostat – Monitor CPU and I/O usage.

Q8: What is the difference between cron and systemd timers?

A:

●​ Cron: Traditional task scheduler that runs jobs based on a specific schedule.
●​ Systemd Timers: Modern alternative, integrated with systemd, offering better logging
and flexibility.

4. Encryption & Cryptography

Q9: What is the difference between a private key and a public key?

A:

●​ Private Key: Kept secret, used for decryption (asymmetric) or both encryption and
decryption (symmetric).
●​ Public Key: Shared publicly, used for encryption in asymmetric cryptography (e.g.,
RSA).

Q10: What is a hash collision?

A:​
A hash collision occurs when two different inputs produce the same hash value. This can be a
security risk in hashing algorithms like MD5 and SHA-1.

5. DevOps & CI/CD

Q11: What is Infrastructure as Code (IaC)?

A:​
IaC is the practice of managing infrastructure using code instead of manual processes (e.g.,
Terraform, Ansible, CloudFormation).

Q12: What is the difference between Continuous Integration (CI) and

Continuous Deployment (CD)?

A:

●​ CI (Continuous Integration): Automates testing and merging code changes.

●​ CD (Continuous Deployment): Automates deploying code changes to production.

Q13: What is a container, and how does it differ from a virtual machine
(VM)?

A:
 ●​ Container: Lightweight, shares the host OS kernel (e.g., Docker).
●​ VM: Runs a full OS on a hypervisor, with separate system resources.

6. Cyber Threats & Mitigations

Q14: What is social engineering, and how can it be prevented?

A:​
Social engineering is manipulating people to gain unauthorized access (e.g., phishing,
pretexting). Prevention methods include:

●​ Security awareness training

●​ Multi-Factor Authentication (MFA)
●​ Email filtering

Q15: What is the difference between a brute-force attack and a dictionary

attack?

A:

●​ Brute-Force Attack: Tries every possible password combination.

●​ Dictionary Attack: Uses a list of commonly used passwords.

7. Web Security
Q16: What are HTTP security headers, and why are they important?

A:​
HTTP security headers protect web applications from attacks. Examples:

●​ Content-Security-Policy (CSP): Prevents XSS attacks.

●​ Strict-Transport-Security (HSTS): Enforces HTTPS.
●​ X-Frame-Options: Prevents clickjacking.

Q17: What is Same-Origin Policy (SOP), and why is it important?

A:​
SOP restricts web pages from accessing resources from different origins to prevent malicious
scripts from stealing sensitive data.

8. Identity & Access Management (IAM)

Q18: What are the principles of least privilege (PoLP)?

A:​
PoLP ensures users and systems have the minimum required permissions to perform their
tasks, reducing the risk of security breaches.

Q19: What is the difference between RBAC and ABAC?

A:

●​ RBAC (Role-Based Access Control): Assigns permissions based on user roles.

●​ ABAC (Attribute-Based Access Control): Grants access based on attributes (e.g.,
time, location, device type).

9. Cloud Security
Q20: What are shared responsibility models in cloud security?

A:​
Cloud security is a shared responsibility between the cloud provider and the customer:

●​ Cloud Provider: Manages hardware, networking, and security of the cloud

infrastructure.
●​ Customer: Secures applications, data, and user access.

Q21: What are the main types of cloud computing?

A:
 ●​ IaaS (Infrastructure as a Service): Provides virtual machines, storage (AWS EC2,
Azure VM).
●​ PaaS (Platform as a Service): Provides managed runtime environments (AWS Elastic
Beanstalk).
●​ SaaS (Software as a Service): Provides complete applications (Google Workspace,
Office 365).

10. Incident Response & Logging

Q22: What are the steps in an incident response process?

A:

1.​ Preparation – Define security policies and tools.

2.​ Identification – Detect the incident.
3.​ Containment – Limit the impact.
4.​ Eradication – Remove the threat.
5.​ Recovery – Restore systems.
6.​ Lessons Learned – Analyze and improve.

Q23: What is SIEM, and how does it help in cybersecurity?

A:​
SIEM (Security Information and Event Management) collects and analyzes logs from
different sources to detect security threats in real-time.

11. Digital Forensics

Q24: What is chain of custody in digital forensics?

A:​
Chain of custody refers to documenting how digital evidence is collected, handled, and stored
to ensure its integrity in legal proceedings.

Q25: What are the three main types of digital evidence?

A:

1.​ Volatile Evidence: Data stored in RAM, lost on power-off.

2.​ Non-Volatile Evidence: Hard drives, logs, files.
3.​ Network Evidence: Packet captures, firewall logs.
1. Cybersecurity Fundamentals
Q1: What is Zero Trust Security?

A: Zero Trust Security is a model where no one is trusted by default, whether inside or outside
the network. It requires:

●​ Continuous authentication and authorization.

●​ Least privilege access control.
●​ Strict network segmentation and micro-segmentation.

Q2: What is the difference between an attack vector and an attack surface?

A:

●​ Attack Vector: The method used by attackers to exploit a vulnerability (e.g., phishing,
SQL injection).
●​ Attack Surface: The total number of points where an attacker can try to enter a system
(e.g., open ports, weak passwords).

2. Networking & Security

Q3: What is the difference between TCP and UDP?

A:

●​ TCP (Transmission Control Protocol): Connection-oriented, reliable, used for

applications like web browsing and email.
●​ UDP (User Datagram Protocol): Connectionless, faster but less reliable, used for video
streaming and VoIP.

Q4: What is the purpose of an ARP table?

A:​
The ARP (Address Resolution Protocol) table maps IP addresses to MAC addresses within
a local network. It helps devices communicate by translating network-layer addresses to
physical addresses.
Q5: What is BGP, and why is it important?

A:​
BGP (Border Gateway Protocol) is a routing protocol used to exchange routing information
between different autonomous systems (AS) on the internet. It ensures efficient and scalable
internet routing.

3. Linux & System Administration

Q6: What is the difference between a process and a thread?

A:

●​ Process: A running instance of a program with its own memory space.

●​ Thread: A lightweight sub-process that shares the same memory space with other
threads of the same process.

Q7: How do you find open ports in Linux?

A:

Using netstat:​
bash​
CopyEdit​
netstat -tulnp

●​

Using ss:​
bash​
CopyEdit​
ss -tulnp

●​

Using nmap:​
bash​
CopyEdit​
nmap -p- <IP_address>

●​

Q8: What is the difference between /etc/passwd and /etc/shadow?

A:

●​ /etc/passwd: Stores user account information (username, UID, GID, home directory).
●​ /etc/shadow: Stores encrypted passwords and password policies.

4. Encryption & Cryptography

Q9: What is a salt in password hashing?

A:​
A salt is a random string added to a password before hashing to prevent rainbow table
attacks.

Q10: What is the difference between AES and RSA?

A:

●​ AES (Advanced Encryption Standard): Symmetric encryption, used for encrypting

data at rest (fast).
●​ RSA (Rivest-Shamir-Adleman): Asymmetric encryption, used for key exchange and
digital signatures (slower).

5. DevOps & CI/CD

Q11: What is the purpose of a reverse proxy?

A:​
A reverse proxy sits between clients and backend servers, providing:
 ●​ Load balancing.
●​ SSL termination.
●​ Caching for better performance.

Examples: NGINX, HAProxy, Apache Reverse Proxy.

Q12: What is Blue-Green Deployment?

A:​
Blue-Green Deployment is a strategy where two identical environments are maintained:

●​ Blue (Current Production): Handles live traffic.

●​ Green (New Version): Tested separately before switching over to production.

Q13: What is a Kubernetes Pod?

A:​
A Pod is the smallest deployable unit in Kubernetes, containing one or more containers that
share storage and network resources.

6. Cyber Threats & Mitigations

Q14: What is the difference between ransomware and spyware?

A:

●​ Ransomware: Encrypts data and demands payment for decryption.

●​ Spyware: Secretly monitors user activities and collects sensitive information.

Q15: What is session hijacking, and how can it be prevented?

A:​
Session hijacking occurs when an attacker steals a valid user session to gain unauthorized
access. Prevention:

●​ Use HTTP-only and secure cookies.

●​ Implement Multi-Factor Authentication (MFA).
 ●​ Enable session timeouts and re-authentication.

7. Web Security
Q16: What is a Clickjacking attack?

A:​
Clickjacking tricks users into clicking hidden UI elements.​
Mitigation:

●​ Implement X-Frame-Options: DENY in HTTP headers.

●​ Use frame-busting scripts.

Q17: What is a race condition vulnerability?

A:​
A race condition occurs when two processes access shared resources simultaneously, leading
to unexpected behavior or security vulnerabilities.

Example: TOCTOU (Time-of-Check to Time-of-Use) attacks.

8. Identity & Access Management (IAM)

Q18: What is a Kerberos authentication system?

A:​
Kerberos is a network authentication protocol that uses tickets to allow secure communication
over an untrusted network.

It prevents password transmission over the network.

Q19: What is an OAuth token?

A:​
OAuth tokens grant access to a user's data without exposing their password. Used in SSO
(Single Sign-On) and API authentication.
Example: OAuth is used in Google and Facebook login systems.

9. Cloud Security
Q20: What is the difference between public, private, and hybrid clouds?

A:

●​ Public Cloud: Managed by cloud providers (AWS, Azure, GCP).

●​ Private Cloud: Hosted privately for a single organization.
●​ Hybrid Cloud: Combination of both, balancing security and flexibility.

Q21: What are security risks in cloud computing?

A:

●​ Misconfigured storage buckets (e.g., S3 bucket leaks).

●​ Insecure APIs leading to unauthorized access.
●​ Lack of access control resulting in data breaches.

10. Digital Forensics & Incident Response

Q22: What is volatile vs. non-volatile data in forensics?

A:

●​ Volatile Data: Exists in RAM, lost on power-off (e.g., running processes, open network
connections).
●​ Non-Volatile Data: Stored on disks, survives reboots (e.g., log files, emails).

Q23: What is steganography?

A:​
Steganography is hiding information inside other files (e.g., images, audio) to evade detection.

Example: Hiding text in an image using LSB (Least Significant Bit) encoding.
11. Security Logging & Monitoring
Q24: What is an IDS false positive and false negative?

A:

●​ False Positive: Legitimate activity flagged as an attack.

●​ False Negative: Malicious activity not detected.

Tuning IDS rules reduces false positives while maintaining detection accuracy.

Q25: What are common log sources for security monitoring?

A:

●​ System Logs: /var/log/syslog, /var/log/auth.log.

●​ Network Logs: Firewall logs, IDS/IPS alerts.
●​ Application Logs: Web server logs (access.log, error.log).