Amazon General Cybersecurity Interview Questions Flashcards
How do you ensure that a server is secure?
using SSH (Secure Shell) Protocol, and as SSH access encrypts data transmissions. SSH uses port 22 by default, which is common knowledge to hackers—so use port numbers between 1024 and 32,767 to reduce the risk of attack. You should also authenticate an SSH server using SSH keys instead of a traditional password. To secure web administration areas, deploy a Secure Socket Layer (SSL) to safeguard server-client and server-server communications via the internet. Intrusion prevention software, firewalls, password requirements, and user management tactics can help maintain server security.
How do you differentiate between symmetric and asymmetric encryption?
Symmetric encryption uses the same key for both encryption and decryption processes, while asymmetric encryption uses different keys, namely a public key for encryption and a private key for decryption. Asymmetric encryption provides a higher level of security by enabling secure communication without the need to exchange secret keys.
What is the difference between IDS and IPS?
IDS or Intrusion Detection System just detects intrusions. The administrator needs to act to prevent the intrusion. IPS or Intrusion Prevention System detects the intrusion and takes action to prevent it.
What Is the CIA Triad?
Confidentiality, Integrity, and Availability, or CIA for short, is one of the most popular models among organizations to guide Information Security policies.
What is the difference between HIDS and NIDS?
HIDS or Host IDS and NIDS or Network IDS are both Intrusion Detection Systems. The key difference is that while the HIDS is set up on a particular host or device and monitors the traffic and suspicious system activities of a specific device, NIDS is set up on a network and monitors the traffic of all network devices.
What Is SSL encryption?
SSL (Secure Sockets Layer) encryption serves to create a secure internet connection. SSL encryption protects client-client, server-server, and client-server connections, circumventing unauthorized parties from monitoring or tampering with data transmitted online. An updated protocol called TLS (Transport Layer Security) encryption has replaced SSL encryption as the standard security certificate.
What do you mean by port scanning?
Port scanning is a procedure for identifying open ports and services obtainable on a specific host. Hackers use port scanning methods to find information for malicious purposes.
Explain a brute force attack along with the steps to prevent it.
A brute force attack is an attempt to gain unauthorized access to a system by systematically trying all possible combinations of passwords or encryption keys. It can be prevented by enforcing strong password policies, implementing account lockout mechanisms, and using multi-factor authentication
Explain the OSI Model.
The Open Systems Interconnection (OSI) model is a conceptual structure that standardizes the communication system’s functions into seven layers.
The layers are Physical, Application, Data Link, Transport, Presentation, Session, and Network.
What is identity theft? Can you prevent it?
Identity theft occurs when an attacker uses a target’s private data to impersonate or steal from them. Methods of identity theft prevention include basic cybersecurity best practices like using robust, frequently updated passwords and adding authentication steps whenever possible.
Black Hat Hackers vs. White Hat Hackers vs. Gray Hat Hackers: Are all illegal?
White hat hackers probe cybersecurity weaknesses to help organizations develop stronger security; black hat hackers are motivated by malicious intent; and Gray hat hackers operate in the nebulous area in between — they’re not malicious, but they’re not always ethical either.
How frequently do you perform patch management?
We do patch management as soon as the patch is released. For windows, the patch should be applied to all machines within a month of its release. For network devices, a patch needs to be added as soon as it is released.
Can you reset a password-protected BIOS configuration?
If you have forgotten one of the passwords that is set in the BIOS, resetting the CMOS or NVRAM helps reset the BIOS to factory default settings and remove the passwords from the BIOS.
What is the difference between Black Box Testing and White Box Testing?
White box testing: A software testing method in which internal structure is known by tester.
Black box testing: It is a software testing method in which the internal structure code is hidden.
What do you mean by phishing? How many types of phishing are there?
Phishing is a cybercrime technique in which attackers disguise fraudulent communications as legitimate or trustworthy in order to steal sensitive data or install malware on a target’s device.
Can be done through voice, text, email
What is forward secrecy?
Forward secrecy is a feature of certain key agreement protocols that generates a unique session key for each transaction. Thanks to forward secrecy, an intruder cannot access data from more than one communication between a client and a server—even if the security of one communication is compromised.
Perfect Forward Secrecy (PFS), also known as forward secrecy, is a style of encryption that enables short-term, private key exchanges between clients and servers. PFS can be found within transport layer security (SSL/TLS) and prevents hackers from decrypting data from other sessions, past or future, even if the private keys used in an individual session are stolen at some point.
What are spyware attacks?
Spyware is a kind of malware that is covertly installed on a targeted device to collect private data. Once installed, the spyware monitors activity and captures sensitive data, later relaying this information back to third-party entities.
Spyware can infiltrate a device when a user visits a malicious website, opens an infected file attachment, or installs a program or application containing spyware.
What is ARP poisoning? Can you explain with an example?
ARP poisoning is a type of cyberattack that aims to interrupt, redirect, or covertly monitor network traffic.
The ARP (address resolution protocol) establishes IP-level connections to new hosts by accepting requests from new devices to join the LAN (local area network) and provides an IP address. The ARP also translates the IP address to a MAC address and sends ARP packet requests to query appropriate MAC addresses to use, which saves time for network administrators.
After sending fabricated ARP packets to link an intruder’s MAC address with an IP of a device already connected to the LAN (known as ARP spoofing), a hacker can initiate ARP poisoning by changing the extant ARP table to contain falsified MAC maps. A successful ARP poisoning will link the attacker’s MAC address with the target’s LAN, rerouting incoming traffic to the attacker.
What do you mean by SQL injection?
A SQL injection is a type of cyberattack that inserts malicious SQL code via input data to manipulate databases. A properly executed SQL injection can read sensitive data stored in the database, modify that data, execute administration operations, or potentially issue operating system commands. This enables attackers to manipulate data, create repudiation problems, destroy data or restrict access to it, disclose all data within the database, and make themselves administrators of the database server.
Explain active reconnaissance.
Active reconnaissance is a type of cyberattack used to gather intelligence about a system’s vulnerabilities. To conduct this kind of reconnaissance, attackers must interact with the target via automated scanning or manual testing with tools like traceroute. While this can be a quick and accurate way to gather information, active reconnaissance is a high-risk, high-reward approach, as direct engagement with a target is more likely to be caught by a firewall or IDS.
How do you differentiate between viruses and worms?
A worm can self-replicate and spread to other computers, while a virus cannot. A virus needs to be sent from one computer to another by a user or via software.
What is SYN/ACK, and how does it work?
part of the tcp three way handshake. Known as the “SYN, SYN-ACK, ACK handshake,” computer A transmits a SYNchronize packet to computer B, which sends back a SYNchronize-ACKnowledge packet to A. Computer A then transmits an ACKnowledge packet to B, and the connection is established.
Write out a Cisco ASA firewall configuration on the whiteboard to allow three networks unfiltered access, 12 networks limited access to different resources on different networks, and eight networks to be blocked altogether.
Configuring a Cisco ASA firewall involves creating Access Control Lists (ACLs) to define what kind of traffic is allowed or blocked.
Unfiltered access for three networks:
access-list acl-out extended permit ip 192.168.1.0 255.255.255.0 any
access-list acl-out extended permit ip 192.168.2.0 255.255.255.0 any
access-list acl-out extended permit ip 192.168.3.0 255.255.255.0 any
Limited access for twelve networks:
access-list acl-out extended permit tcp 192.168.4.0 255.255.255.0 any eq www
Blocked access for eight networks:
access-list acl-out extended deny ip 192.168.12.0 255.255.255.0 any
Do you know what XXE is?
XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data.
