Interview Questions

Question 1

What is Cryptography?

Answer 1

Cryptography is the practice and study of techniques for securing information and communication mainly to protect the data from third parties that the data is not intended for.

Question 2

What is the difference between Symmetric and Asymmetric encryption?

Answer 2

Symmetric encryption uses a single key that needs to be shared among the people who need to receive the message while asymmetric encryption uses a pair of public key and a private key to encrypt and decrypt messages when communicating.

Question 3

What is the difference between IDS and IPS?

Answer 3

IDS is Intrusion Detection System and it only detects intrusions and the administrator has to take care of preventing the intrusion. Whereas, in IPS i.e., Intrusion Prevention System, the system detects the intrusion and also takes actions to prevent the intrusion.

Question 4

Explain CIA triad.

Answer 4

CIA stands for Confidentiality, Integrity, and Availability. CIA is a model that is designed to guide policies for Information Security. It is one of the most popular models used by organizations.

Confidentiality - The information should be accessible and readable only to authorized personnel.

Integrity - Making sure the data has not been modified by an unauthorized entity.

Availability - The data should be available to the user whenever the user requires it.

Question 5

How is Encryption different from Hashing?

Answer 5

Both Encryption and Hashing are used to convert readable data into an unreadable format. The difference is that the encrypted data can be converted back to original data by the process of decryption but the hashed data cannot be converted back to original data.

Question 6

What is a Firewall and why is it used?

Answer 6

A Firewall is a network security system set on the boundaries of the system/network that monitors and controls network traffic. Firewalls are mainly used to protect the system/network from viruses, worms, malware, etc. Firewalls can also be to prevent remote access and content filtering.

Question 7

What is the difference between VA(Vulnerability Assessment) and PT(Penetration Testing)?

Answer 7

Vulnerability Assessment is the process of finding flaws on the target. Here, the organization knows that their system/network has flaws or weaknesses and want to find these flaws and prioritize the flaws for fixing.

Penetration Testing is the process of finding vulnerabilities on the target. In this case, the organization would have set up all the security measures they could think of and would want to test if there is any other way that their system/network can be hacked.

Question 8

What is a three-way handshake?

Answer 8

A three-way handshake is a method used in a TCP/IP network to create a connection between a host and a client. It’s called a three-way handshake because it is a three-step method in which the client and server exchanges packets. The three steps are as follows:

1. The client sends a SYN(Synchronize) packet to the server check if the server is up or has open ports
2. The server sends SYN-ACK packet to the client if it has open ports
3. The client acknowledges this and sends an ACK(Acknowledgment) packet back to the server

Question 9

What are the response codes that can be received from a Web Application?

Answer 9

1xx – Informational responses
2xx – Success
3xx – Redirection
4xx – Client-side error
5xx – Server-side error

Question 10

What is traceroute? Why is it used?

Answer 10

Traceroute is a tool that shows the path of a packet. It lists all the points (mainly routers) that the packet passes through. This is used mostly when the packet is not reaching its destination. Traceroute is used to check where the connection stops or breaks to identify the point of failure.

Question 11

What is the difference between HIDS and NIDS?

Answer 11

HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for the same purpose i.e., to detect the intrusions. The only difference is that the HIDS is set up on a particular host/device. It monitors the traffic of a particular device and suspicious system activities. On the other hand, NIDS is set up on a network. It monitors traffic of all device of the network.

Question 12

What are the steps to set up a firewall?

Answer 12

Following are the steps to set up a firewall:

1. Username/password: modify the default password for a firewall device
2. Remote administration: Disable the feature of the remote administration
3. Port forwarding: Configure appropriate port forwarding for certain applications to work properly, such as a web server or FTP server
4. DHCP server: Installing a firewall on a network with an existing DHCP server will cause conflict unless the firewall’s DHCP is disabled
5. Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is enabled and understand how to view logs
6. Policies: You should have solid security policies in place and make sure that the firewall is configured to enforce those policies.

Question 13

Explain SSL Encryption

Answer 13

SSL(Secure Sockets Layer) is the industry-standard security technology creating encrypted connections between Web Server and a Browser. This is used to maintain data privacy and to protect the information in online transactions. The steps for establishing an SSL connection is as follows:

1. A browser tries to connect to the webserver secured with SSL
2. The browser sends a copy of its SSL certificate to the browser
3. The browser checks if the SSL certificate is trustworthy or not. If it is trustworthy, then the browser sends a message to the web server requesting to establish an encrypted connection
4. The web server sends an acknowledgment to start an SSL encrypted connection
5. SSL encrypted communication takes place between the browser and the web server

Question 14

What steps will you take to secure a server?

Answer 14

Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and decryption to protect data from unauthorized interception.

Here are four simple ways to secure server:

Step 1: Make sure you have a secure password for your root and administrator users

Step 2: The next thing you need to do is make new users on your system. These will be the users you use to manage the system

Step 3: Remove remote access from the default root/administrator accounts

Step 4: The next step is to configure your firewall rules for remote access

Question 15

Explain Data Leakage

Answer 15

Data Leakage is an intentional or unintentional transmission of data from within the organization to an external unauthorized destination. It is the disclosure of confidential information to an unauthorized entity. Data Leakage can be divided into 3 categories based on how it happens:

1. Accidental Breach: An entity unintentionally send data to an unauthorized person due to a fault or a blunder
2. Intentional Breach: The authorized entity sends data to an unauthorized entity on purpose
3. System Hack: Hacking techniques are used to cause data leakage.

Data Leakage can be prevented by using tools, software, and strategies known as DLP(Data Leakage Prevention) Tools.

Question 16

What are some of the common Cyberattacks?

Answer 16

Following are some common cyber attacks that could adversely affect your system.

1. Malware
2. Phishing
3. Password Attacks
4. DDoS
5. Man in the Middle
6. Drive-By Downloads
7. Malvertising
8. Rogue Software

Question 17

What is a Brute Force Attack? How can you prevent it?

Answer 17

Brute Force is a way of finding out the right credentials by repetitively trying all the permutations and combinations of possible credentials. In most cases, brute force attacks are automated where the tool/software automatically tries to login with a list of credentials. There are various ways to prevent Brute Force attacks. Some of them are:

1. Password Length: You can set a minimum length for password. The lengthier the password, the harder it is to find.
2. Password Complexity: Including different formats of characters in the password makes brute force attacks harder. Using alpha-numeric passwords along with special characters, and upper and lower case characters increase the password complexity making it difficult to be cracked.
3. Limiting Login Attempts: Set a limit on login failures. For example, you can set the limit on login failures as 3. So, when there are 3 consecutive login failures, restrict the user from logging in for some time, or send an Email or OTP to use to log in the next time. Because brute force is an automated process, limiting login attempts will break the brute force process.

Question 18

What is Port Scanning?

Answer 18

Port Scanning is the technique used to identify open ports and service available on a host. Hackers use port scanning to find information that can be helpful to exploit vulnerabilities. Administrators use Port Scanning to verify the security policies of the network. Some of the common Port Scanning Techniques are:

1. Ping Scan
2. TCP Half-Open
3. TCP Connect
4. UDP
5. Stealth Scanning

Question 19

What are the different layers of the OSI model?

Answer 19

1. Physical Layer: Responsible for transmission of digital data from sender to receiver through the communication media,
2. Data Link Layer: Handles the movement of data to and from the physical link. It is also responsible for encoding and decoding of data bits.
3. Network Layer: Responsible for packet forwarding and providing routing paths for network communication.
4. Transport Layer: Responsible for end-to-end communication over the network. It splits the data from the above layer and passes it to the Network Layer and then ensures that all the data has successfully reached at the receiver’s end.
5. Session Layer: Controls connection between the sender and the receiver. It is responsible for starting, ending, and managing the session and establishing, maintaining and synchronizing interaction between the sender and the receiver.
6. Presentation Layer: It deals with presenting the data in a proper format and data structure instead of sending raw datagrams or packets.
7. Application Layer: It provides an interface between the application and the network. It focuses on process-to-process communication and provides a communication interface.

Question 20

What is a VPN?

Answer 20

Almost all Cybersecurity Interview Questions will have this question included. VPN stands for Virtual Private Network. It is used to create a safe and encrypted connection. When you use a VPN, the data from the client is sent to a point in the VPN where it is encrypted and then sent through the internet to another point. At this point, the data is decrypted and sent to the server. When the server sends a response, the response is sent to a point in the VPN where it is encrypted and this encrypted data is sent to another point in the VPN where it is decrypted. And finally, the decrypted data is sent to the client. The whole point of using a VPN is to ensure encrypted data transfer.

Question 21

What do you understand by Risk, Vulnerability & Threat in a network?

Answer 21

1. Threat: Someone with the potential to harm a system or an organization.
2. Vulnerability: Weakness in a system that can be exploited by a potential hacker.
3. Risk: Potential for loss or damage when threat exploits a vulnerability.

Question 22

How can identity theft be prevented?

Answer 22

Here’s what you can do to prevent identity theft:

• Ensure strong and unique password.
• Avoid sharing confidential information online, especially on social media.
• Shop from known and trusted websites.
• Use the latest version of the browsers.
• Install advanced malware and spyware tools.
• Use specialized security solutions against financial data.
• Always update your system and the software.
• Protect your SSN (Social Security Number).

Question 23

What are black hat, white hat and grey hat hackers?

Answer 23

Black hat hackers are known for having vast knowledge about breaking into computer networks. They can write malware which can be used to gain access to these systems. This type of hackers misuse their skills to steal information or use the hacked system for malicious purpose.

White hat hackers use their powers for good deeds and so they are also called Ethical Hackers. These are mostly hired by companies as a security specialist that attempts to find and fix vulnerabilities and security holes in the systems. They use their skills to help make the security better.

Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look for system vulnerabilities without the owner’s permission. If they find any vulnerabilities, they report it to the owner. Unlike Black hat hackers, they do not exploit the vulnerabilities found.

Question 24

How often should you perform Patch management?

Answer 24

Patch management should be done as soon as it is released. For windows, once the patch is released it should be applied to all machines, not later than one month. Same goes for network devices, patch it as soon as it is released. Proper patch management should be followed.

Question 25

How would you reset a password-protected BIOS configuration?

Answer 25

Since BIOS is a pre-boot system it has its own storage mechanism for settings and preferences. A simple way to reset is by popping out the CMOS battery so that the memory storing the settings lose its power supply and as a result, it will lose its setting.

Question 26

Explain MITM (man-in-the-middle) attack and how to prevent it?

Answer 26

A MITM(Man-in-the-Middle) attack is a type of attack where the hacker places himself in between the communication of two parties and steal the information. Suppose there are two parties A and B having a communication. Then the hacker joins this communication. He impersonates as party B to A and impersonates as party A in front of B. The data from both the parties are sent to the hacker and the hacker redirects the data to the destination party after stealing the data required. While the two parties think that they are communicating with each other, in reality, they are communicating with the hacker. You can prevent MITM attack by using the following practices: 1. Use VPN 2. Use strong WEP/WPA encryption 3. Use Intrusion Detection Systems 4. Force HTTPS 5. Public Key Pair Based Authentication

Question 27

Explain DDOS attack and how to prevent it?

Answer 27

This again is an important Cybersecurity Interview Question. A DDOS(Distributed Denial of Service) attack is a cyberattack that causes the servers to refuse to provide services to genuine clients. DDOS attack can be classified into two types: 1. Flooding attacks: In this type, the hacker sends a huge amount of traffic to the server which the server can not handle. And hence, the server stops functioning. This type of attack is usually executed by using automated programs that continuously send packets to the server. 2. Crash attacks: In this type, the hackers exploit a bug on the server resulting in the system to crash and hence the server is not able to provide service to the clients. You can prevent DDOS attacks by using the following practices: - Use Anti-DDOS services - Configure Firewalls and Routers - Use Front-End Hardware - Use Load Balancing - Handle Spikes in Traffic

Question 28

Explain XSS attack and how to prevent it?

Answer 28

XSS(Cross-Site Scripting) is a cyberattack that enables hackers to inject malicious client-side scripts into web pages. XSS can be used to hijack sessions and steal cookies, modify DOM, remote code execution, crash the server etc. You can prevent XSS attacks by using the following practices: - Validate user inputs - Sanitize user inputs - Encode special characters - Use Anti-XSS services/tools - Use XSS HTML Filter

Question 29

What is an ARP and how does it work?

Answer 29

Address Resolution Protocol (ARP)is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network. When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address. The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the machine. If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it.

Question 30

What is port blocking within LAN?

Answer 30

Restricting the users from accessing a set of services within the local area network is called port blocking. Stopping the source to not to access the destination node via ports. As the application works on the ports, so ports are blocked to restricts the access filling up the security holes in the network infrastructure.

Question 31

What protocols fall under TCP/IP internet layer?

Answer 31

5. Application - NFS, NIS+, DNS, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, SNMP and others 4. Transport - TCP, UDP 3. Internet - IP, ARP, ICMP 2. Data Link - PPP, IEEE 802.2 1. Physical Network - Ethernet (IEEE 802.3) Token ring, RS-232, others

Question 32

What is a Botnet?

Answer 32

A Botnet is a number of devices connected to the internet where each device has one or more bots running on it. The bots on the devices and malicious scripts used to hack a victim. Botnets can be used to steal data, send spams and execute a DDOS attack.

Question 33

What are salted hashes?

Answer 33

Salt is a random data. When a properly protected password system receives a new password, it creates a hash value of that password, a random salt value, and then the combined value is stored in its database. This helps to defend against dictionary attacks and known hash attacks. Example: If someone uses the same password on two different systems and they are being used using the same hashing algorithm, the hash value would be same, however, if even one of the system uses salt with the hashes, the value will be different.

Question 34

Explain SSL and TLS

Answer 34

SSL is meant to verify the sender’s identity but it doesn’t search for anything more than that. SSL can help you track the person you are talking to but that can also be tricked at times. TLS is also an identification tool just like SSL, but it offers better security features. It provides additional protection to the data and hence SSL and TLS are often used together for better protection.

Question 35

What is data protection in transit vs data protection at rest?

Answer 35

Data Protection in transit: - When data is going from server to client. - Effective Data protection measures for in-transit data are critical as data is less secure when in motion. Data protection at rest: - When data just exists in its database or on its hard drive. - Data at rest is sometimes considered to be less vulnerable than data in transit.

Question 36

What is 2FA and how can it be implemented for public websites?

Answer 36

An extra layer of security that is known as “multi-factor authentication“. Requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token. Authenticator apps replace the need to obtain a verification code via text, voice call or email.

Question 37

What is Cognitive Cyber security?

Answer 37

Cognitive Cybersecurity is an application of AI technologies patterned on human thought processes to detect threats and protect physical and digital systems. Self-learning security systems use data mining, pattern recognition, and natural language processing to simulate the human brain, albeit in a high-powered computer model.

Question 38

What is the difference between VPN and VLAN?

Answer 38

VPNs provide authorized users and employees with secure connections to their organizations' networks, while VLANs group geographically separate devices together to improve communication among the devices and simplify how network administrators make changes to network infrastructure.

Question 39

Explain Phishing and how to prevent it?

Answer 39

Phishing is a Cyberattack in which a hacker disguises as a trustworthy person or business and attempt to steal sensitive financial or personal information through fraudulent email or instant message. You can prevent Phishing attacks by using the following practices: - Don’t enter sensitive information in the webpages that you don’t trust - Verify the site’s security - Use Firewalls - Use AntiVirus Software that has Internet Security - Use Anti-Phishing Toolbar

Question 40

Explain SQL Injection and how to prevent it?

Answer 40

SQL Injection (SQLi) is a code injection attack where an attacker manipulates the data being sent to the server to execute malicious SQL statements to control a web application’s database server, thereby accessing, modifying and deleting unauthorized data. This attack is mainly used to take over database servers. You can prevent SQL Injection attacks by using the following practices: - Use prepared statements - Use Stored Procedures - Validate user input

Question 41

What Do You Mean by Cybersecurity?

Answer 41

Cybersecurity is the protection of critical systems and sensitive information from digital security threats. The field of cybersecurity encompasses infrastructure security, network security, cloud security, and application security. Cybersecurity protocols are responsible for preventing security breaches that could compromise an organization’s data and infrastructure. Cybersecurity encompasses security engineering and architecture, incident response, consulting, testing, and ethical hacking.

Question 42

What Does a Cybersecurity Analyst Do?

Answer 42

Cybersecurity analysts strive to preserve the integrity of sensitive data by defending infrastructure and systems from cyberattacks. To protect these assets, cybersecurity analysts evaluate system vulnerabilities through diagnostic testing and traffic monitoring. Based on the results of these assessments, cybersecurity analysts design and implement risk management strategies. Cybersecurity analysts also respond to cyber attacks, conduct forensic analysis of previous cyber incidents, and work to ensure organizational compliance with relevant security standards and protocols.

Question 43

What Are the Most Required Cybersecurity Skills?

Answer 43

Cybersecurity professionals must have a strong command of the technical skills necessary to build secure networks, diagnose and resolve security issues, and implement risk management solutions. These skills include reverse engineering, application design, firewall administration, encryption, and ethical hacking.