Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Let’s Defend - intervjuprepp > Intervju - Fre > Flashcards

Intervju - Fre Flashcards

(104 cards)

Start Studying
1
Q

HTTP response code?

A

100 - Informational - Initial part has been request has been received
200 - successful - received, understood and accepted
300 - redirection - further action needs to be taken to complete request
400 - client error - request contains bad syntax or cannot be fulfilled
500 - server error - failed to fulfill apparently valid req

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a firewall?

A

A device that allows or blocks the network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Black Hats, White Hats & Grey Hat Hackers

A

Black: enter system without taking owners permission
White: Ethical hackers
Grey: mix of both, but never share information with black hats. but find vulnerabilities without permission of owners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Port scanning is? Example?

A

Method of finding out which ports on a network are open & could be receiving or sending data.

Could also be adversary sending packets to specific ports on a host, anylyzing responses to identify vulnerabilities.

Port scan on company’s server to check if ports like 22 or 3389 (RDP are open)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Firewalls?

A

Block or deny network traffic based on security rules. Incoming and outgoing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerabilities, risk & threat?

A

V: weakness in an information system, sec procedures, internal controls.
R: likelihood of a threat occurring & level of impact on assets
T: any circumstance or event with the potential to adversely impact operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

MITRE Attack - what is?

A

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. (MITRE ATT&C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Could you share some general endpoint security product categories?

A

✔ EDR (Endpoint Detection and Response) – monitoring, threat detection, and response for endpoint devices.

✔ XDR (Extended Detection and Response) – Correlates security data across endpoints, networks, and cloud environments for advanced threat detection.

✔ DLP (Data Loss Prevention) – Prevents unauthorized access, transfer, or leakage of sensitive data through policies and controls.

✔ Antivirus – Detects and removes known malware using signature-based and heuristic scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are HIDS and NIDS?

A

HIDS: HIDS means Host Intrusion Detection System. HIDS is located on each host.
NIDS: NIDS means Network Intrusion Detection System. NIDS is located in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is CIA triad?

A

Confidentiality: Keep data and information confidential and protected. Preventing from unauthorized access.

integrity: Making sure the data doesn’t get tampered. Maintain it reliable and accurate, authentic.

Availability: People as well as systems need access to other systems, network etc. to functioning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AAA

A

AAA is a security framework.

Authentication involves a user providing information about who they are. Users present login credentials that affirm they are who they claim.

Authorization follows authentication, means that a user can be granted privileges to access certain areas of a network or system.

Accounting keeps track of user activity while users are logged in to a network by tracking information such as how long they were logged in, the data they sent or received, their Internet Protocol (IP) address..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Cyber Kill chain?

A

Framework for identifying and preventing intrusions.

Understanding tactics, techniques and procedures from adversary side and what they want to achieve.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Vad ingår i Cyber Kill Chain?

A

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Action on objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a SIEM?

A

Security Information and Event Management (SIEM) is a security solution designed to log events in real-time within an IT environment.

Primary goal of event logging is to identify potential security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Explain True Positive

A

When you for example get an alert, in the SIEM, indicators trigger an alert for a suspicious sign in, and it turns out the account has been compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

False positive?

A

If an alert occurs for something, turned out being no reason for suspect any threat.

The rule can be correct though, but after
Looking into it, there’s no threat.
We also have Benign positive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Port 9001?

A

Tor Network

Layers of nodes, routa den via flera servrar innan den når sin destination

Good to Know: Helps anonymize internet traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Three-Way Handshake?

A

TCP uses a three-way handshake to establish a reliable connection. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other.

The client chooses an initial sequence number, set in the first SYN packet. The server also chooses its own initial sequence number, set in the SYN/ACK packet.

Each side acknowledges each other’s sequence number by incrementing it; this is the acknowledgement number. The use of sequence and acknowledgment numbers allows both sides to detect missing or out-of-order segments.

Once a connection is established, ACKs typically follow for each segment. The connection will eventually end with a RST (reset or tear down the connection) or FIN (gracefully end the connection). (ScienceDirect)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is ARP?

A

(ARP) is a communication protocol

is a layer 2 protocol used to map MAC addresses to IP addresses.

Alt expl:

discovering the MAC address, associated with a given Network Layer address, IP. This mapping is a critical function in the Internet protocol suite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is DHCP?

A

Protocol used on IP networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

The Dynamic Host Configuration Protocol (DHCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Could you share some general network security product names?

A

Firewall
IDS (Intrusion Detection System)
IPS (Intrusion Prevention System)
WAF (Web Application Firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the key difference between IDS and IPS?

A

IDS only detects the traffic but IPS can prevent/block the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How can you protect yourself from Man-in-the-middle (on-path) attacks?

A

2 exempel räcker

Public Wi-Fi Network (Prevent Eavesdropping on Data)
Scenario: You’re using a public Wi-Fi network at a coffee shop, and an attacker is intercepting traffic between your device and the internet.

Protection: Always use a VPN (Virtual Private Network), which encrypts all your internet traffic, making it unreadable to attackers. Also, ensure websites use HTTPS (TLS encryption) to secure data in transit.

Phishing & Spoofed Websites (Prevent Fake Certificate Attacks)
Scenario: An attacker tricks you into visiting a fake banking website with a fraudulent SSL certificate, intercepting your credentials.

Protection: Always check the SSL certificate and verify the website’s URL before entering sensitive data. Enable HSTS (HTTP Strict Transport Security) and use DNS over HTTPS (DoH) to prevent DNS hijacking.

Public Wi-Fi Network (Prevent Eavesdropping on Data)
Scenario: You’re using a public Wi-Fi network at a coffee shop, and an attacker is intercepting traffic between your device and the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Explain OWASP Top 10

A

The OWASP Top 10 is a standard awareness document for web application security.

It represents a broad consensus about the most critical security risks to web applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is SQL Injection?
SQL Injections are malicious attacks where hackers insert harmful code into a website's database by using user input that hasn't been properly checked.
26
Explain SQL Injection Types
There are 3 types of SQL Injections. These are: In-Band SQLi (Classical SQLi): If a SQL query is sent and a replied to over the same channel, we call these In-band SQLi. It is easier for attackers to exploit these compared to other SQLi categories. Blind SQLi): SQL queries that receive a reply that cannot be seen are called Inferential SQLi. They are called Blind SQLi because the reply cannot be seen.
27
How to prevent &/ detect SQL injection vulnerability?
Examining a web request check all areas that come from the user: also check the HTTP Request Headers like User-Agent. Look for SQL keywords: Look for words like INSERT, SELECT, WHERE within the data received from users. Check for special characters: Look for apostrophes (‘), dashes (-), or parentheses which are used in SQL or special characters frequently used in SQL attacks within the data received from the user. Familiarize yourself with frequently used SQL Injection payloads:
28
What is XSS?
Attackers hittar tex inputfält eller där de kan lägga in sin skadliga kod. Om webbplatsen inte hanterar indata på ett säkert sätt, sparas/ visas den skadliga koden på sidan. När en användare besöker sidan körs den insmugglade koden i deras webbläsare. Koden kan till exempel: * Stjäla inloggningsuppgifter eller cookies * Omdirigera användaren till en falsk webbplats
29
Explain XSS Types
Reflected XSS ): Detta är en typ av XSS där den skadliga koden skickas som en del av en begäran och direkt reflekteras tillbaka i svaret. Koden lagras inte permanent på servern. Det är den vanligaste typen av XSS. Stored XSS (permanent): Här lagrar angriparen den skadliga koden permanent på webbplatsen, till exempel i en databas. När andra användare laddar sidan, körs den skadliga koden i deras webbläsare.
30
What is RFI?
Remote File Inclusion - Det är en säkerhetsbrist som uppstår när en fil från en annan server inkluderas utan att sanera den data som hämtas från en användare.
31
What is LFI?
Local File Inclusion är sårbarheten som uppstår när en lokal fil är inkluderad utan att sanitize datan som är obtained från användaren.
32
What is difference between LFI and RFI?
"LFI inkluderar filer från den lokala servern, medan RFI hämtar och inkluderar filer från en extern server, vilket kan leda till exekvering av skadlig kod."
33
What is CSRF?
Tvingade åtgärder – CSRF attackerar en användare genom att lura denne att utföra oönskade åtgärder på en webbapplikation där de är inloggade. Social manipulation – Angriparen kan använda metoder som e-post eller chatt för att få användaren att klicka på en skadlig länk. Allvarliga konsekvenser – En CSRF-attack kan leda till att en vanlig användare ändrar viktiga uppgifter, medan en attack mot en administratör kan äventyra hela webbapplikationen.
34
What is WAF?
Web Application Firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), file inclusion, and SQL Injection, among others. A WAF is a protocol layer 7 defense
35
What are Encoding, Hashing, Encryption?
Eåncoding: Converts the data in the desired format required for exchange between different systems. Hashing: Maintains the integrity of a message or data. Any change did any day could be noticed. Encryption: Ensures that the data is secure and one needs a digital verification code or image in order to open it or access it.
36
What are differences between Hashing and Encryption?
Hashing: Hashing is the process of converting the information into a key using a hash function. The original information cannot be retrieved from the hash key by any means. (GeeksforGeeks) Encryption: Encryption is the process of converting a normal readable message known as plaintext into a garbage message or not readable message known as Ciphertext. The ciphertext obtained from the encryption can easily be transformed into plaintext using the encryption key. (GeeksforGeeks)
37
Differences - Hashing & Encryption
Encryption is a 2-way function that includes encryption and decryption hashing is a 1 way function that changes a plain text to a unique digest that is irreversible. While the length of the output can variable in encryption algorithms, there is a fixed output length in hashing algorithms. The hash function does not need a key to operate.
38
Explain Salted Hashes
A salt is added to the hashing process to force their uniqueness, increase their complexity, and to mitigate password attacks like hash tables. (Auth0)
39
What is the name of the software that compiles written code?
Compiler
40
What is the name of the software that translates machine codes into assembly language?
Dissambler
41
What is the difference between static and dynamic malware analysis?
Static Analysis: It is the approach of analyzing malicious software by reverse engineering methods without running them. Generally, by decompiling / disassembling the malware, each step that the malware will execute is analyzed, hence the behavior / capacity of the malware can be analyzed. Dynamic Analysis: It is the approach that examines the behavior of malicious software on the system by running it. In dynamic analysis, applications that can examine registry, file, network and process events are installed in the system, and their behavior is examined by running malicious software.
42
How does malware achieve persistence on Windows?
Services Registry Run Keys (Run, RunOnce) Task Scheduler Infecting to clean files
43
Which event logs are available default on Windows?
Security Application System
44
With which security Event ID can the Successfully RDP connection be detected?
4624
45
With which event id can failed logons be detected?
4625
46
Which field of which event should I look at so that I can detect RDP logons?
You can detect RDP logon activities with Event ID: 4624 and Logon Type: 10.
47
What is Cyber Threat Intelligence (CTI)?
Threat intelligence is the analysis of data using tools and techniques to generate meaningful information about existing or emerging threats targeting the organization that helps mitigate risks. Threat Intelligence helps organizations make faster, more informed security decisions and change their behavior from reactive to proactive to combat the attacks.
48
What are the types of Threat Intelligence?
Strategic Threat Intelligence Tactical Threat Intelligence Technical Threat Intelligence Operational Threat Intelligence
49
What is Sender Policy Framework (SPF)?
Sender Policy Framework (SPF) is a protocol, uses DNS to tell the email servers which servers are authorized to deliver email on behalf of a domain,
50
What’s a logical port?
Port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service.
51
DKIM (DomainKeys Identified Mail)
DomainKeys Identified Mail (DKIM) is a protocol for authenticating email messages using public key cryptography to protect against forged emails.
52
What is port 21?
Commonly Used For: Transferring files between client and server. Good to Know: FTP transmits data in plaintext, making it vulnerable to interception.
53
Port 22
SSH - Secure Shell) Commonly Used For: Secure remote login and command execution.
54
Common Subnet Masks? Cidr? How many hosts per network? Common use?
255.0.0.0 /8 16,777,214 Large networks (e.g., ISPs, legacy) 255.255.0.0 /16 65,534 Medium-sized enterprise networks 255.255.255.0 /24 254 Most common for local networks (e.g., office LANs, home networks) 255.255.255.128 /25 126 Splitting a /24 into two smaller networks 255.255.255.192 /26 62 Used for small subnets (e.g., DMZ, point-to-point links) 255.255.255.224 /27 30 Small LANs, subnetting within enterprises 255.255.255.240 /28 14 Small VLANs, isolated network segments How Would You Explain the /24 Subnet? (Common Interview Question) A /24 subnet (255.255.255.0) means that the first 24 bits of the address are for the network, and the remaining 8 bits are for hosts. This allows for 256 total IPs, but only 254 usable because the first (network) and last (broadcast) addresses are reserved.
55
Port 25
SMTP - Simple Mail Transfer Protocol) Commonly Used For: Sending emails. Good to Know: Many ISPs block port 25 to prevent spam.
56
Port 53
DNS - Domain Name System Commonly Used For: Resolving domain names to IP addresses.
57
Port 67 & 68
DHCP - Dynamic Host Configuration Protocol Commonly Used For: Assigning IP addresses to devices.
58
Port 80
HTTP - Hypertext Transfer Protocol Commonly Used For: Loading websites over an unencrypted connection.
59
139
Commonly Used For: File and printer sharing over a network.
60
Port 3389
RDP - Remote Desktop Protocol) Commonly Used For: Remote desktop access to Windows machines.
61
Port 445
Windows file sharing
62
Domain Controller, DC är?
Server in a AD-network which authenticates, and authorize users and computers. En domänkontrollant är en server som svarar på förfrågningar om säkerhetsautentisering inom en datornätverksdomän. Det är en nätverksserver som är ansvarig för att tillåta värdåtkomst till domänresurser. Det autentiserar användare, lagrar användarkontoinformation och upprätthåller säkerhetspolicy för en domän.
63
How Would You Explain the /24 Subnet?
A /24 subnet (255.255.255.0) means that the first 24 bits of the address are for the network, and the remaining 8 bits are for hosts. This allows for 256 total IPs, but only 254 usable because the first (network) and last (broadcast) addresses are reserved.
64
OSI model?
The Open Systems Interconnection (OSI) Model is a model that describes the universal standard of communication functions of a computing system or network., Application Presentationg Session Transport Network Data link Physical
65
Layer 1 ?
It converts the digital bits into electrical, radio, or optical signals. The Physical Layer is responsible for the transmission and reception of unstructured raw data between a device, and a physical transmission medium.
66
SQLi?
SQL används för att hantera data i databaser. Om en webbapplikation hanterar användarinput osäkert, kan en angripare skicka speciellt formaterade SQL-frågor för att ändra eller läsa data som de egentligen inte borde ha åtkomst ti
67
Layer 2
The Data Link Layer is responsible for the transmission and framing of data between devices on the same network segment. Switches operate at this layer, forwarding frames based on MAC adress. It ensures reliable data transfer between directly connected nodes by using MAC (Media Access Control)
68
Layer 3
Network Layer, packets are routed between networks using IP addresses. Routers operate at this layer, directing data to its destination.
69
Layer 4
Transport Layer), protocols like TCP and UDP ensure data is delivered between devices across networks. This layer manages reliability, flow control, and segmentation of data. Ports are a transport layer (layer 4) concept. Only a transport protocol such as the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) can indicate which port a packet should go to.
70
Layer 5
(Session Layer), communication sessions between devices are initiated, managed, and terminated. It ensures data exchange is organized and synchronized, allowing other layers to function properly.
71
Layer 6
Presentation Layer, data is formatted, encrypted, and compressed for proper presentation at the Application Layer. It ensures compatibility between different systems.
72
Layer 7
(Application Layer), data is presented to the user through applications like web browsers. It provides services such as HTTP, and email protocols, allowing communication between software applications on different devices.
73
What is SQL Injection?
Attacker manipulates an applications SQL database by inecting malicious SQL queries? Example a injection including drop table - users will delete the table users?
74
How to prevent SQL injection vulnerability?
When examining a web request check all areas that come from the user: Because SQL Injection attacks are not limited to the form areas, you should also check the HTTP Request Headers like User-Agent. Look for SQL keywords: Look for words like INSERT, SELECT, WHERE within the data received from users. Check for special characters: Look for apostrophes (‘), dashes (-), or parentheses which are used in SQL or special characters that are frequently used in SQL attacks within the data received from the user. Familiarize yourself with frequently used SQL Injection payloads.
75
Explain SQL Injection Types
In-Band SQLi (Classical SQLi): If a SQL query is sent and a replied to over the same channel, we call these In-band SQLi. It is easier for attackers to exploit these compared to other SQLi categories. Inferential SQLi (Blind SQLi): SQL queries that receive a reply that cannot be seen are called Inferential SQLi. They are called Blind SQLi because the reply cannot be seen. Out-of-Band SQLi: If the reply to a SQL query is communicated over a different channel then this type of SQLi is called Out-of-Band SQLi. For example, if the attacker is receiving replies to his SQL queries over the DNS this is called an Out-of-Band SQLi.
76
What is LFI?
Local File Inclusion (LFI), is the security vulnerability that occurs when a local file is included without sanitizing the data obtained from a user.
77
What is XSS ?
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
78
How can XSS be prevented?
For XSS attacks to be successful, an attacker needs to insert and execute malicious content in a webpage. Each variable in a web application needs to be protected. Ensuring that all variables go through validation and are then escaped or sanitized is known as perfect injection resistance.
79
Explain XSS Types
Reflected XSS (Non-Persistent): It is a non-persistent XSS type that the XSS payload must contain in the request. It is the most common type of XSS. Stored XSS (Persistent): It is a type of XSS where the attacker can permanently upload the XSS payload to the web application. Compared to other types, the most dangerous type of XSS is Stored XSS. DOM Based XSS: DOM Based XSS is an XSS attack wherein the attack payload is executed as a result of modifying the DOM "environment" in the victim’s browser used by the original client-side script, so that the client-side code runs in an "unexpected" manner. (OWASP)
80
What is IDOR?
Insecure Direct Object Reference (IDOR), is a vulnerability caused by the lack of an authorization mechanism or because it is not used properly. It enables a person to access an object that belongs to another. Among the highest web application vulnerability security risks published in the 2021 OWASP, IDOR or "Broken Access Control" takes first place.
81
What is CSRF?
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. With a little help of social engineering / phishing link an attacker may trick the users of a web application into executing actions of the attacker's choosing. I f the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.
82
What is RFI?
Remote File Inclusion (RFI), is the security vulnerability that occurs when a file on a different server is included without sanitizing the data obtained from a user.
83
What is LFI?
Local File Inclusion (LFI), is the security vulnerability that occurs when a local file is included without sanitizing the data obtained from a user.
84
What is difference between LFI and RFI?
LFI differs from RFI because the file that is intended to be included is on the same web server that the web application is hosted on.
85
What is WAF?
Web Application Firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
86
Examples of what WAF protects? What layer in OSI model?
It typically protects web applications from attacks such as Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), file inclusion, and SQL Injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks.
87
What are Encoding, Hashing, Encryption?
Encoding: Converts the data in the desired format required for exchange between different systems. Hashing: Maintains the integrity of a message or data. Any change did any day could be noticed. Encryption: Ensures that the data is secure and one needs a digital verification code or image in order to open it or access it.
88
What are differences between Hashing and Encryption?
Differences: The hash function does not need a key to operate. While the length of the output can variable in encryption algorithms, there is a fixed output length in hashing algorithms. Encryption is a two-way function that includes encryption and decryption whilst hashing is a one-way function that changes a plain text to a unique digest that is irreversible.
89
What is the difference between static and dynamic malware analysis?
Static Analysis: It is the approach of analyzing malicious software by reverse engineering methods without running them. Generally, by decompiling / disassembling the malware, each step that the malware will execute is analyzed, hence the behavior / capacity of the malware can be analyzed. Dynamic Analysis: It is the approach that examines the behavior of malicious software on the system by running it. In dynamic analysis, applications that can examine registry, file, network and process events are installed in the system, and their behavior is examined by running malicious software.
90
How does malware achieve persistence on Windows?
✔ Services – Malware can create or modify system services to ensure persistence and automatic execution on reboot. ✔ Registry Run Keys (Run, RunOnce) – Attackers use these registry keys (HKLM\Software\Microsoft\Windows\CurrentVersion\Run) to execute malicious code at user login or system startup. ✔ Task Scheduler – Malicious tasks can be scheduled to run at specific times or system events, ensuring persistence. ✔ Infecting Clean Files – Some malware (e.g., file infectors) injects malicious code into legitimate executables, making detection harder.
91
NGFW Antivirus vs. Endpoint Antivirus
✔ NGFW Antivirus (Network-Level Protection) Scans traffic before it reaches endpoints (files, downloads, emails). Blocks malicious payloads at the perimeter (firewall-level). Uses Deep Packet Inspection (DPI) to analyze network traffic. Example: Palo Alto WildFire, Fortinet FortiGate AV, Check Point Threat Emulation. ✔ Endpoint Antivirus (Host-Level Protection) Runs on individual devices (PCs, servers, mobile devices). Detects malware upon execution and scans local files. Provides behavioral analysis to catch zero-day threats. Example: Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec Endpoint Protection.
92
What is a Proxy server?
A proxy server acts as an intermediary between an endpoint and the internet, forwarding network traffic on behalf of the client. All requests from the client pass through the proxy before reaching the destination.
93
Proxies are used for?
🔹 Security – Acting as a buffer zone to filter malicious traffic and enforce access controls. 🔹 Privacy – Masking the client’s IP address to enhance anonymity. 🔹 Performance Optimization 🔹 Testing & Debugging
94
Whats the difference between a proxy and a vpn
A proxy routes specific traffic (e.g., web browsing) through an intermediary server, mainly for anonymity, content filtering, or caching, but does not encrypt all network traffic. A VPN (Virtual Private Network) encrypts all internet traffic from a device, creating a secure, private tunnel to the destination,
95
What is TOR?
Tor is a decentralized network of volunteer-operated nodes that routes traffic through multiple encrypted relays, ensuring anonymity and privacy online.
96
Whats the difference between a proxy and a vpn
A proxy routes specific traffic (e.g., web browsing) through an intermediary server, mainly for anonymity, content filtering, or caching, but does not encrypt all network traffic. A VPN (Virtual Private Network) encrypts all internet traffic from a device, creating a secure, private tunnel to the destination,
97
Exempel på en större hacker attack nyligen?
Nyligen inträffad attack: I februari 2025 drabbades 23andMe, ett ledande företag inom genetiska tester, av ett betydande dataintrång. En cyberkriminell, känd som "Golem", utnyttjade så kallade "credential stuffing"-attacker, där tidigare läckta användarnamn och lösenord användes för att få obehörig åtkomst. Detta ledde till exponering av känslig personlig och genetisk information för cirka 5,5 miljoner användare och 1,4 miljoner ytterligare profiler.
98
What is an Advanced Persistent Threat?
APT is an targeted cyber attack, over long time in which an intruder gain access to a network and remains undetected.
99
What are Lumma Stealer and Wanna Cry?
LM: Info stealing malware, targets cryptocurrency wallets, browser data and 2FA - Sold as Malw.aaServ. WannaCry - Ransomware attack, Exploiting Windows vulnerabillities. Encrypted files and demanded Bitcoin ransomware. Attributed to the Lazarus Group - Noth Korea
100
Mention two hacker groups?
Black Basta and Lazarus. BB: Ransomware group, encrypting data & leak threats. Target critical industries. Laz: Linked to North Korea. Behind major cyberattacks, eg. Wanna Cry. Financial cyber espionage.
101
What is ransomware?
Ransomware is malicious software that encrypts a victims data & demands payment - ransom - for encryption. Delivery: Phishing emails, exploits malicious downloads.
102
What is HoneyPot?
System designed to lure hackers and study their tactics.
103
What is an URI?
A URI is a character sequence that helps identify a logical or physical resource connected to the internet
104
How can XSS be prevented?

Let’s Defend - intervjuprepp (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions