Potential Technical Questions Flashcards
We will pull some of our questions from the list below. This is not all-inclusive but will include most of the technical questions that we ask you. It is okay if you do not know the answers to all these questions – that is not what we expect. Do some research and be prepared to discuss.
Explain the OSI model. Compare it to the TCP/IP model.
The OSI (Open Systems Interconnection) model is a conceptual framework used to understand how different networking protocols interact. It consists of seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. The TCP/IP model, on the other hand, is a concise version consisting of four layers: Network Interface, Internet, Transport, and Application. While both models provide a structured way to understand networking, the TCP/IP model is more commonly used in practice.
How do file extensions differ in Linux and Windows?
In Linux, file extensions are not as significant as in Windows. Linux relies on the file’s permissions and metadata to determine its type and how it should be executed. However, file extensions are often used in Linux for organizational purposes and to indicate a file’s purpose or type. In Windows, file extensions are used to determine the file type and associate it with the appropriate program for execution.
What command would you use to search through a directory for files containing the word “password” in Linux?
You can use the grep command to search for files containing a specific word in Linux. The command would be:
grep -r “password” /path/to/directory
Explain the security implications around DNS.
DNS (Domain Name System) translates domain names into IP addresses. Security implications around DNS include DNS spoofing, DNS hijacking, and DNS amplification attacks, which can lead to various security threats such as phishing, malware distribution, and denial-of-service attacks.
What are some methods to mitigate the effects from a ransomware attack?
Some methods to mitigate the effects of a ransomware attack include regular data backups, employee training on cybersecurity best practices, implementing network segmentation, using endpoint protection solutions, keeping software up to date with security patches, and having a well-defined incident response plan.
What is the difference between HTTP and HTTPS? How does HTTPS work?
HTTP (Hypertext Transfer Protocol) is a protocol used for transmitting data over the internet, whereas HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses encryption to ensure secure communication between the client and server. HTTPS works by encrypting the data using SSL/TLS protocols, providing authentication and ensuring data integrity.
Explain the difference between the terms: threat, vulnerability, exploit.
A threat is a potential danger that can exploit a vulnerability, which is a weakness in a system. An exploit is a piece of software or technique used to take advantage of a vulnerability and compromise a system.
What is MITRE ATT&CK?
MITRE ATT&CK is a knowledge base maintained by MITRE Corporation that documents tactics, techniques, and procedures (TTPs) used by adversaries during cyberattacks. It provides a framework for understanding and categorizing cyber threats and is widely used in cybersecurity operations and threat intelligence.
Explain the difference between on-prem and cloud computing, along with the risks associated with each.
On-premises computing refers to the traditional model where computing resources are deployed and managed within an organization’s physical location, while cloud computing involves accessing computing resources over the internet from a third-party provider. Risks associated with on-premises computing include higher upfront costs, maintenance overhead, and limited scalability, whereas risks associated with cloud computing include data privacy concerns, dependence on the provider, and potential for security breaches.
What is the concept of Defense in Depth and why is it important to organizations today?
Defense in Depth is a cybersecurity strategy that involves implementing multiple layers of security controls to protect against various types of threats. It is important to organizations today because it provides redundancy and resilience against cyberattacks, minimizing the likelihood and impact of successful breaches.
Explain Zero Trust.
Zero Trust is a security model based on the principle of not trusting anything by default, both inside and outside the network perimeter. It requires strict access controls, continuous authentication, and encryption to ensure security and prevent lateral movement by attackers.
How does an EDR solution work?
An EDR (Endpoint Detection and Response) solution works by continuously monitoring endpoints for signs of suspicious activity or security breaches. It collects telemetry data from endpoints, analyzes it using threat intelligence and machine learning algorithms, and responds to threats in real-time by blocking malicious activity, isolating compromised endpoints, or alerting security personnel.
What is the difference between encryption and hashing?
Encryption is the process of converting plaintext into ciphertext using an encryption algorithm and a cryptographic key, whereas hashing is the process of converting an input (or ‘message’) into a fixed-size string of characters, typically for the purpose of ensuring data integrity or storing passwords securely.
What is a brute force attack and how could you protect against it?
A brute force attack is a trial-and-error method used to guess a password or encryption key by systematically trying all possible combinations until the correct one is found. To protect against brute force attacks, organizations can implement measures such as enforcing strong password policies, implementing account lockout mechanisms, and using multi-factor authentication.
What is a Virtual Private Network? Why would you use one?
A Virtual Private Network (VPN) is a technology that allows users to create a secure and encrypted connection to a private network over the internet. VPNs are used to enhance privacy and security by encrypting data traffic, bypassing geographic restrictions, and masking the user’s IP address when accessing the internet from public or untrusted networks.
