Cyber Security interview questions and answers 👇

  1. Cyber Security Interview Questions


Cyber Security Interview Questions

What are Symmetric and Asymmetric encryption?

View answer

Symmetric encryption uses a single key that needs to be shared among the people who need to receive the message while asymmetric encryption uses a pair of public key and a private key to encrypt and decrypt messages when communicating.

What is CIA triad?

View answer

Confidentiality, Integrity, and Availability. These are the three core components of the CIA triad, an information security model meant to guide an organization's security procedures and policies.

What is a Firewall?

View answer

A firewall is a program or hardware device that analyzes incoming and outgoing network traffic and, based on predetermined rules, creates a barrier to block viruses and attackers. If any incoming information is flagged by filters, it is blocked.

What is a three-way handshake?

View answer

The three-way handshake is a necessary process to create a connection between computers communicating using the transmission control protocol (TCP). Computers establish this three-way handshake to communicate with each other in the same we communicate when making a phone call.

What is a vulnerability?

View answer

A Security Vulnerability is a weakness, flaw, or error found within a security system that has the potential to be leveraged by a threat agent in order to compromise a secure network.

What is XSS?

View answer

Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk.

What is VPN?

View answer

A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.

What is botnet?

View answer

A botnet is a collection of connected devices, often within an IoT network, that become infected and controlled by malware to benefit cybercriminals.

What is a honeypot?

View answer

A honeypot is a cybersecurity mechanism that uses a manufactured attack target to lure cybercriminals away from legitimate targets. They also gather intelligence about the identity, methods and motivations of adversaries.

What is a Null Session?

View answer

A null session is an anonymous connection to an inter-process communication network service on Windows-based computers. The service is designed to allow named pipe connections but may be used by attackers to remotely gather information about the system.

What is Phishing?

View answer

Phishing is a type of social engineering attack in which cyber criminals trick victims into handing over sensitive information or installing malware.

What is Traceroute?

View answer

Traceroute is a utility that records the route (the specific gateway computers at each hop) through the Internet between your computer and a specified destination computer. It also calculates and displays the amount of time each hop took.

What is SSL?

View answer

SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.

What is data leakage?

View answer

Data leakage is the unauthorized transmission of data from within an organization to an external destination or recipient. The term can be used to describe data that is transferred electronically or physically.

What is port scanning?

View answer

Port scanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities.

Which is more secure SSL or HTTPS?

View answer

SSL (Secure Sockets Layer) is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security.

HTTPS (Hypertext Transfer Protocol Secure) is a combination of HTTP and SSL to provide a safer browsing experience with encryption.

In terms of security, SSL is more secure than HTTPS.

Compare IDS vs IPS.

View answer

An IDS is designed to only provide an alert about a potential incident, which enables a security operations center (SOC) analyst to investigate the event and determine whether it requires further action. An IPS, on the other hand, takes action itself to block the attempted intrusion or otherwise remediate the incident.

What is a Brute Force Attack?

View answer

A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations' systems and networks.

What is OSI Model?

View answer

The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. It was the first standard model for network communications, adopted by all major computer and telecommunication companies in the early 1980s.

Compare Black Box Testing and White Box Testing.

View answer

A white box penetration test is useful for simulating a targeted attack on a specific system utilising as many attack vectors as possible. In a black box penetration test, no information is provided to the tester at all.

What are Spyware Attacks?

View answer

Spyware is malicious software that enters a user's computer, gathers data from the device and user, and sends it to third parties without their consent. A commonly accepted spyware definition is a strand of malware designed to access and damage a device without the user's consent.

What is Forward Secrecy?

View answer

Perfect Forward Secrecy (PFS), also called forward secrecy (FS), refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is hacked, a minimal amount of sensitive data is exposed.

What is ARP Poisoning?

View answer

ARP Poisoning (also known as ARP Spoofing) is a type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table. ARP Protocol translates IP addresses into MAC addresses.

What is SQL Injection?

View answer

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

Explain Active Reconnaissance.

View answer

Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. This may be through automated scanning or manual testing using various tools like ping, traceroute, netcat etc. This type of recon requires that attacker interact with the target. This recon is faster and more accurate, however it also makes much more noise. Since the attacker have to interact with the target to gain information, there’s an increased chance that the recon will get caught by a firewall or one of the network security devices. (Intrusion Detection Systems, network firewalls, etc.)

What is MITM attack?

View answer

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

What is 2FA?

View answer

Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something. The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.

What is WAF?

View answer

A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others.

What is network sniffing?

View answer

A network sniffer “sniffs” or monitors network traffic for information (e.g., where it’s coming from, which device, the protocol used, etc.). Network administrators can use this information to help optimize their environment.

What is DNS monitoring?

View answer

DNS monitoring is what is done to manage and ensure the security of the back and forth communication between browser users and the websites and services they are using.

What is salting?

View answer

Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Salting prevents hackers who breach an enterprise environment from reverse-engineering passwords and stealing them from the database.

What is Exfiltration?

View answer

Data exfiltration is a form of a security breach that occurs when an individual’s or company’s data is copied, transferred, or retrieved from a computer or server without authorization.

Compare Diffie-Hellman and RSA.

View answer

Diffie Hellman approach generates a public and private key on both sides of the transaction, but only shares the public key. Unlike Diffie-Hellman, the RSA algorithm can be used for signing digital signatures as well as symmetric key exchange, but it does require the exchange of a public key beforehand.

What is remote desktop protocol?

View answer

Remote desktop protocol is a Microsoft Windows interface that allows a user to connect through the internet with another computer or server and all the tools and software installed on it. As RDP is a Windows interface, you can only establish remote connections with Windows PCs and Windows Server.

What is a buffer overflow attack?

View answer

Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information.

What is Authenticode?

View answer

Authenticode is a Microsoft security technology that certifies the identity of the publisher of software to ensure the software has not been tampered with.

What is distributed denial-of-service attack (DDoS)?

View answer

Distributed denial of service (DDoS) attacks are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.

What is Backdoor?

View answer

A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

What is WEP cracking?

View answer

WEP encrypts traffic using a 64- or 128-bit key in hexadecimal. This is a static key, which means all traffic, regardless of device, is encrypted using a single key. A WEP key allows computers on a network to exchange encoded messages while hiding the messages' contents from intruders.

What is security auditing?

View answer

Cybersecurity audits ensure a 360-degree in-depth audit of your organization’s security postures. It detects vulnerabilities, risks, and threats that organizations face and the influence of such risks causing across these areas.

What is penetration testing?

View answer

A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).

What is Trojan virus?

View answer

A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate program. The delivery method typically sees an attacker use social engineering to hide malicious code within legitimate software to try and gain users' system access with their software.

What is Nmap?

View answer

Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.

What is accidental threats?

View answer

An Accidental Insider Threat occurs when an employee's actions lead to damage to a system or network, the loss of critical or sensitive data, or even where a helpful employee holds a door open for a hacker to enter a secure building. These incidents can occur with zero malicious intent but can be very damaging to the company.