Cyber Security Interview Questions:
1. What are the common types of cyber attacks that can harm a system?
2. How can you prevent a DDoS attack?
DDoS is a distributed denial of service attack that floods a network with so many requests that it is not able to handle, thus making it unavailable for use.
Prevention: DDoS attack can be prevented by monitoring traffic conditions to detect suspicious changes and also by identifying human traffic from bot (human like) traffic to detect any possible threat.
3. How can you prevent a MITM attack?
MITM attack or Man In the Middle Attack is when a third party is sniffing a communication between two parties. It could not only steal your privacy but could also be used for session hijacking. Not to mention that it could happen in any sort of online communication, be it email, web surfing or internet voice calling.
Prevention: Using end to end encryption between both parties would help prevent this attack. Moreover, secure authentication protocols like HSTS, S/MIME, and authentication certificates like SSL and TLS could also save you from MITM attacks.
4. What is XSS?
XSS or Cross Site Scripting is a kind of cyber attack where an attacker injects malicious code into a legit website to target an end user.
The target device executes the script assuming it is from a trusted source and it could lead to cookie, password and other privacy theft.
5. What can you do prevent a brute force attack?
A brute force attack is when an attacker tries to crack a system password forcefully using all the permutations and combinations. An automated software is used to carry out a brute force task owing to its lengthy process. CEWL could be used to assist this kind of attack.
Prevention: All important systems should have a strong password and best password practices must be followed at all times to stay safe from brute force attacks.
6. Explain salted hashes.
Salting is an extra layer of security for hashed passwords. It adds a salt (random data) to hashed passwords in order to protect from brute force attacks. Salted hashes make sure that two same passwords in different systems are never stored with the same hash values even if the same hashing algorithm is used.
Privacy Related Questions:
1. How can you prevent identity theft?
- Use strong passwords
- Only browse trusted websites
- Do not download attachments from an unknown email sender
- Never click on suspicious links in emails
- Double-check before entering login information anywhere online
- Keep your software and browsers up to date
- Use trusted anti-virus and security mechanisms and keep them updated
- Refrain from using sensitive, confidential information over the web
- Use encryption to communicate online
2. What is encryption and why is it needed?
It is the method of converting data into a coded form to prevent third parties from reading it. Only the authorized receiver can decrypt the data using a key.
It is one of the most powerful tools to maximize data security online as it safeguards private information from unauthorised access.
3. What is SSL encryption?
SSL or Secure Socket Layer is a protocol to maximise privacy between two parties during online communication. It applies encryption to ensure authenticity in online communication and is widely used in web browsers, emails, instant messaging, VoIP and many other web applications.
4. What is TLS?
TLS or Transport layer security is an identification protocol to maximises communication privacy and data integrity. It is more secure than SSL and was in fact, evolved from SSL.
5. Explain 2FA.
Two-factor authentication or multi-factor authentication is an extra blanket of security to prevent unauthorised access of accounts. Apart from primary login details like username and password, 2FA requests for an extra authentication detail, something that has negligible chances of being hacked. Like a one time password delivered in real-time to the user, or a security question that only the user should know.
6. What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses a single key to encrypt as well as decrypt data and is thus faster. On the other hand, asymmetric encryption uses different keys for encryption and decryption, thus requiring more computation time.
While asymmetric encryption is used for exchanging keys, symmetric is mainly used for exchanging data in bulk.
7. Explain encoding, encrypting and hashing.
- Encoding is simply converting data into a required form so that it can be transferred online.
- Encryption is converting data in a form so that only the intended user can open with a digital key.
- Hashing is converting data into a hashed string to protect its security.
8. How do you protect data leakage?
Data leakage could be accidental, intentional or due to hacking. It can be prevented from an organisation by implementing certain restrictions like upload restrictions, mailing restrictions, restriction on printing data and uploading data on websites.
9. What is a three way handshake?
A three way handshake is a method of establishing a secure TCP/IP connection between two computers. Three packets are exchanged in this handshake:
SYN– from client to server
SYN-ACK– from server to client
ACK– back from client to server
10. What are the protocols under TCP/IP layer
|TCP/IP||TCP/IP Protocol Examples|
|Application||NFS, NIS+, DNS, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, SNMP and others|
|Internet||IP, ARP, ICMP|
|Data Link||PPP, IEEE 802.2|
|Physical Network||Ethernet (IEEE 802.3) Token ring, RS-232, others|
Security related questions:
1. Differentiate between a firewall an IDS.
A firewall restricts and allows traffic to enter or exit the network.
IDS or Intrusion Detection System monitors traffic and alerts in case of suspicious activity.
2. What is social engineering?
Social engineering is the art of manipulating people into divulging their private information with malicious intentions.
3. What is port blocking within LAN
Port blocking means blocking the access to ports like USB, removable devices smartphones, and more, in order to restrict users to access services. This bridges the security gap in networks and prevents unauthorised access.
4. What is a traceroute?
Also known as tracert, traceroute helps you trace the path of a packet from its source to destination. It monitors which routers the communication has passed through and allows you to see the point of failure. Tracert also tells how long it stayed on one router before moving to another.
5. How do you secure a server?
To secure a server, SSL protocols are used so that data is protected from unathorised access by using encryption. Root and admin passwords are set, remote access is removed and firewall protocols are established. We could either use a Trust no one approach or principle of least privilege.
6. What is an IPS? How is it different from IDS?
Intrusion Prevention System checks for suspicious activities and also takes steps to prevent it from intruding the network. IDS on the other hand, only alerts the administrators in case of an intrusion.
7. What is a CIA Triangle?
Also known as CIA triad, it is an information security standard.
Confidentiality ensures all information is kept confidential
Integrity ensures information is not tampered with
Availability ensures information is accessible at all times to those who are authorised
Ethical hacking related questions:
1. Differentiate between threat, risk and vulnerability.
Vulnerability is a flaw in the system that could be exploited by an attacker whereas risk is the unforeseen loss that could be suffered due to a vulnerability being exploited. Threat on the other hand, is the possibility of someone exploiting a vulnerability.
2. Who are black hats, white hats, and grey hats?
- Black hat hackers are those who are quite skilled in hacking computer systems and have a malicious intent of breaching someone’s security.
- White hat hackers are ethical hackers who also do what black hat hackers do, but for the purpose of finding vulnerabilities and fixing them. They always hack ethically i.e. by receiving permission beforehand. They usually work for legitimate organizations to strengthen their security.
- Grey hat hackers are a mix of both. They also break into systems to find vulnerabilities but they don’t usually take permission before.
3. How is vulnerability assessment different from penetration testing?
Vulnerability assessment is finding out all the vulnerabilities in the system using automated techniques whereas penetration testing is diving into a weakness or vulnerability and testing it to assess the strength of the security system.
4. What are the steps taken to hack a system?
- Reconnaissance to collect user information and finding weaknesses. For example, using OSINT.
- Scanning and enumeration to test the network against collected information.
- Gaining access to the system and network and maintaining access by uploading payloads and escalating privileges.
- Evading detection by covering the footprints.
5. Name some sniffing tools available.
Wireshark, WinDump, EtherApe, Ettercap, MSN Sniffer, Dsniff.
6. What is a cryptominer?
It is a type of malware used to mine cryptocurrency from a target user’s device without his/her knowledge.
7. How do you save yourself from getting hacked?
Some of the most important ways to shield yourself from hacking are:
- Install security updates on your operating system frequently
- Secure your WiFi password
- Establish information security protocols within the organisation
- Never share secret information with anyone else, especially online
- Do not keep your sensitive information on the cloud
- If you are selling or discarding your devices, make sure you format them
- Download patches for software as soon as they available
- Use firewalls, IDS, IPS and other security mechanisms to protect from malicious traffic
- Practice safe browsing and emailing techniques
- Hire a good ethical hacker to find vulnerabilities and fix them 🙂