Over the years, Cyber Security has gained momentum as a career. Many companies are up scaling their online presence leaning to latest technologies and recent advances. With much of client information found on the internet, assurance of protection has become vital. Any kind of cyber attack is a genuine concern and a risk companies can not take. Thus Cyber Security is a critical requirement in today’s industry.Here are a number of interview questions and answers that would help one get to a better job.
Q1.What is hacking?
Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access.
Q2.What is ethical hacking?
Ethical hacking is an process of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming.
Q3.What are the types of hackers? Explain.
White hat hackers- A hacker who gains access to systems with a view to fix the identified weaknesses.
Black hat hacker- A hacker who gains unauthorized access to computer systems for personal gain .The intension is usually to steal corporate data, violate privacy rights, transfer funds.,etc
Grey hat hacker- A hacker who is between ethical and black hat hackers, he/she breaks into computer systems without authority with a view to indentify weaknesses and reveal them to the owner.
Hacktivists-A hacker who utilizes technology to announce a social, ideological, religious, or political message.
Script Kiddie- A non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept ,hence the term kiddie.
Q4.What are the responsibilities of ethical hacker?
· An ethical hacker must seek authorization from the organization that owns the system. Hackers should obtain complete approval before performing any security assessment on the system or network.
· Determine the scope of their assessment and make known their plan to the organization.
· Report any security breaches and vulnerabilities found in the system or network.
· Keep their discoveries confidential. As their purpose is to secure the system or network, ethical hackers should agree to and respect their non-disclosure agreement.
· Erase all traces of the hack after checking the system for any vulnerability. It prevents malicious hackers from entering the system through the identified loopholes.
Q5.What are the pros &cons of ethical hacking?
· To fight against cyber terrorism and national security breaches.
· To take preventive measures against hackers.
· To detect vulnerabilities and close the loop holes in a system or a network.
· To prevent access to malicious hackers.
· To provide security to banking and financial settlements.
· Possibility of using the data against malicious hacking activities.
· May corrupt the files of an organization.
· Possibility to steal sensitive information on the computer system.
Q6.What are the types of hacking?Explain.
Website hacking-Hacking a website means taking unauthorized control over a web server and its associated software such as databases and other interfaces.
Network Hacking: Hacking a network means gathering information about a network by using tools like Telnet,Ping, Netstat, etc. with the intent to harm the network system and hamper its operation.
Email Hacking: It includes getting unauthorized access on an Email account and using it without taking the consent of its owner.
Ethical Hacking: Ethical hacking involves finding weaknesses in a computer or network system for testing purpose and finally getting them fixed.
Password Hacking: This is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system.
Computer Hacking: This is the process of stealing computer ID and password by applying hacking methods and getting unauthorized access to a computer system.
Q7.What are the phases of hacking?
· Information Gathering
· Scanning & Enumeration
· Vulnerability assessment
· Clearing log
Q8.What is CIA Triangle?
· Confidentiality : Keeping the information secret.
· Integrity : Keeping the information unaltered.
· Availability : Information is available to the authorized parties at all times.
Q9.What are the types of ethical hackers?
· Grey Box hackers
· Black Box hackers
· White Box hackers
Q10.What is the difference between IP and MAC address?
IP (internet protocol)address
MAC(machine access control) address
To every device IP address is assigned, so that device can be located on the network(logical address).
A MAC address is a unique serial number assigned to every network interface on every device(physical address).
Q11.What are the tools used for ethical hacking?
The most popular tools are listed below:
· John the Ripper
Q12.What is a virus?
It is a type of malware that spreads by embedding a copy of itself and becomes a part of other programs. Viruses spread from one computer to other while sharing the software or document they are attached to using a network, file sharing, disk, or infected email attachments.
Q13.What is a worm?
They replicate functional copy of themselves and do not require a host program or human help to propagate. Advanced worms leverage encryption, ransomware, and wipers to harm their targets.
Q14.What is Phishing?
Phishing involves a process of contacting the target user by email, phone or text message and gathering sensitive information like credit card details, passwords, etc.
Q15.What is DDoS Attack?
Distributed denial of service is a malicious attempt to interrupt regular traffic of a targeted server or network by flooding the target with a profuse internet traffic.
Q16.What is SQL injection?
SQL injection is a web hacking technique used to destroy a database. It executes malicious SQL statements and controls a database server behind a web application. Hackers make use of these statements to bypass the security measures of the application.
Q17.What is Ransomware?
Ransomware is a type of malware, which restricts users from accessing their personal files or system and demands a ransom to regain access to them. Depending on the severity of the attack ransomware is categorized into three types, they are:
· Master boot record(MBR) ransomware
· Lock screen ransomware
· Encryption ransomware
Q18.What is Cryptojacking?
Malicious crypto mining or Cryptojacking is a type of online threat which uses the machine resources to mine forms of digital money known as cryptocurrency. This process can be carried out on a mobile device or on a computer.
Q19.What is Trojan Horse?
A type of malware usually hidden inside of software that user downloads and installs from the net.
Q20.Name & explain types of Trojans.
Trojan-Downloader: It is a type of virus that downloads and installs other malware.
Ransomware: It is a type of Trojan that can encrypt the data on your computer/device.
Trojan-Droppers: These are complex programs used by cybercriminals to install malware. Most of the antivirus programs do not identify droppers as malicious, and hence it is used to install viruses.
Trojan-Rootkits: It prevents the detection of malware and malicious activities on the computer.
Trojan-Banker: These steal user account-related information such as card payments and online banking.
Trojan-Backdoor: It is the most popular type of Trojan, that creates a backdoor to attackers to access the computer later on from remote using a remote access tool (RAT). This Trojan provides complete control over the computer.
Q21.What is Keylogger Trojan?
A malicious software that can monitor your keystroke, logging them to a file and sending them off to remote attackers. When the desired action is observed, it will record the keystroke and captures your login username and password.
Q22.What is Data Breach?
Data breach comes under the process of a Cyber attack that enables cybercriminals to get unauthorized entry to a computer or a network. This allows them to steal private, confidential, sensitive and financial data of customers or existing users.
Q23.What is cowpatty?
Cowpatty is implemented on an offline dictionary attack against WPA/WPA2 networks utilizing PSK-based verification . Cowpatty can execute an enhanced attack if a recomputed PMK document is accessible for the SSID that is being assessed.
Q24.What is firewall?
A firewall is a network security system that allows or blocks network traffic as per predetermined security rules. These are placed on the boundary of trusted and distrusted networks.
Q25.What is scanning?
Scanning is a set of procedures for identifying hosts, ports and the services attached to a network. Scanning is a critical component for information gathering. It allows the hacker to create a profile on the site of the organization to be hacked. Types of scanning are:
· Port scanning
· Vulnerability scanning
· Network scanning
Q26.What is exploitation?
Exploitation is a part of programmed software or script that allows hackers to gain control over the targeted system/network and exploit its vulnerabilities.
Q27.What is enumeration?
Enumeration is the primary phase of ethical hacking that is information gathering. In this phase, the attacker builds an active connection with the victim and tries to gain as much information as possible to find out the weaknesses or vulnerabilities in the system and tries to exploit the system further.
Q28.What is SMTP?
Simple Networking Management Protocol is a protocol for remote monitoring and managing hosts, routers, and other devices on a network.
Q29.What are the different types of numeration in ethical hacking?
· DNS enumeration
· SNMP enumeration
· NTP enumeration
· SMB enumeration
· Linux/Windows enumeration
Q30.What is the difference betweenVulnerability Scanning and Penetration testing?
Detects and reports vulnerability
Exploits vulnerability and determines the type of access
Done once a year
Q31.What is Burpsuite?
Burp Suite is an integrated platform used for attacking net applications. It contains all the tools a hacker would need for attacking any application.
Q32.What is spoofing attack?
A spoofing attack is when a malicious party impersonates another device or user on a network so as to launch attacks against network hosts, steal data, unfold malware or bypass access controls.
Q33.Types of spoofing.
· ARP Spoofing attack
· DNS Spoofing attack
· IP Spoofing attack
Q34.What is active reconnaissance?
In active reconnaissance, the attacker engages with the target system, usually conducting a port scan to find any open ports.
Q35.What is passive reconnaissance?
In passive reconnaissance, the attacker gains information regarding the targeted computers and networks while not actively participating with the systems.
Q36.What is Cross-site scripting?
Cross site scripting is exploiting applications, servers or plug -ins by inserting malicious coding into a link which appears to be a trustworthy source. When users click on this link the malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing attacker to steal information.
Q37.Types of Cross-site scripting
· Server side versus DOM based vulnerability
Q38.What are the tools in Burp Suite?
Q39.What is Defacement?
The attacker replaces the organization website with a different page with an intention of defaming the organization. It contains the hackers name, images and may even include comments and background music.
Q40.What is CSRF?
Cross site request forgery is an attack by a malicious website that will send a request to a web application that the user is already authenticated against from a different website.
Q41.What is Pharming?
The attacker compromises the Domain name system(DNS)servers or the user system so the traffic is directed to the site.
Q42.What is Footprinting?
The process of gathering user’s data and finding possible ways to penetrate into a target system. A hacker tries to collects all the information about the host,organization, network and people before penetrating into a network or a system.
Q43.Name the programming languages used for hacking?
Any form virus with malicious intension which executes without consent of the user or administrator.
A type of malware that is used to spy on an individual or an organization by accessing the system, specific files, camera, voice or keylogging.
Q46.Explain what is Brute Force Hack?
Q47.What are the types of computer based social engineering attacks?Explain what is Phishing?
· On-line scams
Phishing technique involves sending false e-mails, chats or website to impersonate real system with aim of stealing information from original website.
Q48.What is Mac Flooding?
Mac Flooding is a technique where the security of given network switch is compromised. In Mac flooding the hacker or attacker floods the switch with large number of frames, then what a switch can handle. This make switch behaving as a hub and transmits all packets at all the ports. Taking the advantage of this the attacker will try to send his packet inside the network to steal the sensitive information.
Q49.Explain what is DHCP Rogue Server?
A Rogue DHCP server is DHCP server on a network which is not under the control of administration of network staff. Rogue DHCP Server can be a router or modem. It will offer users IP addresses, default gateway, WINS servers as soon as user’s logged in. Rogue server can sniff into all the traffic sent by client to all other networks.
Q50.Explain how you can stop your website getting hacked?
By adapting following method, you can stop your website from getting hacked
• Sanitizing and Validating user’s parameters: By Sanitizing and Validating user parameters before submitting them to the database can reduce the chances of being attacked by SQL injection
• Using Firewall: Firewall can be used to drop traffic from suspicious IP address if attack is a simple DOS.
• Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of the cookies, associating cookies with the client IP address and timing out the cookies after some time.
• Validating and Verifying user input: This approach is ready to prevent form tempering by verifying and validating the user input before processing it.
• Validating and Sanitizing headers: This technique is useful against cross site scripting or XSS,this technique includes validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values to reduce XSS attacks.
Q51.Explain what is NTP?
To synchronize clocks of networked computers, NTP (Network Time Protocol) is used. For its primary means of communication UDP port 123 is used. Over the public internet NTP can maintain time to within 10 milliseconds.
Q52.Explain what is MIB?
MIB (Management Information Base) is a virtual database. It contains all the formal description about the network objects that can be managed using SNMP. The MIB database is hierarchical and in MIB each managed objects is addressed through object identifiers (OID).
Q53.Mention what are the types of password cracking techniques?
• AttackBrute Forcing
Q54.What is data leakage? How will you detect and prevent it?
Data leak is nothing but data knowledge getting out of the organization in an unauthorized manner. Data will get leaked through numerous ways in which – emails, prints, laptops obtaining lost, unauthorized transfer of data to public portals, removable drives, pictures etc. There are varied controls which may be placed to make sure that the info doesn’t get leaked, many controls will be limiting upload on web websites, following an internal encryption answer, limiting the emails to the interior network, restriction on printing confidential data etc.
Q55.What is Cyber squatting in Cyber security?
Cyber squatting is registering, trafficking or using a domain name with malicious intent to profit from the trademark belonging to someone else.
A type of malware that will load and display some online or offline Ads in your computer system.
Q57.What is STRIDE?
Spoofing, Tampering, Reputation, Information disclosure, denial of service, Elevation of privilege.
An asset is any data, device, or other component of the environment that supports information related activities.
A threat represents a possible danger to the computer system. It represents something that an organization does not want to happen. A successful exploitation of vulnerability is a threat.
Vulnerability is a flaw or a weakness inside the asset that could be used to gain unauthorized access to it.
A risk is defined as the impact (damage) resulting from the successful compromise of an asset.
An exploit is something that takes advantage of vulnerability in an asset to cause unintended or unanticipated behavior in a target system,which would allow an attacker to gain access to data or information.
Q63.What is Encryption?
Encryption is a process of converting plain text (normal message) to meaningless text (Cipher text).
Q64.What is Decryption?
Decryption us a process of converting meaningless text (Cipher text) back to its original form (plain text).
Q65.What is TCP/IP?
TCP/IP (Transmission control protocol/internet protocol) is the basic communication language or protocol of the internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet).
Q66.What is OSI model?
The Open Systems Interconnection model(OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology.
Q67.What are Network services ?
Network service is an application running on the system. A daemon server is the program that provides a network service. For example:
· File server
· Online game
· File sharing
· Directory services
· Instant messaging
Q68.What are Ports?
A port is essentially a way for 2 devices to connect using a specific protocol. Every service on a machine is assigned a port.
Q69.What is sniffing?
Sniffing is the process of monitoring the network traffic without consent of the user.
Q70.What is Packet sniffing?
Packet is the smallest unit of communication over a computer network. It is also called a block, a segment, a datagram or a cell. The act of capturing data packet across the computer network is called packet sniffing.
Q71.How to prevent packet sniffing?
• Encrypting data you send or receive. (HTTPS)
• Using trusted Wi-Fi networks.
• Scanning your network for dangers or issues.
• Using VPN(Virtual private network).
Q72.What is ARP?
ARP poison routing (APR) or ARP cache poisoning or ARP Spoofing, a method of attacking an Ethernet LAN by updating the target computer’s ARP cache with both a forged ARP request and reply packets in an effort to change the Layer 2 Ethernet MAC address to one that the attacker can monitor.
Q73.What is GPS spoofing?
GPS spoofing is an attack in which a radio transmitter located near the target is used to interfere with a legitimate GPS signals. The attacker can transmit no data at all or could transmit inaccurate coordinates.
Q74.What is Email Spoofing?
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.
Q75.What is SSL?
• SSL (Secure Sockets Layer) is a security protocol.
• In this case, SSL is a standard security way for establishing an encrypted link between a server and a client.
• SSL allows sensitive information such as credit card numbers and login credentials to be transmitted securely.
• The browser and the server need what is called an SSL Certificate to be able to establish a secure connection.
• Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an Extended Validation SSL-secured website. SSL-secured websites also begin with https rather than http.
Q76.What are the types of sniffing?
Active sniffing: The traffic is locked and monitored, can be altered. It is used to sniff a switch-based network. It involves injecting the address resolution packets into a target network to switch on the content addressable memory table.
Passive sniffing: The traffic is locked but can’t be altered. It works with hub devices, and traffic is sent to all the ports. Any traffic that is passing through the unbridged or non-switched network segment can be seen by all the machines on the segment.
Q77.What is data diddling?
The attack that involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerized.
Q78.What is Salami attack?
The attack is normally prevalent in financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed.
Q79.What are Logic bombs?
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. The Chernobyl virus.
Q80.What are Passive security attacks?
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis.
Q81.What are Active security attacks?
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
Q82.What is Symmetric cryptography?
This form of encryption uses a secret key, called the shared secret, to scramble the data into unintelligible gibberish. The person on the other end needs the shared secret (key) to unlock the data—the encryption algorithm. You can change the key and change the results of the encryption. It is called symmetric cryptography because the same key is used on both ends for both encryption and decryption.
Q83.What is Asymmetric cryptography?
Asymmetric cryptography uses encryption that splits the key into two smaller keys. One of the keys is made public and one is kept private. You encrypt a message with the recipient’s public key. The recipient can then decrypt it with their private key. And they can do the same for you, encrypting a message with your public key so you can decrypt it with your private key.
Q84.What are the Encryption applications? Explain.
· Hashes- Hashes are a special use of one-way functions to provide authentication and verification using encryption. A hash function takes a file and puts it through a function so that it produces a much smaller file of a set size. By hashing a file, you produce a unique fingerprint of it. This gives you a way to make sure that the file has not been altered in any way.
· Digital certificates- Digital certificates are the “signature” of the Internet commerce world. These use a combination of encryption types to provide authentication. They prove that who you are connecting to is really who they say they are. Simply put, a certificate is a “certification” of where the information is coming from. A certificate contains the public key of the organization encrypted with either its private key or the private key of a signing authority.
Q85.What are security mechanisms?
A security mechanism is any process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. Examples of mechanisms are encryption algorithms, digital signatures, and authentication protocols.
Q86.What do you mean by MIB?
MIB stands for Management Information Base. It’s the network’s hierarchical virtual database that holds every data regarding the objects in the network. It’s used by remote monitoring 1 and SNMP (Simple Network Management Protocol).
Q87.What are the different forms of DOS attacks?
• SYN attack
• Smurf attack
• Buffer overflow attack
• Teardrop attack
Q88.What is Footprinting?
Footprinting means uncovering or collecting all data about the targeted system or network before trying to acquire access.
Q89.What is scanning and their types?
Scanning is a collection of procedures for detecting the services, ports, and hosts attached to a system or network. It is one of the important components for gathering data. It enables the hacker to make a profile on the organization’s website to be hacked. There are three different types of scanning namely:
• Vulnerability scanning
• Port scanning
• Network scanning
Penetration testing (or pentesting) is a security exercise where a cyber security expert attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system’s defence which attackers could take advantage of.
Q91.Explain Black box testing.
In Black-Box Testing the pentester will not have any knowledge whatsoever about the target(s) theyare going to hit. As a result, this kind of pentest can take a very long time to conduct, and automated tools are heavily relied upon. This kind of exercise is also known as a trial-and-error approach.
Q92.Explain White box testing.
White-Box Testing is also known as clear-box testing. In these instances, the pentester has advanced knowledge to some degree about the Web application that they are about to hit and its underlying source code.This kind of attack takes a shorter amount of time to launch when compared to the black-box test.
Q93.Explain Grey box testing.
Grey-Box Testing is a combination of both of black-box and white-box testing. This simply means that the pentester has some advanced knowledge on the targets they plan to attack. This kind of exercise requires both the use of automated and manual tools. When compared to the other two tests, this one offers the highest chances of discovering unknown security holes and weaknesses.
Q94.Abbreviate the acronyms used in Pentesting: 2FA,2S2D,2VPCP,3DES,3DESE,3DESEP.
• 2FA means “Two-Factor Authentication”
• 2SD2D means “Double-Sided, Double Density”
• 2VPCP means “Two-Version Priority Ceiling Protocol”
• 3DES means “Triple Data Encryption Standard”
• 3DESE means “Triple Data Encryption Standard Encryption”
• 3DESEP means “Triple Data Encryption Standard Encryption Protocol”
Q95.What are the teams that can carry out a pentest?
• The Red Team
• The Blue Team
• The Purple Team
Q96.Explain Red team.
This group of pentesters acts like the actual cyber-attack. That means this team is the one that launches the actual threat, in order to break down the lines of defence of the business or corporation and attempt to further exploit any weaknesses that are discovered.
Q97.Explain Blue team.
These are the pentesters that act like the actual IT staff in an organization. Their main objective is to thwart any cyber-attacks that are launched by the Red Team. They assume a mindset of being proactive as well as maintaining a strong sense of security consciousness.
Q98.Explain Purple team.
This is a combination of both the Red Team and the Blue Team. For example, they have the security arsenal that is used by the Blue Team and possess a working knowledge of what the Red Team is planning to attack. It is the primary job of the Purple Team to help out both these teams out. Because of that, the pentesters of the Purple team cannot be biased in any regard and have to maintain a neutral point of view.
Q99.What are the main objectives of pentesting?
• To test adherence to the security policies that have been crafted and implemented by the organization.
• To test for employee pro-activeness and awareness of the security environment that they are in.
• To fully ascertain how a business entity can face a massive security breach, and how quickly they react to it and restore normal business operations after being hit.