General Questions

Question 1

What is Cryptography?

Answer 1

securing information to protect the data from third parties that the data is not intended for.

Question 2

What is the difference between IDS and IPS?

Answer 2

IDS is Intrusion Detection System and it only detects intrusions and the administrator has to take care of preventing the intrusion. Whereas, in IPS i.e., Intrusion Prevention System, the system detects the intrusion and also takes actions to prevent the intrusion.

Question 3

Explain CIA triad

Answer 3

CIA stands for Confidentiality, Integrity, and Availability. CIA is a model that is designed to guide policies for Information Security. It is one of the most popular models used by organizations.

Question 4

Confidentiality

Answer 4

The information should be accessible and readable only to authorized personnel.

Question 5

Availability

Answer 5

The data should be available to the user whenever the user requires it.

Question 6

How is Encryption different from Hashing?

Answer 6

encrypted data can be converted back to original data by the process of decryption but the hashed data cannot be converted back to original data.

Question 7

What is a Firewall and why is it used?

Answer 7

Firewall is a network security system set on the boundaries of the system/network that monitors and controls network traffic. Firewalls are mainly used to protect the system/network from viruses, worms, malware, etc. Firewalls can also be to prevent remote access and content filtering.

Question 8

What is the difference between VA(Vulnerability Assessment) and PT(Penetration Testing)?
Vulnerability Assessment

Answer 8

Vulnerability Assessment is the process of finding flaws on the target.

Penetration Testing is the process of finding vulnerabilities on the target.

Question 9

What is a three-way handshake?

Answer 9

A three-way handshake is a method used in a TCP/IP network to create a connection between a host and a client.

Question 10

What are the response codes that can be received from a Web Application?

Answer 10

1xx – Informational responses
2xx – Success
3xx – Redirection
4xx – Client-side error
5xx – Server-side error

Question 11

What is traceroute? Why is it used?

Answer 11

Traceroute is a tool that shows the path of a packet.

This is used mostly when the packet is not reaching its destination.

Question 12

What is the difference between HIDS and NIDS?

Answer 12

HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for the same purpose i.e., to detect the intrusions

HIDS is set up on a particular host/device. It monitors the traffic of a particular device and suspicious system activities.

NIDS is set up on a network. It monitors traffic of all devices of the network.

Question 13

What are the steps to set up a firewall?

Answer 13

Username/password: modify the default password for a firewall device
Remote administration: Disable the feature of the remote administration
Port forwarding: Configure appropriate port forwarding for certain applications to work properly, such as a web server or FTP server
DHCP server: Installing a firewall on a network with an existing DHCP server will cause conflict unless the firewall’s DHCP is disabled
Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is enabled and understand how to view logs
Policies: You should have solid security policies in place and make sure that the firewall is configured to enforce those policies.

Question 14

Explain SSL Encryption

Answer 14

SSL(Secure Sockets Layer) is the industry-standard security technology creating encrypted connections between Web Server and a Browser

Question 15

What steps will you take to secure a server?

Answer 15

Step 1: Make sure you have a secure password for your root and administrator users

Step 2: The next thing you need to do is make new users on your system. These will be the users you use to manage the system

Step 3: Remove remote access from the default root/administrator accounts

Step 4: The next step is to configure your firewall rules for remote access

Question 16

Explain Data Leakage

Answer 16

Data Leakage is an intentional or unintentional transmission of data from within the organization to an external unauthorized destination.

Question 17

What are the three categories of data leakage?

Answer 17

Accidental Breach: An entity unintentionally send data to an unauthorized person due to a fault or a blunder
Intentional Breach: The authorized entity sends data to an unauthorized entity on purpose
System Hack: Hacking techniques are used to cause data leakage

Question 18

How can data leakage be prevented?

Answer 18

Data Leakage can be prevented by using tools, software, and strategies known as DLP(Data Leakage Prevention) Tools

Question 19

What are some of the common Cyberattacks?

Answer 19

Malware
Phishing
Password Attacks
DDoS
Man in the Middle
Drive-By Downloads
Malvertising
Rogue Software

Question 20

What is a DDOS attack?

Answer 20

a malicious attempt to disrupt the normal traffic of a targeted server, service or network

Question 21

What is a password attack?

Answer 21

when a hacker trys to steal your password.

Question 22

What is a man in the middle attack

Answer 22

when an attacker interrupt an existing conversation or data transfer

Question 23

What is a drive-by download?

Answer 23

When malware is downloaded or installed without the consent of a user

Question 24

What is Malvertising?

Answer 24

Incorporating malware into advertisements

Question 25

What is rogue software?

Answer 25

Malicious software that misleads users into believing there is a virus on their computer to pa a fake malware tool that is actually malware itself

Question 26

What is Phishing?

Answer 26

Attempt to get sensitive information usually through email

Question 27

What is malware?

Answer 27

Software used to damage or destroy computer systems

Question 28

What is a Brute Force Attack? How can you prevent it?

Answer 28

SUbmitting passwords or passphrases in an attempt to guess a combination correctly.

Question 29

How do you prevent a brute force attack?

Answer 29

Using long passwords
Complex passwords
Limited login in attempts before locking out

Question 30

What is Port Scanning?

Answer 30

Port Scanning is the technique used to identify open ports and service available on a host

Question 31

What are the different layers of the OSI model?

Answer 31

Application
Presentation
Session
Transport
Network
Data Link
Physical

Question 32

Physical Layer:

Answer 32

Responsible for transmission of digital data from sender to receiver through the communication media,

Question 33

Data Link Layer:

Answer 33

Handles the movement of data to and from the physical link. It is also responsible for encoding and decoding of data bits.

Question 34

Network Layer:

Answer 34

Responsible for packet forwarding and providing routing paths for network communication.

Question 35

Transport Layer:

Answer 35

Responsible for end-to-end communication over the network. It splits the data from the above layer and passes it to the Network Layer and then ensures that all the data has successfully reached at the receiver’s end.

Question 36

Session Layer:

Answer 36

Controls connection between the sender and the receiver. It is responsible for starting, ending, and managing the session and establishing, maintaining and synchronizing interaction between the sender and the receiver.

Question 37

Presentation Layer:

Answer 37

It deals with presenting the data in a proper format and data structure instead of sending raw datagrams or packets.

Question 38

Application Layer:

Answer 38

It provides an interface between the application and the network. It focuses on process-to-process communication and provides a communication interface.

Question 39

What is a VPN?

Answer 39

PN stands for Virtual Private Network. It is used to create a safe and encrypted connection.PN stands for Virtual Private Network. It is used to create a safe and encrypted connection.

Question 40

What do you understand by Risk, Vulnerability & Threat in a network?

Answer 40

Threat: Someone with the potential to harm a system or an organization
Vulnerability: Weakness in a system that can be exploited by a potential hacker
Risk: Potential for loss or damage when threat exploits a vulnerability

Question 41

How can identity theft be prevented?

Answer 41

Ensure strong and unique password
Avoid sharing confidential information online, especially on social media
Shop from known and trusted websites
Use the latest version of the browsers
Install advanced malware and spyware tools
Use specialized security solutions against financial data
Always update your system and the software
Protect your SSN (Social Security Number)

Question 42

What are black hat, white hat and grey hat hackers?

Answer 42

Black hat hackers are known for having vast knowledge about breaking into computer networks. They can write malware which can be used to gain access to these systems. This type of hackers misuse their skills to steal information or use the hacked system for malicious purpose.

White hat hackers use their powers for good deeds and so they are also called Ethical Hackers. These are mostly hired by companies as a security specialist that attempts to find and fix vulnerabilities and security holes in the systems. They use their skills to help make the security better.

Anonymity is just a simple thing in Ethical Hacking & CyberSecurity. If you are interested in this domain, check Edureka’s CompTIA Security+ Certification Training.

Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look for system vulnerabilities without the owner’s permission. If they find any vulnerabilities, they report it to the owner. Unlike Black hat hackers, they do not exploit the vulnerabilities found.

Question 43

How often should you perform Patch management?

Answer 43

Patch management should be done as soon as it is release

Question 44

How would you reset a password-protected BIOS configuration?

Answer 44

popping out the CMOS battery so that the memory storing the settings lose its power supply and as a result, it will lose its setting.

Question 45

Explain MITM attack and how to prevent it?

Answer 45

a type of attack where the hacker places himself in between the communication of two parties and steal the information.

Question 46

You can prevent MITM attack by using the following practices:

Answer 46

Use VPN
Use strong WEP/WPA encryption
Use Intrusion Detection Systems
Force HTTPS
Public Key Pair Based Authentication

Question 47

Explain DDOS attack and how to prevent it?

Answer 47

DDOS(Distributed Denial of Service) attack is a cyberattack that causes the servers to refuse to provide services to genuine clients

Question 48

Two types of ddos attacks

Answer 48

Flooding attacks: In this type, the hacker sends a huge amount of traffic to the server which the server can not handle. And hence, the server stops functioning. This type of attack is usually executed by using automated programs that continuously send packets to the server.
Crash attacks: In this type, the hackers exploit a bug on the server resulting in the system to crash and hence the server is not able to provide service to the client

Question 49

How do you prevent ddos attacks?

Answer 49

Use Anti-DDOS services
Configure Firewalls and Routers
Use Front-End Hardware
Use Load Balancing
Handle Spikes in Traffic

Question 50

Explain XSS attack and how to prevent it?

Answer 50

a cyberattack that enables hackers to inject malicious client-side scripts into web pages.

Question 51

You can prevent XSS attacks by using the following practices:

Answer 51

Validate user inputs
Sanitize user inputs
Encode special characters
Use Anti-XSS services/tools
Use XSS  HTML Filter

Question 52

What is an ARP and how does it work?

Answer 52

Address Resolution Protocol (ARP)is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.

Question 53

What is port blocking within LAN?

Answer 53

Restricting the users from accessing a set of services within the local area network is called port blocking.

Question 54

What protocols fall under TCP/IP internet layer?

Answer 54

Application NFS, NIS+, DNS, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, SNMP and others
Transport TCP, UDP
Internet IP, ARP, ICMP
Data Link PPP, IEEE 802.2
Physical Network Ethernet (IEEE 802.3) Token ring, RS-232, others

Question 55

What is the threat hunting process?

Answer 55

Collect and Process data
Establish a hypothesis
Hunt
Identify Threats
Respond

Question 56

What are the threat hunting models

Answer 56

Event-based hunting
IOC based hunting
Entity based hunting
TTP based hunting

Question 57

What is Event-based hunting

Answer 57

hunting event on observations of potentially malicious activity activity

Question 58

What is IOC hunting

Answer 58

hunting based evidence that an attack of some sort has occurred

Question 59

What is entity-based hunting

Answer 59

hunting based on threats to high value or high-risk systems

Question 60

What is TTP based hunting

Answer 60

Hunting for threats that attempt to evade traditional rules

Question 61

What is MITRE ATT&CK?

Answer 61

a global knowledge base of attack TTP based on real-world observations

Question 62

What does ATT&CK stand for?

Answer 62

adversarial tactics, techniques, and common knowledge

Question 63

What is MITRE?

Answer 63

A govt-funded research organization

Question 64

What does MITRE stand for?

Answer 64

Massachusetts Institute of Technology Research & Engineering