General Questions Flashcards
What is Cryptography?
securing information to protect the data from third parties that the data is not intended for.
What is the difference between IDS and IPS?
IDS is Intrusion Detection System and it only detects intrusions and the administrator has to take care of preventing the intrusion. Whereas, in IPS i.e., Intrusion Prevention System, the system detects the intrusion and also takes actions to prevent the intrusion.
Explain CIA triad
CIA stands for Confidentiality, Integrity, and Availability. CIA is a model that is designed to guide policies for Information Security. It is one of the most popular models used by organizations.
Confidentiality
The information should be accessible and readable only to authorized personnel.
Availability
The data should be available to the user whenever the user requires it.
How is Encryption different from Hashing?
encrypted data can be converted back to original data by the process of decryption but the hashed data cannot be converted back to original data.
What is a Firewall and why is it used?
Firewall is a network security system set on the boundaries of the system/network that monitors and controls network traffic. Firewalls are mainly used to protect the system/network from viruses, worms, malware, etc. Firewalls can also be to prevent remote access and content filtering.
What is the difference between VA(Vulnerability Assessment) and PT(Penetration Testing)?
Vulnerability Assessment
Vulnerability Assessment is the process of finding flaws on the target.
Penetration Testing is the process of finding vulnerabilities on the target.
What is a three-way handshake?
A three-way handshake is a method used in a TCP/IP network to create a connection between a host and a client.
What are the response codes that can be received from a Web Application?
1xx – Informational responses 2xx – Success 3xx – Redirection 4xx – Client-side error 5xx – Server-side error
What is traceroute? Why is it used?
Traceroute is a tool that shows the path of a packet.
This is used mostly when the packet is not reaching its destination.
What is the difference between HIDS and NIDS?
HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for the same purpose i.e., to detect the intrusions
HIDS is set up on a particular host/device. It monitors the traffic of a particular device and suspicious system activities.
NIDS is set up on a network. It monitors traffic of all devices of the network.
What are the steps to set up a firewall?
Username/password: modify the default password for a firewall device
Remote administration: Disable the feature of the remote administration
Port forwarding: Configure appropriate port forwarding for certain applications to work properly, such as a web server or FTP server
DHCP server: Installing a firewall on a network with an existing DHCP server will cause conflict unless the firewall’s DHCP is disabled
Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is enabled and understand how to view logs
Policies: You should have solid security policies in place and make sure that the firewall is configured to enforce those policies.
Explain SSL Encryption
SSL(Secure Sockets Layer) is the industry-standard security technology creating encrypted connections between Web Server and a Browser
What steps will you take to secure a server?
Step 1: Make sure you have a secure password for your root and administrator users
Step 2: The next thing you need to do is make new users on your system. These will be the users you use to manage the system
Step 3: Remove remote access from the default root/administrator accounts
Step 4: The next step is to configure your firewall rules for remote access
Explain Data Leakage
Data Leakage is an intentional or unintentional transmission of data from within the organization to an external unauthorized destination.
What are the three categories of data leakage?
Accidental Breach: An entity unintentionally send data to an unauthorized person due to a fault or a blunder
Intentional Breach: The authorized entity sends data to an unauthorized entity on purpose
System Hack: Hacking techniques are used to cause data leakage
How can data leakage be prevented?
Data Leakage can be prevented by using tools, software, and strategies known as DLP(Data Leakage Prevention) Tools
What are some of the common Cyberattacks?
Malware Phishing Password Attacks DDoS Man in the Middle Drive-By Downloads Malvertising Rogue Software
What is a DDOS attack?
a malicious attempt to disrupt the normal traffic of a targeted server, service or network
What is a password attack?
when a hacker trys to steal your password.
What is a man in the middle attack
when an attacker interrupt an existing conversation or data transfer
What is a drive-by download?
When malware is downloaded or installed without the consent of a user
What is Malvertising?
Incorporating malware into advertisements
What is rogue software?
Malicious software that misleads users into believing there is a virus on their computer to pa a fake malware tool that is actually malware itself
What is Phishing?
Attempt to get sensitive information usually through email
What is malware?
Software used to damage or destroy computer systems
What is a Brute Force Attack? How can you prevent it?
SUbmitting passwords or passphrases in an attempt to guess a combination correctly.
How do you prevent a brute force attack?
Using long passwords
Complex passwords
Limited login in attempts before locking out
What is Port Scanning?
Port Scanning is the technique used to identify open ports and service available on a host
What are the different layers of the OSI model?
Application Presentation Session Transport Network Data Link Physical
Physical Layer:
Responsible for transmission of digital data from sender to receiver through the communication media,
Data Link Layer:
Handles the movement of data to and from the physical link. It is also responsible for encoding and decoding of data bits.
Network Layer:
Responsible for packet forwarding and providing routing paths for network communication.
Transport Layer:
Responsible for end-to-end communication over the network. It splits the data from the above layer and passes it to the Network Layer and then ensures that all the data has successfully reached at the receiver’s end.
Session Layer:
Controls connection between the sender and the receiver. It is responsible for starting, ending, and managing the session and establishing, maintaining and synchronizing interaction between the sender and the receiver.
Presentation Layer:
It deals with presenting the data in a proper format and data structure instead of sending raw datagrams or packets.
Application Layer:
It provides an interface between the application and the network. It focuses on process-to-process communication and provides a communication interface.
What is a VPN?
PN stands for Virtual Private Network. It is used to create a safe and encrypted connection.PN stands for Virtual Private Network. It is used to create a safe and encrypted connection.
What do you understand by Risk, Vulnerability & Threat in a network?
Threat: Someone with the potential to harm a system or an organization
Vulnerability: Weakness in a system that can be exploited by a potential hacker
Risk: Potential for loss or damage when threat exploits a vulnerability
How can identity theft be prevented?
Ensure strong and unique password
Avoid sharing confidential information online, especially on social media
Shop from known and trusted websites
Use the latest version of the browsers
Install advanced malware and spyware tools
Use specialized security solutions against financial data
Always update your system and the software
Protect your SSN (Social Security Number)
What are black hat, white hat and grey hat hackers?
Black hat hackers are known for having vast knowledge about breaking into computer networks. They can write malware which can be used to gain access to these systems. This type of hackers misuse their skills to steal information or use the hacked system for malicious purpose.
White hat hackers use their powers for good deeds and so they are also called Ethical Hackers. These are mostly hired by companies as a security specialist that attempts to find and fix vulnerabilities and security holes in the systems. They use their skills to help make the security better.
Anonymity is just a simple thing in Ethical Hacking & CyberSecurity. If you are interested in this domain, check Edureka’s CompTIA Security+ Certification Training.
Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look for system vulnerabilities without the owner’s permission. If they find any vulnerabilities, they report it to the owner. Unlike Black hat hackers, they do not exploit the vulnerabilities found.
How often should you perform Patch management?
Patch management should be done as soon as it is release
How would you reset a password-protected BIOS configuration?
popping out the CMOS battery so that the memory storing the settings lose its power supply and as a result, it will lose its setting.
Explain MITM attack and how to prevent it?
a type of attack where the hacker places himself in between the communication of two parties and steal the information.
You can prevent MITM attack by using the following practices:
Use VPN Use strong WEP/WPA encryption Use Intrusion Detection Systems Force HTTPS Public Key Pair Based Authentication
Explain DDOS attack and how to prevent it?
DDOS(Distributed Denial of Service) attack is a cyberattack that causes the servers to refuse to provide services to genuine clients
Two types of ddos attacks
Flooding attacks: In this type, the hacker sends a huge amount of traffic to the server which the server can not handle. And hence, the server stops functioning. This type of attack is usually executed by using automated programs that continuously send packets to the server.
Crash attacks: In this type, the hackers exploit a bug on the server resulting in the system to crash and hence the server is not able to provide service to the client
How do you prevent ddos attacks?
Use Anti-DDOS services Configure Firewalls and Routers Use Front-End Hardware Use Load Balancing Handle Spikes in Traffic
Explain XSS attack and how to prevent it?
a cyberattack that enables hackers to inject malicious client-side scripts into web pages.
You can prevent XSS attacks by using the following practices:
Validate user inputs Sanitize user inputs Encode special characters Use Anti-XSS services/tools Use XSS HTML Filter
What is an ARP and how does it work?
Address Resolution Protocol (ARP)is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.
What is port blocking within LAN?
Restricting the users from accessing a set of services within the local area network is called port blocking.
What protocols fall under TCP/IP internet layer?
Application NFS, NIS+, DNS, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, SNMP and others
Transport TCP, UDP
Internet IP, ARP, ICMP
Data Link PPP, IEEE 802.2
Physical Network Ethernet (IEEE 802.3) Token ring, RS-232, others
What is the threat hunting process?
Collect and Process data Establish a hypothesis Hunt Identify Threats Respond
What are the threat hunting models
Event-based hunting
IOC based hunting
Entity based hunting
TTP based hunting
What is Event-based hunting
hunting event on observations of potentially malicious activity activity
What is IOC hunting
hunting based evidence that an attack of some sort has occurred
What is entity-based hunting
hunting based on threats to high value or high-risk systems
What is TTP based hunting
Hunting for threats that attempt to evade traditional rules
What is MITRE ATT&CK?
a global knowledge base of attack TTP based on real-world observations
What does ATT&CK stand for?
adversarial tactics, techniques, and common knowledge
What is MITRE?
A govt-funded research organization
What does MITRE stand for?
Massachusetts Institute of Technology Research & Engineering
