Interview Flashcards
IPS vs IDS
IPS = Intrusion Prevention System
IDS = Intrusion Detection System
IDS only detects intrusion and leaves the rest to admin, whereas IPS will detect intrusion and take further action to prevent intrusion.
Explain Risk, Vulnerability & Threat
Vulnerability- Potential weakness in security system.
Threat- Likelihood of a given attack or attacker trying to exploit a weakness.
Risk- Combined measure of vulnerability, threat, and impact.
Impact - Consequences of an attack
Asymmetric vs Symmetric Encryption and which is better?
Symmetric Encryption uses the same key for both encryption and decryption while asymmetric uses different keys.
Symmetric is faster but key needs to be transferred over an unencrypted channel and is less secure.
Hybrid is best approach
Encryption vs Hashing
Encryption is reversible, whereas hashing is irreversible.
Encryption ensures confidentiality
Hashing ensures Integrity
Black Hat vs White Hat vs Grey Hat hacker
Black Hat hacker hacks without authority
White Hat- Those authorized to perform a hacking attempt under signed NDA.
Grey Hat - White Hat hacker who sometimes performs unauthorized activities
What is a firewall?
A device that allows or blocks traffic as per defined set of rules. These are placed on the boundary of trusted and untrusted networks
How do you keep yourself updated with information security news?
The hacker news
Threatpost
Pentest Mag
What is CIA Triad?
Main mission of cybersecurity
Confidentiality- Only authorized users and processes should be able to access or modify data
Integrity- Data should be maintained in a correct state and shouldn’t be able to be improperly modified, whether maliciously or accidentally
Availability- Authorized users should be able to access data at any time
RMF steps
0 -Prepare
1 - Categorize
2 - Select
3 - Implement
4 - Assess
5 - Authorize
6 - Monitor
HIDS vs NIDS
Which is better and why?
HIDS - Host Intrusion Detection System
NIDS - Network Intrusion Detection System
For an enterprise, NIDS is preferred as HIDS is difficult to manage. It alsonconsumes processing power of the host.
What is port scanning?
Process of sending messages in order to gather information about network, system etc. By analyzing the response received
What is a security misconfiguration?
A vulnerability when a device/application/network is configured in a way that can be exploited by an attacker to take advantage of it.
This can be as simple as leaving the default username/password unchanged or too simple for device accounts
What is CSRF?
Cross Site Request Forgery
A web application vulnerability in which the server does not check whether the request came from a trusted client or not.
The request is processed directly
What is XSS and how will you mitigate it?
Cross Site Scripting
A Javascript vulnerability in the web applications
A client side injection attack where the attacker aims to execute malicious scripts in the victims browser
Manual test and ensure that input fields don’t test unvalidated user input. Apply proper input/output encoding.