Interview Questions

Question 1

Describe how Wireshark and Splunk are different?

Answer 1

Splunk is a world wide system that business’ use to create security solutions from their data. Where as Wireshark only captures and analyzes network traffic.

Question 2

Explain the purpose of a networking firewall?

Answer 2

A network firewall blocks incoming traffic from unauthorized IP addresses connected to the internet/intranet.

Question 3

Explain what Binary is and why computers use it?

Answer 3

Computers use binary - the digits 0 and 1 - to store data. A binary digit, or bit , is the smallest unit of data in computing. It is represented by a 0 or a 1.

Question 4

What is a HoneyPot?

Answer 4

A honeypot is a controlled and safe environment for showing how attackers work and examining different types of threats.

Question 5

What is Burp, and what type of attacks can you launch using Burp?

Answer 5

Burp Intruder is a tool for automating customized attacks against web applications. It is extremely powerful and configurable, and can be used to perform a huge range of tasks, from simple brute-force guessing of web directories through to active exploitation of complex blind SQL injection vulnerabilities.

Question 6

Suppose you’ve implemented a firewall policy on one of your servers. How would you test it?

Answer 6

A network scan using nmap or hping.

Question 7

Explain DNS and how it works.

Answer 7

DNS translates domain names to IP addresses so browsers can load Internet resources. For the web browser, the DNS lookup occurs “behind the scenes” and requires no interaction from the user’s computer apart from the initial request. (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1).

Question 8

What is the difference between vulnerability assessment and penetration test?

Answer 8

Vulnerability scans look for known vulnerabilities in your systems and report potential exposures. Penetration tests are intended to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets.

Question 9

What type of encryption is AES?

Answer 9

AES uses symmetric key encryption, which involves the use of only one secret key to cipher and decipher information. The Advanced Encryption Standard (AES) is the first and only publicly accessible cipher approved by the US National Security Agency (NSA) for protecting top secret information.

Question 10

What is the difference between a switch and a router?

Answer 10

While a network switch can connect multiple devices and networks to expand the LAN, a router will allow you to share a single IP address among multiple network devices. In simpler terms, the Ethernet switch creates networks and the router allows for connections between networks.

Question 11

Explain what a digital signature is used for.

Answer 11

Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect information in digital messages or documents.

Question 12

Explain what a ransomware attack means for your organization.

Answer 12

Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.

Question 13

Under what circumstances should you pay the ransom and why?

Answer 13

The FBI’s official statement on ransomware advises victims not to pay the ransom. There is no guarantee that the hackers will restore your information. In some cases, paying the ransom could even be illegal, because it provides funding for criminal activity. We recommend engaging with a professional incident response team, law enforcement and regulatory bodies before negotiating with attackers.

Question 14

What is the difference between an IDS and IPS?

Answer 14

An intrusion detection system (IDS) monitors traffic on your network, analyzes that traffic for signatures matching known attacks, and when something suspicious happens, you’re alerted. In the meantime, the traffic keeps flowing.

An intrusion prevention system (IPS) also monitors traffic. But when something unusual happens, the traffic stops altogether until you investigate and decide to open the floodgates again.

Question 15

Explain SSL and TLS. Which offers better security?

Answer 15

SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. Basically, they are one and the same, SSL and TLS are cryptographic protocols that authenticate data transfer between servers, systems, applications and users.TLS is the obvious choice. It does not only serve as an upgrade to SSL, but also performs much better.

Question 16

What are salted hashes and how do they work? What’s the benefit?

Answer 16

The goal of salting is to defend against dictionary attacks or attacks against hashed passwords using a rainbow table. To salt a password hash, a new salt is randomly generated for each password. The salt and the password are concatenated and then processed with a cryptographic hash function.

Salts help us mitigate hash table attacks by forcing attackers to re-compute them using the salts for each user.

Question 17

What is cross-site scripting and what is a way to protect against it?

Answer 17

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other.

Web application firewall, security rules, updated software.

Question 18

What is the difference between encoding, hashing, and encryption?

Answer 18

Encoding is a process of conversion of data from one format to another. - Encryption is a process to convert the information into a cipher using keys, to maintain the confidentiality. - Hashing is a technique to ensure the integrity of the data by converting it into a fixed-length string.

Question 19

How could you tell if a remote web server is running IIS and Apache?

Answer 19

Using the telnet command and/or entering a bad address. Error messages oftentimes giveaway what the server is running.

Question 20

What’s the goal of information security within an organization?

Answer 20

The main goal is ensuring confidentiality, integrity, and availability of company information.

Question 21

Explain defense in depth and provide an example.

Answer 21

Defense-in-depth user protection involves a combination of security offerings (e.g., WAF, antivirus, anti spam software, etc.) and training to block threats and protect critical data.

Question 22

What is the three-way handshake?

Answer 22

A three-way handshake is a method used in a TCP/IP network to create a connection between a local host/client and server. It requires both the client and server to exchange SYN (synchronization) and ACK (acknowledgment) packets before actual data communication begins.

Question 23

Name all the OSI layers.

Answer 23

Layer 1: Physical = Please.
Layer 2: Data Link = Do.
Layer 3: Network = Not.
Layer 4: Transport = Touch.
Layer 5: Session = Steve's.
Layer 6: Presentation = Pet.
Layer 7: Application = Alligator.

Question 24

Which layer is responsible for encryption?

Answer 24

Layer 6 - Presentation

Question 25

Which layer is responsible for HTTP?

Answer 25

Layer 7 - Application

Question 26

What is the primary reason most companies haven’t fixed their vulnerabilities?

Answer 26

Lack of financial incentive.

Question 27

What is a man in the middle attack?

Answer 27

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

Question 28

What are black hat, white hat, grey hat hackers?

Answer 28

A Black hat hacker is someone who maliciously searches for and exploits vulnerabilities in computer systems or networks, often using malware and other hacking techniques to do harm.

A White hat hacker is a security specialist hired to find vulnerabilities in software, hardware and networks that black hats may find and target. Unlike black hats, white hats only hack networks when legally permitted to do so. Also known as ethical hackers, white hats disclose all vulnerabilities to their employer.

A Grey hat hacker exploits security vulnerabilities without malicious intent, like white hats, but may use illegal methods to find flaws. They may even release the vulnerabilities to the public or sell details about them for a profit like a black hat would. Grey hat hackers also often hack without the target’s permission or knowledge

Question 29

What is the sudoers file and what benefit does it provide?

Answer 29

The /etc/sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands.

Question 30

What is a MAC address and which layer of the OSI layer is it used in?

Answer 30

It identifies the hardware manufacturer and is used for network communication between devices in a network segment.

MAC address works at the data link layer (Layer 2) of the OSI model and allows computers to uniquely identify themselves in the network at a relatively lower level.

Question 31

What are the key differences between symmetric and asymmetric encryption?

Answer 31

Symmetric encryption uses a single key that needs to be shared among the people who need to receive the message while asymmetric encryption uses a pair of public key and a private key to encrypt and decrypt messages when communicating.