Interview Questions Flashcards
Describe how Wireshark and Splunk are different?
Splunk is a world wide system that business’ use to create security solutions from their data. Where as Wireshark only captures and analyzes network traffic.
Explain the purpose of a networking firewall?
A network firewall blocks incoming traffic from unauthorized IP addresses connected to the internet/intranet.
Explain what Binary is and why computers use it?
Computers use binary - the digits 0 and 1 - to store data. A binary digit, or bit , is the smallest unit of data in computing. It is represented by a 0 or a 1.
What is a HoneyPot?
A honeypot is a controlled and safe environment for showing how attackers work and examining different types of threats.
What is Burp, and what type of attacks can you launch using Burp?
Burp Intruder is a tool for automating customized attacks against web applications. It is extremely powerful and configurable, and can be used to perform a huge range of tasks, from simple brute-force guessing of web directories through to active exploitation of complex blind SQL injection vulnerabilities.
Suppose you’ve implemented a firewall policy on one of your servers. How would you test it?
A network scan using nmap or hping.
Explain DNS and how it works.
DNS translates domain names to IP addresses so browsers can load Internet resources. For the web browser, the DNS lookup occurs “behind the scenes” and requires no interaction from the user’s computer apart from the initial request. (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1).
What is the difference between vulnerability assessment and penetration test?
Vulnerability scans look for known vulnerabilities in your systems and report potential exposures. Penetration tests are intended to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets.
What type of encryption is AES?
AES uses symmetric key encryption, which involves the use of only one secret key to cipher and decipher information. The Advanced Encryption Standard (AES) is the first and only publicly accessible cipher approved by the US National Security Agency (NSA) for protecting top secret information.
What is the difference between a switch and a router?
While a network switch can connect multiple devices and networks to expand the LAN, a router will allow you to share a single IP address among multiple network devices. In simpler terms, the Ethernet switch creates networks and the router allows for connections between networks.
Explain what a digital signature is used for.
Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect information in digital messages or documents.
Explain what a ransomware attack means for your organization.
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
Under what circumstances should you pay the ransom and why?
The FBI’s official statement on ransomware advises victims not to pay the ransom. There is no guarantee that the hackers will restore your information. In some cases, paying the ransom could even be illegal, because it provides funding for criminal activity. We recommend engaging with a professional incident response team, law enforcement and regulatory bodies before negotiating with attackers.
What is the difference between an IDS and IPS?
An intrusion detection system (IDS) monitors traffic on your network, analyzes that traffic for signatures matching known attacks, and when something suspicious happens, you’re alerted. In the meantime, the traffic keeps flowing.
An intrusion prevention system (IPS) also monitors traffic. But when something unusual happens, the traffic stops altogether until you investigate and decide to open the floodgates again.
Explain SSL and TLS. Which offers better security?
SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. Basically, they are one and the same, SSL and TLS are cryptographic protocols that authenticate data transfer between servers, systems, applications and users.TLS is the obvious choice. It does not only serve as an upgrade to SSL, but also performs much better.
What are salted hashes and how do they work? What’s the benefit?
The goal of salting is to defend against dictionary attacks or attacks against hashed passwords using a rainbow table. To salt a password hash, a new salt is randomly generated for each password. The salt and the password are concatenated and then processed with a cryptographic hash function.
Salts help us mitigate hash table attacks by forcing attackers to re-compute them using the salts for each user.
What is cross-site scripting and what is a way to protect against it?
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other.
Web application firewall, security rules, updated software.
What is the difference between encoding, hashing, and encryption?
Encoding is a process of conversion of data from one format to another. - Encryption is a process to convert the information into a cipher using keys, to maintain the confidentiality. - Hashing is a technique to ensure the integrity of the data by converting it into a fixed-length string.
How could you tell if a remote web server is running IIS and Apache?
Using the telnet command and/or entering a bad address. Error messages oftentimes giveaway what the server is running.
What’s the goal of information security within an organization?
The main goal is ensuring confidentiality, integrity, and availability of company information.
Explain defense in depth and provide an example.
Defense-in-depth user protection involves a combination of security offerings (e.g., WAF, antivirus, anti spam software, etc.) and training to block threats and protect critical data.
What is the three-way handshake?
A three-way handshake is a method used in a TCP/IP network to create a connection between a local host/client and server. It requires both the client and server to exchange SYN (synchronization) and ACK (acknowledgment) packets before actual data communication begins.
Name all the OSI layers.
Layer 1: Physical = Please. Layer 2: Data Link = Do. Layer 3: Network = Not. Layer 4: Transport = Touch. Layer 5: Session = Steve's. Layer 6: Presentation = Pet. Layer 7: Application = Alligator.
Which layer is responsible for encryption?
Layer 6 - Presentation
