Security Analyst Questions

Question 1

Black Hat

Answer 1

hackers are criminals who break into computer networks with malicious intent.

Question 2

Also known as Ethical Hackers. They are certified hackers who learn hacking from courses. These are good hackers who try to secure our data, websites.

Answer 2

White Hat Hacker

Question 3

A mix of both Black-Hat and White-Hat hackers. These types of hackers find vulnerabilities in systems without the permission of owners. They don’t have any malicious intent. However, this type of hacking is still considered illegal.

Answer 3

Grey Hat Hacker

Question 4

A method of determining which ports on a network are open and could be receiving or sending data.

Answer 4

Port Scanning

Question 5

A group that pretends to be an enemy, attempts a physical or digital intrusion against an organization at the direction of that organization, then reports back so that the organization can improve their defenses.

Answer 5

Red Team

Question 6

A group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and make certain all security measures will continue to be effective after implementation.

Answer 6

Blue Team

Question 7

A device that allows or blocks the network traffic according to the rules.

Answer 7

Firewall

Question 8

A security vulnerability caused by incomplete or incorrect misconfiguration.

Answer 8

Security Misconfiguration

Question 9

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Answer 9

Vulnerability

Question 10

The level of impact on agency operations (including mission functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

Answer 10

Risk

Question 11

Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Answer 11

Threat

Question 12

Following the set of standards authorized by an organization, independent part, or government.

Answer 12

Compliance

Question 13

A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Answer 13

MITRE ATTACK

Question 14

An extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and password. Then, instead of immediately gaining access, they will be required to provide another piece of information.

Answer 14

2FA

Question 15

Share some general endpoint security product categories

Answer 15

Antivirus
EDR (Endpoint Detection and Response)
XDR (Extended Detection and Response)
DLP (Data Loss Prevention)

Question 16

What is HIDS?

Answer 16

HIDS means Host Intrusion Detection System. HIDS is located on each host.

Question 17

What is NIDS?

Answer 17

NIDS means Network Intrusion Detection System. NIDS is located in the network.

Question 18

A common model that forms the basis for the development of security systems.

Answer 18

CIA Triad

Question 19

Involves the efforts of an organization to make sure data is kept secret or private.

Answer 19

Confidentiality

Question 20

Involves making sure your data is trustworthy and free from tampering.

Answer 20

Integrity

Question 21

Systems, networks, and applications must be functioning as they should and when they should.

Answer 21

Availability

Question 22

What is AAA?

Answer 22

Authentication
Authorization
Accounting

Question 23

Involves a user providing information about who they are. Users present login credentials that affirm they are who they claim.

Answer 23

Authentication

Question 24

A user can be granted privileges to access certain areas of a network or system.

Answer 24

Authorization

Question 25

Keeps track of user activity while users are logged in to a network by tracking information such as how long they were logged in, the data they sent or received, their Internet Protocol (IP) address, the Uniform Resource Identifier (URI) they used, and the different services they accessed.

Answer 25

Accounting

Question 26

Framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.

Answer 26

Cyber Kill Chain

Question 27

A security solution that provides the real time logging of events in an environment. The actual purpose for event logging is to detect security threats.

Answer 27

SIEM

Question 28

Serve as forensic evidence of potential intrusions on a host system or network. These artifacts enable Information Security (InfoSec) professionals and system administrators to detect intrusion attempts or other malicious activities.

Answer 28

Indicator of Compromise (IoC)

Question 29

Demonstrate the intentions behind a cyberattack and the techniques used by the threat actor to accomplish their objectives.

Answer 29

Indicator of Attack (IoA)

Question 30

If the situation to be detected and the detected (triggered alert) situation are the same

Answer 30

True Positive

Question 31

In short, it is a false alarm. When an IDS or IPS flags non-malicious traffic as malicious.

Answer 31

False Positive

Question 32

A conceptual model that describes the universal standard of communication functions of a telecommunication system or computing system.

Answer 32

OSI Model

Question 33

A method used in a TCP/IP network to create a connection between a host and a client.

Answer 33

Three-Way Handshake

Question 34

Explain the Three-Way Handshake

Answer 34

1. The client sends a SYN(Synchronize) packet to the server check if the server is up or has open ports
2. The server sends SYN-ACK packet to the client if it has open ports
3. The client acknowledges this and sends an ACK(Acknowledgment) packet back to the server

Question 35

Is the default method of data communication on the Internet. It was developed by the United States Department of Defense to enable the accurate and correct transmission of data between devices.

Answer 35

TCP/IP Model

Question 36

What is the difference between the TCP/IP Model and the OSI Model?

Answer 36

The TCP/IP model is a simpler, four-layer model that focuses on the actual workings of the internet, while the OSI model is a more detailed seven-layer model that provides a conceptual framework for understanding network communication.

Question 37

Is a communication protocol used for discovering the Data Link Layer address, such as a MAC address, associated with a given Network Layer address, typically an IPv4 address.

Answer 37

Address Resolution Protocol (ARP)

Question 38

Is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

Answer 38

Domain Host Configuration Protocol (DHCP)

Question 39

Is like the internet’s phone book, translating domain names (like google.com) into IP addresses (like 172.217.1.46) so computers can communicate with each other.

Answer 39

Domain Name Server (DNS)

Question 40

Creates a secure, encrypted connection over a public network like the internet, allowing users to browse the web privately and securely. It masks their IP address and encrypts their data, enhancing privacy and security, particularly when accessing sensitive information or bypassing geographical restrictions.

Answer 40

Virtual Private Network (VPN)

Question 41

Is a network segmentation technique that allows administrators to logically divide a single physical network into multiple isolated virtual networks.

Answer 41

Virtual Land Area Network (VLAN)

Question 42

Is a networking device that forwards data packets between computer networks. Responsible for directing traffic based on IP addresses, enabling communication between devices on different networks.

Answer 42

Router

Question 43

Is a networking device that connects multiple devices within a local area network (LAN) and forwards data packets to their intended destination based on MAC addresses. It operates at the data link layer of the OSI model and helps manage network traffic efficiently by creating direct paths between devices.

Answer 43

Switch

Question 44

Is a connectionless protocol that provides a simple and lightweight method for sending data packets over a network. It is commonly used for applications that prioritize speed and efficiency over reliability, such as real-time streaming or online gaming.

Answer 44

User Datagram Protocol (UDP)

Question 45

Is a connection-oriented protocol that ensures reliable and ordered delivery of data packets over a network. It establishes a virtual connection between sender and receiver, handling error correction, flow control, and congestion control to guarantee data integrity and successful transmission.

Answer 45

Transmission Control Protocol (TCP)

Question 46

What is the difference between UDP and TCP?

Answer 46

UDP and TCP are transport layer protocols. TCP has error checking and guaranties that packets have been received while UDP does not.

Question 47

1. Close all unnecessary ports
2. Patch the server so that all software is up to date
3. Tightly control user access

Answer 47

Steps to ensure a server is secure

Question 48

Is a tool used to trace the path of an IP packet as it traverses routers. It works by incrementing the TTL field until the packet reaches the destination IP.

Answer 48

Traceroute

Question 49

Is a logical subdivision of an IP network. The practice of dividing a network into two or more networks

Answer 49

Subnet

Question 50

Is a unique identifier assigned to a network interface controller for use as a network address in communications within a network segment.

Answer 50

MAC Address

Question 51

Is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

Answer 51

Network Address Translation (NAT)

Question 52

Is a network protocol that builds a loop-free logical topology for Ethernet networks.

Answer 52

Spanning Tree Protocol (STP)

Question 53

The process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient.

Answer 53

Load Balancer

Question 54

Also known as a virtual machine monitor or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines.

Answer 54

Hypervisor

Question 55

A package of software and its dependencies — such as code, system tools, settings, and libraries — that can run reliably on any operating system and infrastructure.

Answer 55

Conatiner

Question 56

Allow devices to connect to a network even if they are not located within the same subnet or broadcast domain.

Answer 56

DHCP Relay

Question 57

Is a way of bundling two or more network interfaces together to act as one

Answer 57

Link Aggregation or Port Trunking

Question 58

A system or router that provides a gateway between users and the internet.

Answer 58

Proxy Server

Question 59

A method of detecting and assessing packet data sent over a network.

Answer 59

Packet Sniffing

Question 60

A physical or virtual architectural approach dividing a network into multiple segments.

Answer 60

Network Segmentation

Question 61

A security protocol that creates an encrypted link between a web server and a web browser.

Answer 61

SSL

Question 62

Encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit.

Answer 62

TLS

Question 63

What port is HTTP?

Answer 63

Port 80

Question 64

What port is HTTPS?

Answer 64

Port 443

Question 65

What port is FTP?

Answer 65

Port 21

Question 66

What port is SSH?

Answer 66

Port 22

Question 67

What port is Telnet?

Answer 67

Port 23

Question 68

What port is SMTP (Simple Mail Transfer Protocol)?

Answer 68

Port 25

Question 69

What port is DNS?

Answer 69

Port 53

Question 70

What port is DHCP

Answer 70

Port 67

Question 71

What port is TFTP (Trivial File Transfer Protocol)

Answer 71

Port 69

Question 72

What port is NTP (Network Time Protocol)

Answer 72

Port 123

Question 73

What port is LDAP (Lightweight Directory Access Protocol)

Answer 73

Port 389

Question 74

What port is RDP

Answer 74

Port 3389

Question 75

What port is VNC (Virtual Network Computing)

Answer 75

Port 5900

Question 76

What port is POP3 (Post Office Protocol version 3)

Answer 76

Port 110

Question 77

What port is IMAP (Internet Message Access Protocol)

Answer 77

Port 143

Question 78

Is a secure network protocol used for remote access and control of devices over an unsecured network

Answer 78

SSH

Question 79

Is a standard network protocol used for transferring files between a client and a server on a computer network.

Answer 79

FTP

Question 80

Is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.

Answer 80

SNMP

Question 81

is an open and cross-platform protocol used for accessing and maintaining distributed directory information services over a network.

Answer 81

LDAP

Question 82

Is a proprietary protocol developed by Microsoft that enables users to remotely access and control a computer desktop over a network connection.

Answer 82

RDP

Question 83

Is meant to protect Wi-Fi transmissions by encrypting the data so outsiders who are not inside the encrypted network will not be able to read the messages or data contained within.

Answer 83

Wired Equivalent Privacy (WEP)

Question 84

Is a security standard for computing devices with wireless internet connections.

Answer 84

Wi-Fi Protected Access (WPA)

Question 85

General network security product names

Answer 85

Firewall
IDS (Intrusion Detection System)
IPS (Intrusion Prevention System)
WAF (Web Application Firewall)

Question 86

What’s the difference between an IDS and IPS?

Answer 86

IDS only detects the traffic but IPS can prevent/block the traffic.

Question 87

How can you protect yourself from Man-in-the-middle (on-path) attacks?

Answer 87

Caution with connecting to public Wi-Fi
Use a VPN.

Question 88

What are the HTTP response codes?

Answer 88

1XX: Informational
2XX: Success
3XX: Redirection
4XX: Client-Side Error
5XX: Server-Side Error

Question 89

Is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Answer 89

OWASP Top 10

Question 90

Are critical attack methods where a web application directly includes unsanitized data provided by the user in queries.

Answer 90

SQL Injection

Question 91

Use parameterized queries or prepared statements.
Implement input validation to ensure data integrity.
Use proper access controls to limit database privileges.

Answer 91

Preventing SQL Injection

Question 92

A type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Answer 92

Cross-Site Scripting (XSS)

Question 93

Is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

Answer 93

Cross-Site Request Forgery (CSRF)

Question 94

Implement proper input validation and sanitization.
Use output encoding or escaping
Implement anti-CSRF tokens in web forms

Answer 94

Prevent XSS and CSRF

Question 95

Is a vulnerability caused by the lack of an authorization mechanism or because it is not used properly.

Answer 95

Insecure Direct Object Reference (IDOR

Question 96

Is the security vulnerability that occurs when a file on a different server is included without sanitizing the data obtained from a user.

Answer 96

Remote File Inclusion (RFI)

Question 97

Is the security vulnerability that occurs when a local file is included without sanitizing the data obtained from a user.

Answer 97

Local File Inclusion (LFI)

Question 98

Difference between LFI and RFI?

Answer 98

LFI differs from RFI because the file that is intended to be included is on the same web server that the web application is hosted on.

Question 99

Helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

Answer 99

Web Application Firewall (WAF)

Question 100

Is the practice and study of techniques for secure communication in the presence of third parties, typically involving encryption and decryption of data.

Answer 100

Cryptography

Question 101

Converts the data in the desired format required for exchange between different systems.

Answer 101

Encoding

Question 102

Maintains the integrity of a message or data. Any change did any day could be noticed.

Answer 102

Hashing

Question 103

Ensures that the data is secure and one needs a digital verification code or image in order to open it or access it.

Answer 103

Encryption

Question 104

Difference between hashing and encryption

Answer 104

Hashing transforms data into a fixed-size string of characters, while encryption encodes data with a key that can be decoded to its original form.

Question 105

Added to the hashing process to force their uniqueness, increase their complexity without increasing user requirements, and to mitigate password attacks like hash tables.

Answer 105

Salted Hashes

Question 106

Name of the software that compiles written code?

Answer 106

Compiler

Question 107

Name of the software that translates machine codes into assembly language?

Answer 107

Disassembler

Question 108

It is the approach of analyzing malicious software by reverse engineering methods without running them.

Answer 108

Static Malware Analysis

Question 109

It is the approach that examines the behavior of malicious software on the system by running it. Applications that can examine registry, file, network and process events are installed in the system, and their behavior is examined by running malicious software.

Answer 109

Dynamic Malware Analysis

Question 110

How does malware achieve persistence on Windows?

Answer 110

Services
Registry Run Keys (Run, RunOnce)
Task Scheduler
Infecting to clean files

Question 111

Which event logs are available default on Windows?

Answer 111

Security
Application
System

Question 112

Is malicious software designed to disrupt, damage, or gain unauthorized access to computer systems or data.

Answer 112

Malware

Question 113

A type of malicious software that attaches itself to other programs or files and spreads by replicating when those files are executed, often causing harm to the host system.

Answer 113

Virus

Question 114

Virus is a specific type of malware that self-replicates by attaching to other programs or files, malware encompasses a broader range of malicious software designed to disrupt, damage, or gain unauthorized access to computer systems or data.

Answer 114

Difference between virus and malware

Question 115

Trojan Horse
Ransomware
Spyware
Adware
Rootkit

Answer 115

Examples of Malware

Question 116

Wannacry
Stuxnet
Code Red

Answer 116

Examples of Viruses

Question 117

Is a cyberattack that causes the servers to refuse to provide services to genuine clients.

Answer 117

Distributed Denial of Service (DDOS)

Question 118

Configure Firewalls and Routers
Use Load Balancing

Answer 118

Preventatives for DDOS

Question 119

Is a type of malicious software that encrypts files on a victim’s computer or network, rendering them inaccessible, and demands payment (usually in cryptocurrency) for the decryption key to restore access.

Answer 119

Ransomware

Question 120

Network Segmentation
Keep Anti-Virus Software up to date

Answer 120

Preventatives to Ransomware

Question 121

Is a cyberattack technique where attackers attempt to gain unauthorized access to multiple user accounts by using commonly used passwords or easily guessable credentials.

Answer 121

Password Spraying

Question 122

Is a type of cyberattack where an attacker systematically tries every word in a pre-compiled list (dictionary) of potential passwords to gain unauthorized access to user accounts or systems.

Answer 122

Dictionary Attack

Question 123

Is a cyberattack method where an attacker systematically tries every possible combination of characters until the correct password or encryption key is discovered

Answer 123

Brute Force Attack

Question 124

Is the process of identifying, quantifying, and prioritizing vulnerabilities in computer systems, networks, and applications to determine potential security risks and take appropriate remedial actions.

Answer 124

Vulnerability Assessment

Question 125

Is a unique name that identifies a wireless network

Answer 125

SSID

Question 126

Network type that allows each user to act as both client or server

Answer 126

Peer to Peer

Question 127

A computer system or software program that provides services or resources to other computers, known as clients, over a network, fulfilling requests and facilitating communication and data exchange between devices.

Answer 127

Server

Question 128

Is a hardware component used in networking equipment, such as routers and switches, to connect to wide area networks (WANs) and provide access to remote networks or the internet.

Answer 128

WIC (WAN Interface Card)

Question 129

Refers to information that is actively being transferred between two endpoints over a network.

Answer 129

Data in Transit

Question 130

Information that is stored or archived in a persistent state

Answer 130

Data at Rest

Question 131

Is the protection of critical systems and sensitive information from digital security threats.

Answer 131

What is Cybersecurity?

Question 132

Is an intentional or unintentional transmission of data from within the organization to an external unauthorized destination.

Answer 132

Data Leakage

Question 133

Accidental Breach
Intentional Breach
System Hack

Answer 133

3 Types of Data Leakage

Question 134

Malware
Phishing
Password Attacks
DDoS
Man in the Middle

Answer 134

Common Cyber Attacks

Question 135

1. Ensure strong and unique password.
2. Avoid sharing confidential information online, especially on social media.
3. Shop from known and trusted websites
4. Install advanced malware and spyware tools.
5. Update anti-virus software

Answer 135

Prevent Identity Theft

Question 136

Is a networking protocol suite that allows applications and devices on a local area network (LAN) to communicate with each other

Answer 136

NetBIOS

Question 137

Restricting the users from accessing a set of services within the local area network

Answer 137

Port Blocking