SOC Interview Questions Flashcards

1
Q

Black Hat Hacker

A

hackers are criminals who break into computer networks with malicious intent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

White Hat Hacker

A

Also known as Ethical Hackers. They are certified hackers who learn hacking from courses. These are good hackers who try to secure our data, websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Grey Hat Hacker

A

A mix of both Black-Hat and White-Hat hackers. These types of hackers find vulnerabilities in systems without the permission of owners. They don’t have any malicious intent. However, this type of hacking is still considered illegal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Port Scanning

A

A method of determining which ports on a network are open and could be receiving or sending data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Red Team

A

A group that pretends to be an enemy, attempts a physical or digital intrusion against an organization at the direction of that organization, then reports back so that the organization can improve their defenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Blue Team

A

A group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and make certain all security measures will continue to be effective after implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Firewall

A

A device that allows or blocks the network traffic according to the rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Misconfiguration

A

A security vulnerability caused by incomplete or incorrect misconfiguration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Vulnerability

A

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Risk

A

The level of impact on agency operations (including mission functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Threat

A

Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Compliance

A

Following the set of standards authorized by an organization, independent part, or government.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

MITRE ATTACK

A

A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

2FA

A

An extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and password. Then, instead of immediately gaining access, they will be required to provide another piece of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Share some general endpoint product categories

A

Antivirus
EDR (Endpoint Detection and Response)
XDR (Extended Detection and Response)
DLP (Data Loss Prevention)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is HIDS?

A

HIDS means Host Intrusion Detection System. HIDS is located on each host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is NIDS?

A

NIDS means Network Intrusion Detection System. NIDS is located in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

CIA Triad

A

A common model that forms the basis for the development of security systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Confidentiality

A

Involves the efforts of an organization to make sure data is kept secret or private.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Integrity

A

Involves making sure your data is trustworthy and free from tampering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Availability

A

Systems, networks, and applications must be functioning as they should and when they should.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is AAA?

A

Authentication
Authorization
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Authentication

A

Involves a user providing information about who they are. Users present login credentials that affirm they are who they claim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Authorization

A

A user can be granted privileges to access certain areas of a network or system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Accounting

A

Keeps track of user activity while users are logged in to a network by tracking information such as how long they were logged in, the data they sent or received, their Internet Protocol (IP) address, the Uniform Resource Identifier (URI) they used, and the different services they accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Cyber Kill Chain

A

Framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

SIEM

A

A security solution that provides the real time logging of events in an environment. The actual purpose for event logging is to detect security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Indicator of Compromise (IoC)

A

Serve as forensic evidence of potential intrusions on a host system or network. These artifacts enable Information Security (InfoSec) professionals and system administrators to detect intrusion attempts or other malicious activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Indicator of Attack (IoA)

A

Demonstrate the intentions behind a cyberattack and the techniques used by the threat actor to accomplish their objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

True Positive

A

If the situation to be detected and the detected (triggered alert) situation are the same

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

False Positive

A

In short, it is a false alarm. When an IDS or IPS flags non-malicious traffic as malicious.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

OSI Model

A

A conceptual model that describes the universal standard of communication functions of a telecommunication system or computing system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Three-Way Handshake

A

A method used in a TCP/IP network to create a connection between the client and server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Explain the Three-Way Handshake

A
  1. The client sends a SYN(Synchronize) packet to the server check if the server is up or has open ports
  2. The server sends SYN-ACK packet to the client if it has open ports
  3. The client acknowledges this and sends an ACK(Acknowledgment) packet back to the server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

TCP/IP Model

A

Is the default method of data communication on the Internet. It was developed by the United States Department of Defense to enable the accurate and correct transmission of data between devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is the difference between the TCP/IP Model and the OSI Model?

A

The TCP/IP model is a simpler, four-layer model that focuses on the actual workings of the internet, while the OSI model is a more detailed seven-layer model that provides a conceptual framework for understanding network communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Address Resolution Protocol (ARP)

A

Is a communication protocol used for discovering the Data Link Layer address, such as a MAC address, associated with a given Network Layer address, typically an IPv4 address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Domain Host Configuration Protocol (DHCP)

A

Is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Domain Name Server (DNS)

A

Is like the internet’s phone book, translating domain names (like google.com) into IP addresses (like 172.217.1.46) so computers can communicate with each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Virtual Private Network (VPN)

A

Creates a secure, encrypted connection over a public network like the internet, allowing users to browse the web privately and securely. It masks their IP address and encrypts their data, enhancing privacy and security, particularly when accessing sensitive information or bypassing geographical restrictions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Virtual Land Area Network (VLAN)

A

Is a network segmentation technique that allows administrators to logically divide a single physical network into multiple isolated virtual networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Router

A

Is a networking device that forwards data packets between computer networks. Responsible for directing traffic based on IP addresses, enabling communication between devices on different networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Switch

A

Is a networking device that connects multiple devices within a local area network (LAN) and forwards data packets to their intended destination based on MAC addresses. It operates at the data link layer of the OSI model and helps manage network traffic efficiently by creating direct paths between devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

User Datagram Protocol (UDP)

A

Is a connectionless protocol that provides a simple and lightweight method for sending data packets over a network. It is commonly used for applications that prioritize speed and efficiency over reliability, such as real-time streaming or online gaming.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Transmission Control Protocol (TCP)

A

Is a connection-oriented protocol that ensures reliable and ordered delivery of data packets over a network. It establishes a virtual connection between sender and receiver, handling error correction, flow control, and congestion control to guarantee data integrity and successful transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is the difference between UDP and TCP?

A

UDP and TCP are transport layer protocols. TCP has error checking and guaranties that packets have been received while UDP does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Steps to ensure a server is secure

A
  1. Close all unnecessary ports
  2. Patch the server so that all software is up to date
  3. Tightly control user access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Traceroute

A

Is a tool used to trace the path of an IP packet as it traverses routers. It works by incrementing the TTL field until the packet reaches the destination IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Subnet

A

Is a logical subdivision of an IP network. The practice of dividing a network into two or more networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

MAC Address

A

Is a unique identifier assigned to a network interface controller for use as a network address in communications within a network segment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Spanning Tree Protocol (STP)

A

Is a network protocol that builds a loop-free logical topology for Ethernet networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Load Balancer

A

The process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Hypervisor

A

Also known as a virtual machine monitor or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Conatiner

A

A package of software and its dependencies — such as code, system tools, settings, and libraries — that can run reliably on any operating system and infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

DHCP Relay

A

Allow devices to connect to a network even if they are not located within the same subnet or broadcast domain.

56
Q

Link Aggregation or Port Trunking

A

Is a way of bundling two or more network interfaces together to act as one

57
Q

Proxy Server

A

A system or router that provides a gateway between users and the internet.

58
Q

Packet Sniffing

A

A method of detecting and assessing packet data sent over a network.

59
Q

Network Segmentation

A

A physical or virtual architectural approach dividing a network into multiple segments.

60
Q

SSL

A

A security protocol that creates an encrypted link between a web server and a web browser.

61
Q

TLS

A

Encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit.

62
Q

Port 80

A

What port is HTTP?

63
Q

Port 443

A

What port is HTTPS?

64
Q

Port 21

A

What port is FTP?

65
Q

Port 22

A

What port is SSH?

66
Q

Port 23

A

What port is Telnet?

67
Q

Port 25

A

What port is SMTP (Simple Mail Transfer Protocol)?

68
Q

Port 53

A

What port is DNS?

69
Q

Port 67

A

What port is DHCP

70
Q

Port 69

A

What port is TFTP (Trivial File Transfer Protocol)

71
Q

Port 123

A

What port is NTP (Network Time Protocol)

72
Q

Port 389

A

What port is LDAP (Lightweight Directory Access Protocol)

73
Q

Port 3389

A

What port is RDP

74
Q

Port 5900

A

What port is VNC (Virtual Network Computing)

75
Q

Port 110

A

What port is POP3 (Post Office Protocol version 3)

76
Q

Port 143

A

What port is IMAP (Internet Message Access Protocol)

77
Q

SSH

A

Is a secure network protocol used for remote access and control of devices over an unsecured network

78
Q

FTP

A

Is a standard network protocol used for transferring files between a client and a server on a computer network.

79
Q

SNMP

A

Is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.

80
Q

LDAP

A

is an open and cross-platform protocol used for accessing and maintaining distributed directory information services over a network.

81
Q

RDP

A

Is a proprietary protocol developed by Microsoft that enables users to remotely access and control a computer desktop over a network connection.

82
Q

Wired Equivalent Privacy (WEP)

A

Is meant to protect Wi-Fi transmissions by encrypting the data so outsiders who are not inside the encrypted network will not be able to read the messages or data contained within.

83
Q

Wi-Fi Protected Access (WPA)

A

Is a security standard for computing devices with wireless internet connections.

84
Q

General network security product names

A

Firewall
IDS (Intrusion Detection System)
IPS (Intrusion Prevention System)
WAF (Web Application Firewall)

85
Q

What’s the difference between an IDS and IPS?

A

An IDS alerts only to malicious traffic while an IPS alerts/blocks malicious traffic

86
Q

How can you protect yourself from Man-in-the-middle (on-path) attacks?

A

Caution with connecting to public Wi-Fi
Use a VPN.

87
Q

What are the HTTP response codes?

A

1XX: Informational
2XX: Success
3XX: Redirection
4XX: Client-Side Error
5XX: Server-Side Error

88
Q

OWASP Top 10

A

Is a standard awareness document that represents a broad consensus about the most critical security risks to web applications.

89
Q

SQL Injection

A

In which malicious SQL statements are inserted into an entry field for execution.

90
Q

Preventing SQL Injection

A

Use parameterized queries or prepared statements.
Implement input validation to ensure data integrity.
Use proper access controls to limit database privileges.

91
Q

Cross-Site Scripting (XSS)

A

A type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

92
Q

Cross-Site Request Forgery (CSRF)

A

An attack that forces an end user to execute unwanted actions on a web application they’re currently authenticated.

93
Q

Prevent XSS and CSRF

A

Implement proper input validation and sanitization.
Use output encoding or escaping
Implement anti-CSRF tokens in web forms

94
Q

Insecure Direct Object Reference (IDOR)

A

Is a vulnerability caused by the lack of an authorization mechanism or because it is not used properly.

95
Q

Remote File Inclusion (RFI)

A

Occurs when a file on a different server is included without sanitizing the data obtained from a user.

96
Q

Local File Inclusion (LFI)

A

Occurs when a local file is included without sanitizing the data obtained from a user.

97
Q

What is the difference between LFI and RFI?

A

LFI involves exploiting a vulnerability to include files that are already locally present on the server, while RFI involves injecting files from a remote server into the web application.

98
Q

Web Application Firewall (WAF)

A

Helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

99
Q

Cryptography

A

Is the practice and study of techniques for secure communication in the presence of third parties, typically involving encryption and decryption of data.

100
Q

Encoding

A

Converts the data in the desired format required for exchange between different systems.

101
Q

Hashing

A

Maintains the integrity of a message or data. Any change did any day could be noticed.

102
Q

Encryption

A

Ensures that the data is secure and one needs a digital verification code or image in order to open it or access it.

103
Q

What is the difference between hashing and encryption?

A

Hashing transforms data into a fixed-size string of characters, while encryption encodes data with a key that can be decoded to its original form.

104
Q

Salted Hashes

A

Added to the hashing process to force their uniqueness, increase their complexity without increasing user requirements, and to mitigate password attacks like hash tables.

105
Q

Compiler

A

Name of the software that compiles written code?

106
Q

Disassembler

A

Name of the software that translates machine codes into assembly language?

107
Q

Static Malware Analysis

A

It is the approach of analyzing malicious software by reverse engineering methods without running them.

108
Q

Dynamic Malware Analysis

A

It is the approach that examines the behavior of malicious software on the system by running it. Applications that can examine registry, file, network and process events are installed in the system, and their behavior is examined by running malicious software.

109
Q

How does malware achieve persistence on Windows?

A

Services
Registry Run Keys (Run, RunOnce)
Task Scheduler
Infecting to clean files

110
Q

Which event logs are available default on Windows?

A

System
Application
Security

111
Q

Malware

A

Is malicious software designed to disrupt, damage, or gain unauthorized access to computer systems or data.

112
Q

Virus

A

A type of malicious software that attaches itself to other programs or files and spreads by replicating when those files are executed, often causing harm to the host system.

113
Q

Difference between virus and malware

A

Virus is a specific type of malware that self-replicates by attaching to other programs or files, malware encompasses a broader range of malicious software designed to disrupt, damage, or gain unauthorized access to computer systems or data.

114
Q

Examples of Malware

A

Trojan Horse
Spyware
Adware
Rootkit

115
Q

Examples of Viruses

A

Wannacry
Stuxnet
Code Red

116
Q

Distributed Denial of Service (DDOS)

A

Is a cyberattack that causes the servers to refuse to provide services to genuine clients.

117
Q

Preventatives for DDOS

A

Configure Firewalls and Routers
Use Load Balancing

118
Q

Ransomware

A

Is a type of malicious software that encrypts files on a victim’s computer or network, rendering them inaccessible, and demands payment (usually in cryptocurrency) for the decryption key to restore access.

119
Q

Preventatives to Ransomware

A

Network Segmentation
Keep Anti-Virus Software up to date

120
Q

Password Spraying

A

Is a cyberattack technique where attackers attempt to gain unauthorized access to multiple user accounts by using commonly used passwords or easily guessable credentials.

121
Q

Dictionary Attack

A

Is a type of cyberattack where an attacker systematically tries every word in a pre-compiled list (dictionary) of potential passwords to gain unauthorized access to user accounts or systems.

122
Q

Brute Force Attack

A

Is a cyberattack method where an attacker systematically tries every possible combination of characters until the correct password or encryption key is discovered

123
Q

Vulnerability Assessment

A

Is the process of identifying, quantifying, and prioritizing vulnerabilities in computer systems, networks, and applications to determine potential security risks and take appropriate remedial actions.

124
Q

SSID

A

Is a unique name that identifies a wireless network

125
Q

Peer to Peer

A

Network type that allows each user to act as both client or server

126
Q

Server

A

A computer system or software program that provides services or resources to other computers, known as clients, over a network, fulfilling requests and facilitating communication and data exchange between devices.

127
Q

WIC (WAN Interface Card)

A

Is a hardware component used in networking equipment, such as routers and switches, to connect to wide area networks (WANs) and provide access to remote networks or the internet.

128
Q

Data in Transit

A

Refers to information that is actively being transferred between two endpoints over a network.

129
Q

Data at Rest

A

Information that is stored or archived in a persistent state

130
Q

What is Cybersecurity?

A

Is the protection of critical systems and sensitive information from digital security threats.

131
Q

Data Leakage

A

Is an intentional or unintentional transmission of data from within the organization to an external unauthorized destination.

132
Q

3 Types of Data Leakage

A

Accidental Breach
Intentional Breach
System Hack

133
Q

Common Cyber Attacks

A

Malware
Phishing
Password Attacks
DDoS
Man in the Middle

134
Q

Prevent Identity Theft

A
  1. Ensure strong and unique password.
  2. Avoid sharing confidential information online, especially on social media.
  3. Shop from known and trusted websites
  4. Install advanced malware and spyware tools.
  5. Update anti-virus software
135
Q

NetBIOS

A

Is a networking protocol suite that allows applications and devices on a local area network (LAN) to communicate with each other

136
Q

Port Blocking

A

Restricting the users from accessing a set of services within the local area network