Starting from SQL

Question 1

What is SQL?

Answer 1

It is a programming language with which we can create, maintain and request information from Databases.

Question 2

What is a Database?

Answer 2

It is an organized collection of data or information.

Question 3

what are relational databases?

Answer 3

A structured database containing tables that are related to each other.

Tables might be similar in one or more columns.

The columns that relate 2 tables to each other are called keys.

There are other kinds of databases as well.

Question 4

What are 2 types of keys in relational databases?

Answer 4

Primary key - A column where every row has a unique key.

Foreign key - A column in a table that is a primary key in another tale.

Foreign keys unlike primary keys can have empty values or duplicates.

Question 5

What is a Query?

Answer 5

A query is a request for data from a database table or a combination of tables.

Question 6

How we can access SQLite version of SQL from Linux command line?

Answer 6

sqlite3

Question 7

Give me an example of a scenario where we might Linux as compared to SQL.

Answer 7

Sometimes data format that we need to examine might not be compatible with SQL (for example - text files). For such cases, we need to use Linux.

Question 8

What are the 2 basic keywords used in SQL queries?

Answer 8

SELECT - indicates which columns to return (* denotes to return all the columns of a table)

FROM - Indicates which tables to query

Question 9

What keyword do we use to get an ordered result of a query to a database?

Answer 9

We can craft our query to order the query output based on any of the columns in the database.
SYNTAX - >

SELECT customer_ID, city
FROM customers
ORDER BY city;

In descending ->

ORDER BY city DESC;

Note - We can also sort based on multiple columns.

Question 10

What are the basic filters in SQL queries?

Answer 10

WHERE -> acts as a clause that we use to create a filter
% -> Wildcard
- -> Wildcard
Like -> operator

Question 11

Give me example of usage of WHERE in SQL.

Answer 11

WHERE country = ‘USA’
WHERE country LIKE “US_”
(In the above statement, underscore will substitute for only one another character )

WHERE name LIKE “man%”
(Above, percentage sign will substitute for any number of other characters)

WHERE NOT country = “USA”

Question 12

What are the common datatypes in Databases?

Answer 12

Strings, Numbers, Data and Time

Note - Data and Time need to be enclosed within quotation marks like strings.

Question 13

Give me an example of filtering use of comparison operator in SQL.

Answer 13

SELECT *
FROM employees
WHERE birthdate > ‘1970-01-01’;

Question 14

What is inner join in SQL database tables?

Answer 14

It returns rows matching a specified column that exists in more than one table.

When we use INNER JOIN, all the columns in both tables are returned.

If the column exists in both of the tables, it is returned twice when SELECT * is used

Question 15

What are different kinds of Joins in SQL?

Answer 15

Inner Join
Left Join
Right Join
Full join

Question 16

Give me an example of Inner join syntax.

Answer 16

SELECT username, operating_system, employees.device_id

FROM employees

INNER JOIN machines ON employees.device_id = machines.device_id;

Question 17

What are aggregate functions in SQL?

Answer 17

Count - returns a single number that represents the number of rows returned from your query.

AVG - for average

SUM - for sum

SELECT COUNT(firstname)
FROM customers
WHERE Country = ‘USA’;

Question 18

How do we calculate risk to some asset?

Answer 18

Its formula is
Likelihood * impact = Risk

It depends on how often a risk can be exploited and what its impact on the organization if it is exploited.

Question 19

What are the categories of a threat?

Answer 19

Intentional threat -
Unintentional threat -
Outsider threat -
Insider threat -

Question 20

What are the 2 categories of vulnerabilities?

Answer 20

Technical vulnerability
Human vulnerability

Question 21

What is Asset management?

Answer 21

It is the process of making an inventory of all the organization’s assets, tracking all the assets, and finding out all the associated risks to these assets.
It also includes asset classification.

Question 22

What is asset classification?

Answer 22

Asset classification is the process of classifying assets based on how important an asset is to an organization and how sensitive it is.

Question 23

How do we find out the sensitivity and importance of an asset to an organization?

Answer 23

To know the sensitivity and importance of an asset to an organization, we normally ask the following questions:

1. What you have
2. Where it is
3. Who owns it
4. How important it is

Question 24

What are the common asset classifications that an asset can be categorized into?

Answer 24

1. Restricted
2. Confidential
3. Internal only
4. Public

Question 25

What is information security?

Answer 25

Information Security is the practice of keeping information secured from unauthorized access in all its states :

Data-in-use
Data-at-rest
Data-in-transit

To protect data, we need to know what state our data is in.

Question 26

What are the elements of a Security Plan?

Answer 26

Every Security Element has the following elements :

Policies - Policies are the set of rules that reduce risk and protect information.
Procedures -
Standards - these are the references based on what policies are created.

Question 27

What are the components of the NIST Cyber security framework?

Answer 27

NIST CSF has 2 main components :

Core
Tiers
Profiles

Question 28

What are the sub-components of the core component NIST CSF?

Answer 28

The core component has 5 sub-components :

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

Question 29

What is the use of Tier component of NIST CSF?

Answer 29

This provides security teams with a way to measure performance across each of the 5 functions of the core.

Question 30

What is the use of Profile component of NIST CSF framework?

Answer 30

It is like a snapshot of the security posture of an organization at different times.
It is used to see the improvements in the security posture of an organization.

Question 31

What are the different types of security controls?

Answer 31

Technical
Managerial / Administrative
Operational - controls like user training or incident response.

Question 32

What is information privacy?

Answer 32

It is the practice of protecting information from unauthorized access and giving the right to choose.

Question 33

What is the best way or best control to protect the data privacy?

Answer 33

By implementing the principle of least privilege.

Question 34

What are service accounts?

Answer 34

Service accounts are assigned to applications that need to interact with the other software on the network.

Question 35

What are the 3 common approaches to auditing user accounts?

Answer 35

We can audit user accounts using 3 ways:

• Usage audits
• Privilege audits - These audits happen on the accounts of a user who is with the organization for a long time and they tend to accumulate more privileges as they are promoted or change their department.
• Account change audits - in this one, security analysts look for unauthorized changes on user accounts.

Question 36

What is Data governance?

Answer 36

It is a set of processes that defines how an organization manages information.

It defines policies that keep data secure throughout its lifecycle.

Question 37

What are the different stages in Data life cycle?

Answer 37

Data life Cycle has 5 stages -

1. Collect
2. Store
3. Use
4. Archive
5. Destroy

Question 38

What is cryptography?

Answer 38

It is the process of transforming information into a form that unintended readers can’t understand.

Question 39

What is PKI - Public Key Infrastructure?

Answer 39

It is an encryption framework that secures the exchange of information online.

Question 40

Give me some examples of symmetric encryption algorithms.

Answer 40

3DES -
AES - advanced encryption algorithm - it supports a key length of 128, 192 and 256 bits.

Question 41

Give me an example of asymmetric algorithms.

Answer 41

RSA - Rivest Shamir Adleman

DSA - Digital signature algorithm - It was generated by NIST and it generates a key length of 2048 bits. This algorithm is widely used PKI.

Question 42

What are some of the ways to protect information?

Answer 42

Using the principle of least privilege
Using cryptography
using Hashing functions

Question 43

What are different hashing functions?

Answer 43

MD5 - generates a hash of 128 bits
SHA1 - Secure Hashing - Produces a digest of 160 bits

SHA-224 - 224 bits digest
SHA-384
SHA-512

Question 44

What are the vulnerabilities in Hashing functions?

Answer 44

MD5 is vulnerable to Hashing collision.

Hashing collision - it happens when more than one input value gives that same digest value. An attacker might exploit this vulnerability.

Hashing functions are also vulnerable to Rainbow Table attacks.

Rainbow table - A rainbow table is a file of pre-generated hash values and their associated plaintext. These are like dictionaries of weak passwords. In some cases, if an attacker gets hold of the organization’s password database, he/she might use these rainbow tables to guess the password.

Question 45

How can we compute the hash of a file in Linux command line?

Answer 45

sha256sum

To compare the contents of 2 files and to see the number of the first character where it differ, we use cmp function.

Question 46

What is Access Control?

Answer 46

Security controls that manage access, authorization, and accountability of information.

Question 47

What is SSO?

Answer 47

SSO establishes a user’s identity once for a specified period of time.
It includes the concept of identity and service provider.
SSO should always adopt MFA.

Question 48

What are the 2 common authentication protocols that SSO implementation relies on?

Answer 48

LDAP - Light Weight Directory Access protocol

SAML - Security Assertion Mark Up Language

Question 49

What 2 factors influence authorization?

Answer 49

Principle of least privilege
Separation of duties

Question 50

What are 2 security controls that are used to secure data that travel over the internet?

Answer 50

Basic Auth
and OAuth

In OAuth, user authenticates to an OAuth server which provides a token to the service provider to authenitcate user. So user password and user name does not travel over the wire.
For example, when you log into Brainscape with google account, you are directed to the Google OAuth server that authenticates you and sends a authorization/ authentication token to Brainscape. Eventually, you are grated access to the service of service provider.

Question 51

What is Basic Auth?

Answer 51

HTTP uses basic auth. The technology is used to establish a user’s request to access a server.
It works by sending an identifier (username and password) every time the user communicates with a webpage.

It is not secure as it sends username and password in clear text.

Question 52

What is OAuth?

Answer 52

An open standard authorization protocol that shares designated access between applications.
For example - We can tell google that it is ok for other websites to access your profile to create a account.

Also, instead of sending and requesting sensitive username and password over the network, OAuth uses API tokens to authorize people to access webpages.

Question 53

What is API token?

Answer 53

It is a small block of encrypted code that contains information about a user.
Information like identity, site permissions, and more.

Question 54

What is a Session?

Answer 54

Any time a user accesses a system, they initiate what is called a session.

A session is a sequence of network HTTP basic auth requests and responses associated with the same user.

Question 55

What are the 2 things that happen when a session is initiated?

Answer 55

1. Session ID is created - It is a unique token that identifies a user and their device while accessing the system.
2. Second action that takes place during the start of session is the exchange of session cookies.

Question 56

What is a session cookie?

Answer 56

A token that websites use to validate a session and determine how long that session should last.

When cookies are exchanged between your computer and server, your session ID is read to determine what information should site show you. Cookies make web session more safer and efficient.

Question 57

What is session Hijacking attack?

Answer 57

Exchange of tokens means no sensitive data like usernames or passwords are shared.

Session cookies prevent attackers from obtaining sensitive data. However, there is other damage that they can do. With a stolen cookie, the attacker can impersonate a user using their session token.

Session hijacking is an event when an attacker obtains a legitimate user’s session ID.

Question 58

What are 3 main frameworks that organizations use to handle the steps of IAM?

Answer 58

1. MAC - Mandatory Access Control
2. DAC - Discretionary Access Control
3. RBAC - Role Based Access Control

Question 59

What is MAC - Mandatory Access Control?

Answer 59

It is the strictest of the 3 frameworks. Authorization in this model is based on the need-to-know basis. Access to information must be granted manually by a central authority or system admin.

Question 60

What is an exposure?

Answer 60

It is a mistake that can be exploited by a threat.

Question 61

What is Vulnerability management?

Answer 61

It is the process of finding and patching vulnerabilities.

Question 62

What are the 4 steps of vulnerability management?

Answer 62

1. Identify vulnerabilities
2. Consider potential exploits
3. Prepare defenses against threats
4. Evaluate those defenses

Question 63

What is a zero day attack?

Answer 63

An exploit that was previously unknown.

Question 64

What are the 5 layers of defense in depth strategy?

Answer 64

1. Perimeter layer
2. Network layer
3. Endpoint layer
4. Application layer
5. Data layer

Question 65

What is a CVE list?

Answer 65

An openly accessible dictionary of known vulnerabilities and exposures.

Question 66

What is CVE numbering authority (CNA)?

Answer 66

An organization that volunteers to analyze and distribute information on eligible CVEs

CVE list tests 4 criteria that a vulnerability must have before it is assigned an ID.

1. Independent of other issues
2. Recognized as a potential security risk
3. It can only affect one codebase (only one programs source code)

Question 67

What is CVSS - Common Vulnerability Scoring System?

Answer 67

A measurement system that scores the severity of a vulnerability.

This vulnerability score is assigned by the National Vulnerability Database.

These are used as part of the vulnerability Management process.

Question 68

What is OWASP?

Answer 68

It is a not-for-profit organization that works to improve the security of web applications.

It stands for Open Web Application Security Project or Open Worldwide Application Security Project.

Question 69

What is OWASP 10?

Answer 69

It is one of the most valuable resources of OWASP that aware us about the web’s most targeted vulnerabilities.

Question 70

What are the first 3 OWASP top 10 vulnerabilities?

Answer 70

1. Broken Access Control - if the web applications fail to keep Access Control in place, it might lead to unauthorized access to sensitive information, or escalated rights to the web database.
   Access control can be a technology or process that controls who has access to a particular service and what can they do with the resources.
2. Cryptographic Failures - This might take place when application data is not encrypted or it is encrypted using a weak encryption algorithm. It might also involve the scenario where weak hashing functions are used like the user of MD5 that produces a digest of 128 bits.
3. Injection - Injection is an attack in which an attacker inserts malicious code into an application through its vulnerability. Injection attacks can give back door into an organization information system.

Question 71

What are the 4th, 5th and 6th vulnerabilities mentioned by OWASP10?

Answer 71

4. Insecure design - It is a vulnerability in which developers miss security controls or they use poorly implemented security controls while developing the application.
5. Security Misconfiguration - Example of this using default settings while configuring a server.
6. Vulnerable and outdated components - In this vulnerability, to complete their application design quickly, developers make use of pre-built libraries / open source libraries that are vulnerable to several kinds of attacks.

Question 72

What are 7th, 8th and 9th vulnerabilities stated by OWASP 10.

Answer 72

7. Identification and authentication failures - This happens when an application fail to recognize who should have access and what they are authorized to.
8. Software and Integrity failures - These are instances when updates or patches are inadequately reviewed before implementation. This can lead to supply chain attacks.
9. Security logging and monitoring failures -
10. Server-Side Request forgery - In this vulnerability, attackers manipulate the normal operations of a server to read or update other resources on that server.

Question 73

What is OSINT - Open Source Intelligence?

Answer 73

It refers to the analysis of information or data to produce insights or knowledge that supports decision making in a particular subject.

Question 74

What is vulnerability assessment?

Answer 74

It is the internal review process of organization systems to find any vulnerabilities in them.

Vulnerability assessment involves 4 steps -

1. Identifying the vulnerabilities
2. Analyzing the vulnerability to find you the root cause.
3. Doing risk assessment which will find out how severe is this vulnerability and how likely it can be exploited.
4. Remediation

Question 75

What is a Vulnerability scanner?

Answer 75

It is a software that automatically compares known vulnerabilities and exposures against the technologies used in the organization.
In general, these tools scan systems to find misconfigurations and programming flaws.

Question 76

What are the different kinds of vulnerability scans that we can perform with vulnerability scanners?

Answer 76

Authenticated / Unauthenticated scans

Limited / Comprehensive scans -

Question 77

What is penetration testing?

Answer 77

It is a simulated attack that helps identify vulnerabilities in systems, networks, applications and processes. We pen-test, security analysts find out that ways in which vulnerabilities can be exploited and what are the consequences if these vulnerabilities are exploited.

Question 78

What are the different types of penetration testing?

Answer 78

1. Open box - Tester knows the system architecture, data flows, and network diagrams.
2. Closed box - Black box
3. Partial knowledge testing -

Question 79

What is one of the crucial steps that security analysts perform to secure organization assets?

Answer 79

They get to know the attack surface area of organization assets.

Attack Surface Area - It includes all the potential vulnerabilities that a threat actor could exploit.

There are 2 kinds of attack surface area -

Physical attack surface area
Digital Attack surface area

Question 80

What is Security Hardening?

Answer 80

It is the process of strengthening the system to reduce its vulnerability and attack surface.

Question 81

What are different types of threat actors?

Answer 81

A threat actor is any person or any group who resents a security risk.

These are divided into 5 categories -

• competitors
• Criminal Syndicates -> Refer to an organized group of people who make money from criminal activity.
• state actors
• Insider threats
• Shadow IT

Question 82

What are attack vectors?

Answer 82

These are the pathways that attackers take to penetrate defenses.

Question 83

What is the list of common Attack vectors / Access Points?

Answer 83

1. Direct access -
2. Email -
3. Removable drive/media -
4. Social Media platforms -
5. Wireless networks
6. Cloud Services -
7. Supply chains - Like 3rd part vendors that can present a backdoor into systems.

Question 84

How do we practice an attacker mindset?

Answer 84

• Identify a target
• Determine how the target can be accessed
• Evaluate attack vectors that can be exploited
• Find the tools and methods of attack.

Question 85

Give me examples of common rules for defending an attack vector.

Answer 85

• Educating users
• Applying the principle of least privilege
• Using the right security controls and tools
• Building a diverse security team.

Question 85

What is reverse brute force attack?

Answer 85

In reverse brute force attack, attacker gets hold of legit username/ password of some user and then he / she tries this password combination systems until a match is found.

Question 86

What is credentials stuffing attack?

Answer 86

In this attack, the attacker uses the stolen login credentials from previous data breaches.
A specialized type of credentials stuffing is pass the hash. These attacks reuse stolen, unsalted hashed credentials to trick an authentication systems into creating a new authenticated user session on the network.

Question 87

Give me some examples of tools of trade for brute force attacks.

Answer 87

Aircrack-ng
Hashcat
John The Ripper
Oph crack
THC Hydra

Question 88

What are the common preventative measures against brute force attacks?

Answer 88

• Hashing and Salting
• MFA
• CAPTCHA
• Password Policies

Salting is used to strengthen the length and complexity of hash values.