Top 50 from Edureka

Question 1

1. What is Cryptography?

Answer 1

Cryptography is the practice and study of techniques for securing information and communication mainly to protect the data from third parties that the data is not intended for.

Question 2

2. What is the difference between Symmetric and Asymmetric encryption?

Answer 2

Symmetric
Same key for encryption & decryption
Faster but more vulnerable
DES, 3DES, AES, RC4, Twofish, Blowfish
Used for bulk data transmission

Asymmetric
Different keys for encryption& decryption
Slower due to high computation
Diffie-Hellman, RSA, ECC
Used for securely exchanging secret keys

Question 3

3. What is the difference between IDS and IPS?

Answer 3

IDS - Only detects intrustions and the administrator has to take care of preventing the instruction

IPS - the system detects the intrusion and also takes actions to prevent the intrusion

Question 4

4. Explain CIA Triad

Answer 4

Confidentiality - The information should be accessible and readable only to authorized personnel. It should not be accessible by unauthorized personnel. (encryption)

Integrity - Making sure the data has not been modified by an unauthorized entity. Making sure the data has not been corrupted. (hashing)

Availability - The data should be available to the user whenever the user requires it. Maintaining of Hardware, upgrading regularly, Data Backups and Recovery, Network Bottlenecks should be taken care of.

Question 5

5. How is Encryption different from Hashing?

Answer 5

Both Encryption and Hashing are used to convert readable data into an unreadable format. The difference is that the encrypted data can be converted back to original data by the process of decryption but the hashed data cannot be converted back to original data.

Question 6

6. What is a Firewall and why is it used?

Answer 6

A Firewall is a network security system set on the boundaries of the system/network that monitors and controls network traffic. Firewalls are mainly used to protect the system/network from viruses, worms, malware, etc. Firewalls can also be to prevent remote access and content filtering.

Question 7

7. What is the difference between VA(Vulnerability Assessment) and PT(Penetration Testing)?

Answer 7

Vulnerability Assessment is the process of finding flaws on the target. Here, the organization knows that their system/network has flaws or weaknesses and want to find these flaws and prioritize the flaws for fixing.

Penetration Testing is the process of finding vulnerabilities on the target. In this case, the organization would have set up all the security measures they could think of and would want to test if there is any other way that their system/network can be hacked.

Question 8

8. What is a three-way handshake?

Answer 8

A three-way handshake is a method used in a TCP/IP network to create a connection between a host and a client. It’s called a three-way handshake because it is a three-step method in which the client and server exchanges packets. The three steps are as follows:

The client sends a SYN(Synchronize) packet to the server check if the server is up or has open ports

The server sends SYN-ACK packet to the client if it has open ports

The client acknowledges this and sends an ACK(Acknowledgment) packet back to the server

Question 9

9. What are the response codes that can be received from a Web Application?

Answer 9

1xx – Informational responses
2xx – Success
3xx – Redirection
4xx – Client-side error
5xx – Server-side error

Question 10

10. What is traceroute? Why is it used?

Answer 10

Traceroute is a tool that shows the path of a packet. It lists all the points (mainly routers) that the packet passes through. This is used mostly when the packet is not reaching its destination. Traceroute is used to check where the connection stops or breaks to identify the point of failure.

Question 11

11. What is the difference between HIDS and NIDS?

Answer 11

HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for the same purpose i.e., to detect the intrusions. The only difference is that the HIDS is set up on a particular host/device. It monitors the traffic of a particular device and suspicious system activities. On the other hand, NIDS is set up on a network. It monitors traffic of all device of the network.

Question 12

12. What are the steps to set up a firewall?

Answer 12

Following are the steps to set up a firewall:

1. Username/password: modify the default password for a firewall device
2. Remote administration: Disable the feature of the remote administration
3. Port forwarding: Configure appropriate port forwarding for certain applications to work properly, such as a web server or FTP server
4. DHCP server: Installing a firewall on a network with an existing DHCP server will cause conflict unless the firewall’s DHCP is disabled
5. Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is enabled and understand how to view logs
6. Policies: You should have solid security policies in place and make sure that the firewall is configured to enforce those policies.

Question 13

13. Explain SSL Encryption

Answer 13

SSL(Secure Sockets Layer) is the industry-standard security technology creating encrypted connections between Web Server and a Browser. This is used to maintain data privacy and to protect the information in online transactions. The steps for establishing an SSL connection is as follows:

1. A browser tries to connect to the webserver secured with SSL
2. The browser sends a copy of its SSL certificate to the browser
3. The browser checks if the SSL certificate is trustworthy or not. If it is trustworthy, then the browser sends a message to the web server requesting to establish an encrypted connection
4. The web server sends an acknowledgment to start an SSL encrypted connection
5. SSL encrypted communication takes place between the browser and the web server

Question 14

14. What steps will you take to secure a server?

Answer 14

Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and decryption to protect data from unauthorized interception.

Here are four simple ways to secure server:

Step 1: Make sure you have a secure password for your root and administrator users

Step 2: The next thing you need to do is make new users on your system. These will be the users you use to manage the system

Step 3: Remove remote access from the default root/administrator accounts

Step 4: The next step is to configure your firewall rules for remote access

Question 15

15. Explain Data Leakage

Answer 15

Data Leakage is an intentional or unintentional transmission of data from within the organization to an external unauthorized destination. It is the disclosure of confidential information to an unauthorized entity. Data Leakage can be divided into 3 categories based on how it happens:

1. Accidental Breach: An entity unintentionally sends data to an unauthorized person due to a fault or a blunder
2. Intentional Breach: The authorized entity sends data to an unauthorized entity on purpose
3. System Hack: Hacking techniques are used to cause data leakage

Data Leakage can be prevented by using tools, software, and strategies known as DLP(Data Leakage Prevention) Tools.

District Defend would be a good tool to prevent in this vulnerability due to the features like locking or shutting down if unauthorized personnel remove them.

Question 16

16. What are some of the common Cyberattacks?

Answer 16

Following are some common cyber attacks that could adversely affect your system.

Malware
Phishing
Password Attacks
DDoS
Man in the Middle/on-path
Drive-By Downloads
Malvertising
Rogue Software

Question 17

17. What is a Brute Force Attack? How can you prevent it?

Answer 17

Brute Force is a way of finding out the right credentials by repetitively trying all the permutations and combinations of possible credentials. In most cases, brute force attacks are automated where the tool/software automatically tries to login with a list of credentials. There are various ways to prevent Brute Force attacks. Some of them are:

Password Length: You can set a minimum length for password. The lengthier the password, the harder it is to find.

Password Complexity: Including different formats of characters in the password makes brute force attacks harder. Using alpha-numeric passwords along with special characters, and upper and lower case characters increase the password complexity making it difficult to be cracked.

Limiting Login Attempts: Set a limit on login failures. For example, you can set the limit on login failures as 3. So, when there are 3 consecutive login failures, restrict the user from logging in for some time, or send an Email or OTP to use to log in the next time. Because brute force is an automated process, limiting login attempts will break the brute force process.

Tools:
Aircrack-ng
John the Ripper
Hashcat
L0phtCrack

Question 18

18. What is Port Scanning?

Answer 18

Port Scanning is the technique used to identify open ports and service available on a host. Hackers use port scanning to find information that can be helpful to exploit vulnerabilities. Administrators use Port Scanning to verify the security policies of the network. Some of the common Port Scanning Techniques are:

Ping Scan
TCP Half-Open
TCP Connect
UDP
Stealth Scanning

Question 19

19. What are the different layers of the OSI model?

Answer 19

An OSI model is a reference model for how applications communicate over a network. The purpose of an OSI reference is to guide vendors and developers so the digital communication products and software programs can interoperate.

Application
Presentation
Session
Transport
Network
Data Link
Physical

Physical Layer: Responsible for transmission of digital data from sender to receiver through the communication media,

Data Link Layer: Handles the movement of data to and from the physical link. It is also responsible for encoding and decoding of data bits.

Network Layer: Responsible for packet forwarding and providing routing paths for network communication.

Transport Layer: Responsible for end-to-end communication over the network. It splits the data from the above layer and passes it to the Network Layer and then ensures that all the data has successfully reached at the receiver’s end.

Session Layer: Controls connection between the sender and the receiver. It is responsible for starting, ending, and managing the session and establishing, maintaining and synchronizing interaction between the sender and the receiver.

Presentation Layer: It deals with presenting the data in a proper format and data structure instead of sending raw datagrams or packets.

Application Layer: It provides an interface between the application and the network. It focuses on process-to-process communication and provides a communication interface.

Question 20

20. What is a VPN?

Answer 20

Almost all Cybersecurity Interview Questions will have this question included. VPN stands for Virtual Private Network. It is used to create a safe and encrypted connection. When you use a VPN, the data from the client is sent to a point in the VPN where it is encrypted and then sent through the internet to another point. At this point, the data is decrypted and sent to the server. When the server sends a response, the response is sent to a point in the VPN where it is encrypted and this encrypted data is sent to another point in the VPN where it is decrypted. And finally, the decrypted data is sent to the client. The whole point of using a VPN is to ensure encrypted data transfer.

Question 21

51. What is the difference between a full tunnel VPN and a split-tunnel VPN?

Answer 21

A tunnel-mode (or full tunnel) VPN will encrypt all of your traffic and route it through a secure VPN server, whereas a split-tunnel VPN will only encrypt and route traffic you designate.

Full tunneling is more secure than split tunneling because it encrypts all your traffic rather than just some of it

One advantage of using split tunneling is that it alleviates bottlenecks and conserves bandwidth as Internet traffic does not have to pass through the VPN server. Another advantage is in the case where a user works at a supplier or partner site and needs access to network resources on both networks.