Cybersecurity Interview Questions And Answers
What is Cybersecurity?
Cybersecurity, a subset of information security, is the practice of defending your organization’s networks, computers and data from unauthorized digital access, attack or damage by implementing various processes, technologies and practices. With the countless sophisticated threat actors targeting all types of organizations, it is critical that your IT infrastructure is secured at all times to prevent a full-scale attack on your network and risk exposing your company’ data and reputation.
What’s the difference between Symmetric and Asymmetric encryption?
To boil down an extremely complicated topic into a few short words, Symmetric encryption uses the same key to encrypt and decrypt, while Asymmetric uses different keys for encryption and decryption. Symmetric is usually much faster, but is difficult to implement most times due to the fact that you would have to transfer the key over an unencrypted channel. Therefore many times an Asymmetric connection will be established first, then send creates the Symmetric connection.
Mention what are web server vulnerabilities?
The common weakness or vulnerabilities that the web server can take an advantage of are
- Default settings
- Bugs in operating system and web servers
What is the difference between an HIDS and a NIDS?
Both acronyms are Intrusion Detection Systems, however the first is a Host Intrusion Detection System whereas the second is a Network Intrusion Detection System. An HIDS runs as a background utility in the same as an anti-virus program for instance, while a Network Intrusion Detection System sniffs packets as they go across the network looking for things that aren’t quite ordinary. Both systems have two basic variants: signature based and anomaly based. Signature based is very much like an anti-virus system, looking for known values of known ‘bad things’, while anomaly looks more for network traffic that doesn’t fit the usual pattern of the network. This requires a bit more time to get a good baseline, but in the long term can be better on the uptake for custom attacks.
What is SSL and why is it not enough when it comes to encryption?
SSL is identity verification, not hard data encryption. It is designed to be able to prove that the person you are talking to on the other end is who they say they are. SSL and its big brother TLS are both used almost everyone online, but the problem is because of this it is a huge target and is mainly attacked via its implementation (The Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are very good ideas.
Mention what is data leakage? What are the factors that can cause data leakage?
The separation or departing of IP from its intended place of storage is known as data leakage. The factors that are responsible for data leakage can be:
- Copy of the IP to a less secure system or their personal computer
- Human error
- Technology mishaps
- System misconfiguration
- A system breach from a hacker
- A home-grown application developed to interface to the public
- Inadequate security control for shared documents or drives
- Corrupt hard-drive
- Back up are stored in an insecure place
Network Security Interview Questions And Answers
What is Network Security?
Network security, a subset of cybersecurity, aims to protect any data that is being sent through devices in your network to ensure that the information is not changed or intercepted. The role of network security is to protect the organization’s IT infrastructure from all types of cyber threats including:
Viruses, worms and Trojan horses
Denial of service attacks
Spyware and adware
List out the steps to successful data loss prevention controls?
- Create an information risk profile
- Create an impact severity and response chart
- Based on severity and channel determine incident response
- Create an incident workflow diagram
- Assign roles and responsibilities to the technical administrator, incident analyst, auditor and forensic investigator
- Develop the technical framework
- Expand the coverage of DLP controls
- Append the DLP controls into the rest of the organization
- Monitor the results of risk reduction
What is XSS?
Explain what is the 80/20 rule of networking?
80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain local while 20% is routed towards a remote network.
What are salted hashes?
Salt at its most fundamental level is random data. When a properly protected password system receives a new password, it will create a hashed value for that password, create a new random salt value, and then store that combined value in its database. This helps defend against dictionary attacks and known hash attacks. For example, if a user uses the same password on two different systems, if they used the same hashing algorithm, they could end up with the same hash value. However, if even one of the systems uses salt with its hashes, the values will be different
Mention what are personal traits you should consider protecting data?
- Install anti-virus on your system
- Ensure that your operating system receives an automatic update
- By downloading latest security updates and cover vulnerabilities
- Share the password only to the staff to do their job
- Encrypt any personal data held electronically that would cause damage if it were stolen or lost
- On a regular interval take back-ups of the information on your computer and store them in a separate place
- Before disposing off old computers, remove or save all personal information to a secure drive
- Install anti-spyware tool
What are the three ways to authenticate a person?
Something they know (password), something they have (token), and something they are (biometrics). Two-factor authentication often times uses a password and token setup, although in some cases this can be a PIN and thumbprint.
Mention what is WEP cracking? What are the types of WEP cracking?
WEP cracking is the method of exploiting security vulnerabilities in wireless networks and gaining unauthorized access. There are basically two types of cracks:
Active cracking: Until the WEP security has been cracked this type of cracking has no effect on the network traffic.
Passive cracking: It is easy to detect compared to passive cracking. This type of attack has increased load effect on the network traffic.
What is data protection in transit vs data protection at rest?
When data is protected while it is just sitting there in its database or on its hard drive- it can be considered at rest. On the other hand, while it is going from server to client it is in-transit. Many servers do one or the other- protected SQL databases, VPN connections, etc, however there are not many that do both primarily because of the extra drain on resources. It is still a good practice to do both however, even if it does take a bit longer.
List out various WEP cracking tools?
Various tools used for WEP cracking are
What is an easy way to configure a network to allow only a single computer to login on a particular jack?
Sticky ports are one of the network admin’s best friends and worst headaches. They allow you to set up your network so that each port on a switch only permits one (or a number that you specify) computer to connect on that port by locking it to a particular MAC address. If any other computer plugs into that port, the port shuts down and you receive a call that they can’t connect anymore. If you were the one that originally ran all the network connections then this isn’t a big issue, and likewise if it is a predictable pattern then it also isn’t an issue. However if you’re working in a hand-me-down network where chaos is the norm then you might end up spending a while toning out exactly what they are connecting to.
Explain what is phishing? How it can be prevented?
Phishing is a technique that deceit people to obtain data from users. The social engineer tries to impersonate genuine website webpage like yahoo or face-book and will ask the user to enter their password and account ID.
It can be prevented by
- Having a guard against spam
- Communicating personal information through secure websites only
- Download files or attachments in emails from unknown senders
- Never e-mail financial information
- Beware of links in e-mails that ask for personal information
- Ignore entering personal information in a pop-up screen
Information Security Interview Questions And Answers
What is Information Security?
Information security (also known as InfoSec) ensures that both physical and digital data is protected from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. Information security differs from cybersecurity in that InfoSec aims to keep data in any form secure, whereas cyber-security protects only digital data. If your business is starting to develop a security program, information security is where you should first begin, as it is the foundation for data security.
Explain what is the role of information security analyst?
From small to large companies role of information security analyst includes
- Implementing security measures to protect computer systems, data and networks
- Keep himself up-to-date with on the latest intelligence which includes hackers techniques as well
- Preventing data loss and service interruptions
- Testing of data processing system and performing risk assessments
- Installing various security software like firewalls, data encryption and other security measures
- Recommending security enhancements and purchases
- Planning, testing and implementing network disaster plans
- Staff training on information and network security procedures
What is the CIA triangle?
Confidentiality, Integrity, Availability. As close to a ‘code’ for Information Security as it is possible to get, it is the boiled down essence of InfoSec.
Confidentiality- keeping data secure.
Integrity- keeping data intact.
Availability- keeping data accessible.
List out the techniques used to prevent web server attacks?
- Patch Management
- Secure installation and configuration of the O.S
- Safe installation and configuration of the web server software
- Scanning system vulnerability
- Anti-virus and firewalls
- Remote administration disabling
- Removing of unused and default account
- Changing of default ports and settings to customs port and settings
What is the difference between a vulnerability and an exploit?
A lot of people would say that they are the same thing, and in a sense they would be right. However, one is a potential problem while the other is an active problem. Think of it like this: You have a shed with a broken lock where it won’t latch properly. In some areas such as major cities, that would be a major problem that needs to be resolved immediately, while in others like rural areas its more of a nuisance that can be fixed when you get around to it. In both scenarios it would be a vulnerability, while the major cities shed would be an example of an exploit – there are people in the area, actively exploiting a known problem.
For security analyst what are the useful certification?
Useful certification for security analyst are
- Security Essentials (GSEC): It declares that candidate is expert in handling basic security issues- it is the basic certification in security
- Certified Security Leadership: It declares the certification of management abilities and the skills that is required to lead the security team
- Certified Forensic Analyst: It certifies the ability of an individual to conduct formal incident investigation and manage advanced incident handling scenarios including external and internal data breach intrusions
- Certified Firewall Analyst: It declares that the individual has proficiency in skills and abilities to design, monitor and configure routers, firewalls and perimeter defense systems
What’s better, a red team or a blue team?
Another opinion question, more along the lines of where your interests lie. In penetration testing scenarios, a red team is trying to break in while a blue team is defending. Red Teams typically are considered the ‘cooler’ of the two, while the Blue Team is usually the more difficult. The usual rules apply like in any defense game: the Blue Team has to be good every time, while the Red Team only has to be good once. That’s not entirely accurate given the complexities at work in most scenarios, but it’s close enough to explain the idea.
What’s the difference between a White Box test and a Black Box test?
Information given by the person commissioning the test. A White Box test is one where the pen testing team is given as much information as possible regarding the environment, while a Black Box test is…well…a Black Box. They don’t know what’s inside.
What is the difference between Information Protection and Information Assurance?
Information Protection is just what it sounds like- protecting information through the use of Encryption, Security software and other methods designed to keep it safe. Information Assurance on the other hand deals more with keeping the data reliable – RAID configurations, backups, non-repudiation techniques, etc.
How can an institute or a company can safeguard himself from SQL injection?
An organization can rely on following methods to guard themselves against SQL injection
Sanitize user input: User input should be never trusted it must be sanitized before it is used
Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
Regular expressions: Detecting and dumping harmful code before executing SQL statements
Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database
Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.
What is the difference between closed-source and open-source? Which is better?
Yet another opinion question. Closed-source is a typical commercially developed program. You receive an executable file which runs and does its job without the ability to look far under the hood. Open-source however provides the source code to be able to inspect everything it does, as well as be able to make changes yourself and recompile the code. Both have arguments for and against them, most have to do with audits and accountability. Closed-source advocates claim that open-source causes issues because everybody can see exactly how it works and exploit weaknesses in the program. Open-source counter saying that because closed-source programs don’t provide ways to fully check them out, it’s difficult to find and troubleshoot issues in the programs beyond a certain level.
What is the Three-way handshake? How can it be used to create a DOS attack?
The three-way handshake is a cornerstone of the TCP suite: SYN, SYN/ACK, ACK. SYN is the outgoing connection request from client to server. ACK is the acknowledgement of the server back to the client, saying that yes I hear you, let’s open a connection. SYN/ACK is the final connection, and allows the two to speak. The problem is that this can be used as a very basic type of Denial of Service Attack. The client opens up the SYN connection, the server responds with the SYN/ACK, but then the client sends another SYN. The server treats this as a new connection request and keeps the previous connection open. As this is repeated over and over many times very quickly, the server quickly becomes saturated with a huge number of connection requests, eventually overloading its ability to connect to legitimate users.
Why are internal threats oftentimes more successful than external threats?
When you see something day in and day out, even if it shocks you at first, you tend to get used to it. This means that if you see somebody that pokes around day after day, month after month, you might get used to the fact that he’s just curious. You let your guard down, and don’t react as quickly to possible threats. On the other hand, say for example you have an annoyed employee that is soon to be fired and wants to show his soon to be former employer that he can bring them down, so he sells his still active credentials and card-key to a local group that specializes in white-collar crime. Still other infiltrators dress up as delivery people and wander around aimlessly in office buildings, getting information off of post-it notes and papers lying around. External threats do not have access to near this level of information about the company, and more often than not do not get in as far as somebody that spent 20 bucks on a knock-off UPS uniform.
What is residual risk?
Consider an example – A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don’t do one.
Residual Risk is what is left over after you perform everything that is cost-effective to increase security, but to go further than that is a waste of resources. Residual risk is what the company is willing to live with as a gamble in the hopes that it won’t happen.
Why is deleted data not truly gone when you delete it?
When you press delete on a file, it doesn’t actually go anywhere. A bit on the file is flipped telling the operating system that that file is no longer needed and it can be overwritten as is required. Until that happens, the file can still be restored no matter if it’s in a Recycling Bin or not. There are ways around this, such as using File Shredders and disk wipers, but both of these take quite a bit of time to finish their jobs to a reasonable degree.
What is the Chain of Custody?
When keeping track of data or equipment for use in legal proceedings, it needs to remain in a pristine state. Therefore, documenting exactly who has had access to what for how long is vital when dealing with this situation. Any compromise in the data can lead to legal issues for the parties involved and can lead to a mistrial or contempt depending on the scenario.
What is Exfiltration?
Infiltration is the method by which you enter or smuggle elements into a location. Exfiltration is just the opposite: getting sensitive information or objects out of a location without being discovered. In an environment with high security, this can be extremely difficult but not impossible. Again we turn to our friends in the fake delivery uniforms wandering around the building, and see that yes there are ways to get in and out without a lot of issues.
Get Certified Cyber Security Professional with Cyber Security Training By Experts