Cyber Security Interview Question and Answer

1. What are the different types of cybersecurity?

Ans. Different types of cyber security are –

• Application security
• Cloud security
• Data security
• Mobile security
• Network Security
• Database and infrastructure security
• Disaster recovery/business continuity planning
• Endpoint security
• End-user education
• Identity management

2. Can you tell us the difference between a threat, vulnerability, and risk?

Ans. These are mixed up terms that need to be clearly defined –

• Threat – Threats are cybersecurity events that have the potential to pose danger to information or systems.
• Vulnerability – This refers to weaknesses in any system. Any system can be exploited through a vulnerability
• Risk – Often confused with a treat, the risk is mainly a combination of threats and losses, usually monetary ones

3. What is data leakage?

Ans. It refers to an unauthorized data transmission, either electronically or physically from an organization to any external destination or recipient. The most common forms of data leakage are through web, email, and mobile data storage devices.

4. Which factors contribute to data leakage?

Ans. The most commonly experienced factors are –

• Outdated data security
• Human Error
• Technology error
• Malware
• Misuse
• Physical theft of data
• System misconfiguration
• Inadequate security control for shared drives
• Corrupt hard-drive
• Unprotected data back up

5. How to prevent data leakage?

Ans. Since it’s a serious issue, it needs a proper strategy to tackle. Data Loss Prevention (DLP) is a practice adopted by the organizations to safeguard their data. Under this practice, users are not allowed to send confidential or sensitive information outside of the enterprise network. This requires businesses to distinguish the rules that classify confidential and sensitive information such that it doesn’t get disclosed maliciously or even accidentally by any user.

6. What is Security Misconfiguration?

Ans. Categorized as system vulnerability, security misconfiguration is a situation when a device/application/network is misconfigured and is prone to exploited by an attacker. A few simple examples of this include leaving systems unattended in public places, sharing passwords of devices and accounts, etc.

7. What is CIA Triangle?

Ans. CIA triangle is a model for guiding information security policies in any organization. It stands for –

• Confidentiality – Maintaining the secrecy of the information
• Integrity – Keeping the information unchanged
• Availability – Ensuring an all-time availability of the information to the authorized

8. What are the ways that a malicious user would crack any password?

Ans. The most common password cracking techniques are –

• Dictionary attacks
• Brute forcing attacks
• Hybrid attacks
• Syllable attacks
• Rule based attacks
• Rainbow table attacks
• Phishing
• Social engineering
• Shoulder surfing
• Spidering
• Guessing

9. Name some of the common password cracking tools.

Ans. It is a part of ethical hacking, and some of the commonly used password cracking tools are –

• Aircrack-NG
• Brutus
• Cain and Abel
• DaveGrohl
• ElcomSoft
• Hashcat
• Hydra
• John the Ripper
• RainbowCrack
• Wfuzz

10. What is Cryptography?

Ans. Cryptography is a combination of two words, which are “crypt” meaning “hidden” and “graphy” meaning “writing.” This is a practice of securing information and communication using codes, and can only be accessible to those who are authorized to read and process it.

11. What is an XSS attack?

Ans. Cross-site Scripting (XSS) is another type of vulnerability that can be technically described as a client-side code injection attack. In this particular attack, an attacker injects malicious data into vulnerable websites. An attack happens when a user visits the web page, as malicious code is then executed. This attack is very harmful to web application users.

12. What are the different types of XSS attacks?

Ans. There are three types of XSS attacks –

(i) Non-Persistent XSS attack – Here the data injected by the attacker is reflected in the response and has a link with the XSS vector

(ii) Persistent XSS attack – The most harmful type of attack, where the script executes automatically the moment a user opens the page

(iii) Document Object Model (DOM)-based XSS attack – An advanced type of XSS attack which happens when a web application writes data to the DOM without any sanitization

13. Can you explain the ways to prevent an XSS attack?

Ans. Yes, we can prevent XSS attacks through three ways –

(i) Escaping – It is the process of stripping out unwanted data to secure the output.

(ii) Validating Input – This step ensures that the application is interpreting correct data while preventing any malicious data from entering.

(iii) Sanitizing – This process involves cleaning or filtering your input data. It also changes unacceptable user input to an acceptable format.

14. Explain the difference between Symmetric and Asymmetric encryption.

Ans. Symmetric encryption – A conventional Encryption method, executed by one secret ‘Symmetric Key’ possessed by both parties. This key is used to encode and decode the information. Symmetric encryption is carried out using algorithms like AES, DES, 3DES, RC4, QUAD, Blowfish, etc.

Asymmetric encryption – It is a complex mode of Encryption, executed using two cryptographic keys, namely a Public Key and a Private Key to implement data security. Asymmetric encryption is carried out using algorithms like Diffie-Hellman and RSA.

15. How would you handle antivirus alerts?

Ans. To answer this specific cybersecurity interview question, you would need to use your expertise and experience. A possible reply could be –

On receiving an antivirus alert, one must refer to antivirus policy and then analyze it. If the alert is sourced from a legitimate file, it should be directly whitelisted, but if it comes from a malicious source, it should be deleted. It is mandatory to keep updating the firewall to receive regular antivirus alerts.

16. What is SSL Encryption?

Ans. It is the acronym for Secure Sockets Layer. It is an industry-standard security technology that creates encrypted connections between a web server and a browser. SSL is used to ensure data privacy.

17. What is a Firewall?

Ans. A firewall is a network security system. It manages the network traffic using a defined set of security rules, and prevents remote access and content filtering. Firewalls are used to protect the systems or networks from viruses, worms, malware, etc.   

18. What are cyber attacks?

Ans. Cyber attacks are potential security issues that are created and exploited by malicious users to access or destroy sensitive information, to extort money from users, or to hamper the functioning of the normal business processes.

19. What are ITSCM and BCP?

Ans. ITSCM – IT Service Continuity Management is a practice that allows information security professionals to develop IT infrastructure recovery plans

BCP – Business Continuity Planning is the process by which a company creates a prevention and recovery system from potential threats.

20. Why is information security policy necessary for the organizations?

Ans. Information security policy is necessary for the organizations because it clearly outlines the responsibilities of employees about the safety and security of information, intellectual property, and data from potential risks.

21. What are the most popular work-around recovery options?

Ans. The most popular work-around recovery options are –

• Fast recovery
• Gradual recovery
• Immediate recovery
• Intermediate recovery
• Manual workaround
• Reciprocal arrangements

22. What is ISO/IEC 27002?

Ans. ISO/IEC 27002:2013 is an information security standard. It is devised by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC). This code of practice provides guidelines for organizational information security standards and information security management practices.

23. What are the various response codes that can be received from a web application?

Ans. Response codes received from a web application include –

• 1xx – Informational responses
• 2xx – Success
• 3xx – Redirection
• 4xx – Client-side error
• 5xx – Server-side error

24. What is the difference between IDS and IPS?

Ans. IDS or Intrusion Detection System detects only intrusions and the administrator has to take care of preventing the intrusion. Whereas, in IPS, i.e., Intrusion Prevention System, the system detects the intrusion and also takes actions to prevent the intrusion.

25. Give some examples of web-based service desk tools.

Ans. Some example of web-based service desk tools include –

• BMC
• CA service desk
• Oracle Service Cloud
• ServiceNow
• SolarWinds Web Help Desk
• Spiceworks Help Desk/Cloud Help Desk
• Tivoli

26. What is an asynchronous transmission?

Ans. Asynchronous transmission is a serial mode of transmission. It is the process of data transmission, where every character is a self-contained unit. Each character in asynchronous transmission has its start and stop bits, along with an uneven interval between them.

27. What is the synchronous transmission?

Ans. Synchronous transmission refers to continuous data streaming in the form of signals, accompanied by regular timing signals. These signals are generated by the external clocking mechanisms and ensure that senders and receivers are in synchrony.

28. What are the different types of transmission media?

Ans. Transmission media has two broad types –

• Guided media (wired)
• Unguided media (wireless)

29. What are proxy servers and how do they protect computer networks?

Ans. Proxy servers prevent external users from identifying the IP addresses of an internal network. They make a network virtually invisible to external users, who cannot identify the physical location of a network without knowledge of the correct IP address.

30. What are the types of errors?

Ans. There are two categories of errors –

• Single-bit error – One-bit error per data unit
• Burst error – Two or more bits errors per data unit

31. How would you differentiate between Firewall and Antivirus?

Ans. Firewall – A firewall prevents any unauthorized access in the private networks as intranets. However, it does not protect against viruses, spyware, or adware.

Antivirus – An antivirus is a software that protects a computer from any malicious software, virus, spyware, or adware.

32. How will you recover data from a Virus-infected system?

Ans. We will install an OS and updated antivirus in a system that is free of any viruses, and then connect the hard drive of the infected system as a secondary drive. The hard drive will then be scanned and cleaned. Data can now be copied into the system.

33. What is a traceroute?

Ans. A traceroute or popularly known as tracert are diagnostic commands of a computer network and help the users spot any breakdown of communications. It shows the router’s path and helps the users determine the reasons in case of disconnection.

34. What are rainbow tables?

Ans. Rainbow tables are the precomputed table to reverse cryptographic hash functions. These rainbow tables contain a significant number of inputs of hash functions and corresponding outputs.

35. What is ethical hacking?

Ans. Ethical Hacking is a method to evaluate the security of systems and identifying vulnerabilities in them. It helps to determine if any unauthorized access or other malicious activity is happening in a system, which may result in data or financial loss, or other potential damages.

36. Explain Chain of Custody.

Ans. Chain of custody refers to the process of gathering evidence, digitally and physically. It involves practices to ensure that the evidence has been legitimately gathered and not changed before admission into evidence. Following best practices when collecting digital evidence is important to protect the data from getting compromised as it is easy to erase or manipulate the information. It involves the following steps: 

• Collection
• Examination
• Analysis
• Reporting

37. How can you safeguard sensitive/confidential data? 

Ans. Data can be safeguarded by:

• Encryption 
• Encoding 
• Data Loss Prevention Software
• Email Encryption
• Two-Factor Authentication
• Virtual Private Networks
• Anti-malware protection
• Cryptographic hashing
• Data fingerprinting
• Monitor usage of physical devices
• Periodic Reviews of IT Infrastructure
• Regularly update cyber-security policies
• Overwrite deleted files
• Make old computer’s hard drive unreadable
• Keep software up-to-date
• Practice good password management

38. Which methods are used in preventing a brute force login attack?

Ans. The following methods are used in preventing a brute force login attack:

• Strong password policy and frequent password changes.
• Account lockout policy – account is locked after a set number of failed login attempts. It is locked until the administrator unlocks it.
• Use of Captcha – the user is asked to manually input some text or solve a simple problem.
• Progressive delays – account is locked for a certain period after three failed login attempts. 
• Limit logins to a specified IP address or range – if you allow access only from a designated IP address or range, it will be difficult for brute force attackers to gain access.
• Two-factor authentication (2FA) – it reduces the risk of a potential data breach.
• Monitor your server logs – ensure that you analyze your log files diligently.

39. Explain salted hashes.

Ans. Usually, a password is protected by creating a hash value of that password in the system. In salted hashing, random data is added to the hash value. This helps in keeping the passwords safe and defending against attacks.

40. What are DDoS attacks?

Ans. DDoS stands for Distributed-Denial-of-Service. A DDoS attack is a cyber-attack in which the server is made unavailable by continuously flooding it with frequent data requests. Such attacks attempt to disrupt normal traffic of a targeted server, service, or network, preventing legitimate users from accessing the targeted website. DDoS attacks are often the result of multiple compromised systems, like a botnet, flooding the targeted system with traffic.

41. Explain social engineering attacks. 

Ans. Social engineering refers to a variety of malicious activities used to manipulate and trick users into making security mistakes and giving away sensitive information. In social engineering, a hacker manipulates a target using normal communication medium like calls, texts, and emails and fetches the sensitive information without any technical expertise. Some of the examples of social engineering are phishing, whaling attack, spear phishing, water holing, baiting, quid pro quo, vishing, pretexting, and tailgating.

42. What is an OSI model? What are its different types?

Ans. OSI stands for Open System Interconnection. It is a reference model that shows how information moves through a physical medium from a software application in one computer to the software application in another computer. In the OSI reference model, the communication between a computing system is split into seven different layers: 

1. Application layer
2. Presentation layer
3. Network layer
4. Transport layer
5. Session layer
6. Data Link layer
7. Physical layer

43. What is Port Scanning? What are the different Port Scanning techniques?

Ans. Port Scanning is the method of probing a server or a host for open ports that may be receiving or sending data. It sends packets to a specific port on a host and then examines responses to determine vulnerabilities. The different Port Scanning techniques are: 

• Ping Scan
• TCP half-open
• UDP
• TCP Connect
• Stealth Scanning

44. What is a Botnet?

Ans. A botnet refers to a group of Internet-connected devices infected by malware, like laptops, desktops, IoT that run one or more bots for various purposes like stealing sensitive information, crashing the targeted system, or spamming the targeted system. Some of the popular botnets are Conficker, Zeus, Waledac, and Kelihos.

45. What are the different types of authentication?

Ans. Authentication is a method to verify the credentials of users that request access to a system, network, or device. The different types of authentication are: 

• Single-factor authentication – it is the simplest and most common way of authentication. This method requires only one verification method, such as a password or a security pin, to grant access to a system.
• Two-factor authentication (2FA) – it requires a second factor to verify a user’s identity. In this method, you will have to enter the username, password, and OTP or PIN for verification.
• Multi-factor authentication (MFA) – it two or more independent ways to identify a user, such as codes generated from the user’s smartphone, Captcha tests, fingerprints, or facial recognition. 
• Bio-metric authentication (BFA) –  it requires the username, password, and biometric verification, such as voice identification, fingerprint, eye, or face scan.

46. What do you know about Cyber Espionage?

Ans. Cyber espionage is the process of gaining unauthorized network or system access to obtain sensitive business documents. It uses malicious practices to access confidential/sensitive information of the company or government agency without the permission and knowledge of the holder. The objective of Cyber Espionage is to damage or misuse the compromised data.

47. How to safeguard the IoT devices from cyberattacks?

Ans. The following security capabilities can safeguard IoT devices against cyberattacks by making them more secure:

• Secure boot: use of cryptographic code signing techniques.
• Secure communication: it involves the use of security protocols like TLS, DTLS, and IPSec.
• Secure firmware update: it ensures that the device firmware is updated only with firmware from the device OEM or other trusted party.
• Data protection: encryption of all sensitive data stored on the IoT device.
• Authentication: it verifies the credentials of users that request access to the device. 

48. What are Meltdown and Spectre bugs?

Ans. Meltdown and Spectre are processor bugs that exploit critical vulnerabilities in modern processors. They enable hackers to steal the currently processed data and store it in the cache on the computer. Meltdown and Spectre, thus access the data stored in the memory of other running programs. It may include the passwords stored in the browser, emails, instant messages, and confidential business documents.

49. How can you reset a password-protected BIOS configuration?

Ans. Some of the ways to reset a password-protected BIOS configuration are:

• Using MS-DOS
• Removing CMOS battery
• Utilizing the software
• Using a motherboard jumper

50. Explain Black hat, White hat, and Grey hat hackers. 

Ans. Black hat: Black hat hackers are those people who have a good knowledge of breaching network security. They may work individually or may be backed by an organization to breach into the corporate or public networks to access, encrypt, or destroy data illegally. 

White hat: These are the security professionals specialized in penetration testing to identify the vulnerabilities in an organization. They hack into organizations legally and protect the information system of an organization.

Grey hat hackers: They are the hackers who violate ethical standards without any malicious intent. They sometimes turn into black hat hackers based on their demand.