Network Security Interview Question and Answer

1. Define protocol.

Ans. It is a set of rules that govern all aspects of information communication.

2. What are the different layers of OSI?

Ans. The different layers of OSI are:

• Data Link layer
• Transport layer
• Application layer
• Session layer
• Presentation layer

3. Explain pipelining.

Ans. When a task has begun before the previous task has ended is called Pipelining.

4. What is the difference between hub and switch?

Ans. A hub is a networking device that connects multiple computers together, while a switch is a control unit that turns the flow of electricity in a circuit.

5. Which layers are referred to as network support layers?

Ans. The following layers are referred to as network support layers

• Data Link layer
• Physical layer
• Network layer

6. Define simplex with an example.

Ans. A type of communication in which data is transmitted in one direction is known as simplex. Example: Monitor

7. What is RIP?

Ans. RIP stands for Routing Information Protocol, which is a simple protocol used to exchange information between the routers.

8. What are the factors that affect the performance of the network?

Ans. The factors that affect the performance of the network are:

• Type of transmission media
• Software
• Number of users
• Hardware

9. What is the difference between a wired LAN and a wireless LAN?

Ans. Wired LAN used Ethernet devices like router, hub, and switch, while wireless LAN uses devices like MiFi router and WLAN router.

10. Name some user support layers.

Ans. Some of the user support layers are:

• Application layer
• Presentation layer
• Session layer

11. What is the use of TCP in the IP packets?

Ans. TCP is an acronym of the transmission control protocol. It is used as a communications protocol in a private network.

12. Name the types of errors in data communication over a network.

Ans. There are two types of errors:

• Single bit error
• Burst error

13. What is ALOHA?

Ans. ALOHA is a system for coordinating and arbitrating access to a shared communication network channel. It is often used to solve the channel allocation issue. Two types of ALOHA are:

• Pure Aloha
• Slotted Aloha

14. Which protocols use the application layer?

Ans. The protocols that use the application layer are:

• SMTP
• DNS
• TELNET
• FTP

15. What is an intranet?

Ans. It is a private network based on TCP/IP protocols accessible only by the company’s members or someone with authorization.

16. What are the steps involved in creating the checksum?

Ans. The following steps are involved in creating the checksum:

• Divide the data into sections
• Add the sections together using 1’s complement arithmetic
• Take the complement of the final sum

17. What are the different types of network security tools?

Ans. The different types of network security tools are:

• Access control
• Antivirus and antimalware software
• Application security 
• Data Loss Prevention (DLP)
• Email security
• Firewalls
• Intrusion prevention systems
• Mobile device security
• Host-based Intrusion Detection System (HIDS)
• Network Intrusion Detection System (NIDS)
• Behavioral analytics
• Network segmentation
• Virtual Private Network (VPN)
• Web security
• Wireless security

18. Explain the basic working of network security.

Ans. Network security is an activity that is designed to protect the usability and integrity of the network and data. It includes both hardware and software technologies and targets a variety of threats. It combines various layers of defenses at the edge and in the network. Every network security layer implements distinct policies and controls. While authorized users gain access to network resources, the malicious or unauthorized agents are blocked from carrying out exploits and threats.

19. What is the meaning of AAA in network security?

Ans. AAA stands for Authentication, Authorization, and Accounting. It refers to the protocols that mediate network access. It is a framework to control user access, implement policies, and keep track of all activities in the network. Two network protocols provide AAA functionality namely, Radius and Diameter.

• Authentication ascertains whether a user is legitimate to use the system and the network or not. It requires a login and password.
• Authorization refers to the access control rights. It means that every user on the network can access only certain data and information, depending on his/her level in the organization.
• Accounting helps in gathering all activity on the network for each use.

20. What is IPS in network security?

Ans. IPS stands for Intrusion Prevention System. It is also known as Intrusion Detection Prevention System (IDPS). IPS focuses on tracking the network for any suspicious or malicious activities attempting to exploit a known vulnerability. It identifies such activity and then either detects and allows (IDS) or prevents (IPS) the threat. Some of the approaches to prevent intrusions are signature-based, protocol-based, anomaly-based, and policy-based IPS.

The IPS reports such events to system administrators and takes preventative action, such as closing access points and configuring firewalls to prevent future attacks.

21. What are the potential consequences of a network security attack for an organization?

Ans. A network security attack can result in irreversible damage to the organization. Some of the potential outcomes of a network security attack are: 

• Loss of sensitive information and proprietary data
• Reduction profits
• Loss of value with shareholders
• Loss of reputation
• Deterioration of brand value
• Reduced trust with customers

22. What are the Administrator Privileges? Why they are required while trying to install a download?

Ans. Administrative Privileges refer to the permissions granted by administrators to users. These privileges enable them to create, delete, and modify items and settings. 

Without administrative privileges, we cannot perform many system modifications, such as installing software or changing network settings. If we don’t have administrator privileges, then we may be able to use a program, but not upgrade it.

23. What is network encryption? How does it work?

Ans. Network encryption is the process of encrypting or encoding data and messages transmitted over a computer network. It includes various tools, techniques, and standards to ensure that the messages are unreadable they are transmitting between two or more network nodes.

Network encryption helps in maintaining the confidentiality of information transmitted over a network by making it difficult for unauthorized agents to have the information and understand it or get anything useful from it if they intercept the information in transit. Each message is sent in an encrypted form and is decrypted and converted back into its original form at the recipient’s end using encryption/decryption keys.

24. What do you mean by the CIA Triad?

Ans. CIA stands for Confidentiality, Integrity, and Availability. CIA or CIA Triad is a popular model that is designed to maintain privacy policies for information security in organizations. Security professionals evaluate threats after assessing their potential impact on the confidentiality, integrity, and availability of the organization’s assets. A network is secure only when it possesses the components that constitute the CIA Triad.

• Confidentiality refers to an organization’s efforts to keep their data private or secret. Thus, only those who are authorized have access to specific assets while those who are unauthorized are prevented from accessing.
• Integrity refers to ensuring that data is authentic and reliable. Also, it has not been tampered with.
• Availability refers to ensuring that systems, applications, and data are up and running; and authorized users have access to resources when they are needed.

25. What are the benefits of a firewall?

Ans. The benefits of firewalls are: 

• Monitors network traffic
• Enhances Privacy
• Stops Spyware
• Prevents hacking
• Inhibits virus attacks

26. What is a Proxy firewall?

Ans. A Proxy Firewall is an early type of firewall device that serves as the gateway from one network to another for a specific application. It protects network resources by filtering messages at the application layer. The firewall proxy server operates at the application layer through the proxy. This is done by creating and running a process on the firewall that mirrors a service as if it were running on the end host.

27. What is a UTM firewall?

Ans. A Unified threat management (UTM) firewall refers to the hardware or software device that assembles different security functions, like a proxy, packet filtering, intrusion detection and prevention systems, protection against malware, application control, and more.

28. Explain Stateful Inspection.

Ans. Also known as dynamic packet filtering, Stateful Inspection is a firewall technology that monitors the state of active network connections. It keeps a track of all activities right from the opening of a connection until it is closed. It allows or blocks traffic based on state, port, and protocol by utilizing the information regarding active connections.

29. Why does an Active FTP not work with network firewalls?

Ans. Initiating a connection with the FTP server, established two TCP connections. The second TCP connection (FTP data connection) initiates and establishes from the FTP server. If a firewall is between the FTP client and server, it would block the connection initiated from the FTP server because it is a connection initiated from outside. Thus, Passive FTP can be used or the firewall rule can be modified to add the FTP server as trusted.

30. What is a DDoS attack?

Ans. A DDoS or Distributed-Denial-of-Service attack is a cyber-attack in which the central server is continuously flooded with frequent data requests. Such attacks intend to disrupt the target system and business. In a DDoS attack, the hackers make a network resource (a website or computer system) unavailable to its users by disrupting the services of a host connected to the Internet. It is done by flooding or crashing the website with too much traffic.

31. What are the types of DDoS attacks?

Ans. There are three basic categories of DDoS attacks are:

• Volume-based attacks – they use high traffic to overload the network bandwidth
• Protocol attacks – their objective is to exploit server resources
• Application attacks – they focus on web applications and are the most serious type of attacks

Different types of attacks fall into categories based on the traffic quantity and the vulnerabilities being targeted. Here are some popular types of DDoS attacks:

• ICMP (Ping) Flood
• SYN Flood
• NTP Amplification
• HTTP Flood
• Zero-day DDoS attacks
• UDP Flood
• Smurf Attack
• Fraggle Attack
• Slowloris

32. What is Ransomware? 

Ans. Ransomware is a type of malicious software that enables cyber-criminals to block you from accessing your own data. The victim’s data is encrypted until the attacker is paid a predetermined ransom, which is usually in the form of cryptocurrency. Ransomware may be distributed through email phishing and exploit kits. After its distribution, the ransomware encrypts selected files and notifies the victim of the required payment.

33. How does Ransomware work?

Ans. Ransomware may enter into your network in multiple ways. The most common way is by downloading a spam email attachment. The download will infect your system with the ransomware program. Some other ways of ransomware include social engineering, downloads of malicious software, and malvertising.  

The software gets into your network by an executable file that may have been in a zip folder or any other attachment. The download file will then encrypts your data, add an extension to your files, and makes them inaccessible. 

34. Name some different types of ransomware. 

Ans. The different types of ransomware variants are: 

• CryptoLocker
• WannaCry
• Bad Rabbit
• Cerber
• Crysis
• CryptoWall
• GoldenEye
• Jigsaw
• TeslaCrypt
• TorrentLocker
• Locky

35. What is Malware?

Ans. Short for malicious software, Malware refers to software variants, such as viruses, worms, adware ransomware, and spyware that are designed to damage and destroy data and systems or to gain unauthorized access to a network. Malware is usually sent in the form of a link or file over email. It requires the target to click on the link or open the file to execute the malware.

36. What is Spyware?

Ans. Spyware is unwanted software that gains access to your computer and reports back to a remote user. It steals your internet usage data and sensitive information. In simple terms, it is malicious software that gains access to or damages your computer, without your knowledge. It is mostly used to steal financial or personal information. 

37. What is Adware?

Ans. Adware is malicious software designed to collect data on your computer usage and show appropriate advertisements up on your screen, often within a web browser. Adware may not always be malicious but in some cases, it can cause issues for your system. It can redirect your browser to unsafe sites and it can even contain Trojan horses and spyware. 

38. What is Phishing?

Ans. Phishing is the fraudulent practice of sending fraudulent emails, calls, or text messages to targets that appear to come from a reputable source. It is a cybercrime that tricks the target into sharing passwords, credit card numbers, and other sensitive information or installing malware on the victim’s machine by posing as a trusted source. It is a type of social engineering attack.

39. How does phishing work?

Phishing is a type of social engineering attack that enables hackers to steal the victim’s sensitive data, such as login credentials and credit card numbers. It starts with a fraudulent email or other communication like a text message that is created to tempt a victim. The communication looks as if it has come from a trusted source. 

The phishers dupe victims into opening those emails or text messages and the victim is coaxed into providing confidential information, leading to devastating results.

Apart from stealing sensitive data, hackers can infect computers with viruses and convince victims to participate in money laundering. 

40. What are the different types of phishing attacks?

Ans. The different types of phishing attacks are:

1. Email Phishing: This is the most common type of Phishing. The phisher will register a fake domain that looks like a genuine source and send generic requests to obtain confidential information from the victims. Phishers use the data to steal money or to launch other attacks.
2. Spear Phishing: It targets specific individuals instead of a wide group of people after searching the victims on social media and other sites to customize their communications and appear more authentic.
3. Whaling: In this, the attackers go after those working in senior positions. Attackers spend considerable time profiling the target to find the best time as well as the means of stealing their sensitive information.
4. Smishing and Vishing: In smishing, the victim is contacted through text messages while vishing involves a telephonic conversation. The end goal of both is the same as any other kind of phishing attack.

41. What does VPN stand for?

Ans. VPN stands for the Virtual Private Network. It creates a secure network connection over a public network like the internet.

42. What is the use of a VPN?

Ans. A VPN or virtual private network is an encrypted connection over the Internet from a device to a network. It provides online privacy and anonymity by creating a private network from a public internet connection. It prevents unauthorized people from spying on the traffic and allows the user to conduct work remotely.

43. What are the different types of VPNs?

Ans. The different types of VPNs are:

• Remote access
• Site-to-site

44. What is Shadow IT?

Ans. Shadow IT refers to the use of information technology systems, software, devices, applications, and services without informing the organization’s IT or security group. It includes the projects that are managed outside of, and without the knowledge of the organization’s IT department.

This practice has grown exponentially lately with the adoption of cloud-based applications and services. Shadow IT can introduce serious security risks to the organization through data leaks and potential compliance violations.

45. Give some examples of Shadow IT.

Ans. Shadow IT consists of all activities and purchases related to IT that the IT department is unaware of. It includes all those projects that are conducted out of compliance with official company policies. The examples of Shadow IT purchases include:

• Hardware: PCs, laptops, tablets, servers, flash drives, external drives, and smartphones
• Productivity apps: Trello and Slack
• Communication apps: Skype and VOIP
• Packaged software
• Cloud Services: Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)