Cyber Security Interview Questions
Cyber Security is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cybersecurity measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.
A strong cybersecurity strategy has layers of protection to defend against cyber crime, including cyber attacks that attempt to access, change, or destroy data; extort money from users or the organization; or aim to disrupt normal business operations. Countermeasures should address:
Critical infrastructure security : Practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety. The National Institute of Standards and Technology (NIST) has created a cybersecurity framework to help organizations in this area, while the U.S. Department of Homeland Security (DHS) provides additional guidance.
Network security : Security measures for protecting a computer network from intruders, including both wired and wireless (Wi-Fi) connections.
Application security : Processes that help protect applications operating on-premises and in the cloud. Security should be built into applications at the design stage, with considerations for how data is handled, user authentication, etc.
Cloud security : Specifically, true confidential computing that encrypts cloud data at rest (in storage), in motion (as it travels to, from and within the cloud) and in use (during processing) to support customer privacy, business requirements and regulatory compliance standards.
Information security : Data protection measures, such as the General Data Protection Regulation or GDPR, that secure your most sensitive data from unauthorized access, exposure, or theft.
End-user education : Building security awareness across the organization to strengthen endpoint security. For example, users can be trained to delete suspicious email attachments, avoid using unknown USB devices, etc.
Disaster recovery/business continuity planning : Tools and procedures for responding to unplanned events, such as natural disasters, power outages, or cybersecurity incidents, with minimal disruption to key operations.
Storage security : Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks -- and unavailable to other entities. Storage security can encompass hardware management, application development, network security controls, communications protocols, organizational policy, physical security and user behavior.
Storage security also includes a range of issues, including network security and cyberthreats. Protection must be provided against online threats such as viruses, worms, Trojans and other malicious code.
Mobile security : Mobile security, which refers to the protection of mobile devices against cybersecurity threats, is a top-of-mind concern for today’s companies due to the growing use of mobile devices for business purposes.
Storage is where data resides. It is also where users and applications interact with data either directly or indirectly. An effective storage security strategy is essential in preventing unauthorized access to data and underlying storage systems.
Mobile security, which refers to the protection of mobile devices against cybersecurity threats, is a top-of-mind concern for today’s companies due to the growing use of mobile devices for business purposes. As remote workers access corporate data and applications using untrusted mobile devices, companies require an easy-to-use solution that protects their data without negatively impacting employee productivity.
Mobile devices suffer from a number of potential cyber threats. Some of the most common and impactful include :
Malicious Apps and Websites : Mobile devices can have mobile malware  installed on them and access malicious online content.

Mobile Ransomware : Mobile ransomware is one type of malicious app that is becoming more common and impactful as more valuable and sensitive data is stored on mobile devices.

Phishing : Mobile devices have access to a number of different communications media – email, SMS, social media, etc. – making them an ideal platform for performing phishing attacks that steal data or carry malicious content.

Man-in-the-Middle Attacks : Mobile communications do not always use secure technologies, making them vulnerable to interception for eavesdropping or modification of data.

Advanced Jailbreaking and Rooting Techniques : Jailbreaking and rooting provide elevated permissions on a mobile device, enabling an attacker to take a greater range of malicious actions.

OS Exploits : Like any other software, mobile operating systems can contain exploitable vulnerabilities that place them and their users at risk.
The volume of cybersecurity incidents is on the rise across the globe, but misconceptions continue to persist, including the notion that :
Cybercriminals are outsiders. In reality, cybersecurity breaches are often the result of malicious insiders, working for themselves or in concert with outside hackers. These insiders can be a part of well-organized groups, backed by nation-states.

Risks are well-known. In fact, the risk surface is still expanding, with thousands of new vulnerabilities being reported in old and new applications and devices. And opportunities for human error - specifically by negligent employees or contractors who unintentionally cause a data breach - keep increasing.

Attack vectors are contained. Cybercriminals are finding new attack vectors all the time - including Linux systems, Operational Technology (OT), Internet of Things (IoT) devices, and cloud environments.

My industry is safe. Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks(see below) are targeting more sectors than ever, including local governments and non-profits, and threats on supply chains, ".gov" websites, and critical infrastructure have also increased.
Although cybersecurity professionals work hard to close security gaps, attackers are always looking for new ways to escape IT notice, evade defense measures, and exploit emerging weaknesses. The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools, and new cloud services. These evolving threats include :
Malware : The term “malware” refers to malicious software variants—such as worms, viruses, Trojans, and spyware—that provide unauthorized access or cause damage to a computer. Malware attacks are increasingly “fileless” and designed to get around familiar detection methods, such as antivirus tools, that scan for malicious file attachments.
Ransomware : Ransomware is a type of malware that locks down files, data or systems, and threatens to erase or destroy the data - or make private or sensitive data to the public - unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to breach than organizations and under pressure to pay ransoms in order to restore applications and web sites on which citizens rely.
Phishing / social engineering : Phishing is a form of social engineering that tricks users into providing their own PII or sensitive information. In phishing scams, emails or text messages appear to be from a legitimate company asking for sensitive information, such as credit card data or login information. The FBI has noted about a surge in pandemic-related phishing, tied to the growth of remote work.
Insider threats : Current or former employees, business partners, contractors, or anyone who has had access to systems or networks in the past can be considered an insider threat if they abuse their access permissions. Insider threats can be invisible to traditional security solutions like firewalls and intrusion detection systems, which focus on external threats.
Distributed denial-of-service (DDoS) attacks : A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from multiple coordinated systems. DDoS attacks overwhelm enterprise networks via the simple network management protocol (SNMP), used for modems, printers, switches, routers, and servers.
Advanced persistent threats (APTs) : In an APT, an intruder or group of intruders infiltrate a system and remain undetected for an extended period. The intruder leaves networks and systems intact so that the intruder can spy on business activity and steal sensitive data while avoiding the activation of defensive countermeasures. The recent Solar Winds breach of United States government systems is an example of an APT.
Man-in-the-middle attacks : Man-in-the-middle is an eavesdropping attack, where a cybercriminal intercepts and relays messages between two parties in order to steal data. For example, on an unsecure Wi-Fi network, an attacker can intercept data being passed between guest’s device and the network.
The primary goal of cyber security is to protect data. To safeguard data from cyber-attacks, the security sector offers a triangle of three connected principles. The CIA trio is the name for this principle. The CIA model is intended to help organizations develop policies for their information security architecture. One or more of these principles has been broken when a security breach is discovered. Confidentiality, Integrity, and Availability are the three components of the CIA model. It's a security paradigm that guides individuals through many aspects of IT security. Let's take a closer look at each section.

Main Objects of Cyber Security
Confidentiality : Confidentiality is the same as privacy in that it prevents unauthorized access to data. It entails ensuring that the data is only accessible to those who are authorized to use it, as well as restricting access to others. It keeps vital information from getting into the wrong hands. Data encryption is a great example of keeping information private.

Integrity : This principle assures that the data is genuine, correct, and safe from unwanted threat actors or unintentional user alteration. If any changes are made, precautions should be taken to protect sensitive data from corruption or loss, as well as to quickly recover from such an incident. Furthermore, it denotes that the source of information must be genuine.

Availability : This principle ensures that information is constantly available and helpful to those who have access to it. It ensures that system failures or cyber-attacks do not obstruct these accesses.
Cyber Crime is just like regular crime but happens on the Internet. Following are some examples of Cyber Crime :
* Identity Theft
* Online Predators
* Hacking of sensitive information from the Internet
* BEC ("Business Email Compromise")
* Ransomware
* Stealing intellectual property
Cyber Crime is increasing day by day every year because of the following reasons :
* Cyber Crime is easy to accomplish. A person having good knowledge of computer hacking can do Cybercrime.
* There is a lower risk of getting caught in Cybercrime.
* A cyber attackers can get huge money for their little work.
* Cyber attackers can target thousands of victims.
* With the introduction of cryptocurrencies, money laundering is getting easier.