Top Cyber Security Interview Questions and Answers-(2024)

1 .

Cyber Security is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cybersecurity measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.

2 .

Explain Cyber Security domains.

A strong cybersecurity strategy has layers of protection to defend against cyber crime, including cyber attacks that attempt to access, change, or destroy data; extort money from users or the organization; or aim to disrupt normal business operations. Countermeasures should address:

Critical infrastructure security : Practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety. The National Institute of Standards and Technology (NIST) has created a cybersecurity framework to help organizations in this area, while the U.S. Department of Homeland Security (DHS) provides additional guidance.

Network security : Security measures for protecting a computer network from intruders, including both wired and wireless (Wi-Fi) connections.

Application security : Processes that help protect applications operating on-premises and in the cloud. Security should be built into applications at the design stage, with considerations for how data is handled, user authentication, etc.

Cloud security : Specifically, true confidential computing that encrypts cloud data at rest (in storage), in motion (as it travels to, from and within the cloud) and in use (during processing) to support customer privacy, business requirements and regulatory compliance standards.

Information security : Data protection measures, such as the General Data Protection Regulation or GDPR, that secure your most sensitive data from unauthorized access, exposure, or theft.

End-user education : Building security awareness across the organization to strengthen endpoint security. For example, users can be trained to delete suspicious email attachments, avoid using unknown USB devices, etc.

Disaster recovery/business continuity planning : Tools and procedures for responding to unplanned events, such as natural disasters, power outages, or cybersecurity incidents, with minimal disruption to key operations.

Storage security : Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks -- and unavailable to other entities. Storage security can encompass hardware management, application development, network security controls, communications protocols, organizational policy, physical security and user behavior.

Storage security also includes a range of issues, including network security and cyberthreats. Protection must be provided against online threats such as viruses, worms, Trojans and other malicious code.

Mobile security : Mobile security, which refers to the protection of mobile devices against cybersecurity threats, is a top-of-mind concern for today’s companies due to the growing use of mobile devices for business purposes.

3 .

Why is storage security important?

Storage is where data resides. It is also where users and applications interact with data either directly or indirectly. An effective storage security strategy is essential in preventing unauthorized access to data and underlying storage systems.

4 .

What is Mobile Security?

Mobile security, which refers to the protection of mobile devices against cybersecurity threats, is a top-of-mind concern for today’s companies due to the growing use of mobile devices for business purposes. As remote workers access corporate data and applications using untrusted mobile devices, companies require an easy-to-use solution that protects their data without negatively impacting employee productivity.

5 .

Top Threats to Mobile Security.

Mobile devices suffer from a number of potential cyber threats. Some of the most common and impactful include :

Malicious Apps and Websites : Mobile devices can have mobile malware installed on them and access malicious online content.

Mobile Ransomware : Mobile ransomware is one type of malicious app that is becoming more common and impactful as more valuable and sensitive data is stored on mobile devices.

Phishing : Mobile devices have access to a number of different communications media – email, SMS, social media, etc. – making them an ideal platform for performing phishing attacks that steal data or carry malicious content.

Man-in-the-Middle Attacks : Mobile communications do not always use secure technologies, making them vulnerable to interception for eavesdropping or modification of data.

Advanced Jailbreaking and Rooting Techniques : Jailbreaking and rooting provide elevated permissions on a mobile device, enabling an attacker to take a greater range of malicious actions.

OS Exploits : Like any other software, mobile operating systems can contain exploitable vulnerabilities that place them and their users at risk.

6 .

Explain Some Dangerous Cyber Security Myths.

The volume of cybersecurity incidents is on the rise across the globe, but misconceptions continue to persist, including the notion that :

Cybercriminals are outsiders. In reality, cybersecurity breaches are often the result of malicious insiders, working for themselves or in concert with outside hackers. These insiders can be a part of well-organized groups, backed by nation-states.

Risks are well-known. In fact, the risk surface is still expanding, with thousands of new vulnerabilities being reported in old and new applications and devices. And opportunities for human error - specifically by negligent employees or contractors who unintentionally cause a data breach - keep increasing.

Attack vectors are contained. Cybercriminals are finding new attack vectors all the time - including Linux systems, Operational Technology (OT), Internet of Things (IoT) devices, and cloud environments.

My industry is safe. Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks(see below) are targeting more sectors than ever, including local governments and non-profits, and threats on supply chains, ".gov" websites, and critical infrastructure have also increased.

7 .

Explain Some Common Cyber Threats.

Although cybersecurity professionals work hard to close security gaps, attackers are always looking for new ways to escape IT notice, evade defense measures, and exploit emerging weaknesses. The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools, and new cloud services. These evolving threats include :

Malware : The term “malware” refers to malicious software variants—such as worms, viruses, Trojans, and spyware—that provide unauthorized access or cause damage to a computer. Malware attacks are increasingly “fileless” and designed to get around familiar detection methods, such as antivirus tools, that scan for malicious file attachments.

Ransomware : Ransomware is a type of malware that locks down files, data or systems, and threatens to erase or destroy the data - or make private or sensitive data to the public - unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to breach than organizations and under pressure to pay ransoms in order to restore applications and web sites on which citizens rely.

Phishing / social engineering : Phishing is a form of social engineering that tricks users into providing their own PII or sensitive information. In phishing scams, emails or text messages appear to be from a legitimate company asking for sensitive information, such as credit card data or login information. The FBI has noted about a surge in pandemic-related phishing, tied to the growth of remote work.

Insider threats : Current or former employees, business partners, contractors, or anyone who has had access to systems or networks in the past can be considered an insider threat if they abuse their access permissions. Insider threats can be invisible to traditional security solutions like firewalls and intrusion detection systems, which focus on external threats.

Distributed denial-of-service (DDoS) attacks : A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from multiple coordinated systems. DDoS attacks overwhelm enterprise networks via the simple network management protocol (SNMP), used for modems, printers, switches, routers, and servers.

Advanced persistent threats (APTs) : In an APT, an intruder or group of intruders infiltrate a system and remain undetected for an extended period. The intruder leaves networks and systems intact so that the intruder can spy on business activity and steal sensitive data while avoiding the activation of defensive countermeasures. The recent Solar Winds breach of United States government systems is an example of an APT.

Man-in-the-middle attacks : Man-in-the-middle is an eavesdropping attack, where a cybercriminal intercepts and relays messages between two parties in order to steal data. For example, on an unsecure Wi-Fi network, an attacker can intercept data being passed between guest’s device and the network.

8 .

What is the main objective of Cyber Security?

The primary goal of cyber security is to protect data. To safeguard data from cyber-attacks, the security sector offers a triangle of three connected principles. The CIA trio is the name for this principle. The CIA model is intended to help organizations develop policies for their information security architecture. One or more of these principles has been broken when a security breach is discovered. Confidentiality, Integrity, and Availability are the three components of the CIA model. It's a security paradigm that guides individuals through many aspects of IT security. Let's take a closer look at each section.

Confidentiality : Confidentiality is the same as privacy in that it prevents unauthorized access to data. It entails ensuring that the data is only accessible to those who are authorized to use it, as well as restricting access to others. It keeps vital information from getting into the wrong hands. Data encryption is a great example of keeping information private.

Integrity : This principle assures that the data is genuine, correct, and safe from unwanted threat actors or unintentional user alteration. If any changes are made, precautions should be taken to protect sensitive data from corruption or loss, as well as to quickly recover from such an incident. Furthermore, it denotes that the source of information must be genuine.

Availability : This principle ensures that information is constantly available and helpful to those who have access to it. It ensures that system failures or cyber-attacks do not obstruct these accesses.

9 .

What is Cyber Crime? Give some examples of Cyber Crime.

Cyber Crime is just like regular crime but happens on the Internet. Following are some examples of Cyber Crime :

* Identity Theft

* Online Predators

* Hacking of sensitive information from the Internet

* BEC ("Business Email Compromise")

* Ransomware

* Stealing intellectual property

10 .

Why is Cyber Crime increasing day by day every year?

Cyber Crime is increasing day by day every year because of the following reasons :

* Cyber Crime is easy to accomplish. A person having good knowledge of computer hacking can do Cybercrime.

* There is a lower risk of getting caught in Cybercrime.

* A cyber attackers can get huge money for their little work.

* Cyber attackers can target thousands of victims.

* With the introduction of cryptocurrencies, money laundering is getting easier.

11 .

What are the main advantages of cyber security?

Following is a list of main advantages of cyber security :

* Cyber security protects online businesses and transactions against ransomware, malware, online frauds, and phishing.

* It protects the end-users.

* It provides great protection for both data as well as networks.

* It can increase the recovery time after a breach.

* It prevents unauthorized users from accessing sensitive information.

12 .

What is the OSI model? Explain the different layers of the OSI model.

The Open Systems Interconnection (OSI) model is a reference model that describes how applications interact with each other over a computer network. It has seven layers; they are as shown below :

Physical Layer : This is the lowest level of the OSI model. Here, data is converted into an electrical impulse and sent through a physical medium. It is also responsible for the physical connection between the devices.

Data Link Layer : Here, the data packet is encoded and decoded into bits. This layer looks into the node to node delivery of a message.

Network Layer : In this layer, datagrams are transferred from one to another. The functions here are routing and logical addressing.

Transport Layer : This layer is responsible for end-to-end connections. The data in this layer is called segments. This is where TCP and UDP protocols work.

Session Layer : This layer controls signals between computers. The session layer establishes, maintains, and ends connections between processes.

Presentation Layer : It is responsible for translating data into the application layer format. Here, the data is formatted, encrypted, and then sent to the next layer.

Application Layer : Finally, here, services are provided to the end-users. The application layer deals with any sort of data that the application of a machine generates, like a user input such as a password, and so on.

13 .

Define Unicasting, Multicasting, and Broadcasting.

Unicast, Multicast, and Broadcast are the three methods by which we transmit data over a network.

Unicast : It sends the information from a single user to a single receiver. We use this for point-to-point communications.

Multicast : Here, data is sent from one or more sources to multiple destinations.

Broadcast : Broadcast is known as one-to-all, i.e., the communication is between a single user and several receivers.

14 .

What is Cryptography?

Cryptography is the study of encrypting and decrypting data to prevent unauthorized access. The ciphertext should be known by both the sender and the recipient. With the advancement of modern data security, we can now change our data such that only the intended recipient can understand it.

Cryptography allows for the secure transmission of digital data between willing parties. It is used to safeguard company secrets, secure classified information, and sensitive information from fraudulent activity, among other things. Crypto means hidden and graph means writing.

Encryption is a fundamental component of cryptography, as it jumbles up data using various algorithms. Data encryption is the method of undoing the work done by encrypting data so that it can be read again. Cryptography is dependent on both of these methods.

15 .

How many Types of Cryptography

Cryptography is classified into two categories based on the types of keys and encryption algorithms :

* Symmetric Key Cryptography (Secret key)

* Asymmetric Key Cryptography (Public key)

Let’s take a closer look at each type.

Symmetric Key Cryptography : Also known as Secret Key Cryptography, private key encryption encrypts data using a single key that only the sender and receiver know. The secret key must be known by both the sender and the receiver, but should not be sent across the channel; however, if the hacker obtains the key, deciphering the message will be easier. When the sender and the receiver meet on the handset, the key should be addressed. Although this is not an ideal method. Because the key remains the same, it is simpler to deliver a message to a certain receiver. The data encryption framework (DES Algorithm) is the most widely used symmetric key system.

Asymmetric key cryptography : Asymmetric key cryptography, also known as public-key cryptography, consists of two keys, a private key, which is used by the receiver, and a public key, which is announced to the public. Two different keys are used in this method to encrypt and decrypt the data. These two distinct keys are mathematically linked. They are sold in pairs. The public key is accessible to anyone, whereas the private key is only accessible to the person who generates these two keys.

For example, Bob wants to send an encrypted message to Alice, and they agree to encrypt his message using public-key encryption. The receiver initiates public key encryption to encrypt the sender’s message. The receiver, not the sender, initiates the public key method to encrypt the sender’s message. Everyone has access to the public key. The receiver, Alice, is the only one who has access to the private key. The following is how it works :

Step 1 : Alice generates two keys: one public and one private. Alice stores the public key on a public key server that anyone can access.

Step 2 : Alice informs Bob of the location of her public key.

Step 3 : Bob obtains Alice’s public key by following Alice’s instructions.

Step 4 : Bob composes a message and encrypts it with Alice’s public key. Bob sends Alice the encrypted message via the network.

Step 5 : Alice decrypts Bob’s message using her private key.

16 .

What is Digital Signature in Cryptography?

A digital signature is equivalent to a handwritten signature. It is an electronic verification of the sender. Digital signatures are commonly used for software distribution, financial transactions. The digital signature serves three purposes :

Authentication : The process or action of proving the sender in cryptography

Non-repudiation : The assurance that someone cannot deny the validity

Integrity : The quality of the message sent and received as it is

17 .

How does Cryptography work?

The functioning of cryptography revolves around cryptographic algorithms. Cryptographic algorithms or ciphers are mathematical functions that are combined with keys, such as phrase, digit, word, etc., to encrypt text. The effectiveness depends on the strength of the cryptographic algorithms and the secrecy level of the key.

Multiple complex combinations of algorithms and keys boost the effectiveness of a cryptosystem.

18 .

Explain some Cryptography Techniques.

Some major techniques of Cryptography are listed below :

Steganography : One of the oldest techniques of cryptography, steganography involves hiding secret information or messages with no confidential status files in order to avoid detection. Decades ago, steganography was not as sophisticated as it is now. Earlier, invisible ink, slight variations, etc., were used to hide messages. But with the advent of technology, steganography has evolved as one of the commonly used techniques in cryptography.

Hashing : Hashing converts data to be hidden into a unique string. Irrespective of the type or form of data, hashing can be used to hide it. Once hashing is performed, it cannot be decrypted by using just keys.

Simple codes : A language is used to hide the meaning of the sentences written in a different language. The message is written in such a way that it is hard to decipher. In a majority of cases, niche alphabets are used to make the message more complex to read.

Symmetric encryption : It is mainly used for encrypting and decrypting electronic data through a secret key. Substitution ciphers form the base of symmetric encryption. However, nowadays, symmetric encryption is much more than just substitution ciphers. Symmetric encryption is largely used when the message to be encrypted is quite sizable.

Asymmetric encryption : This type of encryption uses two keys, public key, and private key, to encrypt and decrypt plaintext. Anyone with the secret key can decrypt the message. Hence, asymmetric encryption uses two corresponding keys to ensure secrecy.

19 .

What is RSA Algorithm in Cryptography?

RSA is an asymmetric cryptographic algorithm. RSA Algorithm that works on a block cipher concept that converts plain text into ciphertext and vice versa at the receiver side. If the public key of User A is used for encryption, we have to use the private key of the same user for decryption.

Step 1 : Select two prime numbers p and q where p not equal to q.

Step 2 : Calculate n= p*q and z=(p-1)*(q-1)

Step 3 : Choose number e: Such that e is less than n, which has no common factor (other than one) with z.

Step 4 : Find number d: such that (ed-1) is exactly divisible by 2.

Step 5 : Keys are generated using n, d, and e

Step 6 : Encryption

c=m pow(e) mod n

(where m is plain text and c is ciphertext)

Step 7 : Decryption

m= c pow(d) mod n

Step 8 : Public key is shared and the private key is hidden.

Note : (e, n) is the public key used for encryption. (d, n) is the private key used for decryption

The RSA algorithm has the drawback of being quite inefficient in cases in which large volumes of data must be authenticated by the same virtual machine. A foreign entity must substantiate the dependability of authentication tokens. Data is routed through middlemen, who may corrupt with the cryptosystem.

20 .

What is DES Algorithm in Cryptography?

Data Encryption Standard is a symmetric cipher algorithm and uses the block cipher method for encryption and decryption. DES is the landmark in cryptographic algorithms. It works based on Fiesta Cipher Structure.

DES operates on a plaintext block of 64 bits and returns ciphertext of the same size.

Step 1 : Sub-key Generation

Step 2 : Encryption

21 .

Explain Some Advantages and Disadvantages of Cryptography.

Advantages of Cryptography

* Some techniques such as hashing, are known to preserve the integrity of the message.

* It is used to guard highly confidential information and data.

* It offers protection from users not intended to have access to a message.

* Digital signatures provide non-repudiation against disputes that arise in situations where the sender denies passing of the message.

Disadvantages of Cryptography

* It can prove to be dangerous if the system design is not properly managed.

* Sometimes, a strongly encrypted message cannot be read by even the intended or legitimate user. This has been known to happen in many cases.

* The whole concept of cryptography relies on the complexity of mathematical algorithms. What if someone breaks through the complex algorithms, the entire * cryptosystem would be vulnerable to threats.

22 .

How Many Types of Attacks in Cryptography?

There are two types of cryptography attacks,

* passive attacks
* active attacks

Passive Attacks : In a passive attack, the intruder can only see the private data but can hardly make any changes to it or alter it. Passive attacks are more dangerous because the intruder only sees the message without altering it. Then no one will ever know that an attack is taking place, and their hidden messages will no longer be hidden.

Snooping : Also known as message content leakage, snooping is a nonaggressive attack where the intruder can only read a message. This jeopardizes the security goal of confidentiality.

Active Attacks : In this type of attack, the intruder can alter the private data.

Masquerade : The intruder will try to gain as much access to the computer system as possible. Masquerade is an active attack that threatens the security goal of credibility.

Brute force attack : A brute force attack occurs when hackers use computers to feedback loop over each letter in a character set systematically. A character set can consist of letters, numbers, symbols, or anything else that the hackers may desire. In the most general terms, a brute force attack is a method of trial and error that attempts all possible password combinations. This method works well for short passwords, but it takes a long time to try all possible passwords.

Dictionary attack : It is a quick and easy password attack. Hackers generate thousands of candidate digests and their pre-matched plaintext passwords using a dictionary. These candidate digits are compared to those in a stolen digest file by hackers. If a match is found, they are given the password. Although this method appears to be feasible if done manually, computers are capable of processing millions of words in a matter of hours.

23 .

What is Security Misconfiguration?

Categorized as system vulnerability, security misconfiguration is a situation when a device/application/network is misconfigured and is prone to exploited by an attacker. A few simple examples of this include leaving systems unattended in public places, sharing passwords of devices and accounts, etc.

24 .

What do you understand by CIA triad?

CIA is an acronym that stands for Confidentiality, Integrity, and Availability. It is commonly known as the CIA triad. CIA is a model that specifies the guide policies for Information Security. It is one of the most popular models used by organizations.

Confidentiality : It specifies that the information should be accessible and readable only to authorized personnel and ensures that unauthorized personnel cannot access it. The information should be strongly encrypted so that if someone uses hacking to access the data, they cannot read or understand it.

Integrity : Integrity is used to ensure that an unauthorized entity has not modified the data. It also ensures that data should not be corrupted. If an authorized individual/system tries to modify the data and the modification should not be successful, the data reversed back and should not be corrupted.

Availability : It ensures that the data is available to the user whenever the user requires it. To achieve this, maintaining hardware, upgrading them regularly, data backups and recovery are necessary.

25 .

What is traceroute? Mention its uses.

Traceroute is a network diagnostic tool. It helps track the route taken by a packet that is sent across the IP network. It shows the IP addresses of all the routers it pinged between the source and the destination.

Uses :

* It shows the time taken by the packet for each hop during the transmission.

* When the packet is lost during the transmission, the traceroute will identify where the point of failure is.

26 .

What is the difference between IDS and IPS?

A list of differences between IDS and IPS :

IDS	IPS
IDS stands for Intrusion Detection Systems.	IPS stands for Intrusion Prevention Systems.
IDS can only detect intrusions, but it is unable to prevent intrusions.	IPS can detect as well as prevent intrusions.
IDS is a monitoring system.	IPS is a control system.
IDS requires a human or another system to look at the results.	IPS only requires a regularly updated database with the latest threat data.

27 .

What is the difference between a threat, vulnerability and risk?

Generally, people think that threat, vulnerability and risk are the same, but there are some crucial differences between them:

Threat : A threat can be any form of hazard capable of destroying or stealing data, disrupting operations, or cause harm in general. Some examples of threats are Malware, phishing, data breaches, and even unethical employees etc. Any type of threat may be harmful for the organization, so; it is essential to understand threats for developing effective mitigation and making informed cyber security decisions.

Vulnerability : Vulnerability is a possible problem or a flaw in hardware, software, personnel, or procedures that can harm the organization. Threat actors can use these vulnerabilities to achieve their objectives.

Some examples of vulnerabilities are given below :

Physical vulnerabilities : Publicly exposed networking equipment is an example of Physical vulnerability.

Software vulnerabilities : buffer overflow vulnerability in a browser.

Human vulnerabilities : an employee vulnerable to phishing assaults.

Zero-day vulnerability : It is a type of vulnerability for which a remedy is not yet available.

To cope up with vulnerabilities, we have a method called Vulnerability management. It is the process of identifying, reporting and repairing vulnerabilities.

Risk : Risk is a combination of threat and vulnerability. When we combine the probability of a threat and the consequence of vulnerability, it is called a risk. Risk is the likelihood of a threat agent successfully exploiting vulnerability.

A formula to calculate risk :

Risk = likelihood of a threat * Vulnerability Impact

To control and manage the risk, we use a method called Risk management. It is a process of identifying all potential hazards, analyzing their impact, and determining the best course of action. This is an always running procedure used to examine the new threats and vulnerabilities regularly. By using this method, we can avoid or minimize risks. We can also accept or passed them to a third party according to the response chosen.

28 .

What is the difference between Symmetric and Asymmetric encryption?

Basis of Comparison	Symmetric Encryption	Asymmetric Encryption
Encryption key	Same key for encryption & decryption	Different keys for encryption & decryption
Performance	Encryption is fast but more vulnerable	Encryption is slow due to high computation
Algorithms	DES, 3DES, AES and RC4	Diffie-Hellman, RSA
Purpose	Used for bulk data transmission	Often used for securely exchanging secret keys

29 .

How is Encryption different from Hashing?

Both Encryption and Hashing are used to convert readable data into an unreadable format. The difference is that the encrypted data can be converted back to original data by the process of decryption but the hashed data cannot be converted back to original data.

30 .

What is a Firewall?

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.

A firewall can be hardware, software, or both.

Types of firewalls :

Proxy firewall : An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.

Stateful inspection firewall : Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.

Unified threat management (UTM) firewall : A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.

Next-generation firewall (NGFW) : Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.

According to Gartner, Inc.’s definition, a next-generation firewall must include :

* Standard firewall capabilities like stateful inspection

* Integrated intrusion prevention

* Application awareness and control to see and block risky apps

* Upgrade paths to include future information feeds

* Techniques to address evolving security threats

While these capabilities are increasingly becoming the standard for most companies, NGFWs can do more.

Threat-focused NGFW : These firewalls include all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation. With a threat-focused NGFW you can:

* Know which assets are most at risk with complete context awareness

* Quickly react to attacks with intelligent security automation that sets policies and hardens your defenses dynamically

* Better detect evasive or suspicious activity with network and endpoint event correlation

* Greatly decrease the time from detection to cleanup with retrospective security that continuously monitors for suspicious activity and behavior even after initial inspection

* Ease administration and reduce complexity with unified policies that protect across the entire attack continuum

31 .

Define VPN.

The term VPN refers to a Virtual Private Network. It enables you to connect your computer to a private network, establishing an encrypted connection that hides your IP address, allowing you to safely share data and access the web while safeguarding your online identity.

A virtual private network, or VPN, is an encrypted link between a device and a network via the Internet. The encrypted connection aids in the secure transmission of sensitive data. It protects against illegal eavesdropping on the traffic and allows the user to work remotely. In corporate settings, VPN technology is commonly used.
VPN

32 .

Who are Black Hat, White Hat and Grey Hat Hackers?

Black Hat hackers, sometimes known as crackers, attempt to obtain unauthorized access to a system in order to disrupt its operations or steal critical data.

Because of its malicious aim, black hat hacking is always illegal, including stealing company data, violating the privacy, causing system damage, and blocking network connection, among other things.

Ethical hackers are also referred to as White hat hackers. As part of penetration testing and vulnerability assessments, they never intend to harm a system; rather, they strive to uncover holes in a computer or network system.

Ethical hacking is not a crime and is one of the most difficult professions in the IT business. Many businesses hire ethical hackers to do penetration tests and vulnerability assessments.

Grey hat hackers combine elements of both black and white hat hacking. They act without malice, but for the sake of amusement, they exploit a security flaw in a computer system or network without the permission or knowledge of the owner.

Their goal is to draw the owners' attention to the flaw in the hope of receiving gratitude or a small reward.

Black, Gray, White Hat Hackers

33 .

What are the benefits of Cyber Security?

The following are some of the advantages of putting cybersecurity in place and keeping it up to date:

* Businesses are protected from cyberattacks and data breaches.

* Both data and network security are safeguarded.

* Unauthorized user access is kept to a minimum.

* There is a quicker recovery time after a breach.

* Protection for end-users and endpoint devices.

* Regulatory compliance.

* Operational consistency.

* Developers, partners, consumers, stakeholders, and employees have a higher level of trust in the company's reputation.

34 .

Explain Traceroute

It is a tool that shows the packet path. It lists all the points that the packet passes through. Traceroute is used mostly when the packet does not reach the destination. Traceroute is used to check where the connection breaks or stops or to identify the failure.

35 .

What is a Botnet?

A Botnet is a group of internet-connected devices such as servers, PCs, mobile devices, etc., that are affected and controlled by malware.

It is used for stealing data, sending spam, performing distributed denial-of-service attack (DDoS attack), and more, and also to enable the user to access the device and its connection.

36 .

What do you mean by a Null Session?

A null session occurs when a user is not authorized using either a username or a password. It can provide a security concern for apps because it implies that the person making the request is unknown.

37 .

What do you mean by Phishing?

Phishing is a sort of cybercrime in which the sender appears to be a legitimate entity such as PayPal, eBay, financial institutions, or friends and coworkers. They send an email, phone call, or text message to a target or target with a link to convince them to click on the link. This link will take users to a fake website where they will be asked to enter sensitive information such as personal information, banking and credit card information, social security numbers, usernames, and passwords. By clicking the link, malware will be installed on the target machines, allowing hackers to remotely control them.

You can protect yourself from phishing attacks by following these guidelines :

* Don't give out important information on websites you don't know.

* Check the site's security.

* Make use of firewalls.

* Use Toolbar for Anti-Phishing

38 .

Differentiate between hashing and encryption.

Hashing	Encryption
It is a method of converting data to a smaller fixed value known as the key, which is then used to represent the original data.	It's the technique of securely encoding data such that only the authorized user with the key or password can get the original data; for everyone else, it seems to be rubbish.
By whatever method, the hash code or key cannot be reverted to the original information. It can only be mapped, and the hash code is compared; if the hash code is the same, the information is identical; otherwise, it is not. It is not possible to get the original data.	If we know the encryption key and technique used for encryption, we can easily extract the original data.
In comparison to encryption, it is more secure.	In comparison to hashing, it is less secure.
The goal of hashing is to index and retrieve data from a database. The procedure is really quick.	Encryption transforms data in order to keep it hidden from others.
The hashed data is usually short and constant in length. It does not increase in size as the length of information increases.	The length of the encrypted data is not defined. It expands as the amount of data grows longer.

39 .

What do you understand by Brute Force Attack? How can you prevent it?

Brute Force Attack is a method of finding the right credentials by repetitively trying all the permutations and combinations of possible credentials. Brute Force Attacks are automated in most cases where the tool/software automatically tries to log in with a list of possible credentials.

Following is a list of some ways to prevent Brute Force Attacks :

Password Length : The length of a password is an important aspect to make it hard to crack. You can specify to set at least a minimum length for the password. The lengthier the password, the harder it is to find.

Password Complexity : You can include different characters formats in the password to make brute force attacks harder. Using the combination of alpha-numeric keywords along with special characters and upper and lower case characters can increase the password complexity making it difficult to be cracked.

Limiting Login Attempts : You can make the password hard for brute force attacks by setting a limit on login failures. For example, you can set the limit on login failures as 5. So, when there are five consecutive login failures, the system will restrict the user from logging in for some time or send an Email or OTP to log in the next time. Because brute force is an automated process, limiting login attempts will break the brute force process.

40 .

What do you understand by Port Scanning?

Port scanning is the technique administrators, and hackers use to identify the open ports and services available on a host. Hackers use this technique to find information that can be helpful to find flaws and exploit vulnerabilities, and administrators use this technique to verify the security policies of the network.

Following is a list of some most common Port Scanning Techniques :

* Ping Scan

* TCP Half-Open

* TCP Connect

* UDP

* Stealth Scanning

41 .

What is two-factor authentication and how it can be implemented for public websites?

* Two-factor authentication is also referred to as dual-factor authentication or two-step verification where the user provides two authentication factors for protecting both user credentials and resources while accessing.

* The two-factor authentication can be implemented on public websites such as Twitter, Microsoft, LinkedIn, and more for enabling another protection on your already protected account with a password.

* For enabling this double factor authentication, you can easily go to settings and then manage security settings.

42 .

What is DNS?

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

43 .

How does DNS work?

The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1). An IP address is given to each device on the Internet, and that address is necessary to find the appropriate Internet device - like a street address is used to find a particular home. When a user wants to load a webpage, a translation must occur between what a user types into their web browser (example.com) and the machine-friendly address necessary to locate the example.com webpage.

In order to understand the process behind the DNS resolution, it’s important to learn about the different hardware components a DNS query must pass between. For the web browser, the DNS lookup occurs "behind the scenes" and requires no interaction from the user’s computer apart from the initial request.

There are 4 DNS servers involved in loading a webpage :

DNS recursor : The recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library. The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.

Root nameserver : The root server is the first step in translating (resolving) human readable host names into IP addresses. It can be thought of like an index in a library that points to different racks of books - typically it serves as a reference to other more specific locations.

TLD nameserver : The top level domain server (TLD) can be thought of as a specific rack of books in a library. This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In example.com, the TLD server is “com”).

Authoritative nameserver : This final nameserver can be thought of as a dictionary on a rack of books, in which a specific name can be translated into its definition. The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor (the librarian) that made the initial request.

44 .

What's the difference between an authoritative DNS server and a recursive DNS resolver?

Both concepts refer to servers (groups of servers) that are integral to the DNS infrastructure, but each performs a different role and lives in different locations inside the pipeline of a DNS query. One way to think about the difference is the recursive resolver is at the beginning of the DNS query and the authoritative nameserver is at the end.

Recursive DNS resolver : The recursive resolver is the computer that responds to a recursive request from a client and takes the time to track down the DNS record. It does this by making a series of requests until it reaches the authoritative DNS nameserver for the requested record (or times out or returns an error if no record is found). Luckily, recursive DNS resolvers do not always need to make multiple requests in order to track down the records needed to respond to a client; caching is a data persistence process that helps short-circuit the necessary requests by serving the requested resource record earlier in the DNS lookup.

Authoritative DNS server : Put simply, an authoritative DNS server is a server that actually holds, and is responsible for, DNS resource records. This is the server at the bottom of the DNS lookup chain that will respond with the queried resource record, ultimately allowing the web browser making the request to reach the IP address needed to access a website or other web resources. An authoritative nameserver can satisfy queries from its own data without needing to query another source, as it is the final source of truth for certain DNS records.

It’s worth mentioning that in instances where the query is for a subdomain such as foo.example.com or blog.cloudflare.com, an additional nameserver will be added to the sequence after the authoritative nameserver, which is responsible for storing the subdomain’s CNAME record.

There is a key difference between many DNS services and the one that Cloudflare provides. Different DNS recursive resolvers such as Google DNS, OpenDNS, and providers like Comcast all maintain data center installations of DNS recursive resolvers. These resolvers allow for quick and easy queries through optimized clusters of DNS-optimized computer systems, but they are fundamentally different than the nameservers hosted by Cloudflare.

Cloudflare maintains infrastructure-level nameservers that are integral to the functioning of the Internet. One key example is the f-root server network which Cloudflare is partially responsible for hosting. The F-root is one of the root level DNS nameserver infrastructure components responsible for the billions of Internet requests per day. Our Anycast network puts us in a unique position to handle large volumes of DNS traffic without service interruption.

45 .

What are the steps in a DNS lookup?

For most situations, DNS is concerned with a domain name being translated into the appropriate IP address. To learn how this process works, it helps to follow the path of a DNS lookup as it travels from a web browser, through the DNS lookup process, and back again. Let's take a look at the steps.

Note: Often DNS lookup information will be cached either locally inside the querying computer or remotely in the DNS infrastructure. There are typically 8 steps in a DNS lookup. When DNS information is cached, steps are skipped from the DNS lookup process which makes it quicker. The example below outlines all 8 steps when nothing is cached.

The 8 steps in a DNS lookup :

1. A user types ‘example.com’ into a web browser and the query travels into the Internet and is received by a DNS recursive resolver.

2. The resolver then queries a DNS root nameserver (.).

3. The root server then responds to the resolver with the address of a Top Level Domain (TLD) DNS server (such as .com or .net), which stores the information for its domains. When searching for example.com, our request is pointed toward the .com TLD.

4. The resolver then makes a request to the .com TLD.

5. The TLD server then responds with the IP address of the domain’s nameserver, example.com.

6. Lastly, the recursive resolver sends a query to the domain’s nameserver.

7. The IP address for example.com is then returned to the resolver from the nameserver.

8. The DNS resolver then responds to the web browser with the IP address of the domain requested initially.

Once the 8 steps of the DNS lookup have returned the IP address for example.com, the browser is able to make the request for the web page :

9. The browser makes a HTTP request to the IP address.
10. The server at that IP returns the webpage to be rendered in the browser (step 10).

46 .

What is a DNS resolver?

The DNS resolver is the first stop in the DNS lookup, and it is responsible for dealing with the client that made the initial request. The resolver starts the sequence of queries that ultimately leads to a URL being translated into the necessary IP address.

Note : A typical uncached DNS lookup will involve both recursive and iterative queries.

It's important to differentiate between a recursive DNS query and a recursive DNS resolver. The query refers to the request made to a DNS resolver requiring the resolution of the query. A DNS recursive resolver is the computer that accepts a recursive query and processes the response by making the necessary requests.

DS Resolver

47 .

What is a response code? List them.

HTTP response codes indicate a server’s response when a client makes a request to the server. It shows whether an HTTP request is completed or not.

1xx : Informational : The request is received, and the process is continuing. Some example codes are:

* 100 (continue)

* 101 (switching protocol)

* 102 (processing)

* 103 (early hints)

2xx: Success : The action is received, understood, and accepted successfully. A few example codes for this are:

* 200 (OK)

* 202 (accepted)

* 205 (reset content)

* 208 (already reported)

3xx: Redirection : To complete the request, further action is required to take place. Example codes:

* 300 (multiple choice)

* 302 (found)

* 308 (permanent redirect)

4xx: Client Error : The request has incorrect syntax, or it is not fulfilled. Here are the example codes for this:

* 400 (bad request)

* 403 (forbidden)

404 (not found)

5xx: Server Error : The server fails to complete a valid request. Example codes for this are:

* 500 (internal server error)

* 502 (bad gateway)

* 511 (network authentication required)

48 .

What are the Common Cyberattacks?

Here is a list of common cyberattacks aimed at inflicting damage to a system.

Man in the Middle attack : The attacker puts himself in the communication between the sender and the receiver. This is done to eavesdrop and impersonate to steal data.

Phishing : Here, the attacker will act as a trusted entity to perform malicious activities such as getting usernames, passwords, and credit card numbers.

Rogue Software : It is a fraudulent attack where the attacker fakes a virus on the target device and offers an anti-virus tool to remove the malware. This is done to install malicious software into the system.

Malware : Malware is software that is designed to attack the target system. The software can be a virus, worm, ransomware, spyware, and so on.

Drive-by Downloads : The hacker takes advantage of the lack of updates on the OS, app, or browser, which automatically downloads malicious code to the system.

DDoS : This is done to overwhelm the target network with massive traffic, making it impossible for the website or the service to be operable.

Malvertising : Malvertising refers to the injections of maleficent code to legitimate advertising networks, which redirect users to unintended websites.

Password Attacks : As the name suggests, here, the cyber hacker cracks credentials like passwords.

49 .

What is the difference between vulnerability assessment (VA) and penetration testing (PT)?

Vulnerability Assessment (VA)	Penetration Testing (PT)
Identifies the vulnerabilities in a network	Identifies vulnerabilities to exploit them to penetrate the system
Tells how susceptible the network is	Tells whether the detected vulnerability is genuine
Conducted at regular intervals when there is a change in the system or network	Conducted annually when there are significant changes introduced into the system

50 .

What is SSL encryption?

Secure Socket Layer is a security protocol that is used for the purpose of encryption. It ensures privacy, data integrity, and authentication in the network like online transactions.

The following are the steps for setting up an SSL encryption :

* A browser connects to an SSL-secured web server.

* The browser requests the server’s public key in exchange for its own private key.

* If it is trustworthy, the browser requests to establish an encrypted connection with the web server.

* The web server sends the acknowledgment to start an SSL encrypted connection.

* SSL communication starts to take place between the browser and the web server.

51 .

Explain the MITM attack. How to prevent it?

In the Man-in-the-Middle attack, the hacker eavesdrops on the communication between two parties. The individual then impersonates another person and makes the data transmission look normal for the other parties. The intent is to alter the data, steal personal information, or get login credentials for sabotaging communication.

These are a few ways to prevent a MITM attack :

* Public key pair based authentication

* Virtual private network

* Strong router login credentials

* Implement a well-built Intrusion Detection Systems (IDS) like firewalls.

* Strong WEP/WPA encryption on access points

52 .

What are the advantages of distributed processing?

Distributed processing describes various computer systems that use more than one processor to run an application. Multiple computers across different locations share the same processor. The advantages of distributed processing are :

Data Recovery : When one computer loses data, another interconnected computer can recover this loss of data.

Reliability : Any glitch in one machine does not affect the processing since it will use several other machines.

Lower Cost : Several cost-effective minicomputers are used instead of using costlier mainframe machines.

Easy to expand : Depending on the data processing amount, we can attach additional computers to the network.

53 .

What is TCP/ IP?

Transmission Control Protocol (TCP) is a set of communication protocols used to interconnect network devices on the internet. It defines how data should be transmitted over the internet by providing end-to-end communication.

Internet Protocol (IP) is all about routing every individual packet to ensure it reaches its destination. The TCP/IP model is a compressed version of the OSI model. It consists of four layers; they are :

* Application Layer

* Transport Layer

* Internet Layer

* Network Access Layer

54 .

What do you mean by ipconfig and ifconfig?

ipconfig	ifconfig
ipconfig (Internet Protocol Configuration) is a command used on Microsoft Windows to view and configure the network interface.	ifconfig (Interface Configuration) command is used on Linux, Mac, and UNIX operating systems.
This is a useful command for displaying all the TCP/IP network summary information currently available on a network. Additionally, it also helps in modifying the DHCP protocol and the DNS setting.	This command is used to configure and control the TCP/IP network interface parameters from the Command Line Interface. It also allows you to view the IP addresses of these network interfaces.

55 .

What is the difference between Domain and Workgroup?

Domain	Workgroup
A domain is a centralized network model.	A workgroup is a decentralized network model.
Here, one administrator manages the domain and its resources.	Here, every user manages the resources individually on their PCs.
It is good for large networks.	It is good for small networks.
Here, the computer can be connected to any network.	All the computers here should be connected to the same LAN.

56 .

What is the difference between the Host Intrusion Detection System (HIDS) and Network Intrusion Detection System (NIDS)?

As we know, HIDS and NIDS are both Intrusion Detection Systems and work for the same purpose, i.e., to detect intrusions.

Difference between HIDS and NIDS :

Host Intrusion Detection System (HIDS)	Network Intrusion Detection System (NIDS)
HIDS is set up on a particular host/device and monitors the traffic of a particular device and suspicious system activities.	On the other hand, NIDS is set up on a network and is used to monitor the traffic of all network devices.
HIDS is used to detect intrusions.	NIDS is used for the network to monitor the traffic of all devices.

57 .

What is Patch management in Cyber security? How often should we perform Patch management?

In Cyber security, patch management is a process to keep the software on computers and network devices up to date and make them capable of resisting low-level cyber attacks. It is used in any software which is prone to technical vulnerabilities.

We should perform patch management as soon as it is released. For example, when a patch is released for Windows, it should be applied to all machines as soon as possible. Same in network devices, we should apply patch management as soon as it is released. We should follow proper patch management for better security.

58 .

Which are the best Patch management tools or software? Why are they used?

Patch management tools or software are used to ensure that the components of a company's software and IT infrastructure are up to date. The patch management tools work by tracking updates of various software and middleware solutions, and then they alert users to make necessary updates or execute updates automatically.

Following is a list of the top 10 best patch management software or tools :

* Atera

* NinjaRMM

* Acronis Cyber Protect Cloud

* Acronis Cyber Protect

* PDQ Deploy

* ManageEngine Patch Manager Plus

* Microsoft System Center

* Automox

* SmartDeploy

* SolarWinds Patch Manager

59 .

What do you understand by honeypots?

Honeypots are the possible attack targets set up to see how different attackers attempt to exploit a network. Private firms and governments use this concept to evaluate their vulnerabilities, widely used in academic settings.

60 .

What are the different types of XSS attacks in Cyber Security?

There are three types of XSS attacks :

(i) Non-Persistent XSS attack – Here the data injected by the attacker is reflected in the response and has a link with the XSS vector

(ii) Persistent XSS attack – The most harmful type of attack, where the script executes automatically the moment a user opens the page

(iii) Document Object Model (DOM)-based XSS attack – An advanced type of XSS attack which happens when a web application writes data to the DOM without any sanitization

61 .

Can you explain the ways to prevent an XSS attack?

Yes, we can prevent XSS attacks through three ways :

(i) Escaping : It is the process of stripping out unwanted data to secure the output.

(ii) Validating Input : This step ensures that the application is interpreting correct data while preventing any malicious data from entering.

(iii) Sanitizing : This process involves cleaning or filtering your input data. It also changes unacceptable user input to an acceptable format.

62 .

What is the difference between stored XSS and reflected XSS?

Difference between stored XSS attacks and reflected XSS attacks :

Stored XSS Attacks	Reflected XSS Attacks
The attacks where the injected scripts are permanently stored on the target servers are called stored XSS attacks.	The attacks where the user has to send the request first, then start running on the victim's browser, are called reflected XSS attacks.
In stored XSS attacks, the victim retrieves the server's malicious script when requesting the stored information.	The reflected XSS attacks reflect results from the browser to the user who sent the request.

63 .

What is a three-way handshake process?

A three-way handshake process is used in TCP (Transmission Control Protocol) network for the transmission of data in a reliable way between the host and the client.

It’s called a three-way handshake because three segments are exchanged between the server and the client.

SYN : The client wants to establish a connection with the server, and sends a segment with SYN(Synchronize Sequence Number) to the server if the server is up and has open ports.

SYN + ACK : The server responds to the client request with SYN-ACK signal bits set if it has open ports.

ACK : The client acknowledges the response of a server and sends an ACK(Acknowledgment) packet back to the server.

64 .

How to prevent CSRF attacks?

CSRF is referred to as Cross-site Request Forgery, where an attacker tricks a victim into performing actions on their behalf.

CSRF attacks can be prevented by using the following ways :

* Employing the latest antivirus software which helps in blocking malicious scripts.

* While authenticating to your banking site or performing any financial transactions on any other website do not browse other sites or open any emails, which helps in executing malicious scripts while being authenticated to a financial site.

* Never save your login/password within your browser for financial transactions.

* Disable scripting in your browser.

65 .

Which is more secure SSL or HTTPS?

* SSL (Secure Sockets Layer) is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security.

* HTTPS (Hypertext Transfer Protocol Secure) is a combination of HTTP and SSL to provide a safer browsing experience with encryption.

* In terms of security, SSL is more secure than HTTPS.

66 .

What is cognitive security?

Cognitive security is one of the applications of AI technologies that is used explicitly for identifying threats and protecting physical and digital systems based on human understanding processes.

Self-learning security systems use pattern recognition, natural language processing, and data mining to mimic the human brain.

67 .

What is SQL injection and how it can be prevented?

SQL Injection (SQLi) is a type of code injection attack where it manages to execute malicious SQL statements to control a database server behind a web application. Attackers mostly use this to avoid application security measures and thereby access, modify, and delete unauthorized data.

The following ways will help you to mitigate or prevent SQL injection attacks :

* Include Prepared Statements (with Parameterized Queries)

* Use Stored Procedures

* Validate user input

* Hide data from the error message

* Update your system

* Store database credentials separate and encrypted

* Disable shell and any other functionalities you don’t need

68 .

What is a DDOS attack and how to stop and prevent them?

A DDOS (distributed denial-of-service ) is a malicious attempt of disrupting regular traffic of a network by flooding with a large number of requests and making the server unavailable to the appropriate requests. The requests come from several unauthorized sources and hence called distributed denial of service attacks.

The following methods will help you to stop and prevent DDOS attacks :

* Build a denial of service response plan

* Protect your network infrastructure

* Employ basic network security

* Maintain strong network architecture

* Understand the Warning Signs

* Consider DDoS as a service

69 .

what is the difference between the Red Team and the Blue team?

* The red team and blue team refer to cyberwarfare. Many organizations split the security team into two groups as red team and blue team.

* The red team refers to an attacker who exploits weaknesses in an organization's security.

* The blue team refers to a defender who identifies and patches vulnerabilities into successful breaches.

70 .

How to reset or remove the BIOS password?

There are many ways to reset or remove the BIOS password :

* By removing the CMOS battery

* By using software

* By using the MS-DOS command

* By using motherboard jumper

* By using Backdoor BIOS password

71 .

What is Remote Desktop Protocol (RDP)?

* RDP (Remote Desktop Protocol) is a Microsoft protocol specifically designed for application data transfer security and encryption between client devices, users, and a virtual network server.

* It allows administrators to remotely evaluate and resolve issues individual subscribers encounter.

* It supports up to 64,000 separate data channels with a provision for multipoint transmission.

72 .

What do you mean by Network Sniffing?

Sniffing is a technique for evaluating data packets delivered across a network. This can be accomplished through the use of specialized software or hardware. Sniffing can be used for a variety of purposes, including:

* Capture confidential information, such as a password.

* Listen in on chat messaging

* Over a network, keep an eye on a data package.

73 .

Differentiate between Black Box Testing and White Box Testing.

Black Box Testing	White Box Testing
It's a type of software testing in which the program's or software's internal structure is concealed.	It is a method of software testing in which the tester is familiar with the software's internal structure or code.
It is not necessary to have any prior experience with implementation.	It is not necessary to have prior experience with implementation.
On the basis of the requirement specifications paper, this testing can begin.	This form of software testing begins once the detailed design document has been completed.
It takes the least amount of time.	It takes the most amount of time.
It is the software's behavior testing.	It is the software's logic testing.
It is relevant to higher levels of software testing.	It is relevant to lower levels of software testing.

74 .

Differentiate between Stream Cipher and Block Cipher.

The major distinction between a block cypher and a stream cypher is that a block cypher turns plain text into ciphertext one block at a time. Stream cypher, on the other hand, converts plain text into ciphertext by taking one byte of plain text at a time.

Block Cipher	Stream Cipher
By converting plaintext into ciphertext one block at a time, Block Cipher converts plain text into ciphertext.	Stream Cipher takes one byte of plain text at a time and converts it to ciphertext.
Either 64 bits or more than 64 bits are used in block ciphers.	8 bits are used in stream ciphers.
The ECB (Electronic Code Book) and CBC (Common Block Cipher) algorithm modes are utilized in block cipher (Cipher Block Chaining).	CFB (Cipher Feedback) and OFB (Output Feedback) are the two algorithm types utilized in stream cipher (Output Feedback).
The Caesar cipher, polygram substitution cipher, and other transposition algorithms are used in the block cipher.	Stream cipher uses substitution techniques such as the rail-fence technique, columnar transposition technique, and others.
When compared to stream cipher, a block cipher is slower.	When compared to a block cipher, a stream cipher is slower.

75 .

What is the difference between virus and worm?

A virus is a piece of harmful executable code that is attached to another executable file and can modify or erase data. When a virus-infected computer application executes, it takes action such as removing a file from the computer system. Viruses can't be managed from afar.

Worms are comparable to viruses in that they do not alter the program. It continues to multiply itself, causing the computer system to slow down. Worms can be manipulated with remote control. Worms' primary goal is to consume system resources.

76 .

What are Polymorphic viruses?

Polymorphic viruses are sophisticated file infectors that may build changed versions of themselves in order to avoid detection while maintaining the same fundamental behaviors after each infection. Polymorphic viruses encrypt their programming and employ various encryption keys each time to alter their physical file makeup throughout each infection.

Mutation engines are used by polymorphic viruses to change their decryption routines every time they infect a machine. Because typical security solutions do not use a static, unchanging code, traditional security solutions may miss them. They are considerably more difficult to detect because they use complicated mutation engines that generate billions of decryption routines.

77 .

What is an ARP and how does it work?

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.

When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address.

The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the machine.

If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it.

78 .

What is the difference between VPN and VLAN?

VPN	VLAN
Helps to group workstations that are not within the same locations into the same broadcast domain	Related to remote access to the network of a company
Means to logically segregate networks without physically segregating them with various switches	Used to connect two points in a secured and encrypted tunnel
Saves the data from prying eyes while in transit and no one on the net can capture the packets and read the data	Does not involve any encryption technique but it is only used to slice up your logical network into different sections for the purpose of management and security

79 .

What is data protection in transit vs data protection at rest?

Data Protection in Transit	Data Protection at Rest
Data is transmitted across devices or networks	Data is stored in databases, local hard drives, or USBs
Protects the data in transit with SSL and TLS	Protects the data at rest with firewalls, antiviruses, and good security practices
You must protect the data in transit since it can become vulnerable to MITM attacks, eavesdropping, etc.	You should protect the data at rest to avoid possible data breaches even when stolen or downloaded

80 .

Which methods are used in preventing a brute force login attack?

The following methods are used in preventing a brute force login attack :

Strong password policy and frequent password changes.

Account lockout policy : account is locked after a set number of failed login attempts. It is locked until the administrator unlocks it.

Use of Captcha : the user is asked to manually input some text or solve a simple problem.

Progressive delays : account is locked for a certain period after three failed login attempts.

Limit logins to a specified IP address or range : if you allow access only from a designated IP address or range, it will be difficult for brute force attackers to gain access.

Two-factor authentication (2FA) : it reduces the risk of a potential data breach.

Monitor your server logs : ensure that you analyze your log files diligently.

81 .

What are the different types of authentication?

Authentication is a method to verify the credentials of users that request access to a system, network, or device. The different types of authentication are :

Single-factor authentication : it is the simplest and most common way of authentication. This method requires only one verification method, such as a password or a security pin, to grant access to a system.

Two-factor authentication (2FA) : it requires a second factor to verify a user’s identity. In this method, you will have to enter the username, password, and OTP or PIN for verification.

Multi-factor authentication (MFA) : it needs two or more independent ways to identify a user, such as codes generated from the user’s smartphone, Captcha tests, fingerprints, or facial recognition.

Bio-metric authentication (BFA) : it requires the username, password, and biometric verification, such as voice identification, fingerprint, eye, or face scan.

82 .

What do you know about Cyber Espionage?

Cyber espionage is the process of gaining unauthorized network or system access to obtain sensitive business documents. It uses malicious practices to access confidential/sensitive information of the company or government agency without the permission and knowledge of the holder. The objective of Cyber Espionage is to damage or misuse the compromised data.

83 .

What are Meltdown and Spectre bugs?

Meltdown and Spectre are processor bugs that exploit critical vulnerabilities in modern processors. They enable hackers to steal the currently processed data and store it in the cache on the computer. Meltdown and Spectre, thus access the data stored in the memory of other running programs. It may include the passwords stored in the browser, emails, instant messages, and confidential business documents.

84 .

How to safeguard the IoT devices from cyberattacks?

The following security capabilities can safeguard IoT devices against cyberattacks by making them more secure:

Secure boot : use of cryptographic code signing techniques.

Secure communication : it involves the use of security protocols like TLS, DTLS, and IPSec.

Secure firmware update : it ensures that the device firmware is updated only with firmware from the device OEM or other trusted party.

Data protection : encryption of all sensitive data stored on the IoT device.

Authentication : it verifies the credentials of users that request access to the device.

85 .

What is an SSH?

The full form of SSH is Secure Socket Shell or Secure Shell. SSH is a utility suite that gives a secure way to system administrators to access the data on a network.