Cyber-Security Interview Questions

Cyberattacks are malicious attempts to damage, disrupt, or gain unauthorized access to computer systems and data. Below are some of the most common types:

• Phishing: Fraudulent emails or messages are sent by attackers pretending to be from trusted sources to steal sensitive information like usernames, passwords, and credit card details.
• Social Engineering Attacks: These involve manipulating people into revealing confidential information. It can happen through phone calls, impersonation, or phishing emails.
• Ransomware: Malicious software that encrypts files and demands payment (ransom) for decryption. It uses complex cryptographic algorithms to lock user data.
• Cryptocurrency Hijacking (Cryptojacking): Attackers use victims' computing power to mine cryptocurrencies without consent, slowing down systems and consuming resources.
• Botnet Attacks: A network of infected devices (bots) is remotely controlled by hackers to launch large-scale attacks, such as DDoS (Distributed Denial of Service), to overwhelm servers or steal data.

Cybersecurity involves a combination of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. The major elements of cybersecurity are:

• Application Security: Incorporates security measures at the development stage of applications to prevent threats like unauthorized access, malware, and data leaks.
• Information Security: Ensures the protection of data from unauthorized access and tampering, whether the data is in transit, at rest, or in use.
• Network Security: Involves safeguarding internal networks from intrusions by securing both the software and hardware technologies and monitoring for potential threats.
• Disaster Recovery Planning: A strategy that ensures business continuity by enabling systems and data recovery after a security incident or other disaster.
• Operational Security (OPSEC): A process to protect critical information by viewing systems from the perspective of a potential attacker and plugging vulnerabilities.
• End User Education: Training individuals on safe computing practices, such as recognizing phishing attempts or using strong passwords, as human error is often the weakest link in cybersecurity.

Below are the definitions of commonly encountered malicious software in cybersecurity:

• Virus: A type of malicious program that attaches itself to legitimate files or programs and spreads to other files or systems. It often replicates and causes harm by corrupting or deleting data.
• Malware: Short for 'malicious software,' it is a broad term used to refer to any software intentionally designed to cause damage to a computer, server, client, or network. This includes viruses, worms, trojans, ransomware, spyware, etc.
• Ransomware: A form of malware that encrypts the victim's files or locks them out of their system and demands a ransom payment in exchange for restoring access or decrypting the data.

A Null Session refers to a network connection to a Windows-based system that does not use any username or password for authentication.

These sessions can be exploited to access certain system resources, such as:

• Enumerating usernames
• Accessing shared folders
• Gathering information about user accounts, groups, and services

Because they allow unauthenticated access, null sessions pose a significant security risk and should be disabled or restricted on secure systems.

DNS (Domain Name System) is a hierarchical system that translates human-readable domain names (like www.example.com) into machine-readable IP addresses (like 192.0.2.1), allowing browsers and devices to locate and load web resources on the Internet.

Every device on the internet has a unique IP address, and DNS acts like the phonebook of the internet by mapping domain names to those IP addresses.

A firewall is a network security system, either hardware-based, software-based, or a combination of both, designed to monitor and control incoming and outgoing network traffic based on predetermined security rules.

It acts as a barrier between a trusted internal network and untrusted external networks (like the internet), allowing or blocking traffic depending on security settings.

A VPN (Virtual Private Network) is a technology that establishes a secure and encrypted connection over a public network like the Internet. It allows users to securely access a private network and share data remotely through public networks.

VPNs protect your online identity by masking your IP address and encrypting all data transmitted between your device and the VPN server.

Active Cyber Attack: An active attack is when the attacker modifies or attempts to modify the content of a message. These attacks threaten integrity and availability, can corrupt the system, and modify system resources. The victim is usually notified of the attack.

Passive Cyber Attack: A passive attack is when the attacker observes or copies the content of a message without altering it. These attacks threaten confidentiality and do not damage the system. The victim is not notified of the attack.

White Hat Hacker: A certified hacker who works for governments or organizations to conduct penetration tests and identify cybersecurity gaps, providing protection against malicious cybercrime.

Black Hat Hacker: Often called crackers, these hackers gain unauthorized access to systems to destroy or steal data. They use common hacking techniques for malicious purposes and are considered criminals.

Plaintext: Data that is not encrypted at all and can be read directly without decryption.

Cleartext: Data sent or stored without encryption and not intended to be encrypted. Both plaintext and cleartext are readable without any decryption process.

A block cipher converts plaintext into ciphertext one block at a time, typically using blocks of 64 bits or larger. Common modes include ECB (Electronic Codebook) and CBC (Cipher Block Chaining).

The CIA Triad is a foundational model for information security policy. It stands for:

• Confidentiality
• Integrity
• Availability

TCP uses a three-way handshake to establish reliable, full-duplex connections with synchronization (SYN) and acknowledgment (ACK) on both sides:

1. SYN
2. SYN + ACK
3. ACK

A hash function maps a numerical or alphanumeric key to a small integer used as an index in a hash table. Common hashing methods include:

• Division Method
• Mid Square Method
• Folding Method
• Multiplication Method

Firewalls act as protective barriers that monitor and filter both inbound and outbound network traffic based on defined security rules. They help prevent unauthorized access and block malicious data from entering or leaving a network.

A Distributed Denial of Service (DDoS) attack overwhelms a target server or network with excessive traffic from multiple sources, rendering it inaccessible to legitimate users.

PKI is a system of cryptographic techniques that enables secure communication over insecure networks. It uses a pair of public and private keys for encryption, decryption, and digital signatures, with Certificate Authorities (CAs) validating public key authenticity.

A rootkit is malicious software that grants attackers unauthorized access to a system. Detection methods include using specialized anti-rootkit tools and monitoring for unusual or suspicious system behavior.

Cross-Site Scripting (XSS): Involves injecting malicious scripts into web applications, potentially compromising user data.

SQL Injection: Exploits vulnerabilities in SQL queries to manipulate a database. Both are critical web application vulnerabilities.

Endpoint security involves securing individual devices (endpoints) such as computers and mobile devices using antivirus software, anti-malware tools, and intrusion detection systems.

A SOC is a centralized team responsible for continuously monitoring, detecting, and responding to security incidents in real-time.

The common types of cybersecurity attacks include:

• Malware
• Cross-Site Scripting (XSS)
• Denial-of-Service (DoS)
• Domain Name System Attack
• Man-in-the-Middle Attacks
• SQL Injection Attack
• Phishing
• Session Hijacking
• Brute Force

A Man-in-the-Middle (MITM) attack is a type of eavesdropping cyber threat where an attacker secretly intercepts and possibly alters communication between two parties. The attacker impersonates both participants, allowing access to sensitive information and the ability to manipulate the conversation.

Example: On an unprotected Wi-Fi network, a cybercriminal may intercept data passing between the target device and the network to steal personal or corporate information.

SSL (Secure Sockets Layer): A security protocol that allows secure communication between two or more parties over the internet. It works at the Presentation layer and sits on top of HTTP to provide encryption.

HTTPS (Hypertext Transfer Protocol Secure): A combination of HTTP and SSL that ensures secure communication. It operates across multiple layers of the OSI model — Application, Presentation, Session, and Transport layers — to provide a more secure browsing experience.