“Cyber Crime is the Greatest Threat to Every Company in the World” - Ginni Rometty (former CEO of IBM)
The increasing dependence on the technological sphere has had its own share of advantages and disadvantages. While these tech devices have become indispensable for the functioning of modern society; they have also become exceedingly vulnerable to Cyber attacks and threats.
While this is certainly not good news; on the flip side, it also means that Cyber Security as an important career option is here to stay. However, it is one thing to develop the skills of a Cyber Security expert and another to ace a Cyber Security Interview. The latter requires you to have a strong grasp over some of the most important Cyber Security Interview Questions.
➡This blog will provide you with a list of top 40 Cyber Security Job Interview Questions, along with their answers, which will help you focus on the most relevant topics. The Cyber Security Questions mentioned in this blog, have been carefully curated in terms of looking at the domain from the diverse aspects of networking, operating systems, software and programming, Cyber attacks and so on.
Cyber Security Questions: Basic Level
1. What are the different elements of Cyber Security?
The elements of Cyber Security refer to the different dimensions or types of Cyber Security. These are:
- Network security: It seeks to protect data which travels across devices in the network in order to make sure that it is not intercepted or changed.
- Information security: It provides protection to digital as well as physical data, safeguarding it against disruption, unauthorized access, destruction, disclosure and so on.
- Application Security: It refers to the process of evolving, testing and adding security features within applications in order to protect it from different kinds of Cyber Security threats.
- Operational Security: it refers to a specific dimension of risk management which prevent accessibility to sensitive and critical data, by cyber criminals, thereby ensuring data protection.
- Cloud Security: It refers to the entire collection of policies, technologies and services which ensures protection for cloud application, infrastructure and data from Cyber attacks.
- Disaster recovery and business continuity: The two ideas operate as a dyad wherein business continuity focuses on keeping the enterprise operational in the face of a cyber attack; while disaster recovery would deal with the steps taken by the enterprise to ensure restoration of data access.
2. What is Cryptography?
This happens to be one of the most common Interview Questions for Cyber Security. Cryptography is essentially the practice of securing communication and information from being accessible to third parties who are referred to as adversaries.
These third parties are not the ones for whom the data is intended for and hence cryptography ensures that only the sender and the recipient of the message will be able to read it. It entails the conversion of data from a readable format to a non-readable format and vice-versa.
3. Differentiate between Threat, Risk and Vulnerabilities
On the face of it, the three terms might seem to have similar connotations. However, this happens to be one of the classic Cyber Security Technical Interview Questions and you as an aspiring candidate should be able to draw a line between the three.
- Threat: This refers to any form of potential harm or hazard which can steal or destroy data, cause problems for the organization’s assets or disrupt operations. A threat can be intentional or accidental and a threat actor can be an individual or group. Example: Data Breaches, Malware, Phishing and so on.
- Vulnerabilities: This is essentially a weakness or a flaw in the system (hardware, personnel, software) which can be exploited by a threat in order to attain its objectives. Example: Networking equipment exposed to the public is a form of physical vulnerability.
- Risk: It is the probability or the likelihood of a threat actor to exploit a vulnerability in order to harm a system. It is calculated by the given formula:
Risk = Threat Probability * Impact of Vulnerability
4. What is a firewall? What are its types?
A firewall operates as an obstacle between the Internet and a LAN (internal network and incoming traffic from external sources). It operates on the boundaries of a network, supervising network traffic and thereby blocking malicious traffic in the form of malware, viruses, worms and so on. It helps in managing inbound and outbound network traffic.
There are three common types of firewalls:
- Proxy Firewalls: Network traffic is filtered at the Application level
- Packet-filtering Firewalls: Packets are analyzed and are permitted to pass through a firewall only when they match an established security rule-set
- Stateful Multilayer Inspection (SMLI) Firewall: Packets are filtered at the Transport, Application and Network layers. Comparison is made with known trusted packets
The idea of a Firewall is often confused with that of Antivirus. To know more about the difference between the two; check out our blog on “Difference between Firewall and Antivirus”
5. How can a firewall be set up?
The steps are:
- Username/Password: The default password of a firewall device should be altered
- Remote Administration: This feature should be disabled
- Port Forward: Appropriate ports should be configured in order to ensure seamless execution of certain applications
- DHCP Server: The DHCP Server should be disabled when the firewall is being installed in order to avoid any conflict
- Logging: Logging should be enabled and it is important to understand how to view logs in order to troubleshoot potential attacks and firewall issues
- Policies: Robust security policies should be configured with the firewall
6. What is a traceroute?
Traceroute works as a network diagnostic tool which helps in identifying the path taken by a packet. By way of listing all the points which a packet passes through, a traceroute helps in tracking the route that a packet takes when it is sent across an IP network.
Thus, it shows the IP addresses of all the routers which it pinged in its journey between the source and the destination. Traceroute helps in identifying the points of failure and the point at which connection breaks or stops.
7. What is a three-way handshake?
It is one of the methods used within a TCP/IP network when a connection is sought to be made between a local host and the server. It is referred to as a three-way handshake because it is essentially a three-step process for the negotiation of acknowledgement and synchronization of packets between the client and the server before the communication begins.
The three steps:
- The connection is made when the server receives the SYN (Synchronize) Packet from the client
- The server responds to the request by the client by sending the SYN+ACK Packet
- The response of the server is in turn acknowledged by the client with the ACK (Acknowledgement) Packet
8. Explain the difference between Hashing and Encryption
Hashing helps in transforming data into a smaller fixed value which is referred to as the key and which represents the original data. Encryption, on the other hand, is the strategy of encoding data in a way that only the authorized user with the password or the key will be able to access the original data.
The hash key or the code cannot be reverted to the original information. It can be mapped and compared with another hash code, but it cannot be used to get the original data. Encrypted data can be converted back to original data through the process of decryption.
The objective of hashing is to retrieve and index data from a database. It helps in data verification. The objective of encryption is to transform data into forms which keeps it hidden. Thus, it helps in secured transmission of data.
9. Differentiate between Vulnerability Assessment and Penetration Testing
Vulnerability Assessment is the process of identifying, defining and prioritizing flaws in computer networks, systems, applications and infrastructure. By way of telling how susceptible a network is to a potential attack, VA helps in providing the necessary information to the organization for rectifying the vulnerabilities.
Penetration Testing is also known as pen-testing or ethical hacking. In this case, the organization would have already taken all possible steps for preventing the system from being hacked. However, in order to be doubly assured, they try to intentionally find vulnerabilities which could potentially be hacked and thus prevent attackers from exploiting them.
10. What is the CIA Triad?
It is essentially a security model which forms the basis of Information Security. It includes the three notions of Confidentiality, Integrity and Availability.
- Confidentiality: Prevention of unauthorized access to sensitive information
- Integrity: Protection of modification or deletion of data by unintended person
- Availability: Ensure the availability of data as and when needed
11. What is a Response Code?
Whenever a request is made by a client to the server, the server responds with HTTP response codes. These codes are indicative of whether the HTTP response has been completed or not.
- 1xx: Informational: The request is received and the process continues.
- 2xx: Success: The action is received, understood and accepted successfully.
- 3xx: Redirection: In order to complete the action, it is necessary to take further action.
- 4xx: Client Error: The request is not fulfilled or has incorrect syntax.
- 5xx: Server Error: The server fails to complete a valid request.
12. What is DNS and VPN?
DNS is the abbreviated version of Domain Name System. It helps in mapping the domain name into its corresponding IP address.
One of the most common Cyber Security Questions, VPN stands for Virtual Private Network. It helps in creating an encrypted and safe connection by providing online privacy and anonymity from a public internet connection. Thus, for you as a user, VPN can safeguard your online activities like online shopping, paying bills and so on. VPN operates on the foundation of encrypted data transfer.
13. What are the common forms of Cyber Attacks?
This happens to be one of the classic Cyber Security Interview Questions. Some of the common forms of Cyber attacks are:
- Phishing: Users are sent messages, links and email disguised from sources which the victims have reason to trust. Users are duped into clicking these links which grants access to information to the hackers.
- SQL Injection: The hacker might send a query which gains entry into the database of the user’s webpage through the SQL injection.
- Ransomware: Users are denied access to their own files and access to data is sought to be made available through the payment of a specific amount demanded as ransom. ‘
- Man-In-The-Middle Attack: It occurs when criminals position themselves between the server and client and are able to indulge in malicious activities by secretly being a part of a critical conversation.
- Distributed Denial of Service (DOS): It occurs when a system or network is overwhelmed by unwanted traffic, resulting in the inability to respond to requests.
- Cross-site Scripting (XSS): A cybercriminal might send a suspicious code to an otherwise normal website. If the website allows the code to get attached to its own, it bundles the two scripts before it is send to the user. When the script executes, the hacker would receive a cookie which might help in collecting critical information.
14. What is port scanning?
Port Scanning is a strategy for identifying ports which are closed or open on a network. Both hackers as well as administrators use port scanning. The former use it in order to detect the weak points which could be exploited for getting into a system. The latter use it in order to test the strength of firewall and network security.
Some of the common port scanning techniques are:
- Ping Scan
- Stealth Scanning
- TCP Connect
- TCP Half-Open
15. What is Data Leakage?
Data leakage implies the intentional or unintentional transmission of data from an internal source to an external destination which is unauthorized. It usually entails the disclosure of confidential information and the mode of transmission can be physical, electronic, email, web, storage devices and so on.
Data Leakage types:
- Accidental Data Leakage: Data is sent to an unauthorized entity accidentally and unintentionally
- Intentional Leakage/Malicious Insiders: An unauthorized entity receives data from an internal authorized entity who sends it intentionally
- Hacking of the System: When the system is hacked by hackers, it might result in data breach