Rohit Kharat
Cyber Security Expert, Trainer and Consultant
General Cyber security Interview Questions

  1. What are the key differences between Symmetric and Asymmetric
    encryption?

  1. What do you mean by Cyber security?
    Cyber security is the combination of best processes and practices to ensure the security
    of networks, computers, programs, data and information from attack, damage or
    unauthorized access.
  2. What is the least that you should have on your home network?
    A home network is a testing environment for experimentation. You can have an Active
    Directory Domain Controller, a dedicated firewall appliance, and net-attached toaster.
    This is the least that you can have on your computer.
  3. What is Encryption? Why is it important?
    Encryption is a process of converting data into an unreadable form to prevent
    unauthorized access and thus ensuring data protection.
    Encryption is important because it is the most effective way to ensure data
    security. Businesses, corporates, and governments use it to guard against identity theft.

Rohit Kharat
Cyber Security Expert, Trainer and Consultant

  1. What is a CIA triad?
    CIA provides a standard for evaluating and implementing information security –
    irrespective of the system and/or organization in

question.
Confidentiality: Data is accessible only to its concerned audience
Integrity: Ensuring that data is kept intact without meddling in the middle
Availability: Data and computers are available to authorized parties, as needed

  1. What do you understand by Risk, Vulnerability & Threat in a network?
    Threat: Someone with the potential to harm a system or an organization
    Vulnerability: Weakness in a system that can be exploited by a potential hacker
    Risk: Potential for loss or damage when threat exploits a vulnerability
  2. How do you report a risk?
    Risk needs to be assessed before it can actually be reported. There are two ways to
    analyze risk: it can either be qualitative or quantitative. This approach goes well for both
    technical and business people. The business guys would check for the probable loss in
    numbers while the technical people will monitor and assess the impact and frequency.
    Depending on the audience, the risk can be reported.
  3. How do you differentiate between IPS and IDS system?
    IDS: Intrusion Detection System
    IPS: Intrusion Prevention System
    IDS just detect the intrusion and leaves the rest to the administrator for assessment and
    evaluation. Whereas, IPS detects the intrusion and takes necessary action to further
    prevent intrusion.
    Also, there is a difference in the positioning of these devices in the network. Although they
    work on the same concept, the placement is different.

Rohit Kharat
Cyber Security Expert, Trainer and Consultant

  1. What do you know about Cybersecurity Frameworks?
    Frameworks are voluntary guidance, based on existing guidelines and practices for
    organizations to better manage and reduce cybersecurity risk.
  2. What is weak information security?
    Information security policy is considered to be weak if it does not meet the criteria of an
    effective one. The criteria include distribution, review, comprehension, compliance, and
    uniform.
    Information security is weak if:
     The policy has not been made readily available for review by every employee
    within the organization
     The organization is unable to demonstrate that employees can review the policy
    document
     The organization is unable to demonstrate that employees understand the content
    of the policy document
  3. What are the steps to set up a firewall?
    Following are the steps to set up a firewall
  4. Username/password: modify the default password for a firewall device
  5. Remote administration: Disable the feature of the remote administration
  6. Port forwarding: Configure appropriate port forwarding for certain applications to
    work properly, such as web server or FTP server
  7. DHCP server: Installing a firewall on a network with an existing DHCP server will
    cause conflict unless the firewall’s DHCP is disabled
  8. Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is
    enabled and understand how to view logs
  9. Policies: You should have solid security policies in place and make sure that the
    firewall is configured to enforce those policies.
  10. Can you explain SSL encryption?
    SSL (Secure Socket Layer) enables safe conversation between two or more parties. It is
    designed to identify and verify the person you are talking to on the other end.
    HTTP combined with SSL provides you with a safer browsing experience with encryption.
    So, you can say it is a tricky question, but SSL wins in terms of security.

Rohit Kharat
Cyber Security Expert, Trainer and Consultant

  1. Explain SSL and TLS?
    SSL is meant to verify the sender’s identity but it doesn’t search for anything more than
    that. SSL can help you track the person you are talking to but that can also be tricked at
    times.
    TLS is also an identification tool just like SSL, but it offers better security features. It
    provides additional protection to the data and hence SSL and TLS are often used together
    for better protection.
  2. What are salted hashes?
    Salt is a random data. When a properly protected password system receives a new
    password, it creates a hash value of that password, a random salt value, and then the
    combined value is stored in its database. This helps to defend against dictionary attacks
    and known hash attacks.
    Example: If someone uses the same password on two different systems and they are
    being used using the same hashing algorithm, the hash value would be same, however,
    if even one of the system uses salt with the hashes, the value will be different.
  3. How could identity theft be prevented?
    Here’s what you can do to prevent identity theft:


o Ensure strong and unique password
o Avoid sharing confidential information online, especially on social media
o Shop from known and trusted websites
o Use the latest version of the browsers
o Install advanced malware and spyware tools
o Use specialized security solutions against financial data
o Always update your system and the software
o Protect your SSN (Social Security Number)

Rohit Kharat
Cyber Security Expert, Trainer and Consultant

  1. How can you prevent man in the middle (M.I.T.M) attack?
    Now to answer that question, allow me to first tell you what is MITM attack?
    A MITM attack happens when a communication between two parties (systems) is intruded
    or intercepted by an outside entity. This can happen in any form of online communication
    such as email, social media web surfing etc. Not only they are trying to eavesdrop on your
    private conversations, then they can also target all the information inside your devices
    and the outcome could be catastrophic.
    Now here are some methods to prevent such attack,
     The first method to prevent this attack would be an encryption (preferably public
    key encryption) between both the parties. This way, they both will have an idea
    with whom they are talking because of the digital verification.
     The second method is to avoid open Wi-Fi networks and if it is necessary then use
    plugins like HTTPS, Forced TLS etc.
  2. Explain encoding, hashing, and encryption?
    Encoding: Converts the data in the desired format required for exchange between
    different systems.
    Hashing: Maintains the integrity of a message or data. Any change done could be
    noticed.
    Encryption: Ensures that the data is secured and one needs a digital verification code or
    image to open or access it.
  3. What steps will you take to secure a server?
    Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and
    decryption to protect data from unauthorized interception.
    Here are four simple ways to secure server:
    Step 1: Make sure you have a secure password for your root and administrator users
    Step 2: The next thing you need to do is make new users on your system. These will be
    the users you use to manage the system
    Step 3: Remove remote access from the default root/administrator accounts
    Step 4: The next step is to configure your firewall rules for remote access

Rohit Kharat
Cyber Security Expert, Trainer and Consultant

  1. What is a DDoS attack? How is it mitigated?
    DDoS stands for distributed denial of service. So, when a network is flooded with a large
    number of requests which is not recognized to handle, making the server unavailable to
    the legitimate requests.
    For mitigating a DDoS attack you need to identify normal conditions for network traffics
    which is necessary for threat detection. DDoS mitigation also requires identifying
    incoming traffic to separate human traffic from human-like bots and hijacked web
    browsers.
  2. Why do you need DNS monitoring?
    The DNS allows your website under a certain domain that is easily recognizable and also
    keeps the information about other domain names. It works like a directory for everything
    on the internet. Thus, DNS monitoring is very important since you can easily visit a
    website without actually having to memorize their IP address.
  3. What is a three-way handshake?
    The three-way handshake is used by TCP to set up a TCP/IP connection over an internet
    protocol based network. It is also referred to as “SYN, SYN-ACK, ACK” because there
    are three messages transmitted by TCP to negotiate and start a TCP session between
    two computers.
  4. What are black hat, white hat and grey hat hackers?
    Black hat hackers are known for having vast knowledge about breaking into computer
    networks. They can write malware which can be used to gain access to these systems.
    White hat hackers use their powers for good deeds and so they are also called ethical
    hackers. These are mostly hired by companies as a security specialist that attempts to
    find and fix vulnerabilities and security holes in the systems.
    Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look
    for system vulnerabilities without the owner’s permission.

Rohit Kharat
Cyber Security Expert, Trainer and Consultant

  1. How often should you perform Patch management?
    Patch management should be done as soon as it is released. For windows, once the
    patch is released it should be applied to all machines, not later than one month. Same
    goes for network devices, patch it as soon as it is released. Proper patch management
    should be followed.
  2. Can you explain what is application security?
    Application security is the practice of improving the security of applications using
    software, hardware, and other methods.
    Countermeasures are taken to ensure application security, the most common being an
    application firewall, that limits the execution of files or the handling of data by specific
    installed programs.
  3. Differentiate between Vulnerability Assessment & Penetration testing.
  1. When to use tracert/traceroute?
    Traceroute shows you the path, a packet of information has gone through from your
    computer. It lists out all the routers that the packet passes through until reaches its
    destination, or fails to and is discarded. In addition to this, it will tell you how long each
    ‘hop’ from a router to router takes.

Rohit Kharat
Cyber Security Expert, Trainer and Consultant

  1. Tell me some common cyber-attacks.
    Following are some common cyber-attacks that could adversely affect your system.

  1. What are the different OSI layers? What is the job of Network layer?
    .

Q 31. What is data protection in transit vs data protection at rest?

Q 32. Tell me the difference between Cybersecurity and Network Security?
Cybersecurity Network Security

Q 33. How will you prevent data leakage?
Data leakage is when data gets out of the organization in an unauthorized way.
Data can get leaked through various ways – emails, prints, laptops getting lost,
unauthorized upload of data to public portals, removable drives, photographs etc.
A few controls can be restricting upload on internet websites, following an internal
encryption solution, restricting the emails to the internal network, restriction on printing
confidential data etc.

Rohit Kharat
Cyber Security Expert, Trainer and Consultant
Q 34. What is an ARP and how does it work?
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address
(IP address) to a physical machine address that is recognized in the local network.
Now let me tell you how it works.
When an incoming packet destined for a host machine on a particular local area network
arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC
address that matches the IP address.
The ARP program looks in the ARP cache and, if it finds the address, provides it so that
the packet can be converted to the right packet length and format and sent to the machine.
If no entry is found for the IP address, ARP broadcasts a request packet in a special
format to all the machines on the LAN to see if one machine knows that it has that IP
address associated with it.

Q 35. What is 2FA and how can it be implemented for the public websites?
An extra layer of security that is known as “multi-factor authentication“.
Requires not only a password and username but also something that only, and only, that
user has on them, i.e. a piece of information only they should know or have immediately
to hand – such as a physical token.
Authenticator apps replace the need to obtain a verification code via text, voice call or
email.
Q 36. What technique can be used to prevent brute force login attack?
For Brute force login, the attacker tries to determine the password for a target
(service/system/device) through a permutation or fuzzing process
As it is a lengthy task, attackers usually employ a software such as fuzzer, to automate
the process of creating numerous passwords to be tested against a target.
In order to avoid such attacks – password best practices should be followed, mainly on
critical resources like servers, routers, exposed services and so on.

Rohit Kharat
Cyber Security Expert, Trainer and Consultant
Q 37. What is Cognitive Cybersecurity?
Cognitive Cybersecurity is an application of AI technologies patterned on human thought
processes to detect threats and protect physical and digital systems.
Self-learning security systems use data mining, pattern recognition, and natural language
processing to simulate the human brain, albeit in a high-powered computer model
Q 38. What is port blocking within LAN?
Restricting the users from accessing a set of services within the local area network is
called port blocking.
Stopping the source to not to access the destination node via ports. As the application
works on the ports, so ports are blocked to restricts the access filling up the security holes
in the network infrastructure.

Q 39. What is the difference between VPN and VLAN?