Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips | Edureka
34. What is ARP and how does it work?
- ARP (Address Resolution Protocol) is a protocol for mapping an IP (Internet Protocol) address to a physical machine address that is recognized in the local network. How it works - When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address. - The ARP program looks in the ARP cache and if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the machine. - If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it.
Two different offices on campus are working to straighten out an error in an employee's bank account due to a direct deposit mistake. Office #1 emails the correct account and deposit information to office#2, which promptly fixes the problem. The employee confirms with the bank that everything has, indeed, been straightened out. 6. What is wrong here?
- Account and deposit information is sensitive data that could be used for identity theft. Sending this or any kind of sensitive information by email is very risky because email is typically not private or secure. Anyone who knows how can access it anywhere along its route. - As an alternative, the two offices could have called each other or worked with ITS to send the information a more secure way.
One of the members in ITS subscribes to a number of free IT magazines. Among the questions she was asked in order to active her subscriptions, one magazine asked for her month of birth, a second asked for her year of birth, and a third asked for her mother's maiden name. 3. What do you infer is going on in this situation? Justify.
- All three newsletters probably have the same parent company or are distributed through the same service. The parent company or service can combine individual pieces of seemingly-harmless information and use or sell it for identity theft. - It is even possible that there is a fourth newsletter that asks for day of birth as one of the activation questions . - Often, questions about personal information are optional. In addition to being suspicious about situations like the one described here, never provide personal information when it is not legitimately necessary, or to people or companies you don't personally know.
35. What is 2FA and how can it be implemented for the public websites?
- An extra layer of security that is known as "multi factor authentication." - Requires not only a password and username but also something that only that user has on them, i.e. a piece of information only they should know or have immediately to hand - such as a physical token. - Authenticator apps replace the need to obtain a verification code via test, voice call, or email.
37. What is Cognitive Cybersecurity?
- Application of AI technologies patterned on human thought processes to detect threats and protect physical and digital systems. - Self-learning security systems use data mining, pattern recognition, and natural language processing to simulate the human brain, albeit in a high-powered computer model.
33. How will you prevent data leakage?
- Data leakage is when data gets out of the organization in an unauthorized way. - Data can get leaked through various ways -- emails, prints, laptops getting lost, unauthorized upload of data to public portals, removable drives, photographs, etc. - A few controls can be restricting upload on internet websites, following an internal encryption solution, restring the mails to internal network, restriction on printing confidential data, etc.
You receive an email from your bank telling you there is a problem with your account. The email provides instructions and a link so you can log in to your account and fix the problem. 9. What should you do?
- Delete the email. Better yet, use the web client (e.g. gmail, yahoo mail, etc.) and report it as spam or phishing, then delete it. - Any unsolicited email or phone call asking you to enter your account information, disclose your password, financial account information, social security number, or other personal or private information is suspicious -- even if it appears to be from a company you are familiar with. Always contact the sender using a method you know is legitimate to verify that the message is from them.
38. What is port blocking within LAN?
- Restricting the users from accessing a set of services within the LAN (Local Area Network) is called port blocking. - Stopping the source from accessing the destination node via ports as applications work on the ports so ports are blocked to restrict the access filling up the security holes in the network infrastructure.
7. How do you report Risk?
- Risk needs to be assessed first before it can be reported. There are two ways you can analyze risk: It can be either Quantitative or Qualitative. - This approach is suitable for both technical and business workers. - The business workers will see the probable loss in numbers while the technical workers will monitor and assess the impact and frequency. Depending on the audience, the risk can then be reported.
In our computing labs and departments, print billing is often tied to the user's login. People log in, they print, they (or their department) get a bill. Sometimes people call to complain about bills for printing they never did only to find out that the bills are, indeed, correct. 4. What do you infer is going on in this situation? Justify.
- Sometimes they realize they loaned their account to a friend who couldn't remember his/her password, and the friend did the printing. Thus the charges. It's also possible that somebody came in behind them and used their account. - This is an issue with shared or public computers in general. If you don't log out of the computer properly when you leave, someone else can come in behind you and retrieve what you were doing, use your accounts, etc. Always log out of all accounts, quit programs, and close browser windows before you walk away.
36. What techniques can be used to prevent brute force login attacks?
- The attacker tried to determine the password for a target (service/system/device) through a permutation or fuzzing process. - Since it is a lengthy task, attackers usually employ a software, such as fuzzers, to automate the process of creating numerous passwords to be tested against a target. - In order to avoid such attacks, password best practices should be followed, mainly on critical resources like servers, routers, exposed services, and so on.
We saw a case a while back where someone used their yahoo account at a compute lab on campus. She made sure her yahoo account was no longer open in the browser window before leaving the lab. Someone came in behind her and used the same browser to re-access her account. They started sending emails from it and caused all sorts of mayhem. 5. What do you think might be going on here?
- The first person probably didn't log out of her account, so the new person could just go to history and access her account. - Another possibility is that she did log out, but didn't clear her web cache. This is done through the browser menu to clear pages that the browser has saved for future use.
You receive the following email from the Help Desk: Dear UCSC Email User, Beginning next week, we will be deleting all inactive email accounts in order to create space for more users. You are required to send the following information to continue using your email account. If we do not receive this information from you by the end of the week, your email account will be closed. - Name (first and last): - Email Login: - Password: - Date of birth: - Alternate email: Please contact the Webmail Team with any questions. Thank you for your immediate attention. 1. What do you do? Justify your actions.
- This email is a classic example of "phishing" -- trying to trick you into "biting". The justification is the generalized way of addressing the receiver which is used in mass spam mails. - Above that, a corporate company will never ask personal details on mail. - They want your information. Don't respond to email, IMs (Instant Messages), text, phone calls, etc., asking you for you password or other private information. - You should never disclose your password to anyone, even if they say they work for UCSC, ITS, or other campus organizations.
A while back, the IT folks got a number of complaints that one of our campus computers was sending out Viagra spam. They checked it out, and the reports were true: a hacker had installed a program on the computer that made it automatically send out tons of spam email without the computer owner's knowledge. 10. How do you think the hacker got into the computer to set this up?
- This was actually the result of a hacked password. Using passwords that can't be easily guessed, and protecting your passwords by not sharing them or writing them down can help to prevent this. Passwords should be at least 8 characters in length and use a mixture of upper and lower case letters, numbers, and symbols. - Even though in this case it was a hacked password, other things that could possibly lead to this are: 1. Out of date patches/updates. 2. No anti-virus software or out of date anti-virus software.
30. What is Cross Site Scripting or XSS?
- XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts, also commonly referred to as malicious payload, into a legitimate website or web application. - XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. By leveraging XSS, an attacker would exploit a vulnerability within a website or web application that the victim would visit essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim's browser.
15. How can identity theft be prevented?
A few steps to follow are: - Ensure strong and unique password. - Avoid sharing confidential information online especially on social media. - Shop from known and trusted websites. - Use the latest version of the browsers. - Install advanced malware and spyware tools. - Use specialized security solutions against financial data. - Always update your system and the software. - Protect your SSN.
2. What do you have on your home network?
A home network gives you a test environment for experimentation. Active Directory Domain Controller, a dedicated Firewall appliance and a net-attached toaster -- as long as you are learning and fiddling with it, that's what matters. I've augmented the router, my ISP provider with an apple airport extreme which provides better wireless performance to some devices. From there, I've extended the wired part of the network into two parts of the house using five port Ethernet switches, my office, and living room, each with four devices. In the office, I have a NAS (network attached storage) device which provides shared data folders to every device for movies and TV streaming anywhere in the house as well as backups. In the living room is a range of gaming consoles, a TiVo box, and an Android media player despite owning a Smart TV. It's not hooked into my network, simply because a device we own does a far better job of anything the Smart TV offers.
3. What is encryption and why is it important?
A process of converting data into an unreadable form to prevent unauthorized access and thus ensuring data protection. Encryption is important because it allows you to securely protect data that you don't want anyone else to have access to. Businesses use it to protect corporate secrets. Governments use it to secure classified information, and many individuals use it to protect personal information to guard against things like identity theft.
16. How can you prevent man in the middle attack?
An MITM attack happens when a communication between two parties (systems) is intruded or intercepted by an outside entity. This can happen in any form of online communication such as email, social media, web surfing, etc. Not only are they trying to eavesdrop on your private conversation, they can also target the information inside your devices and the outcomes could be pretty catastrophic. The first method to prevent this attack would be to have encryption (preferably public key encryption) between both parties. This way, they both will have an idea with whom they are speaking because of the digital verification. Second method is to avoid open Wi-Fi networks and if it is necessary then use plugins like HTTPS, Forced TLS, etc.
24. What do you know about application security?
Application security is the practice of improving the security of applications using software, hardware and other procedural methods. Countermeasures are taken to ensure application security, the most common being an application firewall that limits the execution of files or the handling of data by specific installed programs.
Below are a list of passwords pulled out of a database. A. @#$)*&^% B. akHGksmLN C. UcSc4Evr! D. Password1 8. Which of the following passwords meets UCSC's password requirements?
C. - This is the only choice that meets all of the following UCSC requirements: - At least 8 characters in length. - Contains at least 3 of the following 4 types of characters: lower case letters, upper case letters, numbers, special characters. - Not a work preceded or followed by a digit.
The mouse on your computer screen starts to move around on its own and click on things on your desktop. What do you do? a. Call your co-workers over so they can see b. Disconnect your computer from the network c. Unplug your mouse d. Tell your supervisor e. Turn your computer off f. Run anti-virus g. All of the above 7. Select all the options that apply.
Correct answers are B & D. - This is definitely suspicious. Immediately report the problem to your supervisor and the ITS Support Center. - Also, since it seems possible that someone is controlling the computer remotely, it is best if you can disconnect the computer from the network (and turn off wireless if you have it) until help arrives. If possible, don't turn off the computer.
32. Tell me the differences between Cybersecurity and Network Security.
Cybersecurity The policies and procedures implemented by a network administrator to avoid and keep track of unauthorized access, exploitation, modification, or denial of the network and network resources. Network Security The processes and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. In a computing context, security includes both cybersecurity and physical security. While cybersecurity is concerned with sets outside the castle, network security is worried about what is going on within the castle walls. The cybersecurity specialist is the crusading knight defending the kingdom and network security focuses on the barbarians at the gate and how the castle connects to the world around it.
9. What do you know about Cybersecurity Frameworks?
Cybersecurity framework is voluntary guidance based on existing guidelines and practices for organizations to better manage and reduce cybersecurity risk. Besides helping associations oversee and decrease probable risks, it was intended to cultivate risk and cybersecurity administration communications among both inner and outer authoritative partners. Most frequently adopted cybersecurity frameworks are: PCI DDS (Payment Card Industry Data Security Standard), ISO 27001/27002 (International Organization for Standardization), CIS Critical Security Controls. The most famous cybersecurity framework is NIST .
19. What is a DDoS attack? How is it mitigated?
DDoS stands fo r Distributed Denial of Service. When a network is flooded with large number of requests which is not recognized to handle making the server unavailable to the legitimate requests. DDoS can be mitigated by analyzing and filtering the traffic in the scrubbing centers. The scrubbing centers are centralized data cleansing stations wherein the traffic to a website is analyzed and the malicious traffic is removed.
31. What is data protection in transit vs data protection at rest?
Data in transit or data in motion is data actively moving from one location to another, such as across the internet or through a private network. Data protection in transit is the protection of this data while it's traveling from network to network or being transferred from a local storage device to a cloud storage device. Wherever data is moving effectively, data protection measures for in transit data are critical as data is often considered less secure while in motion. Data at rest is data that is not actively moving from device to device or network to network such as, data stored on a hard drive, laptop, flash drive, or archives stash stored in some other way. Data protection at rest aims to secure any active data stored on any device or network. While data at rest is sometimes considered to be less vulnerable than than data in transit, attackers often find data at rest a more valuable target than data in motion. The risk profile for data in transit or data at rest depends on the security measures that are in place to secure data in either state. Data Protection in Transit This is when data is going from server to client. Effective data protection measures for in transit data are critical as data is less secure when in motion. Data protection at rest This is when data is just sitting there in its database or on its hard drive. Data at rest is sometimes considered to be less vulnerable than data in transit,
11. What's the better approach of setting up a firewall?
Following are the steps you should take to configure your firewall: Username/password: Modify the default password for your firewall device. Remote Administration: Disable the feature of remote administration from outside the network. Port Forwarding: For certain applications to work properly, such as a Web server or FTP server, you need to configure appropriate port forwarding. DHCP server: Installing a firewall on a network with an existing DHCP server will cause conflicts unless the firewall's DHCP server is disabled. Logging: In order to troubleshoot firewall issues or potential attacks, you want to make sure to enable logging and understand how to view the logs. Policies: You want to have solid security policies in place and make sure that your firewall is configured to enforce those policies.
27. Tell me about some common Cyber Threats.
I'm going to discussing eight cyber threats. First is Malware. Malware is an all-encompassing term for a variety of cyber threats including Trojans, viruses, and worms. Malware is simply defined as code with malicious intent that typically steals or destroys data on your computer. Next is phishing. Phishing often poses as a request for data from a trusted third party. Phishing attacks are sent by email and ask users to click on a link and enter their personal data. Phishing emails have gotten much more sophisticated in recent years, making it difficult for people to discern a legitimate request for information from a false one. Phishing emails often fall into the same category as spam but are more harmful than just a simple ad. Next is a Password Attack. A third party is trying to gain access to your system by cracking a user's password, usually using some algorithm like brute force, dictionary attacks, or software like key loggers. Next is DDoS Attack. DDoS attacks focus on disrupting the service to a network. Attackers send high volumes of data or traffic through the network until the network becomes overloaded and can no longer function. Next is Man in the Middle Attack. A man in the middle attack is an attack where somebody impersonates the endpoints in an online information exchange. For example, if you are banking online, the main in the middle would communicate with you by impersonating your bank, then communicate with the bank by impersonating you. Next is Drive-By Downloads. This is a malware which is actually implanted into a legitimate website and a program is downloaded to the user's system just by visiting the site. It doesn't require any type of action by the user to actually start to trigger the download. Next is Malvertising. Malvertising is actually malicious code which is hidden behind advertisements on websites and it is also downloaded to your system without your knowledge. Last is Rogue Software, which is malware that masquerades as legitimate and necessary security software that will keep your system safe.
8. How do you differentiate between IPS and IDS systems?
IDS is Intrusion Detection System. IPS is Intrusion Prevention System. IDS detects the intrusion and leaves the rest to the administrator for assessment and evaluation or any further action. IPS detects the intrusion and takes necessary action to prevent further intrusion. Also, there is a difference in the positioning of devices in the network. Although they work on the same concept, the placement is different.
4. Tell me the difference between Symmetric and Asymmetric Encryption.
If we compare on the basis of keys, symmetric encryption uses the same secret key for both encryption and decryption whereas asymmetric uses different keys for encryption and decryption purposes. Performance-wise, symmetric encryption is fast but is more vulnerable, while asymmetric encryption is slightly slower due to high computation. Some examples of symmetric algorithms are DES, 3DES, AES, and RC4. With asymmetric, the most popular is RSA and Diffie-Hellman. Symmetric encryption is used for bulk data transmission. Asymmetric encryption is often used for the secure exchange of secret keys.
5. What is a CIA triad?
In this question, the candidates should explain what is CIA triad and what it is used for. The CIA Triad for information security provides a baseline standard for evaluating and implementing information security -- irrespective of the system and/or organization in question. Confidentiality is about making sure that data is accessible only to its intended individual. Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people while making sure that the right people can get it. Integrity is about making sure that data is kept properly in task, without it being meddled with in an unauthorized way. Data must be changed in transit and steps must be taken to ensure that data can't be altered by unauthorized people. These measures include permissions and UACs (User Access Control). Availability is about making sure that data and computers are available as needed by authorized parties.
10. What is Weak Information Security?
Information security policy is considered to be weak if it does not meet the criteria of an effective one. The criteria include: distribution, review, comprehension, compliance, and uniform. Information security is weak if: - The policy has not been made readily available for review by every employee within the organization. - The organization is unable to demonstrate that employees can review the policy document. - The organization is unable to demonstrate that employees understand the content of the policy document.
22. What are the black hat, white hat, and gray hat hackers?
Like all hackers, black hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. They are responsible for writing malware which is a method used to gain access to these systems. Their primary motivation is usually for a personal or financial gain but they can also be involved in cyber espionages, protests, or perhaps just addicted to the thrill of cybercrime. Now white hat hackers choose to use their power for good rather than evil. Also, known as ethical hackers, white hat hackers can sometimes be paid employees or contractors working for companies are security specialists that attempt to find security holes via hacking they employ the same method of hacking as black hats with one exception that is they do it with permission from the owners of the system first, which makes the process completely legal. Now, there comes gray hat hackers. As in life, there are gray areas that are neither black nor white. Gray hat hackers are a blend of both black hat and white hat hackers. Often, gray hat hackers will look for vulnerabilities in the system without the owner's permission or knowledge. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue. Black hat hackers are those who hack without authority. White hat hackers are authorized to perform a hacking attempt under signed NDA. Gray hat hackers are white hat hackers which sometimes perform unauthorized activities.
28. What are different OSI layers? What is the job of Network layer?
OSI, our Open System Interconnection is a reference model for how applications communicate over a network. A reference model is a conceptual framework for understanding relationships. The purpose of the OSI reference model is to guide vendors and developers so the digital communication product and software programs they create can interoperate and to facilitate a clear framework that describes the function of a network or telecommunication system. The seven OSI layers are: 7. Application Layer 6. Presentation Layer 5. Session Layer 4. Transport Layer 3. Network Layer 2. Data Link Layer 1. Physical Layer The network layer is used for controlling the operations of the subnet. The main job of this layer is to deliver packets from a source to a destination across multiple links.
23. How often should you perform Patch management?
Patch management should be done as soon as it is released. For Windows, once the patch is released, it should be applied to all machines no later than one month. Same goes for network devices, patch it as soon as it is released. Proper patch management process should be followed.
25. Differentiate between penetration testing and software testing.
Penetration Testing Helps identify and address the security vulnerabilities. A good Penetration Tester truly thinks differently than the other two. They don't care about the proper behaviors of the system/software. They are crafty, looking for that one small chink of vulnerability that was not mitigated. Software Testing Focuses on the functionality of the software and not the security aspect. Software Security Testers generally have a fair amount of crossover, as they usually know the full details of the system/software, they know how it's supposed to properly behave when properly used, and they can test for a lot of common end-user misbehaviors.
40. What protocols fall under TCP/IP internet layer?
Physical Network - Ethernet (IEEE 802.3), Token Ring, RS-232, others Data Link - PPP, IEEE 802.2 Internet/Network - IP, ARP (Address Resolution Protocol), ICMP Transport - TCP, UDP Application - NFS, NIS+, DNS, telnet, FTP, rlogin, RSJ, RCP, RIP, RDISC, SNMP, others
12. Can you explain SSL encryption?
SSL (Secure Socket Layer) is a protocol which enables safe conversation between two or more parties. It is designed to identify and verify that the person you are talking to on the other end is who they say they are. HTTPS (Hypertext Transfer Protocol Secure) is HTTP combined with SSL which provides you with a safer browsing experience with encryption. So, this is a very tricky question but SSL wins in terms of security.
13. Which one is more secure, SSL or TLS?
SSL is meant to verify the sender's identity but it doesn't search for any more hazards than that. SSL can help you track the person you are talking to but that can also be tricked at times. TLS is an identification tool like SSL, but it offers better security features. It provides additional protection to the data and hence SSL and TLS are often used together for better protection.
14. What are Salted Hashes?
Salt is a random data. When a properly protected password system receives a new password, it creates a hash value of that password, a random salt value, and then the combined value is stored in its database. This helps defend against dictionary attacks and known hash attacks. If someone uses the same password on two different systems and they are being used using the same hashing algorithm, the hash value would be the same. However, if one of the systems uses salt with the hashes, the value will be different.
18. What steps will you take to secure a server?
Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and decryption to protect data from unauthorized interception. Here are four simple ways to secure server: Step 1: Make sure that you have a secure password for your root and administrator users. Step 2: The next thing you need to do is make new users on your system. These will be the users you use to manage the system. Step 3: Remove remote access from the default root/administrator accounts. Step 4: The next step is to configure you firewall rules for remote access.
29. How would you reset a password-protected BIOS configuration?
Since BIOS is a pre boot system, it has its own storage mechanism for its settings and preferences. In the classic scenario, simply popping out the CMOS (Complementary Metal-Oxide-Semiconductor) battery will be enough to have the memory storing these settings lose its power supply. As a result, it will lose its settings. Other times, you need to use a jumper or a physical switch on the motherboard. Still, other times, you'll need to actually remove the memory itself from the device and reprogram it in order to wipe it out. The simplest, however, is this: if the BIOS has come from the factory with a default password enabled, try 'password'.
20. Why do you need DNS monitoring?
The Domain Name System allots your website under a certain domain that is easily recognizable and also keeps the information about other domain names. It works like a directory for everything on the internet. Thus, DNS monitoring is very important since you can easily visit a website without actually have to memorize their IP address. DNS has an important role in how end-users in your enterprise connect to the internet. Inspecting DNS traffic between client's devices and your local recursive resolver could reveal a wealth of information for forensic analysis. DNS queries can reveal both botnets and malware is connecting to the C&C server. So this is why DNS monitoring is very essential.
21. What is a three-way handshake?
The TCP three-way handshake in Transmission Control Protocol is the method used by a device on a network to set up a stable connection over an Internet Protocol-based network. The TCP three-way handshake in transmission control protocol is the method used by TCP set up a TCP/IP connection over an Internet Protocol-based network. TCP's three way handshaking technique is often referred to as "SYN-SYN-ACK" (or more accurately SYN, SYN-ACK, ACK) because there are three messages transmitted by TCP to negotiate and start a TCP session between two computers.
17. State differences between encoding, hashing, and encryption.
The purpose of encoding is to transform data so that it can be properly and safely consumed by a different type of system. that is example the binary data being sent over email or viewing special characters on a web page. The goal is not to keep information secret but rather to ensure it's able to be properly consumed. Examples include a sky unicode URL encoding and base64. The purpose of encryption is to transform data in order to keep it secret from others. Example: sending someone a secret that only they should be able to read or securely sending a password over the internet rather than focusing on usability. The goal is to ensure that data cannot be consumed by anyone other than the intended response. Examples include AES, Blowfish, and RSA. Hashing serves the purpose of ensuring integrity. It makes sure that if something has changed, you know that some change has taken place. Technically, hashing takes arbitrary inputs and produces a fixed length of string. Example of sha-3, md5, which is now obsolete and sha-256, etc. Encoding converts the data in a desired format required for exchange between different systems. Hashing maintains the integrity of a message or data. Any change done any day could be noticed. Encryption ensures that the data is secure and one needs a digital verification code or image in order to open or access it.
A friend sends an electronic Hallmark greeting card (e-card) to your work email. You need to click on the attachment to see the card. 2. What do you do? Justify your actions.
This one has four big risks: - Some attachments contain viruses or other malicious programs. In general, it's risky to open unknown or unsolicited attachments. - In some cases, just clicking on a malicious link can infect a computer, so unless you are sure a link is safe, don't click on it. - Email addresses can be faked. Just because the email says it is from someone you know, you can't be certain of this without checking with the person. - Some websites and links look legitimate, but they're really hoaxes designed to steal your information.
6. What do you understand by Risk, Vulnerability, and Threat in a Network?
Threat refers to someone with the potential to do hard to a system or an organization. Vulnerability refers to a weakness of an asset (resource) that can be exploited by one or more attackers (threat actors). In other words, it is an issue or bug that allows an attack to be successful. Risk refers to the potential for loss or damage when a threat exploits a vulnerability.
1. What do you mean by Cybersecurity?
Today's generation lives on the internet and we general users are almost ignorant as to how those random bits of ones and zeros treat security to a computer. For a hacker, it's a golden age. With so many access points, public IPs, and constant traffic and tons of data to exploit, black hat hackers are having one hell of a time exploiting vulnerabilities and creating malicious software for the same. Above that, cyber attacks are evolving by the day. Hackers are becoming smarter and more creative with their malware and how they bypass virus scans and firewalls still baffle many people. Therefore, there has to be some sort of protocol that protects us against against all these cyber attacks and make sure out data doesn't fall into the wrong hands. This is exactly why we need cybersecurity. Now for defining cybersecurity, here goes: Cybersecurity is the combination of processes, practices, and technologies, designed to protect networks, computers, programs, data, and information from attack, damage or unauthorized access.
26. When to use tracert/traceroute?
Traceroute is a command which can show you the part a packet of information takes from your computer to the one you specify. It will list all the routers it passes through until it reaches its destination or fails to and is discarded. In addition to this, it will tell you how long each hop from router to router takes. Now when you connect to a website, the traffic has to go through several intermediaries before getting to the website. The traffic goes through your local router, the ISP's (Internet Service Provider) router, onto larger networks and so on. Small TTL values are transmitted through packets via traceroute. This prevents the packets from getting into loops. In case you can't ping the final destination, tracert will help to identify where the connection stops or gets broken, whether it is firewall, ISP, router, etc.
39. What is the difference between VPN and VLAN?
VPN Related to remote access to the network of a company. Used to connect two points in a secured and encrypted tunnel. Saves the data from prying eyes while in transit and no one on the net can capture the packets and read the data. VLAN Helps to group workstations that are not within the same locations into the same broadcast domain. Basically a means to logically segregate networks without physically segregating them with various switches. Does not involve an encryption technique but it is only used to slice up your logical network into different sections for the purpose of management and security.