Ok-Guru: Cyber Security Interview questions

Which OSI layer is responsible for ordered delivery of packets?

The transport layer is also responsible for the management of error correction, providing quality and reliability to the end user. This layer enables the host to send and receive error corrected data, packets or messages over a network and is the network component that allows multiplexing. It ensures that packets are always delivered in strict sequence. Although the network layer is responsible, the transport layer can fix any discrepancies in sequence caused by packet drops or device interruption.

What is Malware?

Malicious software or malware is any program that seeks to do harm or steal information. There are many defenses in place to protect you from malware, such as antivirus and antispyware software, firewalls and spam filters, but these tools cannot protect you if you unwittingly cooperate with malware.

Examples of different kinds of malware that could infect your computer include:

Viruses and worms
Bots and Zombies
Spyware and Adware
Ransomware and Fake Antivirus software and
Trojan Horses

Attack Vectors:

Email Attachments
Email messages
Downloaded Programs
Instant Messages
SPAM Email
Social networks
Mobile Data devices

What is the standard IANA port number used for requesting web pages?

On a Web server or Hypertext Transfer Protocol daemon, port 80 is the port that the server "listens to" or expects to receive from a Web client, assuming that the default was taken when the server was configured or set up.

What type of offence does slandering is categorized as?

Slandering is categorized as cyberstalking. Cyberstalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group. A cyberstalker relies upon the anonymity afforded by the Internet to allow them to stalk their victim without being detected. Cyber stalking can be terribly frightening. It can destroy friendships, credit, careers, self-image, and confidence. Ultimately it can lead the victim into far greater physical danger when combined with real-world stalking. Yes, we're talking serious stuff here. Victims of domestic violence are often cyber stalking victims. They, like everybody else, need to be aware that technology can make cyber stalking easy. Spyware software can be used to monitor everything happening on your computer or cell phone, giving tremendous power and information to Cyber stalkers.

Most Common Forms of Cyber Security Threats

1. Phishing - It is the practice of sending false emails that appear to be from legitimate sources. The goal is to steal sensitive information such as credit card numbers and login details. It is the most prevalent form of cyber security attack. You can protect yourself by making yourself aware of the same or using a technological solution that filters out dangerous emails.

2. Ransomware - The term "ransomware" refers to a type of harmful software with the purpose to extort money from users. This cyber security attack prevents access to data or the computer system until a ransom is paid. Even if the ransom is paid, it does not ensure file retrieval or that your system will be restored.

3. Malware - This is a form of software that is meant to gain unauthorized access to a computer or to cause harm to it. This cyber security threat is mainly delivered through emails or as an authentic download.

4. Social Engineering - Adversaries employ this type of attack to deceive you into disclosing sensitive information. They might demand money or obtain access to your private information. This cyber security threat can be used in conjunction with any of the dangers outlined above to increase your likelihood of clicking on links, downloading malware, or trusting a malicious source.

What is network security, and what are its types?

Network security is essentially a set of rules and configurations formulated to protect the accessibility, confidentiality, and integrity of computer networks and data with the help of software and hardware technologies. Types of network security:

Network access control: To prevent attackers and infiltrations in the network, network access control policies are in place for both users and devices at the most granular level. For example, access authority to network and confidential files can be assigned and regulated as needed.
Antivirus and antimalware software: Antivirus and antimalware software are used to continuously scan and protect against malicious software, viruses, worms, ransomware, and trojans.
Firewall protection: Firewalls act as a barrier between your trusted internal network and an untrusted external network. Administrators can configure a set of defined rules for the permission of traffic into the network.
Virtual private networks (VPNs): VPNs form a connection to the network from another endpoint or site. For example, an employee working from home uses a VPN to connect to the organization’s network. The user would need to authenticate to allow this communication. The data between the two points is encrypted.

Distinguish between phishing and spoofing?

Phishing and spoofing are totally different beneath the surface. One downloads malware to your PC or network, and the other part tricks you into surrendering sensitive monetary data to a cyber-crook. Phishing is a technique for recovery, while spoofing is a method for delivery.

What is network sniffing?

System sniffing includes utilizing sniffer tools that empower real- time monitoring and analysis of data streaming over PC systems. Sniffers can be utilized for various purposes, regardless of whether it’s to steal data or manage systems. Network sniffing is utilized for ethical and unethical purposes. System administrators utilize these as system monitoring and analysis tool to analyse and avoid network related issues, for example, traffic bottlenecks. Cyber criminals utilize these devices for untrustworthy purposes, for example, character usurpation, email, delicate information hijacking etc.

What is Network Enumeration?

Network Enumeration is the revelation of hosts/gadgets on a network, they tend to utilize obvious disclosure protocols, for example, ICMP and SNMP to gather data, they may likewise check different ports on remote hosts for looking for surely known services trying to further recognize the function of a remote host.

How can you avoid ARP poisoning?
ARP poisoning is a type of network attack that can be resolved through these techniques:
Using Packet filtering: Packet filters can filter out & block packets with clashing source address data.
Keeping away from trust relationship: Organizations ought to develop a protocol that depends on trust relationship as little as they can.
Utilize ARP spoofing software: Some programs assess and certify information before it is transmitted and blocks any information that is spoofed.

What does Authentication Service facilitates?

Authentication Service facilitates username/password validation using your on-premises Active Directory/LDAP server. Authentication Service is installed as a virtual appliance and communicates with your local directory using LDAP over SSL. It can operate in the DMZ or inside the local area network (LAN), or both, based on the mode(s) of operation. An authentication server is an application that facilitates authentication of an entity that attempts to access a network. Such an entity may be a human user or another server. An authentication server can reside in a dedicated computer, an Ethernet switch, an access point or a network access server. Hence, authentication Service facilitates username and password check.

What does SSO refers to?

SSO expands to Single Sign On. Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system. This is typically accomplished using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on servers. A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain

What is SSO (Single Sign-On)?

A friend recently went through the irksome experience of being signed out from a number of websites they use daily. This event will be familiar to millions of web users, and it is a tedious process to fix. It can involve trying to remember multiple long-forgotten passwords, or typing in the names of pets from childhood to answer security questions. SSO removes this inconvenience and makes life online better. But how does it work?

Basically, Single Sign-On (SSO) is an authentication scheme. It allows a user to log in to different systems using a single ID.

The diagram below illustrates how SSO works.

Step 1: A user visits Gmail, or any email service. Gmail finds the user is not logged in and so redirects them to the SSO authentication server, which also finds the user is not logged in. As a result, the user is redirected to the SSO login page, where they enter their login credentials.
Steps 2-3: The SSO authentication server validates the credentials, creates the global session for the user, and creates a token.
Steps 4-7: Gmail validates the token in the SSO authentication server. The authentication server registers the Gmail system, and returns “valid.” Gmail returns the protected resource to the user.
Step 8: From Gmail, the user navigates to another Google-owned website, for example, YouTube.
Steps 9-10: YouTube finds the user is not logged in, and then requests authentication. The SSO authentication server finds the user is already logged in and returns the token.
Step 11-14: YouTube validates the token in the SSO authentication server. The authentication server registers the YouTube system, and returns “valid.” YouTube returns the protected resource to the user.

The process is complete and the user gets back access to their account.

Over to you:

Question 1: have you implemented SSO in your projects? What is the most difficult part?

Question 2: what’s your favorite sign-in method and why?

What is Nmap?

Nmap, short for Network Mapper, is a network discovery and security auditing tool. It is known for its simple and easy to remember flags that provide powerful scanning options. Nmap is widely used by network administrators to scan for:

Open ports and services
Discover services along with their versions
Guess the operating system running on a target machine
Get accurate packet routes till the target machine
Monitoring hosts

Nmap Scan Types

A variety of scans can be performed using Nmap. Below are the types of scans:

1) TCP SCAN

A TCP scan is generally used to check and complete a three-way handshake between you and a chosen target system. A TCP scan is generally very noisy and can be detected with almost little to no effort. This is “noisy” because the services can log the sender IP address and might trigger Intrusion Detection Systems.

2) UDP SCAN

UDP scans are used to check whether there is any UDP port up and listening for incoming requests on the target machine. Unlike TCP, UDP has no mechanism to respond with a positive acknowledgment, so there is always a chance for a false positive in the scan results. However, UDP scans are used to reveal Trojan horses that might be running on UDP ports or even reveal hidden RPC services. This type of scan tends to be quite slow because machines, in general, tend to slow down their responses to this kind of traffic as a precautionary measure.

3) SYN SCAN
This is another form of TCP scan. The difference is unlike a normal TCP scan, nmap itself crafts a syn packet, which is the first packet that is sent to establish a TCP connection. What is important to note here is that the connection is never formed, rather the responses to these specially crafted packets are analyzed by Nmap to produce scan results.

4) ACK SCAN
ACK scans are used to determine whether a particular port is filtered or not. This proves to be extremely helpful when trying to probe for firewalls and their existing set of rules. Simple packet filtering will allow established connections (packets with the ACK bit set), whereas a more sophisticated stateful firewall might not.

5) FIN SCAN
Also a stealthy scan, like the SYN scan, but sends a TCP FIN packet instead. Most but not all computers will send an RST packet (reset packet) back if they get this input, so the FIN scan can show false positives and negatives, but it may get under the radar of some IDS programs and other countermeasures.

6) NULL SCAN
Null scans are extremely stealthy scan and what they do is as the name suggests — they set all the header fields to null. Generally, this is not a valid packet and a few targets will not know how to deal with such a packet. Such targets are generally some version of windows and scanning them with NULL packets may end up producing unreliable results. On the other hand, when a system is not running windows this can be used as an effective way to get through.

7)XMAS SCAN
Just like null scans, these are also stealthy in nature. Computers running windows will not respond to Xmas scans due to the way their TCP stack is implemented. The scan derives its name from the set of flags that are turned on within the packet that is sent out for scanning. XMAS scans are used to manipulate the PSH, URG and FIN flags that can be found in the TCP header.

8)RPC SCAN
RPC scans are used to discover machines that respond to Remote Procedure Call services (RPC). RPC allows commands to be run on a certain machine remotely, under a certain set of connections. RPC service can run on an array of different ports, hence, it becomes hard to infer from a normal scan whether RPC services are running or not. It is generally a good idea to run an RPC scan from time to time to find out where you have these services running.

9)IDLE SCAN
IDLE scan is the stealthiest of all scans discussed in this nmap tutorial, as the packets are bounced off an external host. Control over the host is generally not necessary, but the host needs to meet a specific set of conditions. It is one of the more controversial options in Nmap since it only has a us

Nmap Commands

In this section of Nmap Tutorial, I’ll be listing down the various commands you can use in Nmap along with their flag and usage description with an example on how to use it.

Scanning Techniques

Flag	Use	Example
-sS	TCP syn port scan	nmap -sS 192.168.1.1
-sT	TCP connect port scan	nmap -sT 192.168.1.1
–sU	UDP port scan	nmap –sU 192.168.1.1
–sA	TCP ack port scan	nmap –sA 192.168.1.1

Flag	Use	Example
-Pn	only port scan	nmap -Pn192.168.1.1
-sn	only host discover	nmap -sn192.168.1.1
-PR	arp discovery on a local network	nmap -PR192.168.1.1
-n	disable DNS resolution	nmap -n 192.168.1.1

Port Specification

Flag	Use	Example
-p	specify a port or port range	nmap -p 1-30 192.168.1.1
-p-	scan all ports	nmap -p- 192.168.1.1
-F	fast port scan	nmap -F 192.168.1.1

Service Version and OS Detection

Flag	Use	Example
-sV	detect the version of services running	nmap -sV 192.168.1.1
-A	aggressive scan	nmap -A 192.168.1.1
-O	detect operating system of the target	nmap -O 192.168.1.1

Timing and Performance

Flag	Use	Example
-T0	paranoid IDS evasion	nmap -T0 192.168.1.1
-T1	sneaky IDS evasion	nmap -T1 192.168.1.1
-T2	polite IDS evasion	nmap -T2 192.168.1.1
-T3	normal IDS evasion	nmap -T3 192.168.1.1
-T4	aggressive speed scan	nmap -T4 192.168.1.1
-T5	insane speed scan	nmap -T5 192.168.1.1

NSE Scripts

Flag	Use	Example
-sC	default script scan	nmap -sC 192.168.1.1
–script banner	banner grabbing	nmap –script banner 192.168.1.1

IDS Evasion

Flag	Use	Example
-f	use fragmented IP packets	nmap -f 192.168.1.1
-D	decoy scans	nmap -D 192.168.1.1
-g	use a given source port number	nmap -g 22 192.168.1.1

Standard Cryptographic Algorithms
Let’s discuss some of the most common cryptographic algorithms used till date:

1) MD5– this is the acronym for Message-Digest 5. It is used to create 128-bit hash values. Theoretically, hashes cannot be reversed into the original plain text. MD5 is used to encrypt passwords as well as check data integrity. MD5 is not collision resistant. Collision resistance is the difficulties in finding two values that produce the same hash values.

2) SHA– this is the acronym for Secure Hash Algorithm. SHA algorithms are used to generate condensed representations of a message (message digest). It has various versions such as;

SHA-0: produces 120-bit hash values. It was withdrawn from use due to significant flaws and replaced by SHA-1.
SHA-1: produces 160-bit hash values. It is similar to earlier versions of MD5. It has cryptographic weakness and is not recommended for use since the year 2010.
SHA-2: it has two hash functions namely SHA-256 and SHA-512. SHA-256 uses 32-bit words while SHA-512 uses 64-bit words.
SHA-3: this algorithm was formally known as Keccak.

3) RC4 – this algorithm is used to create stream ciphers. It is mostly used in protocols such as Secure Socket Layer (SSL) to encrypt internet communication and Wired Equivalent Privacy (WEP) to secure wireless networks.

What is ransomware?

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker).

What type of virus is an macro virus?

Interpreted virus is an macro virus. An interpreted virus is composed of source code that can be executed only by a particular application or service. Interpreted viruses have become very common because they are much easier to write and modify than other types of viruses. A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications).

What is reason for preferring WPA encryption over WEP

The values of WPA keys can change dynamically while the system is used

What are the sub-categories of network layer firewall?

The sub-categories of network layer firewall are stateful firewall and stateless firewall.

What are the characteristic of Host based IDS?

The characteristic of Host based IDS are : 1. The host operating system logs in the audit information. 2. Logs includes logins,file opens and program executions. 3. Logs are analysed to detect tails of intrusion.

Q.4The corporate head office has a teleconferencing system that uses VOIP (voice over IP) technology. This system uses UDP as the transport for the data transmissions. What will happen if these UDP datagrams arrive at their destination out of sequence?

UDP will pass the information in the datagrams up to the next OSI layer in the order that they arrive.

Q.5Which practice help secure the configuration utilities on wireless access points from unauthorized access?

Configuring a new administrator password.

Q.1What is reason for preferring WPA encryption over WEP

The values of WPA keys can change dynamically while the system is used

Q.2What are the sub-categories of network layer firewall?

The sub-categories of network layer firewall are stateful firewall and stateless firewall.

Q.3What are the characteristic of Host based IDS?

UDP will pass the information in the datagrams up to the next OSI layer in the order that they arrive.

Q.5Which practice help secure the configuration utilities on wireless access points from unauthorized access?

Configuring a new administrator password.

Why to perform a scan on port 137 ?

Scan on port 137 is perfomed to discover a target system with the NetBIOS null session vulnerability.

Q.2What is privilege escalation?

Privilege escalation is increasing privileges on a user account.

Q.3What is Java Struts?

Java Struts is a MVC framework and extension of Java servlets.

Q.4Which API is used for secured network programming when using RPCs ?

RPCSEC_GSS

Q.5What is same in value of a handcrafted packet in a land attack?

Source, destination IP address and ports is same in value of a handcrafted packet in a land attack.

What is the first phase of hacking?

Reconnaissance

How does traceroute work?

It uses the TTL value in an ICMP message to determine the number of hops from the sender to the router.

What is footprinting?

Accumulation of data by gathering information on a target

Which port number does FTP use?

What is enumeration?

Identifying users and machine names

What is a null session?

Connecting to a system with no username and password

What is traceroute? Why is it used?

Traceroute is a tool that shows the path of a packet. It lists all the points (mainly routers) that the packet passes through. This is used mostly when the packet is not reaching its destination. Traceroute is used to check where the connection stops or breaks to identify the point of failure.

What is the difference between HIDS and NIDS?

HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion Detection System and work for the same purpose i.e., to detect the intrusions. The only difference is that the HIDS is set up on a particular host/device. It monitors the traffic of a particular device and suspicious system activities. On the other hand, NIDS is set up on a network. It monitors traffic of all device of the network.

What are the steps to set up a firewall?

Following are the steps to set up a firewall:

Username/password: modify the default password for a firewall device
Remote administration: Disable the feature of the remote administration
Port forwarding: Configure appropriate port forwarding for certain applications to work properly, such as a web server or FTP server
DHCP server: Installing a firewall on a network with an existing DHCP server will cause conflict unless the firewall’s DHCP is disabled
Logging: To troubleshoot firewall issues or potential attacks, ensure that logging is enabled and understand how to view logs
Policies: You should have solid security policies in place and make sure that the firewall is configured to enforce those policies.

Explain SSL Encryption

SSL(Secure Sockets Layer) is the industry-standard security technology creating encrypted connections between Web Server and a Browser. This is used to maintain data privacy and to protect the information in online transactions. The steps for establishing an SSL connection is as follows:

A browser tries to connect to the webserver secured with SSL
The browser sends a copy of its SSL certificate to the browser
The browser checks if the SSL certificate is trustworthy or not. If it is trustworthy, then the browser sends a message to the web server requesting to establish an encrypted connection
The web server sends an acknowledgment to start an SSL encrypted connection
SSL encrypted communication takes place between the browser and the web server

What steps will you take to secure a server?

Secure servers use the Secure Sockets Layer (SSL) protocol for data encryption and decryption to protect data from unauthorized interception.

Here are four simple ways to secure server:

Step 1: Make sure you have a secure password for your root and administrator users

Step 2: The next thing you need to do is make new users on your system. These will be the users you use to manage the system

Step 3: Remove remote access from the default root/administrator accounts

Step 4: The next step is to configure your firewall rules for remote access

What are some of the common Cyberattacks?

Following are some common cyber attacks that could adversely affect your system.

Malware
Phishing
Password Attacks
DDoS
Man in the Middle
Drive-By Downloads
Malvertising
Rogue Software

What is a Brute Force Attack? How can you prevent it?

Brute Force is a way of finding out the right credentials by repetitively trying all the permutations and combinations of possible credentials. In most cases, brute force attacks are automated where the tool/software automatically tries to login with a list of credentials. There are various ways to prevent Brute Force attacks. Some of them are:

Password Length: You can set a minimum length for password. The lengthier the password, the harder it is to find.
Password Complexity: Including different formats of characters in the password makes brute force attacks harder. Using alpha-numeric passwords along with special characters, and upper and lower case characters increase the password complexity making it difficult to be cracked.
Limiting Login Attempts: Set a limit on login failures. For example, you can set the limit on login failures as 3. So, when there are 3 consecutive login failures, restrict the user from logging in for some time, or send an Email or OTP to use to log in the next time. Because brute force is an automated process, limiting login attempts will break the brute force process.

What is Port Scanning?

Port Scanning is the technique used to identify open ports and service available on a host. Hackers use port scanning to find information that can be helpful to exploit vulnerabilities. Administrators use Port Scanning to verify the security policies of the network. Some of the common Port Scanning Techniques are:

Ping Scan
TCP Half-Open
TCP Connect
UDP
Stealth Scanning

What is a VPN?

Almost all Cybersecurity Interview Questions will have this question included. VPN stands for Virtual Private Network. It is used to create a safe and encrypted connection. When you use a VPN, the data from the client is sent to a point in the VPN where it is encrypted and then sent through the internet to another point. At this point, the data is decrypted and sent to the server. When the server sends a response, the response is sent to a point in the VPN where it is encrypted and this encrypted data is sent to another point in the VPN where it is decrypted. And finally, the decrypted data is sent to the client. The whole point of using a VPN is to ensure encrypted data transfer.

What do you understand by Risk, Vulnerability & Threat in a network?

Threat: Someone with the potential to harm a system or an organization
Vulnerability: Weakness in a system that can be exploited by a potential hacker
Risk: Potential for loss or damage when threat exploits a vulnerability

How can identity theft be prevented?

Here’s what you can do to prevent identity theft:

Ensure strong and unique password
Avoid sharing confidential information online, especially on social media
Shop from known and trusted websites
Use the latest version of the browsers
Install advanced malware and spyware tools
Use specialized security solutions against financial data
Always update your system and the software
Protect your SSN (Social Security Number)

What are black hat, white hat and grey hat hackers?

Black hat hackers are known for having vast knowledge about breaking into computer networks. They can write malware which can be used to gain access to these systems. This type of hackers misuse their skills to steal information or use the hacked system for malicious purpose.
White hat hackers use their powers for good deeds and so they are also called Ethical Hackers. These are mostly hired by companies as a security specialist that attempts to find and fix vulnerabilities and security holes in the systems. They use their skills to help make the security better.
Grey hat hackers are an amalgamation of a white hat and black hat hacker. They look for system vulnerabilities without the owner’s permission. If they find any vulnerabilities, they report it to the owner. Unlike Black hat hackers, they do not exploit the vulnerabilities found.

Explain MITM attack and how to prevent it?

A MITM(Man-in-the-Middle) attack is a type of attack where the hacker places himself in between the communication of two parties and steal the information. Suppose there are two parties A and B having a communication. Then the hacker joins this communication. He impersonates as party B to A and impersonates as party A in front of B. The data from both the parties are sent to the hacker and the hacker redirects the data to the destination party after stealing the data required. While the two parties think that they are communicating with each other, in reality, they are communicating with the hacker.

You can prevent MITM attack by using the following practices:

Use VPN
Use strong WEP/WPA encryption
Use Intrusion Detection Systems
Force HTTPS
Public Key Pair Based Authentication

Explain DDOS attack and how to prevent it?

This again is an important Cybersecurity Interview Question. A DDOS(Distributed Denial of Service) attack is a cyberattack that causes the servers to refuse to provide services to genuine clients. DDOS attack can be classified into two types:

Flooding attacks: In this type, the hacker sends a huge amount of traffic to the server which the server can not handle. And hence, the server stops functioning. This type of attack is usually executed by using automated programs that continuously send packets to the server.
Crash attacks: In this type, the hackers exploit a bug on the server resulting in the system to crash and hence the server is not able to provide service to the clients.

You can prevent DDOS attacks by using the following practices:

Use Anti-DDOS services
Configure Firewalls and Routers
Use Front-End Hardware
Use Load Balancing
Handle Spikes in Traffic

Explain XSS attack and how to prevent it?

XSS(Cross-Site Scripting) is a cyberattack that enables hackers to inject malicious client-side scripts into web pages. XSS can be used to hijack sessions and steal cookies, modify DOM, remote code execution, crash the server etc.

You can prevent XSS attacks by using the following practices:

Validate user inputs
Sanitize user inputs
Encode special characters
Use Anti-XSS services/tools
Use XSS HTML Filter

What is an ARP and how does it work?

Address Resolution Protocol (ARP)is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.

When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address.

The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the machine.

If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it.

What is port blocking within LAN?

Restricting the users from accessing a set of services within the local area network is called port blocking.

Stopping the source to not to access the destination node via ports. As the application works on the ports, so ports are blocked to restricts the access filling up the security holes in the network infrastructure.

What protocols fall under TCP/IP internet layer?

TCP/IP	TCP/IP Protocol Examples
Application	NFS, NIS+, DNS, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, SNMP and others
Transport	TCP, UDP
Internet	IP, ARP, ICMP
Data Link	PPP, IEEE 802.2
Physical Network	Ethernet (IEEE 802.3) Token ring, RS-232, others

What is a Botnet?

A Botnet is a number of devices connected to the internet where each device has one or more bots running on it. The bots on the devices and malicious scripts used to hack a victim. Botnets can be used to steal data, send spams and execute a DDOS attack.

What are salted hashes?

Salt is a random data. When a properly protected password system receives a new password, it creates a hash value of that password, a random salt value, and then the combined value is stored in its database. This helps to defend against dictionary attacks and known hash attacks.

Example: If someone uses the same password on two different systems and they are being used using the same hashing algorithm, the hash value would be same, however, if even one of the system uses salt with the hashes, the value will be different.

Explain SSL and TLS

SSL is meant to verify the sender’s identity but it doesn’t search for anything more than that. SSL can help you track the person you are talking to but that can also be tricked at times.

TLS is also an identification tool just like SSL, but it offers better security features. It provides additional protection to the data and hence SSL and TLS are often used together for better protection.

What is data protection in transit vs data protection at rest?

Data Protection in transit	Data protection at rest
When data is going from server to client	When data just exists in its database or on its hard drive
Effective Data protection measures for in-transit data are critical as data is less secure when in motion	Data at rest is sometimes considered to be less vulnerable than data in transit

What is 2FA and how can it be implemented for public websites?

An extra layer of security that is known as “multi-factor authentication“.

Requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.

Authenticator apps replace the need to obtain a verification code via text, voice call or email.

What is the difference between VPN and VLAN?

VPN	VLAN
Helps to group workstations that are not within the same locations into the same broadcast domain	Related to remote access to the network of a company
Means to logically segregate networks without physically segregating them with various switches	Used to connect two points in a secured and encrypted tunnel
Saves the data from prying eyes while in transit and no one on the net can capture the packets and read the data	Does not involve any encryption technique but it is only used to slice up your logical network into different sections for the purpose of management and security

Explain Phishing and how to prevent it?

Phishing is a Cyberattack in which a hacker disguises as a trustworthy person or business and attempt to steal sensitive financial or personal information through fraudulent email or instant message.

You can prevent Phishing attacks by using the following practices:

Don’t enter sensitive information in the webpages that you don’t trust
Verify the site’s security
Use Firewalls
Use AntiVirus Software that has Internet Security
Use Anti-Phishing Toolbar

Explain SQL Injection and how to prevent it?

SQL Injection (SQLi) is a code injection attack where an attacker manipulates the data being sent to the server to execute malicious SQL statements to control a web application’s database server, thereby accessing, modifying and deleting unauthorized data. This attack is mainly used to take over database servers.

You can prevent SQL Injection attacks by using the following practices:

Use prepared statements
Use Stored Procedures
Validate user input

Test Cases for Security Assessment Testing

Test cases required while performing security testing on any web application.

Authentication

• Test password quality rules — Look at how secure the site wants its passwords to be, is there a minimum/maximum? is there any excluded characters — ‘,<, etc — this might suggest passwords aren’t being hashed properly.

• Test for username enumeration — Do you get a different error if a user exists or not? Worth noting the application behavior if a user exists does the error change if they don’t?

• Test resilience to password guessing — Does the application lockout an account after x number of login attempts?

• Test password creation strength — Is there a minimum creation length? Is the policy ridiculous? e.g.“mustbebetween4and 8 characters passwords are not case sensitive” — should kick off alarm bells for most people!

• Test any account recovery function — Look at how an account can be recovered, are there methods in place to prevent an attacker changing the email without asking current user? Can the password be changed without knowing anything about the account? Can you recover to a different email address?

• Test any “remember me” function — Does the remember me function ever expire? Is there room for exploit-ability in cookies combined with other attacks?

• Test any impersonation function — Is it possible to pretend to be other users? Can session cookies be stolen and replayed? Does the application utilize anti-cross site request forgery102?

• Test username uniqueness — Can you create a username or is it generated for you? Is it a number that can be incremented? Or is it something the user knows and isn’t displayed on the application?

• Check for unsafe distribution of credentials — How are logins processed, are they sent over HTTP? Are details sent in a POST request or are they included in the URL (this is bad if they are, especially passwords)?

• Test for fail-open conditions — Fail-open authentication is the situation when the user authentication fails but results in providing open access to authenticated and secure sections of the web application to the end-user.

• Test any multi-stage mechanisms — Does the application utilize multi-steps, e.g. username->click next->password->login, can this be bypassed by visiting complete page after the username is entered? (similar to IDOR issues) — Session Management– How well are sessions handled, is there randomness to the session cookie? Are sessions killed in a reasonable time or do they last forever? Does the app allow multiple logins from the same user (is this significant to the app?). — Test tokens for meaning — What do the cookies mean?!

• Test tokens for predictability — Are tokens generated predictably or do they provide a sufficiently random value, tools to help with this are Burp Suite’s sequencer tool.

• Check for insecure transmission of tokens — This lies the same way as insecure transmission of credentials, are they sent over HTTPS? are they included in URL? Can they be accessed by JavaScript? Is this an Issue?

• Check for disclosure of tokens in logs — Are tokens cached in browser logs? Are they cached server-side? Can you view this? Can you pollute logs by setting custom tokens?

• Check to map of tokens to sessions — Is a token tied to a session, or can it be re-used across sessions?

• Check session termination — is there a time-out?

• Check for session fixation — Can an attacker hijack a user’s session using the session token/cookie?

• Check for cross-site request forgery — Canauthenticatedactionsbeperformedwithinthecontextoftheapplicationfromother websites?

• Check cookie scope — Is the cookie scoped to the current domain or can it be stolen, what are the flags set> is it missing secure or http-only? This can be tested by trapping the request in burp and looking at the cookie.

• Understand the access control requirements — How do you authenticate to the application, could there be any flaws here?

• Test effectiveness of controls, using multiple accounts if possible

Test for insecure access control methods (request parameters, Referrer header, etc)

Input Validation

• Fuzz all request parameters — Look at what you’re dealing with, are parameters reflected? Is there a chance of open redirection?

• Test for SQL injection — Look at if a parameter is being handled as SQL, don’t automate this off the bat as if you don’t know what a statement is doing you could be doing DROP TABLES.

• Identify all reflected data

• Test for reflected cross-site scripting (XSS)

• Test for HTTP header injection

• Test for arbitrary redirection

• Test for stored attacks

• Test for OS command injection

• Test for path traversal

• Test for JavaScript/HTML injection — similar to XSS

• Test for file inclusion — both local and remote

• Test for SMTP injection

• Test for SOAP injection — can you inject SOAP envelopes, or get the application to respond to SOAP, this ties into XXE attacks too.

• Test for LDAP injection — not so common anymore but look for failure to sanitize input leading to possible information disclosure

• Test for XPath injection -can you inject XML that is reflected or causes the application to respond in a weird way?

• Test for template injection-does the application utilizes a templating language that can enable you to achieve XSS or worse remote code execution? — There is a tool for this, automated template injection with Sqlmap

Test for XXE injection — does the application respond to external entity injection?

Application/Business Logic

This type of test cases also play an important role in security testing while other typed test cases can be automated with any tool, but application/business logic test cases are too difficult to automate with tool because every application’s logic is different to others.

• Identify the logic attack surface — What does the application do, what is the most value, what would an attacker want to access?

• Test transmission of data via the client — Is there a desktop application or mobile application, does the transferal of information vary between this and the web application

• Test for reliance on client-side input validation– Does the application attempt to base its logic on the client-side, for example, do forms have a maximum length client side that can be edited with the browser that is simply accepted as true?

• Test any thick-client components (Java, ActiveX, Flash) — Does the application utilize something like Java, Flash, ActiveX or Silverlight? can you download the applet and reverse engineer it?

• Test multi-stage processes for logic flaws — Can you go from placing an order straight to delivery thus bypassing payment? or a similar process?

• Test handling of incomplete input — Can you pass the application dodgy input and does it process it as normal, this can point to other issues such as RCE & XSS.

• Test trust boundaries — What is a user trusted to do, can they access admin aspects of the app?

• Test transaction logic

Application Infrastructure

• Test segregation in shared infrastructures/ virtual hosting environments

• Test segregation between ASP-hosted applications

• Test for web server vulnerabilities — this can be tied into port scanning and infrastructure assessments

• Default credentials

• Default content

• Dangerous HTTP methods

• Proxy functionality

Miscellaneous tests

• Check for DOM-based attacks — open redirection, cross-site scripting, client-side validation.

• Check for frame injection, frame busting (can still be an issue)

• Check for local privacy vulnerabilities

• Persistent cookies

• Weak cookie options

• Caching

• Sensitive data in URL parameters

• Follow up any information leakage

• Check for weak SSL ciphers

• HTTP Header analysis — look for lack of security headers such as — Content Security Policy (CSP) — HTTP Strict Transport Security (HSTS) — X-XSS-Protection — X-Content-Type-Options — HTTP Public Key Pinning

What is “Vulnerability”?

Answer: Vulnerability can be defined as the weakness of any system through which intruders or bugs can attack the system.

If security testing has not been performed rigorously on the system then chances of vulnerabilities get increased. Time to time patches or fixes is required to prevent a system from the vulnerabilities.

What is Intrusion Detection?

Answer: Intrusion detection is a system which helps in determining possible attacks and deal with it. Intrusion detection includes collecting information from many systems and sources, analysis of the information and finding the possible ways of the attack on the system.

Intrusion detection checks the following:

Possible attacks
Any abnormal activity
Auditing the system data
Analysis of different collected data, etc.

What is “SQL Injection”?

Answer: SQL Injection is one of the common attacking techniques used by hackers to get critical data.

Hackers check for any loophole in the system through which they can pass SQL queries, bypass the security checks, and return back the critical data. This is known as SQL injection. It can allow hackers to steal critical data or even crash a system.

SQL injections are very critical and need to be avoided. Periodic security testing can prevent this kind of attack. SQL database security needs to be defined correctly and input boxes and special characters should be handled properly.

List the attributes of Security Testing?

Answer: There are following seven attributes of Security Testing:

Authentication
Authorization
Confidentiality
Availability
Integrity
Non-repudiation
Resilience

What is XSS or Cross-Site Scripting?

XSS or cross-site scripting is a type of vulnerability that hackers used to attack web applications.

It allows hackers to inject HTML or JAVASCRIPT code into a web page that can steal the confidential information from the cookies and returns to the hackers. It is one of the most critical and common techniques which needs to be prevented.

What are the SSL connections and an SSL session?

SSL or Secured Socket Layer connection is a transient peer-to-peer communications link where each connection is associated with one SSL Session.

SSL session can be defined as an association between client and server generally created by the handshake protocol. There are a set of parameters defined and it may be shared by multiple SSL connections.

What is “Penetration Testing”?

Penetration testing is on security testing which helps in identifying vulnerabilities in a system. A penetration test is an attempt to evaluate the security of a system by manual or automated techniques and if any vulnerability found, testers use that vulnerability to get deeper access to the system and find more vulnerabilities.

The main purpose of this testing is to prevent a system from any possible attacks. Penetration testing can be done in two ways –White Box testing and Black box testing.

In white-box testing, all the information is available with the testers whereas in black box testing, testers don’t have any information and they test the system in real-world scenarios to find out the vulnerabilities.

Why “Penetration Testing” is important?

Answer: Penetration testing is important because-

Security breaches and loopholes in the systems can be very costly as the threat of attack is always possible and hackers can steal important data or even crash the system.

It is impossible to protect all the information all the time. Hackers always come with new techniques to steal important data and it is necessary for testers as well to perform periodical testing to detect the possible attacks.

Penetration testing identifies and protects a system by the above-mentioned attacks and helps organizations to keep their data safe.

Name the two common techniques used to protect a password file?

Answer: Two common techniques to protect a password file is- hashed passwords and a salt value or password file access control.

List the full names of abbreviations related to Software security?

Answer: Abbreviations related to software security include:

IPsec – Internet Protocol Security is a suite of protocols for securing Internet

OSI – Open Systems Interconnection

ISDN Integrated Services Digital Network

GOSIP- Government Open Systems Interconnection Profile

FTP – File Transfer Protocol

DBA – Dynamic Bandwidth Allocation

DDS – Digital Data System

DES – Data -Encryption Standard

CHAP – Challenge Handshake Authentication Protocol

BONDING – Bandwidth On Demand Interoperability Group

SSH – The Secure Shell

COPS Common Open Policy Service

ISAKMP – Internet Security Association and Key Management Protocol

USM – User-based Security Model

TLS – The Transport Layer Security

List down some factors that can cause vulnerabilities?

Factors causing vulnerabilities are:

Design flaws: If there are loopholes in the system that can allow hackers to attack the system easily.
Passwords: If passwords are known to hackers they can get the information very easily. Password policy should be followed rigorously to minimize the risk of password steal.
Complexity: Complex software can open doors on vulnerabilities.
Human Error: Human error is a significant source of security vulnerabilities.
Management: Poor management of the data can lead to the vulnerabilities in the system.

List the various methodologies in Security testing?

Methodologies in Security testing are:

White Box- All the information are provided to the testers.
Black Box- No information is provided to the testers and they can test the system in a real-world scenario.
Grey Box- Partial information is with the testers and rest they have to test on their own.

List down the seven main types of security testing as per Open Source Security Testing methodology manual?

The seven main types of security testing as per the Open Source Security Testing methodology manual are:

Vulnerability Scanning: Automated software scans a system against known vulnerabilities.
Security Scanning: Manual or automated technique to identify network and system weaknesses.
Penetration testing: Penetration testing is on the security testing which helps in identifying vulnerabilities in a system.
Risk Assessment: It involves the analysis of possible risks in the system. Risks are classified as Low, Medium and High.
Security Auditing: Complete inspection of systems and applications to detect vulnerabilities.
Ethical hacking: Hacking is done on a system to detect flaws in it rather than personal benefits.
Posture Assessment: This combines Security Scanning, Ethical Hacking and Risk Assessments to show an overall security posture of an organization.

What is SOAP and WSDL?

Answer: SOAP or Simple Object Access Protocol is an XML-based protocol through which applications exchange information over HTTP. XML requests are sent by web services in SOAP format then a SOAP client sends a SOAP message to the server. The server responds back again with a SOAP message along with the requested service.

Web Services Description Language (WSDL) is an XML formatted language used by UDDI. “Web Services Description Language describes Web services and how to access them”.

List the parameters that define an SSL session connection?

Answer: The parameters that define an SSL session connection are:

Server and client random
Server write MACsecret
Client write MACsecret
Server write key
Client write key
Initialization vectors
Sequence numbers

What is file enumeration?

This kind of attack uses forceful browsing with the URL manipulation attack. Hackers can manipulate the parameters in URL string and can get the critical data which generally does not open for the public such as achieved data, old version or data which is under development.

List the benefits that can be provided by an intrusion detection system?

There are three benefits of an intrusion detection system.

NIDS or Network Intrusion Detection
NNIDS or Network Node Intrusion Detection System
HIDS or Host Intrusion Detection System

What is HIDS?

Answer: HIDS or Host Intrusion Detection system is a system in which a snapshot of the existing system is taken and compared with the previous snapshot. It checks if critical files were modified or deleted then an alert is generated and sent to the administrator.

List down the principal categories of SET participants?

Answer: Following are the participants:

Cardholder
Merchant
Issuer
Acquirer
Payment gateway
Certification authority

Explain “URL manipulation”?

Answer: URL manipulation is a type of attack in which hackers manipulate the website URL to get the critical information. The information is passed in the parameters in the query string via HTTP GET method between client and server. Hackers can alter the information between these parameters and get the authentication on the servers and steal the critical data.

In order to avoid this kind of attack security testing of URL manipulation should be done. Testers themselves can try to manipulate the URL and check for possible attacks and if found they can prevent these kinds of attacks.

What are the three classes of intruders?

Answer: The three classes of intruders are:

Masquerader: It can be defined as an individual who is not authorized on the computer but hacks the system’s access control and get access of authenticated user’s accounts.

Misfeasor: In this case, user is authenticated to use the system resources but he misuses his access to the system.

Clandestine user, It can be defined as an individual who hacks the control system of the system and bypasses the system security system.

List the component used in SSL?

Answer: Secure Sockets Layer protocol or SSL is used to make secure connections between clients and computers.

Below are the component used in SSL:

SSL Recorded protocol
Handshake protocol
Change Cipher Spec
Encryption algorithms

What is port scanning?

Answer: Ports are the point where information goes in and out of any system. Scanning of the ports to find out any loopholes in the system is known as Port Scanning. There can be some weak points in the system to which hackers can attack and get the critical information. These points should be identified and prevented from any misuse.

Following are the types of port scans:

Strobe: Scanning of known services.
UDP: Scanning of open UDP ports
Vanilla: In this scanning, the scanner attempts to connect to all 65,535 ports.
Sweep: The scanner connects to the same port on more than one machine.
Fragmented packets: The scanner sends packet fragments that get through simple packet filters in a firewall
Stealth scan: The scanner blocks the scanned computer from recording the port scan activities.
FTP bounce: The scanner goes through an FTP server in order to disguise the source of the scan.

What is a Cookie?

Answer: A cookie is a piece of information received from a web server and stored in a web browser which can be read anytime later. A cookie can contain password information, some auto-fill information and if any hackers get these details it can be dangerous.

What are the types of Cookies?

Answer: Types of Cookies are:

Session Cookies – These cookies are temporary and last in that session only.
Persistent cookies – These cookies stored on the hard disk drive and last till its expiry or manual removal of it.

What is a honeypot?

Answer: Honeypot is a fake computer system that behaves like a real system and attracts hackers to attack it. Honeypot is used to find out loopholes in the system and to provide a solution for these kinds of attacks.

List the parameters that define an SSL session state?

Answer: The parameters that define an SSL session state are:

Session identifier
Peer certificate
Compression method
Cipher spec
Master secret
Is resumable

Describe the Network Intrusion Detection system?

Answer: Network Intrusion Detection system generally is known as NIDS. It is used for the analysis of the passing traffic on the entire subnet and to match with the known attacks. If any loophole identified then the administrator receives an alert.

What is “Vulnerability”?

This is the weakness in the web application. The cause of such “weakness” can be due to the bugs in the application, an injection (SQL/ script code) or the presence of viruses.

What is “URL Manipulation”?

Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server and this termed as URL Manipulation.

What is “SQL injection”?

This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server.

What is “XSS (Cross-Site Scripting)”?

When a user inserts HTML/ client-side script in the user interface of a web application, this insertion is visible to other users and it is termed as XSS.

What is “Spoofing”?

The creation of hoax look-alike websites or emails is called Spoofing.

What should you do to Test Network Security?

1) Most critical areas should be tested first – In Case of network security, areas which are exposed to the public are considered to be critical. So focus should be on firewalls, web servers, routers, switches and systems that are open to a mass crowd.

2) Up to date with Security Patches – System under test should always have the latest security patch installed in it.

3) Good Interpretation of Testing Results – Vulnerability Testing sometimes may lead to false-positive scores and at times may not be able to identify the issues beyond the capability of the tool that is being used for testing. In such cases, testers should be experienced enough to understand, analyze and make a decision on the outcome.

4) Awareness of the Security Policies – Testers should be well versed in the security policy or the protocol that is followed. This will help in effective testing and understanding of what is within and beyond the security guidelines.

5) Tool Selection – From a wide range of tools available, make sure you select the tool that provides the features required for your testing.

List of Network Security Devices

Given below is a brief note of few Network Security Devices

Firewalls – Firewall is the protection layer that monitors the connections that can take place within a network.
VPN’s – VPN Gateways are used to establish a secure connection to the remote systems.
Anti Virus – It is used to monitor, identify and filter out all forms of malware.
URL Filtering –URL filtering will keep the end-users protected by restricting them to access malicious sites.
IDS system – Intrusion detection system monitors for malicious attacks and raises alerts to the admin team.

Techniques/Approaches for Testing Network Security

#1) Network Scanning

In this technique, a port scanner is used to identify all the hosts connected to the network. Network Services are also scanned like HTTP and FTP. This finally helps in ensuring whether the ports are configured to allow only the secured network services.

#2) Vulnerability Scanning

Vulnerability Scanner helps in finding the weakness of the system or network. It provides information on the security loopholes which can be improved.

#3) Ethical Hacking

This is hacking done to identify potential threats to a system or network. This helps to identify if unauthorized access or malicious attacks are possible.

#4) Password Cracking

This method can be used to crack weak passwords. This can help in enforcing a policy with minimum password criteria which ends up in creating strong passwords and difficult to crack.

#5) Penetration Testing

Pentest is an attack done on system/network to find out Security flaws. Under Penetration Testing Technique the Servers, endpoints, web application, wireless devices, mobile devices, and network devices, are all compromised to identify the vulnerability.

Why Network Security Test?

A well-tested website from the security perspective always gets the two prime benefits.

The benefits include:

Retention of Customers – If a Website is secured, users will definitely opt using it over the other websites. In the case of eCommerce websites, retention of customers results in the generation of more revenue online.
Cost Saving – A Website compliant with all the security protocol drives less legal charges later, and also the cost involved in getting the site back up after a security attack gets reduced.

Penetration Testing Sample Test Cases (Test Scenarios)

Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable to all applications.

Check if the web application is able to identify spam attacks on contact forms used on the website.
Proxy server – Check if network traffic is monitored by proxy appliances. The proxy server makes it difficult for hackers to get internal details of the network thus protecting the system from external attacks.
Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked.
Many email clients come with inbuilt spam filters that need to be configured as per your needs. These configuration rules can be applied to email headers, subject or body.
Firewall – Make sure the entire network or computers are protected with firewalls. A Firewall can be software or hardware to block unauthorized access to a system. A Firewall can prevent sending data outside the network without your permission.
Try to exploit all servers, desktop systems, printers, and network devices.
Verify that all usernames and passwords are encrypted and transferred over secure connections like https.
Verify information stored in website cookies. It should not be in a readable format.
Verify previously found vulnerabilities to check if the fix is working.
Verify if there is no open port in the network.
Verify all telephone devices.
Verify WIFI network security.
Verify all HTTP methods. PUT and Delete methods should not be enabled on a web server.
Verify if the password meets the required standards. The password should be at least 8 characters long containing at least one number and one special character.
Username should not be like “admin” or “administrator”.
The application login page should be locked upon a few unsuccessful login attempts.
Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
Verify if special characters, HTML tags, and scripts are handled properly as an input value.
Internal system details should not be revealed in any of the error or alert messages.
Custom error messages should be displayed to end-users in case of a web page crash.
Verify the use of registry entries. Sensitive information should not be kept in the registry.
All files must be scanned before uploading them to the server.
Sensitive data should not be passed in URLs while communicating with different internal modules of the web application.
There should not be any hardcoded username or password in the system.
Verify all input fields with long input string with and without spaces.
Verify if reset password functionality is secure.
Verify application for SQL Injection.
Verify application for Cross-Site Scripting.
Important input validations should be done at the server-side instead of JavaScript checks at the client-side.
Critical resources in the system should be available to authorized persons and services only.
All access logs should be maintained with proper access permissions.
Verify user session ends upon log off.
Verify that directory browsing is disabled on the server.
Verify that all applications and database versions are up to date.
Verify URL manipulation to check if a web application is not showing any unwanted information.
Verify memory leak and buffer overflow.
Verify if incoming network traffic is scanned to find Trojan attacks.
Verify if the system is safe from Brute Force Attacks – a trial and error method to find sensitive information like passwords.
Verify if the system or network is secured from DoS (denial-of-service) attacks. Hacker can target network or a single computer with continuous requests due to which resources on the target system gets overloaded resulting in the denial of service for legit requests.
Verify application for HTML script injection attacks.
Verify against COM & ActiveX attacks.
Verify against spoofing attacks. Spoofing can be of multiple types – IP address spoofing, Email ID spoofing,
ARP spoofing, Referrer spoofing, Caller ID spoofing, Poisoning of file-sharing networks, GPS spoofing.
Check for an uncontrolled format string attack – a security attack that can cause the application to crash or execute the harmful script on it.
Verify XML injection attack – used to alter the intended logic of the application.
Verify against canonicalization attacks.
Verify if the error pages are displaying any information that can be helpful for a hacker to enter into the system.
Verify if any critical data like the password is stored in secret files on the system.
Verify if the application is returning more data than it is required.

Penetration Testing Types

#1) Social Engineering Test: In this test, attempts are being made to make a person reveal sensitive information like password, business-critical data, etc. These tests are mostly done through phone or internet and it targets certain helpdesks, employees & processes.

Human errors are the main causes of security vulnerability. Security standards and policies should be followed by all staff members to avoid social engineering penetration attempts. An example of these standards includes not to mention any sensitive information in the email or phone communication. Security audits can be conducted to identify and correct process flaws.

#2) Web Application Test: Using software methods one can verify if the application is exposed to security vulnerabilities. It checks the security vulnerability of web apps and software programs positioned in the target environment.

#3) Physical Penetration Test: Strong physical security methods are applied to protect sensitive data. This is generally used in military and government facilities. All physical network devices and access points are tested for the possibilities of any security breach. This test is not much relevant to the scope of software testing.

#4) Network Services Test: This is one of the most commonly performed penetration tests where the openings in the network are identified by which entry is being made in the systems on the network to check what kind of vulnerabilities are there. It can be done locally or remotely.

#5) Client-side Test: It aims to search and exploit vulnerabilities in client-side software programs.

#6) Remote dial-up war dial: It searches for modems in the environment and tries to log in to the systems connected through these modems by password guessing or brute-forcing.

#7) Wireless Security Test: It discovers the open, unauthorized and less secured hotspots or Wi-Fi networks and connects through them.

The above 7 categories we have seen are one way of categorizing the types of pen tests. We can also organize the types of penetration testing into three parts as seen below:

Let’s discuss this testing approaches one by one:

Black Box Penetration Testing: In this approach, the tester assesses the target system, network or process without the knowledge of its details. They just have a very high level of inputs like URL or company name using which they penetrate the target environment. No code is being examined in this method.
White Box Penetration Testing: In this approach, the tester is equipped with complete details about the target environment – Systems, network, OS, IP address, source code, schema, etc. It examines the code and finds out design & development errors. It is a simulation of an internal security attack.
Grey Box Penetration Testing: In this approach, the tester has limited details about the target environment. It is a simulation of external security attacks.

Methods For Web Security Testing

Password Cracking

The security testing on a Web Application can be kicked off by “Password Cracking”. In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same. A list of common usernames and passwords are available along with open source password crackers.

If the web application does not enforce a complex password (For Example, with alphabets, number, and special characters or with at least a required number of characters), it may not take very long to crack the username and password.

If a username or password is stored in cookies without encrypting, an attacker can use different methods to steal the cookies and the information stored in the cookies like username and password.

URL Manipulation Through HTTP GET Methods

A tester should check whether the application passes important information in the query string or not. This happens when the application uses the HTTP GET method to pass information between the client and the server.

The information is passed through the parameters in the query string. The tester can modify a parameter value in the query string to check if the server accepts it.

Via HTTP GET request user information is passed to the server for authentication or fetching data. The attacker can manipulate every input variable passed from this GET request to a server in order to get the required information or to corrupt the data. In such conditions, any unusual behavior by application or web server is the doorway for the attacker to get into an application.

SQL Injection

The next factor that should be checked is SQL Injection. Entering a single quote (‘) in any textbox should be rejected by the application. Instead, if the tester encounters a database error, it means that the user input is inserted in some query which is then executed by an application. In such a case, the application is vulnerable to SQL injection.

SQL injection attacks are very critical as an attacker can get vital information from the server database. To check SQL injection entry points into your web application, find out the code from your codebase where direct MySQL queries are executed on the database by accepting some user inputs.

If the user input data is crafted in SQL queries to query the database, an attacker can inject SQL statements or part of the SQL statements as user inputs to extract vital information from a database. Even if an attacker is successful to crash the application, from the SQL query error shown on a browser, the attacker can get the information they are looking for.

Special characters from user inputs should be handled/escaped properly in such cases.

Cross-Site Scripting (XSS)

A tester should additionally check the web application for XSS (Cross-site scripting). Any HTML For Example, <HTML> or any script For Example, <SCRIPT> should not be accepted by the application. If it is, then the application can be prone to an attack by Cross-Site Scripting.

The attacker can use this method to execute a malicious script or URL on the victim’s browser. Using cross-site scripting, an attacker can use scripts like JavaScript to steal user cookies and information stored in the cookies.

Many web applications get some useful information and pass this information in some variables from different pages.

For Example, http://www.examplesite.com/index.php?userid=123&query=xyz

The attacker can easily pass some malicious input or <script> as a ‘&query’ parameter which can explore important user/server data on the browser.

Important: During Security testing, the tester should be very careful as not to modify any of the following:

Configuration of the application or the server

Services running on the server

Existing user or customer data hosted by the application

Difference Between Functional and Non-Functional Testing

Functional Testing	Non Functional Testing
It tests ‘What’ the product does. It checks the operations and actions of an Application.	It checks the behaviour of an Application.
Functional testing is done based on the business requirement.	Non- functional testing is done based on the customer expectation and Performance requirement.
It tests whether the actual result is working according to the expected result.	It checks the response time, and speed of the software under specific conditions.
It is carried out manually. Example: Black box testing method.	It is more feasible to test using automated tools. Example: Loadrunner.
It tests as per the customer requirements.	It tests as per customer expectations.
Customer feedback helps in reducing the risk factors of the product.	Customer feedback is more valuable for non- functional testing as it helps to improve and lets the tester to know the expectation of the customer.
It is testing the functionality of the software.	It is testing the performance of the functionality of the software.
Functional testing has the following types: •Unit testing •Integration testing •System Testing •Acceptance Testing	Non functional testing includes: •Performance testing •Load Testing •Stress testing •Volume testing •Security testing •Installation testing •Recovery testing
Example: A Login page must show textboxes to Enter the username and password.

What is a Web Service?

A Web Service is a software functionality that supports machine to machine communication over the world wide web.

It generally uses web technology like HTTP for transferring the messages between electronic devices or applications. These messages are mostly in XML and JSON file formats.

A web service is based on the Request-response method.

It can be implemented by either of the two protocols – SOAP (Simple object access protocol) and REST (Representational State Transfer). Both the approaches support XML data transfer.

The concept of Web Service testing:

Web Service testing includes:

Understanding the functionality offered by the web service. Basically, a web service’s functionality is described by WSDL (web services description language) file.
Determine the XML request and response format.
Sending request and then validating the response against request sent.
We have both manual and automation testing tools available to test web services.

For manual testing, we need to write our own code that sends a request and validate the response. Quite the reverse, automation testing saves the coding effort.

Having had a basic understanding of the idea of web service testing, we will now discuss in this article about the different web service testing tools available in the market.

Differentiate Between a MAC and an IP Address?

All networks across devices are assigned a number which is unique, which is termed as MAC or Machine Access Control address. This address may be a personal mail box on the net. The network router identifies it. the amount may be modified anytime.All devices get their distinctive information processing address so they can be located easily on a given laptop and network. Whoever is aware of your distinctive information processing address will contact you through it.

What is SSL and why is it not enough when it comes to encryption?

SSL is identity verification, not hard encryption. it’s designed to be able to prove that the person you’re engaging on the other side is who they say they are. SSL and TLS are each used by almost everyone online, however because of this it is a huge target and is mainly attacked through its implementation (The Heartbleed bug for example) and its far-famed methodology.

Which programming language is used for hacking?

It’s best, actually, to master all 5 of Python, C/C++, Java, Perl, and LISP. Besides being the foremost vital hacking languages, they represent totally different approaches to programming, and each of it can educate you in valuable ways.

What is meant by spoofing attack?

A spoofing attack is when a malicious party impersonates another device or user on a network so as to launch attacks against network hosts, steal data, unfold malware or bypass access controls. Different Spoofing attacks are deployed by malicious parties to achieve this.

What are the different types of spoofing?

ARP Spoofing Attack.
DNS Spoofing Attack.
IP Spoofing Attack.

What is active and passive reconnaissance?

Passive reconnaissance is nothing but to gain info regarding targeted computers and networks while not actively participating with the systems. In active reconnaissance, in distinction, the attacker engages with the target system, usually conducting a port scan to find any open ports.

What's a denial of service (DOS) attack and what are the common forms?

DOS attacks involve flooding servers, systems or networks with traffic to cause over-consumption of victim resources. This makes it troublesome or not possible for legitimate users to access or use targeted sites.

Common DOS attacks include:

Buffer overflow attacks
ICMP flood
SYN flood
Teardrop attack
Smurf attack

What is SQL injection and its types?

If the application doesn’t sanitize the user input then the SQL injection happens. Thus a malicious hacker would inject SQL question to gain unauthorized access and execute administration operations on the database. SQL injections may be classified as follows:

Error-based SQL injection
Blind SQL injection
Time-based SQL injection

What is Burp Suite? What tools does it contain?

Burp Suite is an integrated platform used for attacking net applications. It contains all the tools a hacker would need for attacking any application. a number of these functionalities are

Proxy
Spider
Scanner
Intruder
Repeater
Decoder
Comparer
Sequencer

Explain how you can stop your website getting hacked?

By adapting following methodology you’ll be able to stop your web site from obtaining hacked

Using Firewall : Firewall may be accustomed drop traffic from suspicious information processing address if attack may be an easy DOS
Encrypting the Cookies : Cookie or Session poisoning may be prevented by encrypting the content of the cookies, associating cookies with the consumer information processing address and temporal arrangement out the cookies once it slow
Validating and confirmative user input : This approach is prepared to stop the type tempering by confirmative and verifying the user input before processing it
Header Sanitizing and validation : This technique is beneficial against cross website scripting or XSS, this method includes verifying and sanitizing headers, parameters passed via the address, type parameters and hidden values to cut back XSS attacks.

What is penetration testing? Mention some popular penetration testing tools.

A penetration test or a pen test is the simulation of a cyberattack on a computer to check for potential vulnerabilities in the system. It is commonly implemented to augment a web application firewall (WAF). It can involve a simulated attack on any number of application systems such as APIs, frontend servers, and backend servers to discover any vulnerabilities present. The insights gained through this kind of testing can be used to tighten the WAF security policies and fix the detected issues.

Following are a few popular tools used for penetration testing:

Netsparker
Wireshark
Metasploit
BeEF
Aircrack

What is network traffic monitoring and analysis?

Network traffic monitoring and analysis is a security analytical technique and tool used by Network Security Administrators for the detection of issues that can affect accessibility, functionality, and network traffic security in connected devices.

What is a security operations center (SOC)?

A security operations center (SOC) as a facility houses the information security team. This team is set in place to continuously monitor and analyze an organization’s security. The SOC team’s responsibility includes detection, analysis, and immediate response to Cybersecurity incidents through the implementation of various technology solutions and a set of processes. The team may include Security Analysts, Engineers, and Managers who work closely with the incident response team.

What is Defense in Depth?

Defense in Depth (DiD) in Cybersecurity involves a series of defensive mechanisms that are layered for the purpose of securing valuable data and information. In case one mechanism fails, another one will start to work immediately to thwart unprecedented attacks. DiD’s multi-layered approach, which is also referred to as the castle approach, tightens up the security of a system.

What is sniffing? Explain its types in Ethical Hacking.

Sniffing in Ethical Hacking is a method implemented for monitoring all the data packets that pass through a particular network. Sniffers are primarily used to oversee and troubleshoot network traffic, and Network/System Administrators are responsible for this role. Sniffers can be installed in the system in the form of software or hardware.

However, attackers can misuse sniffers to gain access to data packets that contain sensitive information, such as account information, passwords, etc. Packet sniffers on a network can give a malicious hacker the opportunity to intrude and access all of the network traffic.

There are two types of sniffing:

Active sniffing: Sniffing in a point-to-point network device called the switch is referred to as active sniffing. The switch is responsible for the regulation of the data flow between its ports. This is done through the active monitoring of the MAC address on each port, which enables the passing of data only to the intended target. To activate the sniffing of the traffic between targets, sniffers have to inject traffic into the LAN.
Passive sniffing: Passive sniffing happens when the sniffing is done through the hub. The traffic that goes through the unbridged network or the non-switched segment is transparent to all machines in that segment. Here, sniffers work at the network’s data link layer. This is called passive sniffing as sniffers set up by the attackers passively wait for the data to capture them when they are sent.

What is MAC Flooding?

MAC Flooding is a kind of a technique wherever the protection of given network switch is compromised. In MAC flooding the hacker floods the switch with sizable amounts of frames, than what a switch can handle. This makes switch behaving as a hub and transmits all packets to all the ports existing. Taking the advantage of this the attacker can attempt to send his packet within the network to steal the sensitive information.

What are the tools used for ethical hacking?

There are several moral hacking tools out there within the marketing for different purposes, they are:

NMAP – NMAP stands for Network plotter. It’s associate degree open source tool that’s used wide for network discovery and security auditing.
Metasploit – Metasploit is one amongst the most powerful exploit tool to conduct basic penetration tests.
Burp Suit – Burp Suite could be a widespread platform that’s widely used for playing security testing of internet applications.
Angry IP Scanner – Angry information processing scanner could be a light-weight, cross-platform information processing address and port scanner.
Cain & Abel – Cain & Abel is a password recovery tool for Microsoft operational Systems.
Ettercap – Ettercap stands for local area network Capture. It is used for Man-in-the-Middle attack using a network security tool.

What are the hacking stages? Explain each stage.

Hacking, or targeting on a machine, should have the following 5 phases :

Surveillance : This is the principal stage where the hacker endeavours to gather as much data as possible about the target
Scanning : This stage includes exploiting the data accumulated amid Surveillance stage and utilizing it to inspect the casualty. The hacker can utilize computerized devices amid the scanning stage which can incorporate port scanners, mappers and vulnerability scanners.
Getting access : This is where the real hacking happens. The hacker attempts to exploit data found amid the surveillance and Scanning stage to get access.
Access Maintenance : Once access is gained, hackers need to keep that access for future exploitation and assaults by securing their exclusive access with backdoors, rootkits and Trojans.
Covering tracks : Once hackers have possessed the capacity to pick up and maintain access, they cover their tracks and to keep away from getting detected. This likewise enables them to proceed with the utilization of the hacked framework and keep themselves away from legitimate activities.

What is an intrusion detection system (IDS)?

An intrusion detection system, or IDS for short, is a software application or device that monitors a network for the detection of malicious activities or policy violations. Any detected malicious activity or violation is reported or collected centrally with the help of a security information and event management system. An IDS that can respond to intrusions upon discovery is classified as an intrusion prevention system (IPS).

Unit Testing Vs Integration Testing Vs Functional Testing

Unit testing means testing individual modules of an application in isolation (without any interaction with dependencies) to confirm that the code is doing things right.

Integration testing means checking if different modules are working fine when combined together as a group.

Functional testing means testing a slice of functionality in the system (may interact with dependencies) to confirm that the code is doing the right things.

Functional tests are related to integration tests, however, they signify to the tests that check the entire application’s functionality with all the code running together, nearly a super integration test.

Unit testing considers checking a single component of the system whereas functionality testing considers checking the working of an application against the intended functionality described in the system requirement specification. On the other hand, integration testing considers checking integrated modules in the system.

This is illustrated best in the following test pyramid:

Image result for unit testing vs functional testing vs integration testing

Unit tests are easier to write and quicker to execute. The time and effort to implement and maintain the tests increases from unit testing to functional testing as shown in the above pyramid.
Example:
Let us understand these three types of testing with an oversimplified example.
E.g. For a functional mobile phone, the main parts required are “battery” and “sim card”.

Unit testing Example – The battery is checked for its life, capacity and other parameters. Sim card is checked for its activation.
Integration Testing Example – Battery and sim card are integrated i.e. assembled in order to start the mobile phone.
Functional Testing Example – The functionality of a mobile phone is checked in terms of its features and battery usage as well as sim card facilities.

Almost every web application requires its users/customers to log in. For that, every application has to have a “Login” page which has these elements:

Account/Username
Password
Login/Sign in Button

For Unit Testing, the following may be the test cases:

Field length – username and password fields.
Input field values should be valid.
The login button is enabled only after valid values (Format and lengthwise) are entered in both the fields.

For Integration Testing, the following may be the test cases:

The user sees the welcome message after entering valid values and pushing the login button.
The user should be navigated to the welcome page or home page after valid entry and clicking the Login button.

Now, after unit and integration testing are done, let us see the additional test cases that are considered for functional testing:

The expected behavior is checked, i.e. is the user able to log in by clicking the login button after entering a valid username and password values.
Is there a welcome message that is to appear after a successful login?
Is there an error message that should appear on an invalid login?
Are there any stored site cookies for login fields?
Can an inactivated user log in?
Is there any ‘forgot password’ link for the users who have forgotten their passwords?

There are much more such cases which come to the mind of a functional tester while performing functional testing. But a developer cannot take up all cases while building Unit and Integration test cases.
Thus, there are a plenty of scenarios that are yet to be tested even after unit and integration testing.

What is Unit Testing?

As the name suggests, this level involves testing a ‘Unit’.

Here unit can be the smallest part of an application that is testable, be it the smallest individual function, method, etc. Software developers are the ones who write the unit test cases. The aim here is to match the requirements and the unit’s expected behavior.

Below are a few important points about unit testing and its benefits:

Unit testing is done before Integration testing by software developers using white box testing techniques.
Unit testing does not only check the positive behavior i.e. the correct output in case of valid input, but also the failures that occur with invalid input.
Finding issues/bugs at an early stage is very useful and it reduces the overall project costs. As Unit testing is done before integration of code, issues found at this stage can be resolved very easily and their impact is also very less.
A unit test tests small pieces of code or individual functions so the issues/errors found in these test cases are independent and do not impact the other test cases.
Another important advantage is that the unit test cases simplify and make testing of code easier. So, it becomes easier to resolve the issues at a later stage too as only the latest change in the code is to be tested.
Unit test saves time and cost, and it is reusable and easy to maintain.

What is Integration Testing?

Integration testing is testing the integration of different part of the system together. Two different parts or modules of the system are first integrated and then integration testing is performed.

The aim of integration testing is to check the functionality, reliability, and performance of the system when integrated.

Integration testing is performed on the modules that are unit tested first and then integration testing defines whether the combination of the modules give the desired output or not.

Integration testing can either be done by independent testers or by developers too.

There are 3 different types of Integration testing approaches. Let us discuss each one of them briefly:

different-types-of-integration-testing

a) Big Bang Integration Approach

In this approach, all the modules or units are integrated and tested as a whole at one time. This is usually done when the entire system is ready for integration testing at a single point of time.
Please do not confuse this approach of integration testing with system testing, only the integration of modules or units is tested and not the whole system as it is done in system testing.
The big bang approach’s major advantage is that everything integrated is tested at one time.
One major disadvantage is that it becomes difficult to identify the failures.
Example: In the figure below, Unit 1 to Unit 6 are integrated and tested using the Big bang approach.

b) Top-Down Approach
Integration of the units/modules is tested from the top to bottom levels step by step.
The first unit is tested individually by writing test STUBS. After this, the lower levels are integrated one by one until the last level is put together and tested.
The top-down approach is a very organic way of integrating as it is consistent with how things happen in the real environment.
The only concern with this approach is that the major functionality is tested at the end.

c) Bottom-Up Approach
Units/modules are tested from bottom to top level, step by step, until all levels of units/modules are integrated and tested as one unit. Stimulator programs called DRIVERS are used in this approach. It is easier to detect issues or errors at the lower levels.

The major disadvantage of this approach is that the higher-level issues can only be identified at the end when all the units have been integrated.

Unit Testing vs Integration Testing

Having had enough discussion about unit testing and integration testing, let us quickly go through the differences between the two in the following table:

Unit Testing	Integration Testing
Tests the single component of the whole system i.e. tests a unit in isolation.	Tests the system components working together i.e. test the collaboration of multiple units.
Faster to execute	Can run slow
No external dependency. Any external dependency is mocked or stubbed out.	Requires interaction with external dependencies (e.g. Database, hardware, etc.)
Simple	Complex
Conducted by developer	Conducted by tester
It is a type of white box testing	It is a type of black box testing
Carried out at the initial phase of testing and then can be performed anytime	Must be carried out after unit testing and before system testing
Cheap maintenance	Expensive maintenance
Begins from the module specification	Begins from the interface specification
Unit testing has a narrow scope as it just checks if each small piece of code is doing what it is intended to do.	It has a wider scope as it covers the whole application
The outcome of unit testing is detailed visibility of the code	The outcome of integration testing is the detailed visibility of the integration structure
Uncover the issues within the functionality of individual modules only. Does not exposes integration errors or system-wide issues.	Uncover the bugs arise when different modules interact with each other to form the overall system

	Unit testing	Integration testing	Functional testing
Definition and purpose	Testing smallest units or modules individually.	Testing integration of two or more units/modules combined for performing tasks.	Testing the behavior of the application as per the requirement.
Complexity	Not at all complex as it includes the smallest codes.	Slightly more complex than unit tests.	More complex compared to unit and integration tests.
Testing techniques	White box testing technique.	White box and black box testing technique. Grey box testing	Black box testing technique.
Major attention	Individual modules or units.	Integration of modules or units.	Entire application functionality.
Error/Issues covered	Unit tests find issues that can occur frequently in modules.	Integration tests find issues that can occur while integrating different modules.	Functional tests find issues that do not allow an application to perform its functionality. This includes some scenario-based issues too.
Issue escape	No chance of issue escape.	Less chance of issue escape.	More chances of issue escape as the list of tests to run is always infinite.

What is the difference between VA and PT?

Vulnerability Assessment	Penetration testing
Vulnerability Assessment is an approach used to find flaws in an application/network	It is the practice of finding exploitable vulnerabilities like a real attacker will do
It is like travelling on the surface	It is digging for gold.

What is the difference between encryption and hashing?

Encryption	Hashing
Encryption is reversible	Hashing is irreversible
Encryption ensures confidentiality	Hashing ensures Integrity

What is CIA Triad?

Confidentiality : Keeping the information secret.
Integrity : Keeping the information unaltered.
Availability : Information is available to the authorised parties at all times.

Scenario Based Cybersecurity Interview Questions
A friend of yours sends an e-card to your mail. You have to click on the attachment to get the card.
What do you do? Justify your answer
There are four risks here:

Some attachments contain viruses or other malicious programs, so just in general, it’s risky to open unknown or unsolicited attachments.
Also, in some cases just clicking on a malicious link can infect a computer, so unless you are sure a link is safe, don’t click on it.
Email addresses can be faked, so just because the email says it is from someone you know, you can’t be certain of this without checking with the person.
Finally, some websites and links look legitimate, but they’re really hoaxes designed to steal your information.

One of the staff members in XYZ subscribes to many free magazines. Now, to activate her subscriptions one of the magazines asked for her month of birth, second asked for her year of birth, the other one asked for her maiden name.What do you infer from this situation? Justify.
All three newsletters probably have the same parent company or are distributed through the same service. The parent company or service can combine individual pieces of seemingly-harmless information and use or sell it for identity theft

It is even possible that there is a fourth newsletter that asks for a day of birth as one of the activation questions

Often questions about personal information are optional. In addition to being suspicious about situations like the one described here, never provide personal information when it is not legitimately necessary, or to people or companies, you don’t personally know.

In our computing labs, print billing is often tied to the user’s login. Sometimes people call to complain about bills for printing they never did only to find out that the bills are, indeed, correct. What do you infer from this situation? Justify.
Sometimes they realize they loaned their account to a friend who couldn’t remember his/her password, and the friend did the printing. Thus the charges. It’s also possible that somebody came in behind them and used their account

This is an issue with shared or public computers in general. If you don’t log out of the computer properly when you leave, someone else can come in behind you and retrieve what you were doing, use your accounts, etc. Always log out of all accounts, quit programs, and close browser windows before you walk away.

There is this case that happened in my computer lab. A friend of mine used their yahoo account at a computer lab on campus. She ensured that her account was not left open before she left the lab. Someone came after her and used the same browser to re-access her account. and they started sending emails from it.What do you think might be going on here?The first person probably didn’t log out of her account, so the new person could just go to history and access her account.

Another possibility is that she did log out, but didn’t clear her web cache. (This is done through the browser menu to clear pages that the browser has saved for future use.)

Two different offices on campus are working to straighten out an error in an employee’s bank account due to a direct deposit mistake.
Office #1 emails the correct account and deposit information to office #2, which promptly fixes the problem. The employee confirms with the bank that everything has, indeed, been straightened out.What is wrong here?

Account and deposit information is sensitive data that could be used for identity theft. Sending this or any kind of sensitive information by email is very risky because email is typically not private or secure. Anyone who knows how can access it anywhere along its route.
As an alternative, the two offices could have called each other or worked with ITS to send the information a more secure way.

The mouse on your computer screen starts to move around on its own and click on things on your desktop. What do you do?
a) Call your co-workers over so they can see
b) Disconnect your computer from the network
c) Unplug your mouse
d) Tell your supervisor
e) Turn your computer off
f) Run anti-virus
g) All of the above

Select all the options that apply.

Right answer is B & D.
This is definitely suspicious. Immediately report the problem to your supervisor and the ITS Support Center:Also, since it seems possible that someone is controlling the computer remotely, it is best if you can disconnect the computer from the network (and turn off wireless if you have it) until help arrives. If possible, don’t turn off the computer.

You receive an email from your bank telling you there is a problem with your account. The email provides instructions and a link so you can log into your account and fix the problem.
What should you do?
Delete the email. Better yet, use the web client (e.g. gmail, yahoo mail, etc.) and report it as spam or phishing, then delete it.
Any unsolicited email or phone call asking you to enter your account information, disclose your password, financial account information, social security number, or other personal or private information is suspicious – even if it appears to be from a company you are familiar with. Always contact the sender using a method you know is legitimate to verify that the message is from them

A while back, the IT folks got a number of complaints that one of our campus computers was sending out Viagra spam. They checked it out, and the reports were true: a hacker had installed a program on the computer that made it automatically send out tons of spam email without the computer owner’s knowledge.How do you think the hacker got into the computer to set this up?

This was actually the result of a hacked password. Using passwords that can’t be easily guessed, and protecting your passwords by not sharing them or writing them down can help to prevent this. Passwords should be at least 8 characters in length and use a mixture of upper and lower case letters, numbers, and symbols.

Even though in this case it was a hacked password, other things that could possibly lead to this are:

Out of date patches/updates
No anti-virus software or out of date anti-virus software

Ok-Guru

Search This Blog

Thursday, April 8, 2021

Cyber Security Interview questions