Top 110 Cyber Security Interview Questions & Answers

Following are frequently asked questions in interviews for freshers as well as experienced cyber
security certification candidates.

1) What is cybersecurity?

Cybersecurity refers to the protection of hardware, software, and data from attackers. The
primary purpose of cyber security is to protect against cyberattacks like accessing, changing, or
destroying sensitive information.

2) What are the elements of cybersecurity?

Major elements of cybersecurity are:

 Information security
 Network security
 Operational security
 Application security
 End-user education
 Business continuity planning

3) What are the advantages of cyber security?

Benefits of cyber security are as follows:

 It protects the business against ransomware, malware, social engineering, and phishing.
 It protects end-users.
 It gives good protection for both data as well as networks.
 Increase recovery time after a breach.
 Cybersecurity prevents unauthorized users.

4) Define Cryptography.

It is a technique used to protect information from third parties called adversaries. Cryptography
allows the sender and recipient of a message to read its details.

5) Differentiate between IDS and IPS.

Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful while
preventing the intrusion. In the Intrusion Prevention System (IPS), the system finds the intrusion
and prevent it.
6) What is CIA?

Confidentiality, Integrity, and Availability (CIA) is a popular model which is designed to

develop a security policy. CIA model consists of three concepts:

 Confidentiality: Ensure the sensitive data is accessed only by an authorized user.

 Integrity: Integrity means the information is in the right format.
 Availability: Ensure the data and resources are available for users who need them.

7) What is a Firewall?

It is a security system designed for the network. A firewall is set on the boundaries of any system
or network which monitors and controls network traffic. Firewalls are mostly used to protect the
system or network from malware, worms, and viruses. Firewalls can also prevent content
filtering and remote access.

8) Explain Traceroute

It is a tool that shows the packet path. It lists all the points that the packet passes through.
Traceroute is used mostly when the packet does not reach the destination. Traceroute is used to
check where the connection breaks or stops or to identify the failure.

9) Differentiate between HIDS and NIDS.

Parameter HIDS NIDS

Usage HIDS is used to detect the intrusions. NIDS is used for the network.
What does it It monitors suspicious system activities and traffic It monitors the traffic of all device on
do? of a specific device. the network.

10) Explain SSL

SSL stands for Secure Sockets Layer. It is a technology creating encrypted connections between
a web server and a web browser. It is used to protect the information in online transactions and
digital payments to maintain data privacy.

11) What do you mean by data leakage?

Data leakage is an unauthorized transfer of data to the outside world. Data leakage occurs via
email, optical media, laptops, and USB keys.

12) Explain the brute force attack. How to prevent it?

It is a trial-and-error method to find out the right password or PIN. Hackers repetitively try all
the combinations of credentials. In many cases, brute force attacks are automated where the
software automatically works to login with credentials. There are ways to prevent Brute Force
attacks. They are:

 Setting password length.

 Increase password complexity.
 Set limit on login failures.

13) What is port scanning?

It is the technique for identifying open ports and service available on a specific host. Hackers use
port scanning technique to find information for malicious purposes.

14) Name the different layers of the OSI model.

Seven different layers of OSI models are as follows:

1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer

15) What is a VPN?

VPN stands for Virtual Private Network. It is a network connection method for creating an
encrypted and safe connection. This method protects data from interference, snooping,
censorship.

16) What are black hat hackers?

Black hat hackers are people who have a good knowledge of breaching network security. These
hackers can generate malware for personal financial gain or other malicious reasons. They break
into a secure network to modify, steal, or destroy data so that the network can not be used by
authorized network users.

17) What are white hat hackers?

White hat hackers or security specialist are specialized in penetration testing. They protect the
information system of an organization.

18) What are grey hat hackers?

Grey hat hackers are computer hacker who sometimes violate ethical standards, but they do not
have malicious intent.

19) How to reset a password-protected BIOS configuration?

There are various ways to reset BIOS password. Some of them are as follows:

 Remove CMOS battery.

 By utilizing the software.
 By utilizing a motherboard jumper.
 By utilizing MS-DOS.

20) What is MITM attack?

A MITM or Man-in-the-Middle is a type of attack where an attacker intercepts communication

between two persons. The main intention of MITM is to access confidential information.

21) Define ARP and its working process.

It is a protocol used for finding MAC address associated with IPv4 address. This protocol work
as an interface between the OSI network and OSI link layer.

22) Explain botnet.

It's a number of internet-connected devices like servers, mobile devices, IoT devices, and PCs
that are infected and controlled by malware.

23) What is the main difference between SSL and TLS?

The main difference between these two is that SSL verifies the identity of the sender. SSL helps
you to track the person you are communicating to. TLS offers a secure channel between two
clients.

24) What is the abbreviation of CSRF?

CSRF stands for Cross-Site Request Forgery.

25) What is 2FA? How to implement it for a public website?

TFA stands for Two Factor Authentication. It is a security process to identify the person who is
accessing an online account. The user is granted access only after presenting evidence to the
authentication device.

26) Explain the difference between asymmetric and symmetric encryption.

Symmetric encryption requires the same key for encryption and decryption. On the other hand,
asymmetric encryption needs different keys for encryption and decryption.

27) What is the full form of XSS?

XSS stands for cross-site scripting.

28) Explain WAF

WAF stands for Web Application Firewall. WAF is used to protect the application by filtering
and monitoring incoming and outgoing traffic between web application and the internet.

29) What is hacking?

Hacking is a process of finding weakness in computer or private networks to exploit its

weaknesses and gain access.

For example, using password cracking technique to gain access to a system.

30) Who are hackers?

A Hacker is a person who finds and exploits the weakness in computer systems, smartphones,
tablets, or networks to gain access. Hackers are well experienced computer programmers with
knowledge of computer security.

31) What is network sniffing?

Network sniffing is a tool used for analyzing data packets sent over a network. This can be done
by the specialized software program or hardware equipment. Sniffing can be used to:
  Capture sensitive data such as password.
 Eavesdrop on chat messages
 Monitor data package over a network

32) What is the importance of DNS monitoring?

Yong domains are easily infected with malicious software. You need to use DNS monitoring
tools to identify malware.

33) Define the process of salting. What is the use of salting?

Salting is that process to extend the length of passwords by using special characters. To use
salting, it is very important to know the entire mechanism of salting. The use of salting is to
safeguard passwords. It also prevents attackers testing known words across the system.

For example, Hash("QxLUF1bgIAdeQX") is added to each and every password to protect your
password. It is called as salt.

34) What is SSH?

SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system
administrators secure way to access the data on a network.

35) Is SSL protocol enough for network security?

SSL verifies the sender's identity, but it does not provide security once the data is transferred to
the server. It is good to use server-side encryption and hashing to protect the server against a data
breach.

36) What is black box testing and white box testing?

 Black box testing: It is a software testing method in which the internal structure or program
code is hidden.
 White box testing: A software testing method in which internal structure or program is known
by tester.

37) Explain vulnerabilities in network security.

Vulnerabilities refer to the weak point in software code which can be exploited by a threat actor.
They are most commonly found in an application like SaaS (Software as a service) software.

38) Explain TCP Three-way handshake.

It is a process used in a network to make a connection between a local host and server. This
method requires the client and server to negotiate synchronization and acknowledgment packets
before starting communication.
39) Define the term residual risk. What are three ways to deal with risk?

It is a threat that balances risk exposure after finding and eliminating threats.

Three ways to deal with risk are:

1. Reduce it
2. Avoid it
3. Accept it.

40) Define Exfiltration.

Data exfiltration refers to the unauthorized transfer of data from a computer system. This
transmission may be manual and carried out by anyone having physical access to a computer.

41) What is exploit in network security?

An exploit is a method utilized by hackers to access data in an unauthorized way. It is

incorporated into malware.

42) What do you mean by penetration testing?

It is the process of checking exploitable vulnerabilities on the target. In web security, it is used to
augment the web application firewall.

43) List out some of the common cyber-attack.

Following are the common cyber-attacks which can be used by hackers to damage network:

 Malware
 Phishing
 Password attacks
 DDoS
 Man in the middle
 Drive-by downloads
 Malvertising
 Rogue software

44) How to make the user authentication process more secure?

In order to authenticate users, they have to provide their identity. The ID and Key can be used to
confirm the user's identity. This is an ideal way how the system should authorize the user.

45) Explain the concept of cross-site scripting.

Cross-site scripting refers to a network security vulnerability in which malicious scripts are
injected into websites. This attack occurs when attackers allow an untrusted source to inject code
into a web application.

46) Name the protocol that broadcast the information across all the devices.

Internet Group Management Protocol or IGMP is a communication protocol that is used in game
or video streaming. It facilitates routers and other communication devices to send packets.

47) How to protect email messages?

Use cipher algorithm to protect email, credit card information, and corporate data.

48) What are the risks associated with public Wi-Fi?

Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sniffing, war-driving,
brute force attack, etc.

Public Wi-Fi may identify data that is passed through a network device like emails, browsing
history, passwords, and credit card data.

49) What is Data Encryption? Why it is important in network security?

Data encryption is a technique in which the sender converts the message into a code. It allows
only authorized user to gain access.

50) Explain the main difference between Diffie-Hellman and RSA.

Diffie-Hellman is a protocol used while exchanging key between two parties while RSA is an
algorithm that works on the basis two keys called private and public key.

51) What is a remote desktop protocol?

Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect two
devices over a network.

The user uses RDP client software to serve this purpose while other device must run RDP server
software. This protocol is specifically designed for remote management and to access virtual
PCs, applications, and terminal server.

52) Define Forward Secrecy.

Forward Secrecy is a security measure that ensures the integrity of unique session key in event
that long term key is compromised.

53) Explain the concept of IV in encryption.

IV stands for the initial vector is an arbitrary number that is used to ensures that identical text
encrypted to different ciphertexts. Encryption program uses this number only once per session.

54) Explain the difference between stream cipher and block cipher.

Parameter Stream Cipher Block Cipher.

How does it Stream cipher operates on small plaintext

Block cipher works on large data blocks.
work? units

Code
It requires less code. It requires more code.
requirement

Usage of key Key is used only once. Reuse of key is possible.

Application Secure Socket layer. File encryption and database.

Stream cipher is used to implement Block cipher is used to implement

Usage
hardware. software.

55) Give some examples of a symmetric encryption algorithm.

Following are some examples of symmetric encryption algorithm.

 RCx
 Blowfish
 Rijndael (AES)
 DES

56) What is the abbreviation of ECB and CBC?

The full form of ECB is Electronic Codebook, and the full form of CBC is Cipher Block
Chaining.

57) Explain a buffer overflow attack.

Buffer overflow attack is an attack that takes advantage of a process that attempts to write more
data to a fixed-length memory block.

58) Define Spyware.

Spyware is a malware that aims to steal data about the organization or person. This malware can
damage the organization's computer system.

59) What is impersonation?

It is a mechanism of assigning the user account to an unknown user.

60) What do you mean by SRM?

SRM stands for Security Reference Monitor provides routines for computer drivers to grant
access rights to object.

61) What is a computer virus?

A virus is a malicious software that is executed without the user's consent. Viruses can consume
computer resources, such as CPU time and memory. Sometimes, the virus makes changes in
other computer programs and insert its own code to harm the computer system.

A computer virus may be used to:

 Access private data like user id and passwords

 Display annoying messages to the user
 Corrupt data in your computer
 Log the user's keystrokes

62) What do you mean by Authenticode?

Authenticode is a technology that identifies the publisher of Authenticode sign software. It

allows users to ensure that the software is genuine and not contain any malicious program.

63) Define CryptoAPI

CryptoAPI is a collection of encryption APIs which allows developers to create a project on a

secure network.

64) Explain steps to secure web server.

Follow the following steps to secure your web server:

 Update ownership of file.

 Keep your webserver updated.
 Disable extra modules in the webserver.
 Delete default scripts.

65) What is Microsoft Baseline Security Analyzer?

Microsoft Baseline Security Analyzer or MBSA is a graphical and command-line interface that
provides a method to find missing security updates and misconfigurations.

66) What is Ethical hacking?

Ethical hacking is a method to improve the security of a network. In this method, hackers fix
vulnerabilities and weakness of computer or network. Ethical hackers use software tools to
secure the system.

67) Explain social engineering and its attacks.

Social engineering is the term used to convince people to reveal confidential information.

There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-based,
and 3) Computer-based.

 Human-based attack: They may pretend like a genuine user who requests higher authority to
reveal private and confidential information of the organization.
 Computer-based attack: In this attack, attackers send fake emails to harm the computer. They
ask people to forward such email.
 Mobile-based attack: Attacker may send SMS to others and collect important information. If any
user downloads a malicious app, then it can be misused to access authentication information.

68) What is IP and MAC Addresses?

IP Address is the acronym for Internet Protocol address. An internet protocol address is used to
uniquely identify a computer or device such as printers, storage disks on a computer network.

MAC Address is the acronym for Media Access Control address. MAC addresses are used to
uniquely identify network interfaces for communication at the physical layer of the network.

69) What do you mean by a worm?

A Worm is a type of malware which replicates from one computer to another.

70) State the difference between virus and worm

Parameter Virus Worm

How they infect a It inserts malicious code into a specific Generate it's copy and spread using
computer? file or program. email client.

They do not require any host to

Dependency Virus need a host program to work
function correctly.

Linked with files It is linked with .com, .xls, .exe, .doc, etc. It is linked with any file on a network.

Affecting speed It is slower than worm. It faster compared to a virus.

71) Name some tools used for packet sniffing.

Following are some tools used for packet sniffing.

 Tcpdump
 Kismet
 Wireshark
 NetworkMiner
 Dsniff

72) Explain anti-virus sensor systems

Antivirus is software tool that is used to identify, prevent, or remove the viruses present in the
computer. They perform system checks and increase the security of the computer regularly.

73) List out the types of sniffing attacks.

Various types of sniffing attacks are:

 Protocol Sniffing
 Web password sniffing
 Application-level sniffing
 TCP Session stealing
 LAN Sniffing
 ARP Sniffing

74) What is a distributed denial-of-service attack (DDoS)?

It is an attack in which multiple computers attack website, server, or any network resource.

75) Explain the concept of session hijacking.

TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most
common method of session hijacking. In this method, attackers use IP packets to insert a
command between two nodes of the network.

76) List out various methods of session hijacking.

Various methods of session hijacking are:

 Using packet Sniffers

 Cross-Site Scripting (XSS Attack)
 IP Spoofing
 Blind Attack

77) What are Hacking Tools?

Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in
computer systems, web applications, servers, and networks. There are varieties of such tools
available on the market. Some of them are open source, while others are a commercial solution.

78) Explain honeypot and its Types.

Honeypot is a decoy computer system which records all the transactions, interactions, and
actions with users.

Honeypot is classified into two categories: 1) Production honeypot and 2) Research honeypot.

 Production honeypot: It is designed to capture real information for the administrator to access
vulnerabilities. They are generally placed inside production networks to increase their security.
 Research Honeypot: It is used by educational institutions and organizations for the sole purpose
of researching the motives and tactics of the back-hat community for targeting different
networks.

79) Name common encryption tools.

Tools available for encryptions are as follows:

 RSA
 Twofish
 AES
 Triple DES

80) What is Backdoor?

It is a malware type in which security mechanism is bypassed to access a system.

81) Is it right to send login credentials through email?

It is not right to send login credentials through email because if you send someone userid and
password in the mail, chances of email attacks are high.

82) Explain the 80/20 rule of networking?

This rule is based on the percentage of network traffic, in which 80% of all network traffic
should remain local while the rest of the traffic should be routed towards a permanent VPN.

83) Define WEP cracking.

It is a method used for a security breach in wireless networks. There are two types of WEP
cracking: 1) Active cracking and 2) Passive cracking.

84) What are various WEP cracking tools?

Well known WEP cracking tools are:

 Aircrack
 WebDecrypt
 Kismet
 WEPCrack

85) What is a security auditing?

Security auditing is an internal inspection of applications and operating systems for security
flaws. An audit can also be done via line by line inspection of code.

86) Explain phishing.

It is a technique used to obtain a username, password, and credit card details from other users.

87) What is Nano-scale encryption?

Nano encryption is a research area which provides robust security to computers and prevents
them from hacking.

88) Define Security Testing?

Security Testing is defined as a type of Software Testing that ensures software systems and
applications are free from any vulnerabilities, threats, risks that may cause a big loss.

89) Explain Security Scanning.

Security scanning involves identifying network and system weaknesses and later provides
solutions for reducing these risks. This scanning can be performed for both Manual as well as
Automated scanning.

90) Name the available hacking tools.

Following is a list of useful hacking tools.

 Acunetix
 WebInspect
 Probably
 Netsparker
 Angry IP scanner:
 Burp Suite
 Savvius

91) What is the importance of penetration testing in an enterprise?

Here are two common application of Penetration testing.

  Financial sectors like stock trading exchanges, investment banking, want their data to be
secured, and penetration testing is essential to ensure security.
 In case if the software system is already hacked and the organization would like to determine
whether any threats are still present in the system to avoid future hacks.

92) What are the disadvantages of penetration testing?

Disadvantages of penetration testing are:

 Penetration testing cannot find all vulnerabilities in the system.

 There are limitations of time, budget, scope, skills of penetration testers.
 Data loss and corruption
 Down Time is high which increase costs

93) Explain security threat

Security threat is defined as a risk which can steal confidential data and harm computer systems
as well as organization.

94) What are physical threats?

A physical threat is a potential cause of an incident that may result in loss or physical damage to
the computer systems.

95) Give examples of non-physical threats

Following are some examples of non-physical threat:

 Loss of sensitive information

 Loss or corruption of system data
 Cyber security Breaches
 Disrupt business operations that rely on computer systems
 Illegal monitoring of activities on computer systems

96) What is Trojan virus?

Trojan is a malware employed by hackers and cyber-thieves to gain access to any computer.
Here attackers use social engineering techniques to execute the trojan on the system.

97) Define SQL Injection

It is an attack that poisons malicious SQL statements to database. It helps you to take benefit of
the design flaws in poorly designed web applications to exploit SQL statements to execute
malicious SQL code. In many situations, an attacker can escalate SQL injection attack in order to
perform other attack, i.e. denial-of-service attack.

98) List security vulnerabilities as per Open Web Application Security Project (OWASP).
Security vulnerabilities as per open web application security project are as follows:

 SQL Injection
 Cross-site request forgery
 Insecure cryptographic storage
 Broken authentication and session management
 Insufficient transport layer protection
 Unvalidated redirects and forwards
 Failure to restrict URL access

99) Define an access token.

An access token is a credential which is used by the system to check whether the API should be
granted to a particular object or not.

100) Explain ARP Poisoning

ARP (Address Resolution Protocol) Poisoning is a type of cyber-attack which is used to convert
IP address to physical addresses on a network device. The host sends an ARP broadcast on the
network, and the recipient computer responds back with its physical address.

ARP poisoning is sending fake addresses to the switch so that it can associate the fake addresses
with the IP address of a genuine computer on a network and hijack the traffic.

101) Name common types of non-physical threats.

Following are various types of non-physical threats:

 Trojans
 Adware
 Worms
 Spyware
 Denial of Service Attacks
 Distributed Denial of Service Attacks
 Virus
 Key loggers
 Unauthorized access to computer systems resources
 Phishing

102) Explain the sequence of a TCP connection.

The sequence of a TCP connection is SYN-SYN ACK-ACK.

103) Define hybrid attacks.

Hybrid attack is a blend of dictionary method and brute force attack. This attack is used to crack
passwords by making a change of a dictionary word with symbols and numbers.
104) What is Nmap?

Nmap is a tool which is used for finding networks and in security auditing.

105) What is the use of EtterPeak tool?

EtterPeak is a network analysis tool that is used for sniffing packets of network traffic.

106) What are the types of cyber-attacks?

There are two types of cyberattacks: 1) Web-based attacks, 2) System based attacks.

107) List out web-based attacks

Some web-based attacks are: 1) SQL Injection attacks, 2) Phishing, 3) Brute Force, 4) DNS
Spoofing, 4) Denial of Service, and 5) Dictionary attacks.

108) Give examples of System-based attacks

Examples of system-based attacks are:

 Virus
 Backdoors
 Bots
 Worm

109) List out the types of cyber attackers

There are four types of cyber attackers. They are: 1) cybercriminals, 2) hacktivists, 3) insider
threats, 4) state-sponsored attackers.

110) Define accidental threats

They are threats that are accidently done by organization employees. In these threats, an
employee unintentionally deletes any file or share confidential data with outsiders or a business
partner going beyond the policy of the company

Q: What do you see as the objective of information security

within a business or organization?
A: Network security should:

 Ensure uninterrupted network availability to all users

 Prevent unauthorized network access
 Preserve the privacy of all users
  Defend the networks from malware, hackers, and DDoS attacks
 Protect and secure all data from corruption and theft

Q: How do you define risk, vulnerability, and threat, in the

context of network security?
A: A risk is defined as the result of a system being secure but not secured sufficiently, thereby
increasing the likelihood of a threat. A vulnerability is a weakness or breach in your network or
equipment (e.g. modems, routers, access points). A threat is the actual means of causing an
incident; for instance, a virus attack is deemed a threat.

Q: What are the possible results of an attack on a computer

network?
A: Possible results include:

 Loss or corruption of sensitive data that is essential for a company’s survival and success
 Diminished reputation and trust among customers
 The decline in value with shareholders
 Reduced brand value
 Reduction in profits

Q: What do you use on your own personal network?

A: An interviewer will want to know what sort of security measures you use on your own home
devices. After all, if you’re a hotshot network security expert, clearly that must be reflected in
the network that means the most to you; your personal system! An employer can tell a lot about
your network savviness by analyzing what measures you use for your devices.

Q: Speaking of your home network, do you have a Wireless

Access Point, and if so, how do you defend it?
A: There are many methods of protecting a WAP, but the three most popular are: employing
MAC address filtering, using WPA2, and not broadcasting the SSID. This is yet another attempt
by an employer to see what matters to you personally in terms of security. After all, people tend
to prefer the best things for themselves!

Q: How informed do you keep yourself on network security-

related news, and how often do you check out these stories?
Where do you get your security news from?
A: Network security incidents are big news today, and there have been many high-profile news
stories about data breaches and hackers in the past few years. An employer is going to want to
know how well-informed you are on the latest security news and incidents. HINT: If you don’t
make it a practice of keeping abreast of the latest network security-related news, you better start
now!
In terms of news sources, your best bets are Team Cymru, Twitter, or Reddit. Make sure to
check the sources of accuracy, though.

Q: What are the best defenses against a brute force login

attack?
A: There are three major measures you can take to defend against a brute force login attack. For
starters, there’s an account lockout. Offending accounts are locked out until such time as the
administrator decides to open it again. Next comes the progressive delay defense. Here, the
account stays locked for a given number of days after a few unsuccessful login attempts are
made. Finally, there’s the challenge-response test, which heads off automatic submissions
employed on the login page.

Q: Explain the difference between symmetric and

asymmetric encryption.
A: Long story short, symmetric encryption uses the same key for both encryption and decryption,
whereas asymmetric encryption employs different keys for the two processes. Symmetric is
faster for obvious reasons but requires sending the key through an unencrypted channel, which is
a risk.

Q: Explain the difference between a white and black hat

hacker.
A: Black and white hat hackers are different sides of the same coin. Both groups are skilled and
talented in gaining entry into networks and accessing otherwise protected data. However, black
hats are motivated by political agendas, personal greed, or malice, whereas white hats strive to
foil the former. Many white hats also conduct tests and practice runs on network systems, to
ascertain the effectiveness of security.

Q: Define the salting process and what it’s used for.

A: Salting is the process wherein you add special characters to a password in order to make it
stronger. This increases password strength in two ways: it makes it longer and it adds another set
of characters that a hacker would have to guess from. It’s a good measure to take for users who
tend to habitually make weak passwords, but overall it’s a low-level defense since many
experienced hackers are already familiar with the process and take it into account.
Q: How do you deal with “Man In The Middle” attacks?
A: A Man in the Middle attack happens when there is a third party that’s monitoring and
controlling a conversation between two parties, with the latter completely unaware of the
situation. There are two ways of dealing with this attack. First of all, stay off of open Wi-Fi
networks. Second, both parties should employ end-to-end encryption.

Q: Which is the better security measure, HTTPS, or SSL?

A: HTTPS (Hypertext Transfer Protocol Secure) is HTTP combined with SSL, encrypting a
user’s browsing activity and making it safer. SSL (Secure Sockets Layer) is a protocol that
protects Internet conversations between two or more parties. Though it’s close, SSL wins out in
terms of sheer security, though any of these are valuable things to know for the purposes of web
development.

Q: Name the three means of user authentication.

A: There is biometrics (e.g. a thumbprint, iris scan), a token, or a password. There is also two-
level authentication, which employs two of those methods.

Q: Which is a more secure project: open-source or

proprietary?
A: This is a trick question; don’t be fooled! A project’s security is determined by the quality of
security measures used to protect it, the number of users/developers with access, and the overall
size of the project. The kind of project is irrelevant.

Q: If you work with a Linux server, what are the three

significant steps you must take in order to secure it?
A: In order to secure your Linux server, you must do the following, in order:

 Audit. Scan the system using Lynis. Each category gets scanned separately, and a
hardening index is generated for the next step.
 Hardening. Once auditing is done, hardening is done, based on the level of security to be
employed.
 Compliance. This is an ongoing step, as the system is checked daily.

Q: You discover an active problem on your organization’s

network, but it’s out of your sphere of influence. There’s no
doubt that you can fix it, though; so what do you do?
A: While the first impulse may be to immediately fix the problem, you need to go through the
proper channels. Things may be as they are for a reason. Use e-mail to notify the person in
charge of that department, expressing your concerns, and asking for clarification. Make sure your
boss is CC’ed into the email chain, and make sure that you save a copy for yourself, in case you
need to refer to it later.

Q: What’s the most effective measure to take against a

CSRF?
A: A Cross-Site Request Forgery (CSRF) attack causes a currently authenticated end-user to
execute unauthorized commands on a web application. There are two effective defensive
measures. First of all, use different names for each field of a form, as it increases user
anonymity. Second, include a random token with each request.

Q: You get a phone call from a very influential executive

high up on the organizational chart. He or she tells you to
bend company policy to suit them and let them use their
home device to do company work. What do you do?
A: This is another case of letting someone higher than you make the decision. Send the
question/request up to your manager and let them sort it out. This is far outside of your realm.
Let your boss deal with the higher-up.

Q: Which is worse in terms of Firewall detection, and why?

A false positive or a false negative?
A: A false negative is worse by far. A false positive is simply a legitimate result that just got
incorrectly flagged. While it’s irksome, it’s by no means fatal or difficult to correct. But a false
negative means that something bad has slipped through the firewall undetected, and that means a
host of problems down the road.

Q: Why are internal threats usually more effective than

external threats?
A: It all comes down to a question of physical location. A disgruntled soon to be ex-employee, a
hacker posing as a deliveryman, even just a careless curious user, all end up having better access
to the system due to them being on-site. Being “inside” physically makes it easier to get inside
virtually.