Cyber Security Interview Questions for Freshers

1. What is the main objective of Cyber Security?

The primary goal of cyber security is to protect data. To safeguard data from cyber-
attacks, the security sector offers a triangle of three connected principles. The CIA trio
is the name for this principle. The CIA model is intended to help organizations develop
policies for their information security architecture. One or more of these principles has
been broken when a security breach is discovered. Confidentiality, Integrity, and
Availability are the three components of the CIA model. It's a security paradigm that
guides individuals through many aspects of IT security. Let's take a closer look at each
section.

Confidentiality: Confidentiality is the same as privacy in that it prevents unauthorized

access to data. It entails ensuring that the data is only accessible to those who are
authorized to use it, as well as restricting access to others. It keeps vital information
from getting into the wrong hands. Data encryption is a great example of keeping
information private.
Integrity: This principle assures that the data is genuine, correct, and safe from
unwanted threat actors or unintentional user alteration. If any changes are made,
precautions should be taken to protect sensitive data from corruption or loss, as well
as to quickly recover from such an incident. Furthermore, it denotes that the source of
information must be genuine.
Availability: This principle ensures that information is constantly available and helpful
to those who have access to it. It ensures that system failures or cyber-attacks do not
obstruct these accesses.
2. Differentiate between threat, vulnerability and risk.

Threat: A threat is any form of hazard that has the potential to destroy or steal data,
disrupt operations, or cause harm in general. Malware, phishing, data breaches, and
even unethical employees are all examples of threats.
Threat actors, who might be individuals or groups with a variety of backgrounds and
motives, express threats. Understanding threats is essential for developing effective
mitigations and making informed cybersecurity decisions. Threat intelligence is
information regarding threats and threat actors.

Vulnerability: A vulnerability is a flaw in hardware, software, personnel, or procedures

that threat actors can use to achieve their objectives.
Physical vulnerabilities, such as publicly exposed networking equipment, software
vulnerabilities, such as a buffer overflow vulnerability in a browser, and even human
vulnerabilities, such as an employee vulnerable to phishing assaults, are all examples
of vulnerabilities.
Vulnerability management is the process of identifying, reporting and repairing
vulnerabilities. A zero-day vulnerability is a vulnerability for which a remedy is not yet
available.

Risk: The probability of a threat and the consequence of a vulnerability are combined
to form risk. To put it another way, the risk is the likelihood of a threat agent
successfully exploiting a vulnerability, which may be calculated using the formula:

Risk = Likelihood of a threat * Vulnerability Impact

Risk management is the process of identifying all potential hazards, analyzing their
impact, and determining the best course of action. It's a never-ending procedure that
examines new threats and vulnerabilities on a regular basis. Risks can be avoided,
minimized, accepted, or passed to a third party depending on the response chosen.
3. What does XSS stand for? How can it be prevented?

XSS stands for Cross-site scripting. It is a web security flaw that allows an attacker to
manipulate how users interact with a susceptible application. It allows an attacker to
get around the same-origin policy, which is meant to keep websites separate from one
another. Cross-site scripting flaws allow an attacker to impersonate a victim user and
execute any actions that the user is capable of, as well as access any of the user's data.
If the victim user has privileged access to the application, the attacker may be able to
take complete control of the app's functionality and data.

Preventing cross-site scripting can be simple in some circumstances, but it can be

much more difficult in others, depending on the application's sophistication and how
it handles user-controllable data. In general, preventing XSS vulnerabilities will almost
certainly need a mix of the following measures:
On arrival, filter the input. Filter user input as precisely as feasible at the point when
it is received, based on what is expected or valid input.
On the output, encode the data. Encode user-controllable data in HTTP responses at
the point where it is output to avoid it being perceived as active content. Depending
on the output context, a combination of HTML, URL, JavaScript, and CSS encoding may
be required.
Use headers that are relevant for the response. You can use the Content-Type and
X-Content-Type-Options headers to ensure that browsers read HTTP responses in the
way you intend, preventing XSS in HTTP responses that aren't intended to contain any
HTML or JavaScript.
Policy for Content Security. You can utilize Content Security Policy (CSP) as a last line
of defense to mitigate the severity of any remaining XSS issues.

4. What is a Firewall?

A firewall serves as a barrier between a LAN and the Internet. It allows private
resources to remain private while reducing security threats. It manages both inbound
and outbound network traffic.

A sample firewall between a LAN and the internet is shown in the diagram below. The
point of vulnerability is the connection between the two. At this point, network traffic
can be filtered using both hardware and software.

There are two types of firewall systems: one that uses network layer filters and the
other that uses user, application, or network layer proxy servers.
5. Define VPN.

The term VPN refers to a virtual private network. It enables you to connect your
computer to a private network, establishing an encrypted connection that hides your
IP address, allowing you to safely share data and access the web while safeguarding
your online identity.

A virtual private network, or VPN, is an encrypted link between a device and a network
via the Internet. The encrypted connection aids in the secure transmission of sensitive
data. It protects against illegal eavesdropping on the traffic and allows the user to
work remotely. In corporate settings, VPN technology is commonly used.

6. Who are Black Hat, White Hat and Grey Hat Hackers?

Black Hat hackers, sometimes known as crackers, attempt to obtain unauthorized

access to a system in order to disrupt its operations or steal critical data.

Because of its malicious aim, black hat hacking is always illegal, including stealing
company data, violating the privacy, causing system damage, and blocking network
connection, among other things.

Ethical hackers are also referred to as White hat hackers. As part of penetration
testing and vulnerability assessments, they never intend to harm a system; rather, they
strive to uncover holes in a computer or network system.
Ethical hacking is not a crime and is one of the most difficult professions in the IT
business. Many businesses hire ethical hackers to do penetration tests and
vulnerability assessments.

Grey hat hackers combine elements of both black and white hat hacking. They act
without malice, but for the sake of amusement, they exploit a security flaw in a
computer system or network without the permission or knowledge of the owner.
Their goal is to draw the owners' attention to the flaw in the hope of receiving
gratitude or a small reward.

7. What are the types of Cyber Security?

The assets of every company are made up of a variety of various systems. These
systems have a strong cybersecurity posture, which necessitates coordinated actions
across the board. As a result, cybersecurity can be divided into the following sub-
domains:

Network security: It is the process of securing a computer network against

unauthorized access, intruders, attacks, disruption, and misuse using hardware and
software. This security aids in the protection of an organization's assets from both
external and internal threats. Example: Using a Firewall.
Application security: It entails safeguarding software and devices against malicious
attacks. This can be accomplished by regularly updating the apps to ensure that they
are secure against threats.
Data security: It entails putting in place a strong data storage system that ensures
data integrity and privacy while in storage and transport.
Identity management: It refers to the process of identifying each individual's level of
access inside an organization. Example: Restricting access to data as per the job role of
an individual in the company.
Operational security: It entails analyzing and making decisions about how to handle
and secure data assets. Example: Storing data in an encrypted form in the database.
Mobile security: It refers to the protection of organizational and personal data held
on mobile devices such as cell phones, PCs, tablets, and other similar devices against a
variety of hostile attacks. Unauthorized access, device loss or theft, malware, and other
threats are examples of these dangers.
Cloud security: It refers to the safeguarding of data held in a digital environment or in
cloud infrastructures for an organization. It employs a variety of cloud service
providers, including AWS, Azure, Google, and others, to assure protection against a
variety of threats.

8. What are the benefits of Cyber Security?

The following are some of the advantages of putting cybersecurity in place and
keeping it up to date:

• Businesses are protected from cyberattacks and data breaches.

• Both data and network security are safeguarded.
• Unauthorized user access is kept to a minimum.
• There is a quicker recovery time after a breach.
• Protection for end-users and endpoint devices.
• Regulatory compliance.
• Operational consistency.
• Developers, partners, consumers, stakeholders, and employees have a higher
level of trust in the company's reputation.

9. What do you mean by a botnet?

A botnet is a collection of internet-connected devices, such as servers, PCs, and mobile

phones, that are infected with malware and controlled by it.
It's used to steal data, send spam, launch distributed denial-of-service (DDoS) attacks,
and more, as well as provide the user access to the device and its connection.
10. What do you mean by honeypots?

Honeypots are attack targets that are set up to see how different attackers attempt
exploits. Private firms and governments can utilize the same concept to evaluate their
vulnerabilities, which is widely used in academic settings.
11. Differentiate between Vulnerability Assessment and Penetration
Testing.

Vulnerability assessment and penetration testing are two different phrases that both
serve the same purpose: to secure the network environment.
Vulnerability Assessment is a process for defining, detecting, and prioritizing
vulnerabilities in computer systems, network infrastructure, applications, and other
systems, as well as providing the necessary information to the organization to correct
the flaws.
Penetration Testing is also known as ethical hacking or pen-testing. It's a method of
identifying vulnerabilities in a network, system, application, or other systems in order
to prevent attackers from exploiting them. It is most commonly used to supplement a
web application firewall in the context of web application security (WAF).
A vulnerability scan is similar to approaching a door and checking to see if it is
unlocked before stopping. A penetration test goes a step further, not only checking to
see if the door is unlocked but also opening the door and walking right in.

12. What do you mean by a Null Session?

A null session occurs when a user is not authorized using either a username or a
password. It can provide a security concern for apps because it implies that the person
making the request is unknown.

13. What are the common types of cyber security attacks?

The common types of cyber security attacks are:-

• Malware
• Cross-Site Scripting (XSS)
• Denial-of-Service (DoS)
• Domain Name System Attack
• Man-in-the-Middle Attacks
• SQL Injection Attack
• Phishing
• Session Hijacking
• Brute Force

14. What do you mean by brute force in the context of Cyber Security?

A brute force attack is a cryptographic assault that uses a trial-and-error approach to

guess all potential combinations until the correct data is discovered. This exploit is
commonly used by cybercriminals to gain personal information such as passwords,
login credentials, encryption keys, and PINs. It is very easy for hackers to implement
this.
15. What do you mean by Shoulder Surfing?

Shoulder surfing is a form of physical assault that entails physically peering at people's
screens while they type information in a semi-public space.

16. What do you mean by Phishing?

Phishing is a sort of cybercrime in which the sender appears to be a legitimate entity

such as PayPal, eBay, financial institutions, or friends and coworkers. They send an
email, phone call, or text message to a target or target with a link to convince them to
click on the link. This link will take users to a fake website where they will be asked to
enter sensitive information such as personal information, banking and credit card
information, social security numbers, usernames, and passwords. By clicking the link,
malware will be installed on the target machines, allowing hackers to remotely control
them.

You can protect yourself from phishing attacks by following these guidelines:

• Don't give out important information on websites you don't know.

• Check the site's security.
• Make use of firewalls.
• Use Toolbar for Anti-Phishing

17. Differentiate between hashing and encryption.

Hashing Encryption
It's the technique of securely encoding
It is a method of converting data to a data such that only the authorized user
smaller fixed value known as the key, which with the key or password can get the
is then used to represent the original data. original data; for everyone else, it seems to
be rubbish.
Hashing Encryption
By whatever method, the hash code or key
cannot be reverted to the original
information. It can only be mapped, and If we know the encryption key and
the hash code is compared; if the hash technique used for encryption, we can
code is the same, the information is easily extract the original data.
identical; otherwise, it is not. It is not
possible to get the original data.
In comparison to encryption, it is more
In comparison to hashing, it is less secure.
secure.
The goal of hashing is to index and retrieve
Encryption transforms data in order to
data from a database. The procedure is
keep it hidden from others.
really quick.
The hashed data is usually short and The length of the encrypted data is not
constant in length. It does not increase in defined. It expands as the amount of data
size as the length of information increases. grows longer.
Eg:- SHA256 algorithm Eg:- RSA, AES algorithm
18. What do you mean by two-factor authentication?

Two-factor authentication (2FA), often known as two-step verification or dual-factor

authentication, is a security method in which users validate their identity using two
independent authentication factors. This procedure is carried out in order to better
protect the user's credentials as well as the resources that the user has access to.
Single-factor authentication (SFA), in which the user gives only one factor — generally
a password or passcode — provides a lower level of security than two-factor
authentication (TFA). Since possessing the defendant's password alone is not enough
to accomplish the authentication check, two-factor authentication adds an extra layer
of security to the authentication process, making it more difficult for attackers to get
access to a person's devices or online accounts.

19. How can you avoid a brute force attack?

There are a variety of techniques for stopping or preventing brute force attacks.

A robust password policy is the most evident. Strong passwords should be enforced by
every web application or public server. Standard user accounts, for example, must
contain at least eight characters, a number, uppercase and lowercase letters, and a
special character. Furthermore, servers should mandate password updates on a regular
basis.
Brute Force attack can also be avoided by the following methods:-

• Limit the number of failed login attempts.

 • By altering the sshd_config file, you can make the root user unreachable via SSH.
• Instead of using the default port, change it in your sshd config file.
• Make use of Captcha.
• Limit logins to a certain IP address or range of IP addresses.
• Authentication using two factors
• URLs for logging in that are unique
• Keep an eye on the server logs.

20. What do you mean by Man-in-the-Middle Attack?

A cyber threat (a type of eavesdropping assault) in which a cybercriminal wiretaps a

communication or data transmission between two people is known as a man-in-the-
middle attack. Once a cybercriminal enters a two-way conversation, they appear to be
genuine participants, allowing them to obtain sensitive information and respond in a
variety of ways. The main goal of this type of attack is to acquire access to our
company's or customers' personal information. On an unprotected Wi-Fi network, for
example, a cybercriminal may intercept data passing between the target device and
the network.

21. Differentiate between Information protection and information

assurance.
Information protection protects data from unauthorized access by utilizing encryption,
security software, and other methods.
Information Assurance ensures the data's integrity by maintaining its availability,
authentication, and secrecy, among other things

What is SSL encryption?

Secure Socket Layer is a security protocol that is used for the purpose of encryption.
It ensures privacy, data integrity, and authentication in the network like online
transactions.

The following are the steps for setting up an SSL encryption:

1. A browser connects to an SSL-secured web server.

2. The browser requests the server’s public key in exchange for its own
private key.
3. If it is trustworthy, the browser requests to establish an encrypted
connection with the web server.
4. The web server sends the acknowledgment to start an SSL encrypted
connection.
5. SSL communication starts to take place between the browser and the
web server.
 6. What is the difference between HIDS and NIDS?
Host Intrusion Detection System Network Intrusion Detection System
Detects the attacks that involve hosts Detects attacks that involve networks
Analyzes what a particular Examines the network traffic of all devices
host/application is doing
Discovers hackers only after the Discovers hackers at the time they generate
machine is breached unauthorized attacks

Mention the difference between symmetric and

asymmetric encryption.
Differentiator Symmetric Encryption Asymmetric Encryption
Encryption Key Only one key to encrypt Two different keys (public and private
and decrypt a message keys) to encrypt and decrypt the
message
Speed of Encryption is faster and Encryption is slower and complicated
Execution simple
Algorithms RC4, AES, DES, and 3DES RSA, Diffie-Hellman, and ECC
Usage For the transmission of For smaller transmission to establish a
large chunks of data secure connection prior to the actual
data transfer

What is the difference between IDS and IPS?

Intrusion Detection System Intrusion Prevention System
A network infrastructure to detect A network infrastructure to prevent intrusions
intrusion by hackers by hackers
Flags invasion as threads Denies the malicious traffic from threads
Detects port scanners, malware, Does not deliver malicious packets if the traffic
and other violations is from known threats in databases

What are the different layers of the OSI model?

OSI model was introduced by the International Organization for Standardization for
different computer systems to communicate with each other using standard
protocols.
Below are the various layers of the OSI model:

• Physical layer: This layer allows the transmission of raw data bits over a
physical medium.
• Datalink layer: This layer determines the format of the data in the
network.
• Network layer: It tells which path the data will take.
• Transport layer: This layer allows the transmission of data using
TCP/UDP protocols.
• Session layer: It controls sessions and ports to maintain the connections
in the network.
• Presentation layer: Data encryptions happen in this layer, and it
ensures that the data is in a usable/presentable format.
• Application layer: This is where the user interacts with the application.

• What are the protocols that fall under the TCP/IP

Internet layer?
Application NFS, NIS, SNMP, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, DNS,
Layer LDAP, and others
Transport Layer TCP, SCTP, UDP, etc.
Internet IPv4, ARP, ICMP, IPv6, etc.
Data Link Layer IEEE 802.2, PPP, etc.
Physical Layer Ethernet (IEEE 802.3), FDDI, Token Ring, RS-232, and others
Protocol NAME TYPE PORT
DNS (Domain Name System) TCP/UDP 53

SMTP (Simple Main Transfer Protocol) TCP 25

HTTP (Hyper Text Transfer Protocol) TCP 80

HTTPS (Hyper Text Transfer Protocol Secure) TCP 443

FTP (Control File Transfer Protocol Control) TCP 21

FTP (File Transfer Protocol) TCP 20

SMB (Server Message Block) TCP 445

DHCP (Dynamic Host Configuration Protocol) TCP 67,68

SSH (Secure Shell) TCP 22

TELNET (Telnet) TCP 23

POP3 (Post Office Protocol 3) TCP 110

SNMP (Simple Network Management Protocol) UDP 161

What is a response code? List them.

HTTP response codes indicate a server’s response when a client makes a request to the server. It
shows whether an HTTP request is completed or not.

1xx: Informational

The request is received, and the process is continuing. Some example codes are:

100 (continue)

101 (switching protocol)

102 (processing)

103 (early hints)

2xx: Success
The action is received, understood, and accepted successfully. A few example codes for this are:

200 (OK)

202 (accepted)

205 (reset content)

208 (already reported)

3xx: Redirection

To complete the request, further action is required to take place. Example codes:

300 (multiple choice)

302 (found)

308 (permanent redirect)

4xx: Client Error

The request has incorrect syntax, or it is not fulfilled. Here are the example codes for this:

400 (bad request)

403 (forbidden)

404 (not found)

5xx: Server Error

The server fails to complete a valid request. Example codes for this are:

500 (internal server error)

502 (bad gateway)

511 (network authentication required)

What are the common cyberattacks?

Here is a list of common cyberattacks aimed at inflicting damage to a system.

Man in the Middle attack: The attacker puts himself in the communication between the sender and
the receiver. This is done to eavesdrop and impersonate to steal data.

Phishing: Here, the attacker will act as a trusted entity to perform malicious activities such as getting
usernames, passwords, and credit card numbers.

Rogue Software: It is a fraudulent attack where the attacker fakes a virus on the target device and
offers an anti-virus tool to remove the malware. This is done to install malicious software into the
system.

Malware: Malware is software that is designed to attack the target system. The software can be a
virus, worm, ransomware, spyware, and so on.

Drive-by Downloads: The hacker takes advantage of the lack of updates on the OS, app, or browser,
which automatically downloads malicious code to the system.

DDoS: This is done to overwhelm the target network with massive traffic, making it impossible for
the website or the service to be operable.

Malvertising: Malvertising refers to the injections of maleficent code to legitimate advertising

networks, which redirect users to unintended websites.

Password Attacks: As the name suggests, here, the cyber hacker cracks credentials like passwords.

https://www.interviewbit.com/cyber-security-interview-questions/

https://intellipaat.com/blog/interview-question/cyber-security-interview-questions/