Cyber Security Intern Questions

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/71

flashcard set

Earn XP

Description and Tags

Possible Questions I NEED to know the answer to.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

72 Terms

1
New cards

Name an OSI Model Layer (7 Layers)

Physical – Hardware transmission of raw data (cables, switches).

2
New cards

Name an OSI Model Layer (7 Layers)

Data Link – Handles MAC addresses and frames (Ethernet).

3
New cards

Name an OSI Model Layer (7 Layers)

Network – IP addressing and routing (IP, routers).

4
New cards

Name an OSI Model Layer (7 Layers)

Transport – End-to-end delivery and error recovery (TCP/UDP).

5
New cards

Name an OSI Model Layer (7 Layers)

Session – Manages sessions between applications.

6
New cards

Name an OSI Model Layer (7 Layers)

Presentation – Data translation, encryption, compression.

7
New cards

Name an OSI Model Layer (7 Layers)

Application – Interface for user applications (HTTP, FTP, DNS).

8
New cards

Name a type of XSS (Cross-Site Scripting)

Stored XSS – Malicious script is stored on the server and served to users.

9
New cards

Name a type of XSS (Cross-Site Scripting)

Reflected XSS – Script is reflected off a web server (e.g., via URL).

10
New cards

Name a type of XSS (Cross-Site Scripting)

DOM-based XSS – Client-side JavaScript modifies the DOM using unsanitized input.

11
New cards

Name a way Information can be gained from an XSS attack

Session cookies (for hijacking sessions)

12
New cards

Name a way Information can be gained from an XSS attack

Credentials via phishing prompts

13
New cards

Name a way Information can be gained from an XSS attack

Keystrokes or browser history

14
New cards

Name a way Information can be gained from an XSS attack

Redirecting users to malicious sites

15
New cards

Name a Method of External Attackers Use

Phishing emails

16
New cards

Name a Method of External Attackers Use

Malware (via trojans, spyware)

17
New cards

Name a Method of External Attackers Use

Exploiting unpatched software (vulnerabilities)

18
New cards

Name a Method of External Attackers Use

Social engineering

19
New cards

Name a Method of External Attackers Use

Brute-force or dictionary attacks

20
New cards

Name a Method of External Attackers Use

DDoS (Denial of Service)

21
New cards

Name a Common Port Number

80 – HTTP

22
New cards

Name a Common Port Number

443 – HTTPS

23
New cards

Name a Common Port Number

21 – FTP

24
New cards

Name a Common Port Number

22 – SSH

25
New cards

Name a Common Port Number

25 – SMTP

26
New cards

Name a Common Port Number

53 – DNS

27
New cards

Name a Common Port Number

110/995 – POP3/secure

28
New cards

Name a Common Port Number

143/993 – IMAP/secure

29
New cards

Name a Common Port Number

3389 – RDP

30
New cards

Name a Common Port Number

23 – Telnet

31
New cards

Name a Common Port Number

PingICMP (not a port, but protocol)

32
New cards

What is the “C” in CIA Cybersecurity mean?

Confidentiality – Prevent unauthorized access

33
New cards

What is the “I” in CIA Cybersecurity mean?

Integrity – Ensure data is unaltered

34
New cards

What is the “A” in CIA Cybersecurity mean?

Availability – Systems/services remain accessible

35
New cards

What does the first “A” in AAA Cybersecurity mean?

Authentication – Verifying identity

36
New cards

What does the second “A” in AAA Cybersecurity mean?

Authorization – Granting access based on permissions

37
New cards

What does the third “A” in AAA Cybersecurity mean?

Accounting – Logging and monitoring user actions

38
New cards

How Does a Search Engine Work?

Crawling – Bots discover web pages,

Indexing – Pages are stored and organized,

Ranking/Querying – Pages ranked and returned for a search based on relevance

39
New cards

What is a TCP Handshake?

A three-step process for establishing a TCP connection:

  1. SYN – Client requests a connection.

  2. SYN-ACK – Server acknowledges.

  3. ACK – Client confirms

40
New cards

Name an Encryption Standard

AES (Advanced Encryption Standard) – Symmetric

41
New cards

Name an Encryption Standard

RSA – Asymmetric (public/private keys)

42
New cards

Name an Encryption Standard

SHA – Hashing (not encryption)

43
New cards

Name an Encryption Standard

TLS/SSL – Encrypt web traffic

44
New cards

Name a Common Analyst Tool

Wireshark – Packet analysis

45
New cards

Name a Common Analyst Tool

Nmap – Port scanning

46
New cards

Name a Common Analyst Tool

Metasploit – Exploitation framework

47
New cards

Name a Common Analyst Tool

Burp Suite – Web vulnerability scanner

48
New cards

Name a Common Analyst Tool

Splunk/ELK – Log analysis

49
New cards

Name a Common Analyst Tool

Nessus/OpenVAS – Vulnerability scanning

50
New cards

What is DoD Cybersecurity?

Based on standards like RMF (Risk Management Framework), STIGs, and compliance with 8570.01-M/8140.01

51
New cards

What is DoD 8570.01-M?

Manual defining certification requirements for Information Assurance (IA) roles. Lists approved certs (e.g., Security+, CISSP)

52
New cards

What is DoD 8140.01

Newer policy replacing 8570.01-M. Broader focus: includes cyber workforce structure and training (cybersecurity, IT, cyber effects)

53
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Injection

54
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Broken Authentication

55
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Sensitive Data Exposure

56
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

XML External Entities (XXE)

57
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Broken Access Control

58
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Security Misconfiguration

59
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Cross-Site Scripting (XSS)

60
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Insecure Deserialization

61
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Using Components with Known Vulnerabilities

62
New cards

What is one of OWASP’s Top 10? (top 10 most critical web application security risks)

Insufficient Logging & Monitoring

63
New cards

What is the Port Number for Ping?

Ping uses ICMP, not a port. ICMP operates directly over IP

64
New cards

What is ICMP?

Internet Control Message Protocol – Used for diagnostic or control purposes (e.g., ping, traceroute)

65
New cards

What is Risk in Cybersecurity?

The potential for loss or damage when a threat exploits a vulnerability

66
New cards

What is a Threat in Cybersecurity?

Anything that can exploit a vulnerability and cause harm (e.g., hacker, malware)

67
New cards

What is a Vulnerability in Cybersecurity?

A weakness that can be exploited (e.g., outdated software, weak passwords)

68
New cards

Name a way to Manage Vulnerabilities at Home

Enable automatic updates (OS, software)

69
New cards

Name a way to Manage Vulnerabilities at Home

Use antivirus/anti-malware

70
New cards

Name a way to Manage Vulnerabilities at Home

Enable firewalls

71
New cards

Name a way to Manage Vulnerabilities at Home

Change default passwords

72
New cards

Name a way to Manage Vulnerabilities at Home

Scan for vulnerabilities (e.g., with tools like Nessus Home)