Cyber Security Sample Questions & Answers

Flashcards based on cybersecurity lecture notes.

What is cybersecurity?

Cybersecurity refers to the protection of hardware, software, and data from attackers. The primary purpose is to protect against cyberattacks like accessing, changing, or destroying sensitive information.

What are the major elements of cybersecurity?

Information security, Network security, Operational security, Application security, End-user education, and Business continuity planning.

What are the advantages of cybersecurity?

Protects against ransomware, malware, social engineering, and phishing; protects end-users; provides good data and network protection; increases recovery time after breaches; prevents unauthorized users.

Define cryptography.

A technique used to protect information from third parties (adversaries) by allowing only the sender and recipient to read its details.

What is the difference between IDS and IPS?

IDS (Intrusion Detection System) detects intrusions, requiring administrator intervention. IPS (Intrusion Prevention System) detects and prevents intrusions automatically.

What does CIA stand for in cybersecurity?

Confidentiality, Integrity, and Availability. It is a model designed to develop a security policy.

What is a Firewall?

A security system designed for the network that monitors and controls network traffic to protect against malware, worms, and viruses. It can also prevent content filtering and remote access.

Explain Traceroute.

A tool that shows the path a packet takes, listing all the points it passes through. Used to check where a connection breaks or stops.

Differentiate between HIDS and NIDS.

HIDS (Host Intrusion Detection System) monitors suspicious system activities and traffic of a specific device. NIDS (Network Intrusion Detection System) monitors the traffic of all devices on the network.

Explain SSL.

SSL (Secure Sockets Layer) is a technology creating encrypted connections between a web server and a web browser, used to protect information in online transactions and digital payments.

What is data leakage?

An unauthorized transfer of data to the outside world, often occurring via email, optical media, laptops, and USB keys.

Explain the brute force attack and how to prevent it.

A trial-and-error method to find the right password or PIN. Prevention methods include setting password length, increasing complexity, and limiting login failures.

What is port scanning?

A technique for identifying open ports and services available on a specific host, often used by hackers to find information for malicious purposes.

Name the different layers of the OSI model.

Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, Application Layer.

What is a VPN?

VPN (Virtual Private Network) is a network connection method for creating an encrypted and safe connection, protecting data from interference, snooping, and censorship.

Who are black hat hackers?

Individuals with knowledge of breaching network security who generate malware for personal financial gain or other malicious reasons, modifying, stealing, or destroying data.

Who are white hat hackers?

Security specialists specialized in penetration testing who protect the information system of an organization.

Who are grey hat hackers?

Computer hackers who sometimes violate ethical standards but do not have malicious intent.

How to reset a password-protected BIOS configuration?

Remove CMOS battery, utilizing software, utilizing a motherboard jumper, or utilizing MS-DOS.

What is MITM attack?

MITM (Man-in-the-Middle) is a type of attack where an attacker intercepts communication between two persons to access confidential information.

Define ARP and its working process.

A protocol used for finding MAC address associated with IPv4 address and works as an interface between the OSI network and OSI link layer.

Explain botnet.

A number of internet-connected devices (servers, mobile devices, IoT devices, PCs) that are infected and controlled by malware.

What is the main difference between SSL and TLS?

SSL verifies the identity of the sender, while TLS offers a secure channel between two clients.

What is the abbreviation of CSRF?

Cross-Site Request Forgery.

What is 2FA and how to implement it for a public website?

TFA (Two Factor Authentication) is a security process to identify the person accessing an online account, granting access only after presenting evidence to the authentication device.

Explain the difference between asymmetric and symmetric encryption.

Symmetric encryption requires the same key for encryption and decryption, while asymmetric encryption needs different keys for encryption and decryption.

What is the full form of XSS?

Cross-Site Scripting.

Explain WAF

WAF (Web Application Firewall) is used to protect the application by filtering and monitoring incoming and outgoing traffic between web application and the internet.

What is hacking?

A process of finding weakness in computers or private networks to exploit its weaknesses and gain access.

Who are hackers?

A person who finds and exploits the weakness in computer systems, smartphones, tablets, or networks to gain access.

What is network sniffing?

A tool used for analyzing data packets sent over a network to capture sensitive data such as passwords, eavesdrop on chat messages or monitor data packages over a network.

What is the importance of DNS monitoring?

To identify malware on young domains that are easily infected with malicious software.

Define the process of salting and its use

Salting extends the length of passwords by using special characters in order to safeguard passwords and prevent attackers testing known words across the system.

What is SSH?

SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system administrators secure way to access the data on a network.

Is SSL protocol enough for network security?

SSL verifies the sender's identity, but it does not provide security once the data is transferred to the server. It is good to use server-side encryption and hashing to protect the server against a data breach.

What is Black box testing?

It is a software testing method in which the internal structure or program code is hidden.

What is White box testing?

A software testing method in which internal structure or program is known by tester.

Explain vulnerabilities in network security

Vulnerabilities refer to the weak point in software code which can be exploited by a threat actor. They are most commonly found in an application like SaaS (Software as a service) software.

Explain TCP Three-way handshake.

It is a process used in a network to make a connection between a local host and server. This method requires the client and server to negotiate synchronization and acknowledgment packets before starting communication.

Define the term residual risk. What are three ways to deal with risk?

It is a threat that balances risk exposure after finding and eliminating threats. Three ways to deal with risk are: Reduce it, Avoid it, Accept it.

Define Exfiltration.

Data exfiltration refers to the unauthorized transfer of data from a computer system. This transmission may be manual and carried out by anyone having physical access to a computer.