Cyber Security Interview Questions with Answers (original) (raw)
Last Updated : 14 Apr, 2026
Cybersecurity is the act of protecting computer systems, networks, programs and data from digital attacks, unauthorized access, damage or theft. Cybersecurity is a critical aspect of modern technology, with its importance growing as digital systems become increasingly integrated into our daily lives. With threats ranging from data breaches to malicious software attacks, the need for skilled cybersecurity professionals is higher than ever. They typically aim to access, alter or destroy sensitive information, extort money from users or disrupt normal business processes.
1. What are the common Cyberattacks?
Common cyberattacks include various techniques used by attackers to compromise systems, steal data or disrupt services.
- **Phishing: A fraudulent technique where attackers send fake emails or messages pretending to be trusted sources to steal sensitive information such as passwords or financial details.
- **Social Engineering Attacks: Manipulating individuals into revealing confidential information by exploiting human trust rather than technical vulnerabilities.
- **Ransomware: Malicious software that encrypts a victim’s files and demands payment in exchange for restoring access.
- **Cryptojacking: Unauthorized use of a system’s computing resources to mine cryptocurrencies like Bitcoin or Monero.
- **Botnet Attacks: A network of infected devices controlled by attackers to perform large-scale malicious activities such as data theft or distributed attacks.
2. What are the elements of cyber security?
Cyber security consists of several key elements that work together to protect systems, networks and data from cyber threats.
- **Application Security: Protects software applications by identifying and fixing vulnerabilities during development to prevent attacks.
- **Information Security: Ensures that data is protected from unauthorized access, modification or deletion.
- **Network Security: Safeguards computer networks from unauthorized access, misuse and cyber threats.
- **Disaster Recovery & Business Continuity: Focuses on restoring systems and operations quickly after a cyber incident or disaster.
- **Operational Security (OPSEC): Protects sensitive information by controlling how data is accessed, handled and shared within an organization.
- **End-User Education: Trains users to recognize and avoid cyber threats, reducing risks caused by human error.
3. Define DNS
The Domain Name System (DNS) is a network service that translates human-readable domain names (like website names) into IP addresses used by computers to identify each other on the internet. This allows users to access websites easily without remembering numerical IP addresses.
- Acts like a directory or phonebook of the internet
- Enables browsers to locate and load web pages
- Works in the background whenever a website is accessed
4. What is a Firewall?
A firewall is a hardware or software-based network security device that monitors all incoming and outgoing traffic and accepts, denies or drops that particular traffic based on a defined set of security rules.
Firewell
5. What is a VPN?
VPN stands for Virtual Private Network. A virtual private network (VPN) is a technology that creates a secure, encrypted connection over an insecure network like the Internet. A virtual private network is a method of extending a private network using a public network such as the Internet. The name only indicates that it is a virtual "private network". A user may be part of a local area network at a remote location. Create a secure connection using a tunnelling protocol.
6. What are the different sources of malware?
The different sources of malware are given below:
- **Virus: A virus is a type of malicious malware that comes as an attachment with a file or program. Viruses usually spread from one program to another program and they will run only when the host file gets executed. The virus can only cause damage to the computer until the host file runs.
- **Worms: A worm is basically a type of malicious malware that spreads rapidly from one computer to another via email and file sharing. Worms do not require host software or code to execute.
- **Trojan: Trojans are malicious, non-replicating malware that often degrades computer performance and efficiency. Trojans have the ability to leak sensitive user information and modify and delete this data.
- **Ransomware: Ransomware is used as malware to extort money from users for ransom by gaining unauthorized access to sensitive user information and demanding payment to delete or return that information from the user.
- **Spyware: Spyware is basically a type of malicious malware that runs in the background of your computer, steals all your sensitive data and reports this data to remote attackers.
- **Adware: Adware is another type of malware that tracks the usage of various types of programs and files on your computer and displays personalized ad recommendations based on your usage history.
- **Botnet: A network of compromised devices controlled by an attacker for coordinated attacks.
7. How does email work?
When an email is sent, the sender’s email client transfers it to a mail server using SMTP. The server checks the recipient’s domain and uses DNS to locate the correct mail server if needed. The email is then delivered to the recipient’s mail server, where it is stored until the recipient accesses it using POP or IMAP. If delivery fails, the message is queued and may eventually be returned as undelivered.
- SMTP is only used for sending emails, not for retrieving them.
- IMAP allows syncing emails across multiple devices, while POP usually downloads them to a single device.
- Email servers retry sending queued messages for a certain period before marking them as failed.
8. What is the difference between active and passive cyber attacks?
- **Active Cyber Attack: An active attack is a type of attack in which the attacker modifies or attempts to modify the content of the message. Active attacks are a threat to integrity and availability. Active attacks can constantly corrupt the system and modify system resources. Most importantly, if there is an active attack, the victim is notified of the attack.
- **Passive Cyber Attack: A passive attack is a type of attack in which the attacker observes the message content or copies the message content. Passive attacks are a threat to confidentiality. Since it is a passive attack, there is no damage to the system. Most importantly, when attacking passively, the victim is not notified of the attack.
Zero Trust is a security framework that assumes no user or device should be trusted by default, whether inside or outside the network. It requires strict identity verification and continuous authentication before granting access to resources, reducing the risk of unauthorized access.
- Follows the principle of “never trust, always verify”
- Uses multi-factor authentication (MFA) and least privilege access
- Continuously monitors user and device activity
10. Who are black hat, white hat and grey hat hackers?
- **White Hat Hacker: A white hat hacker is a certified or certified hacker who works for governments and organizations by conducting penetration tests and identifying cybersecurity gaps. It also guarantees protection from malicious cybercrime.
- **Black Hat Hackers: They are often called crackers. Black hat hackers can gain unauthorized access to your system and destroy your important data. The attack method uses common hacking techniques learned earlier. They are considered criminals and are easy to identify because of their malicious behavior.
- **Grey Hat Hackers: Operate in a moral grey area, they may access systems without permission but often report flaws without causing harm.
11. Define encryption and decryption?
**Encryption: Encryption is the process of converting readable data (plaintext) into an unreadable format (ciphertext) to protect its confidentiality. Only authorized users with the correct key can convert it back to its original form. It is used to secure data during storage and transmission.
- It is a two-way process (data can be decrypted back to plaintext).
- The encrypted data size usually increases with the length of input.
- It is widely used in secure communication such as online transactions and messaging.
**Decryption: Decryption is the process of converting encrypted data (ciphertext) back into its original readable form (plaintext) using a cryptographic key. It ensures that only authorized users can access the original information. It is the reverse process of encryption.
- It requires a valid key to restore the original data.
- It is used to retrieve secure information from encrypted form.
- It is essential for accessing protected communication and stored data.
12. What is the difference between plaintext and cleartext?
**Plaintext: Plaintext is the original readable data that is intended to be encrypted into ciphertext using an encryption algorithm. It serves as the input for encryption processes in cryptography.
- It is converted into ciphertext for security purposes.
- It is used in encryption and decryption processes.
- It may not always be directly exposed to users.
**Cleartext: Cleartext is readable data that is stored or transmitted without any encryption and is not intended to be encrypted. It is directly accessible and understandable without any transformation.
- It does not require decryption to be read.
- It is vulnerable to unauthorized access.
- It is commonly found in unsecured communications.
13. What is a block cipher?
A block cipher is an encryption method that converts plaintext into ciphertext by processing data in fixed-size blocks (such as 64-bit or 128-bit blocks) using a secret key. Each block is encrypted separately according to a specific algorithm, ensuring secure data transformation.
- Common modes of operation include ECB (Electronic Codebook) and CBC (Cipher Block Chaining).
- Provides stronger security compared to simple encryption methods when used with proper modes.
- Widely used in modern encryption standards like AES.
14. What is the CIA Triad?
When it comes to network security, the CIA Triad is one of the most important models developed to guide information security policy within an organization.
CIA stands for:
- Confidentiality
- Integrity
- availability
15. What is the Three-way handshake?
TCP uses a three-way handshake to establish reliable connections. The connection is full-duplex, with synchronization (SYN) and acknowledgment (ACK) on both sides. The exchange of these four flags is done in three steps: SYN, SYN to ACK and ACK.
16. How can identity theft be prevented?
Steps to prevent identity theft:
- Use a strong password and don't share her PIN with anyone on or off the phone.
- Use two-factor notifications for email. Protect all your devices with one password.
- Do not install software from the Internet. Do not post confidential information on social media.
- When entering a password with a payment gateway, check its authenticity.
- Limit the personal data you run. Get in the habit of changing your PIN and password regularly.
- Do not give out your information over the phone.
17. What are some common Hashing functions?
The hash function is a function that converts a specific numerical key or alphanumeric key into a small practical integer value. The mapped integer value is used as an index for hash tables. Simply put, a hash function maps any valid number or string to a small integer that can be used as an index into a hash table. The types of Hash functions are given below:
- Division Method.
- Mid Square Method.
- Folding Method.
- Multiplication Method.
18. What do you mean by two-factor authentication?
Two-factor authentication refers to using any two independent methods from a variety of authentication methods. Two-factor authentication is used to ensure users have access to secure systems and to enhance security. Two-factor authentication was first implemented for laptops due to the basic security needs of mobile computing. Two-factor authentication makes it more difficult for unauthorized users to use mobile devices to access secure data and systems.
19. What does XSS stand for? How can it be prevented?
XSS stands for Cross-Site Scripting. It is a web application vulnerability where attackers inject malicious scripts into trusted websites, which then execute in the user’s browser. This can lead to data theft, session hijacking, account compromise or malware infection.
**Prevention of XSS:
- Validate and filter all user inputs to ensure only expected data is accepted.
- Encode output data so that user input is not executed as code in the browser.
- Use proper HTTP headers like Content-Type and X-Content-Type-Options to control how content is interpreted.
- Implement a Content Security Policy (CSP) to restrict execution of unauthorized scripts.
- Avoid directly inserting untrusted data into HTML, JavaScript or URLs without sanitization.
20. What do you mean by Shoulder Surfing?
A shoulder surfing attack describes a situation in which an attacker can physically look at a device's screen or keyboard and enter passwords to obtain personal information. Used to access malware. Similar things can happen from nosy people, leading to an invasion of privacy.
21. What is the difference between hashing and encryption?
| Hashing | Encryption |
|---|---|
| Converts data into a fixed-length hash value representing the original information | Converts data into an unreadable format (ciphertext) using a key |
| Used for fast data retrieval and data integrity verification | Used to ensure confidentiality of data |
| One-way process; original data cannot be recovered | Two-way process; data can be decrypted back to original form |
| No key is used for reversing the output | Requires a key for both encryption and decryption |
| Output is always fixed in length | Output length varies and usually increases with input size |
| Commonly used for password storage and digital signatures | Commonly used in secure communication and online transactions |
22. Differentiate between Information security and information assurance.
- **Information Assurance: It can be described as the practice of protecting and managing risks associated with sensitive information throughout the process of data transmission, processing and storage. Information assurance primarily focuses on protecting the integrity, availability, authenticity, non-repudiation and confidentiality of data within a system. This includes physical technology as well as digital data protection.
- **Information security: on the other hand, is the practice of protecting information by reducing information risk. The purpose is usually to reduce the possibility of unauthorized access or illegal use of the data. Also, destroy, detect, alter, examine or record any Confidential Information. This includes taking steps to prevent such incidents. The main focus of information security is to provide balanced protection against cyber-attacks and hacking while maintaining data confidentiality, integrity and availability.
23. Write a difference between HTTPS and SSL.
| HTTPS | SSL |
|---|---|
| It is called Hypertext Transfer Protocol Secure. | It is called Secured Socket Layer |
| This is a more secure version of the HTTP protocol with more encryption capabilities. | It is the one and only cryptographic protocol in computer networks. |
| HTTPS is created by combining the HTTP protocol and SSL. | SSL can be used for encryption. |
| HTTPS is primarily used by websites for logging into banking details and personal accounts. | SSL cannot be used alone for a particular website. Used for encryption in conjunction with the HTTP protocol. |
| HTTPS is the most secure and latest version of the HTTP protocol available today. | SSL is being phased out in favour of TLS (Transport Layer Security). |
24. What do you mean by System Hardening?
System hardening is the process of securing a system by reducing its attack surface. The attack surface includes all possible vulnerabilities, such as default passwords, unnecessary services and misconfigured settings, that attackers can exploit. By minimizing these weaknesses, system hardening makes the system more secure and resistant to attacks.
- It involves applying security patches and regular system updates.
- It includes disabling unused ports, applications and services.
- It enforces strong authentication methods and access controls.
25. Differentiate between spear phishing and phishing.
- **Phishing: This is a type of email attack in which an attacker fraudulently attempts to discover a user's sensitive information through electronic communications, pretending to be from a relevant and trusted organization. The emails are carefully crafted by the attackers, targeted to specific groups and clicking the links installs malicious code on your computer.
- **Spear phishing: Spear phishing is a type of email attack that targets specific individuals or organizations. In Spear, a phishing attacker tricks a target into clicking a malicious link and installing malicious code, allowing the attacker to obtain sensitive information from the target's system or network.
26. What do you mean by Perfect Forward Secrecy?
Perfect Forward Secrecy (PFS) is an encryption technique that generates a new, temporary session key for each communication session between a client and a server. This ensures that even if long-term encryption keys are compromised, past communications remain secure. It is widely used in secure applications like websites, messaging and VoIP services to protect user privacy.
- Commonly implemented in protocols like TLS using ephemeral key exchange methods (e.g., Diffie–Hellman).
- Prevents attackers from decrypting previously recorded data even if they obtain the server’s private key later.
- Each session is independently encrypted, so a breach in one session does not affect others.
27. How to prevent MITM?
- Strong WEP/WAP Encryption on Access Points
- Strong Router Login Credentials Strong Router Login Credentials
- Use Virtual Private Network.
28. Differentiate EDR and XDR
| **EDR (Endpoint Detection and Response) | **XDR (Extended Detection and Response) |
|---|---|
| EDR is a security solution focused on monitoring and responding to threats on endpoint devices like laptops, desktops and servers. | XDR is an advanced security solution that integrates data from multiple sources like endpoints, networks, servers and applications. |
| It detects and investigates suspicious activity at the device level. | It provides a centralized view of threats across the entire security environment. |
| It offers real-time threat detection and response for endpoints only. | It correlates security data from multiple layers for better detection accuracy. |
| It is limited to endpoint protection. | It provides broader organization-wide threat detection and response. |
29. What is Public Key Infrastructure?
A Public Key Infrastructure or PKI, is the governing authority behind the issuance of digital certificates. Protect sensitive data and give users and systems unique identities. Therefore, communication security is ensured. The public key infrastructure uses keys in public-private key pairs to provide security. Public keys are vulnerable to attacks, so maintaining public keys requires a healthy infrastructure.
Public Key Infrastructure
30. What is Spoofing?
Spoofing is a type of cyberattack in which an attacker impersonates a legitimate user, device or system to gain unauthorized access, steal data or bypass security measures. It is commonly used to trick users or systems into trusting fake identities.
**Types of Spoofing:
- **IP Spoofing: The attacker manipulates the source IP address in network packets to appear as a trusted system.
- **ARP Spoofing: The attacker sends fake ARP messages on a local network to associate their MAC address with another device’s IP, allowing interception of data.
- **Email Spoofing: The attacker sends emails that appear to come from legitimate sources to deceive users and steal sensitive information.
31. What are the steps involved in hacking a server or network?
The following steps must be ensured in order to hack any server or network:
- Access your web server.
- Use anonymous FTP to access this network to gather more information and scan ports.
- Pay attention to file sizes, open ports and processes running on your system.
- Run a few simple commands on your web server like "clear cache" or "delete all files" to highlight the data stored by the server behind these programs. This helps in obtaining more sensitive information that can be used in application-specific exploits.
- Connect to other sites on the same network, such as Facebook and Twitter, so that you can check the deleted data. Access the server using the conversion channel.
- Access internal network resources and data to gather more information.
- Use Metasploit to gain remote access to these resources.
32. What are the various sniffing tools?
Sniffing tools are used to capture and analyze network traffic for monitoring, troubleshooting and security analysis.
Some common network sniffing tools include:
- Auvik
- SolarWinds Network Packet Sniffer
- Wireshark
- Paessler PRTG
- ManageEngine NetFlow Analyzer
- Tcpdump
- WinDump
- NetworkMiner
33. What is SQL injection?
SQL injection is a technique used to exploit user data through web page input by injecting SQL commands as statements. Essentially, these instructions can be used by a malicious user to manipulate her web server for your application. SQL injection is a code injection technique that can corrupt your database. Preventing SQL Injection is given below:
- Validation of user input by pre-defining user input length, type, input fields and authentication.
- Restrict user access and determine how much data outsiders can access from your database. Basically, you shouldn't give users permission to access everything in your database.
- Do not use system administrator accounts.
34. What is a Distributed Denial of Service attack (DDoS)?
A denial of service (DoS) is a cyber attack against an individual computer or website aimed at denying service to intended users. Its purpose is to interfere with the organization's network operations by denying her access. Denial of service is usually achieved by flooding the target machine or resource with excessive requests, overloading the system and preventing some or all legitimate requests from being satisfied.
35. How to avoid ARP poisoning?
Following are the five ways of avoiding ARP Poisoning attacks:
- **Static ARP Tables: If you can verify the correct mapping of MAC addresses to IP addresses, half the problem is solved. This is doable but very costly to administer. ARP tables to record all associations and each network change are manually updated in these tables. Currently, it is not practical for an organization to manually update its ARP table on every host.
- **Switch Security: Most Ethernet switches have features that help mitigate ARP poisoning attacks. Also known as Dynamic ARP Inspection (DAI), these features help validate ARP messages and drop packets that indicate any kind of malicious activity.
- **Physical Security: A very simple way to mitigate ARP poisoning attacks is to control the physical space of your organization. ARP messages are only routed within the local network. Therefore, an attacker may have physical proximity to the victim's network.
- **Network Isolation: A well-segmented network is better than a regular network because ARP messages have a range no wider than the local subnet. That way, if an attack were to occur, only parts of the network would be affected and other parts would be safe. Attacks on one subnet do not affect devices on other subnets.
- **Encryption: Encryption does not help prevent ARP poisoning, but it does help reduce the damage that could be done if an attack were to occur. Credentials are stolen from the network, similar to the MiTM attack.
36. What is a proxy firewall?
A proxy firewall is a type of firewall that operates at the application layer and monitors traffic by acting as an intermediary between clients and servers. It uses a proxy server to process requests on behalf of users, preventing direct communication with the destination system. This helps in filtering and securing application-level data such as HTTP, FTP and SMTP traffic.
- It hides internal network details by masking client identities.
- It can inspect and filter content more deeply than traditional firewalls.
- It improves security but may introduce slight delays due to extra processing.
37. Explain SSL Encryption.
Secure Socket Layer (SSL) provides security for data transferred between web browsers and servers. SSL encrypts the connection between your web server and your browser, keeping all data sent between them private and immune to attack. Secure Socket Layer Protocols: SSL recording protocol.
38. What do you mean by penetration testing?
Penetration testing is done to find vulnerabilities, malicious content, flaws and risks. It's done to make the organization’s security system defend the IT infrastructure. It is an official procedure that can be deemed helpful and not a harmful attempt. It is part of an ethical hacking process that specifically focuses only on penetrating the information system.
39. What are the risks associated with public Wi-Fi?
- Malware, Viruses and Worms.
- Rogue Networks.
- Unencrypted Connections
- Network Snooping.
- Log-in Credential Vulnerability.
- System Update Alerts.
- Session Hijacking.
40. Explain the main difference between Diffie-Hellman and RSA.
- **Diffie-Hellman (DH) algorithm: It is a key exchange protocol that allows two parties to communicate over a public channel and establish a shared secret without sending it over the Internet. DH allows two people to use their public key to encrypt and decrypt conversations or data using symmetric cryptography.
- **RSA: It is a type of asymmetric encryption that uses two different linked keys. RSA encryption allows messages to be encrypted with both public and private keys. The opposite key used to encrypt the message is used to decrypt the message.
41. Give some examples of asymmetric encryption algorithms.
Asymmetric key cryptography is based on public and private key cryptography. It uses two different keys to encrypt and decrypt messages. More secure than symmetric key cryptography, but much slower.
- You need two keys, a public key and a private key. One for encryption and one for decryption.
- The ciphertext size is equal to or larger than the original plaintext.
- Slow encryption process.
- Used to transfer small amounts of data.
- Provides confidentiality, authenticity and non-repudiation.
42. Explain social engineering and its attacks.
Social engineering is a hacking technique based on forging someone's identity and using socialization skills to obtain details. There are techniques that combine psychological and marketing skills to influence targeted victims and manipulate them into obtaining sensitive information. The types of social engineering attacks are given below:
- **Impersonation: This is a smart choice for attackers. This method impersonates organizations, police, banks and tax authorities. Then they steal money or anything they want from the victim. And the same goes for organizations that obtain information about victims legally through other means.
- **Phishing: Phishing is like impersonating a well-known website such as Facebook and creating a fake girlfriend website to trick users into providing account credentials and personal information. Most phishing attacks are carried out through social media such as Instagram, Facebook and Twitter.
- **Vishing: Technically speaking, this is called "voice phishing". In this phishing technique, attackers use their voice and speaking skills to trick users into providing personal information. In general, this is most often done by organizations to capture financial and customer data.
- **Smithing: Smithing is a method of carrying out attacks, generally through messages. In this method, attackers use their fear and interest in a particular topic to reach out to victims through messages. These topics are linked to further the phishing process and obtaining sensitive information about the target.
43. State the difference between a virus and worm.
- **Worms: Worms are similar to viruses, but do not modify the program. It replicates more and more to slow down your computer system. The worm can be controlled with a remote control. The main purpose of worms is to eat up system resources. The 2000 WannaCry ransomware worm exploits the resource-sharing protocol Windows Server Message Block (SMBv1).
- **Virus: A virus is malicious executable code attached to another executable file that can be harmless or modify or delete data. When a computer program runs with a virus, it performs actions such as B. Delete the file from your computer system. Viruses cannot be controlled remotely. The ILOVEYOU virus spreads through email attachments.
44. Explain the concept of session hijacking.
Session hijacking is a security attack on user sessions over a protected network. The most common method of session hijacking is called IP spoofing, where an attacker uses source-routed IP packets to inject commands into the active communication between two nodes on a network, allowing an authenticated impersonation of one of the users. This type of attack is possible because authentication usually only happens at the beginning of a TCP session. The types of session hijacking are given below:
45. Explain the honeypot and its types.
A honeypot is a networked system that acts as a trap for cyber attackers to detect and investigate hacker tactics and types of attacks. Acting as a potential target on the Internet, it notifies defenders of unauthorized access to information systems. Honeypots are classified based on their deployment and intruder involvement. Based on usage, honeypots are classified as follows:
- Research honeypots: Used by researchers to analyze hacking attacks and find different ways to prevent them.
- Production Honeypots: Production honeypots are deployed with servers on the production network. These honeypots act as a front-end trap for attackers composed of false information, giving administrators time to fix all vulnerabilities in real systems.
46. What do you mean by a Null Session?
A null session is an unauthenticated connection to a Windows system that allows access to certain network resources without a username or password. It was commonly used in older Windows systems to share information but could be exploited to gather sensitive data about users, groups and network settings.
- Often associated with Windows systems like older server versions.
- Can be used for information gathering during security testing.
- Modern operating systems restrict or disable null sessions by default for security.
47. What is IP blocklisting?
IP blacklisting is a method used to block unauthorized or malicious IP addresses from accessing your network. A blacklist is a list of ranges or individual IP addresses to block.
48. What are Polymorphic viruses?
A polymorphic virus is a type of malware that changes its code or appearance each time it infects a new system, making it difficult for antivirus programs to detect using fixed signatures. It uses encryption and a mutation engine to modify its decryption routine while keeping its core malicious behavior the same. When an infected program runs, a decryption routine temporarily decrypts the virus so it can execute and spread to other files. Because its structure keeps changing, detection becomes very difficult.
- Uses a mutation engine to generate different decryption code each time.
- The virus body remains functionally the same even though its code changes.
- Mainly designed to evade signature-based antivirus detection.
49. What is Replay Attack?
A replay attack is a type of cyberattack where an attacker intercepts and retransmits valid data or authentication messages to trick a system into granting unauthorized access. The attacker does not need to decrypt the data but simply reuses it.
- Common in network authentication and communication systems
- Can be prevented using timestamps and unique session tokens
- Often targets authentication protocols and secure transactions
50. What is an Eavesdropping Attack?
Eavesdropping occurs when a hacker intercepts, deletes or modifies data sent between two devices. Eavesdropping, also known as sniffing or snooping, relies on unsecured network communications to access data sent between devices.
Cyber Security Interview Questions for Experienced
51. What is the man-in-the-middle attack?
Man In the Middle Attack is a type of cyber attack in which the attacker stays between the two to carry out their mission. The type of function it can perform is to modify the communication between two parties so that both parties feel like they are communicating over a secure network.
52. What is a traceroute? Why is it used?
Traceroute is a network diagnostic command-line tool used to trace the path that data packets take from a source device to a destination over an IP network. It also measures the time (latency) taken at each intermediate hop (router) along the route, helping identify delays or failures in the network path.
- Helps identify where packets are delayed or dropped in the network path.
- Provides a hop-by-hop map of the route between source and destination.
- Assists in network troubleshooting by showing each intermediate router and response time.
- Works by sending packets (often ICMP) and recording responses from each hop.
53. What is the difference between HIDS and NIDS?
- **HIDS: This intrusion detection system sees the host itself as a whole world. It can be a computer (PC) or a server that can act as a standalone system and analyze and monitor its own internals. It works by looking at the files/data coming in and out of the host you're working on. It works by taking existing file system snapshots from a previously taken file system and comparing them to each other. If they are the same, it means the host is safe and not under attack, but a change could indicate a potential attack.
- **NIDS: This system is responsible for installation points across the network and can operate in mixed and hybrid environments. Alerts are triggered when something malicious or anomalous is detected in your network, cloud or other mixed environments.
54. What is the difference between VA (Vulnerability Assessment) and PT (Penetration Testing)?
- **Penetration testing: This is performed to find vulnerabilities, malicious content, bugs and risks. Used to set up an organization's security system to protect its IT infrastructure. Penetration testing is also known as penetration testing. This is an official procedure that can be considered helpful, not a harmful attempt. This is part of an ethical hacking process that focuses solely on breaking into information systems.
- **Vulnerability assessment: It is the technique of finding and measuring (scanning) security vulnerabilities in a particular environment. This is a location-comprehensive evaluation (result analysis) of information security. It is used to identify potential vulnerabilities and provide appropriate mitigations to eliminate them or reduce them below the risk level.
55. What is RSA?
The RSA algorithm is an asymmetric encryption algorithm. Asymmetric means that it actually works with two different keys. H. Public and Private Keys. As the name suggests, the public key is shared with everyone and the private key remains secret.
56. What is the Blowfish algorithm?
Blowfish is an encryption technique developed by Bruce Schneier in 1993 as an alternative to the DES encryption technique. It is considerably faster than DES and provides excellent encryption speed even though no effective cryptanalysis techniques have been discovered so far. It was one of the first secure block ciphers to be patent-free and therefore freely available to everyone.
- **Block size: 64 bits
- **keys: variable size from 32-bit to 448-bit
- **Number of subkeys: 18 [P array]
- **Number of rounds: 16
- **Number of replacement boxes: 4 [each with 512 entries of 32 bits]
57. What is the difference between a vulnerability and an exploit?
- **Vulnerability: A vulnerability is an error in the design or implementation of a system that can be exploited to cause unexpected or undesirable behaviour. There are many ways a computer can become vulnerable to security threats. A common vulnerability is for attackers to exploit system security vulnerabilities to gain access to systems without proper authentication.
- **Exploit: Exploits are tools that can be used to exploit vulnerabilities. They are created using vulnerabilities. Exploits are often patched by software vendors as soon as they are released. They take the form of software or code that helps control computers and steal network data.
58. What do you understand by Risk, Vulnerability and threat in a network?
- Cyber threats are malicious acts aimed at stealing or corrupting data or destroying digital networks and systems. A threat can also be defined as the possibility of a successful cyberattack to gain unethical access to sensitive data on a system.
- Vulnerabilities in cybersecurity are deficiencies in system designs, security procedures, internal controls, etc. that can be exploited by cybercriminals. In very rare cases, cyber vulnerabilities are the result of cyberattacks rather than network misconfigurations.
- Cyber risk is the potential result of loss or damage to assets or data caused by cyber threats. You can't eliminate risk completely, but you can manage it to a level that meets your organization's risk tolerance. Therefore, our goal is not to build a system without risk but to keep the risk as low as possible.
59. Explain Phishing and how to prevent it.
Phishing is a type of cyber attack where attackers impersonate trusted entities (such as banks, companies or services) to trick users into revealing sensitive information like passwords, credit card details or personal data. It is usually carried out through fake emails, messages or websites that appear legitimate.
**How to prevent phishing:
- Download software only from trusted and official sources.
- Avoid clicking on suspicious links or sharing personal information on unknown websites.
- Always verify website URLs before entering login credentials.
- If an email looks suspicious, contact the sender directly using a separate communication method instead of replying.
- Be cautious about sharing personal details on social media platforms.
- Avoid using unsecured public Wi-Fi for sensitive transactions.
60. Define Cloud Security
Cloud security refers to the practices and technologies used to protect data, applications and services hosted in cloud environments. It ensures that cloud resources remain secure from unauthorized access and cyber threats.
- Protects platforms like AWS, Azure and Google Cloud
- Includes encryption, identity management and access control
- Helps maintain data confidentiality and availability