AM IT - Networks (608) Interview Questions

1. What is the difference between IDS and IPS?

Answer:
● IDS (Intrusion Detection System): Monitors and alerts on malicious
traffic but does not block it.

● IPS (Intrusion Prevention System): Monitors and actively blocks or

prevents malicious traffic.
2. What is the Principle of Least Privilege (PoLP)?

Answer: It means giving users the minimum level of access required to do

their jobs. This reduces the potential impact of errors or compromised accounts.

3. What is defense-in-depth?

Answer: A layered security approach where multiple defensive strategies are

implemented across systems, networks, and applications to reduce the risk of a
single point of failure.

4. What is lateral movement in cybersecurity?

Answer: An attacker moves within a network after gaining access, typically to

escalate privileges and access sensitive systems.

5. What is EDR?

Answer: Endpoint Detection and Response—tools that monitor, detect, and

respond to threats on endpoint devices in real-time.

6. Explain DLL injection?

Answer: An attack where malicious DLL files are loaded into a process’s
memory space to execute arbitrary code.

7. What is memory forensics?

Answer: Analyzing RAM dumps to detect malware, rootkits, or credential

harvesting activities.

8. What is ISO/IEC 27001?

 Answer: An international standard for managing information security risk through
an ISMS (Information Security Management System).

9. What is DLP (Data Loss Prevention)?

Answer: Technologies and strategies to prevent unauthorized data access,

transfer, or leakage.

10. What is a Brute Force Attack?

Answer: Brute Force is a way of finding out the right credentials by repetitively
trying all the permutations and combinations of possible credentials.

11. What is Port Scanning?

Answer: Port Scanning is the technique used to identify open ports and services
available on a host.

12. What is a VPN?

Answer: VPN stands for Virtual Private Network. It is used to create a safe and
encrypted connection. VPN is to ensure encrypted data transfer.

13. Explain MITM attack and how to prevent it?

Answer: A MITM(Man-in-the-Middle) attack is a type of attack where the hacker

places himself in between the communication of two parties and steals the
information.

14. Explain DDOS attack and how to prevent it?

Answer: A DDOS(Distributed Denial of Service) attack is a cyberattack that

causes the servers to refuse to provide services to genuine clients.

15. Explain XSS attack and how to prevent it?

Answer: XSS(Cross-Site Scripting) is a cyberattack that enables hackers to

inject malicious client-side scripts into web pages. XSS can be used to hijack
sessions and steal cookies, modify DOM, remote code execution, crash the
server etc.

16. What is an ARP and how does it work?

 Answer: Address Resolution Protocol (ARP)is a protocol for mapping an Internet
Protocol address (IP address) to a physical machine address that is recognized
in the local network.

17. What is 2FA and how can it be implemented for public websites?

Answer: An extra layer of security that is known as “multi-factor authentication“.

Requires not only a password and username but also something that only, and
only, that user has on them, i.e. a piece of information only they should know or
have immediately to hand – such as a physical token.

18. Explain Phishing and how to prevent it?

Answer: Phishing is a Cyberattack in which a hacker disguises as a trustworthy

person or business and attempts to steal sensitive financial or personal
information through fraudulent email or instant message.

19. What is Deep Packet Inspection (DPI)?

Answer: DPI examines the content of packets (not just headers) to detect
malware, intrusions, or unauthorized applications. Used in NGFWs to block
advanced threats.

20. What is a firewall, and how does it work?

Answer: A network security device that monitors and filters incoming/outgoing

traffic based on predefined rules.

21. What is the difference between symmetric and asymmetric encryption?

Answer: Symmetric uses one key for encryption/decryption (e.g., AES), while
asymmetric uses a public-private key pair (e.g., RSA).

22. What is a security policy?

Answer: A formal document outlining an organization’s security procedures,

roles, and responsibilities.

23. What is SIEM?

Answer: Security Information and Event Management (e.g., Splunk, IBM

QRadar) for log analysis.e System) converts website names (e.g., google.com)
into IP addresses (e.g., 142.250.190.46).

24. What is ransomware?

Answer: Malware that encrypts files and demands payment for decryption.
25. What is DHCP?

Answer: DHCP (Dynamic Host Configuration Protocol) automatically assigns IP

addresses to devices (so you don’t have to set them manually).

26. What is SSH and what port does SSH typically run on?

Answer: SSH (Secure Shell) is a cryptographic network protocol for operating

network services securely over an unsecured network. SSH typically runs on port
22.

27. What is DNS?

Answer: DNS (Domain Name System) converts website names (e.g.,

google.com) into IP addresses (e.g., 142.250.190.46).

28. What is cloud security, and why is it important?

Answer: Cloud security refers to the policies, controls, procedures, and

technologies used to protect cloud-based systems, data, and infrastructure from
cyber threats.

29. What is a Zero Trust Security Model, and how does it apply to cloud
security?

Answer: Zero Trust is a security framework that assumes no implicit trust—every

access request must be verified, regardless of location. Key principles:

● Least Privilege Access (users get only necessary permissions)

● Micro-segmentation (isolating workloads to limit lateral movement)
● Continuous Authentication (MFA, behavioral analytics)
● Encryption Everywhere (data in transit & at rest)

30. What is encryption?

Answer: Encryption is the process of converting plaintext data into ciphertext

using an algorithm and a key, making it unreadable to unauthorized parties.

31. What is PGP/GPG encryption?

Answer: PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) are used
for:

● Email encryption (asymmetric crypto).

● File encryption.
 ● Digital signatures (prove authenticity).
32. What’s the difference between TCP and UDP?

Answer: TCP: Connection-oriented, reliable, uses acknowledgments (e.g.,

HTTP, SSH).

UDP: Connectionless, faster, no guarantees (e.g., DNS, VoIP, video streaming).

33. What is VLAN and why is it useful?

Answer: A VLAN (Virtual LAN) logically segments a physical network into

different broadcast domains for better traffic control, security, and efficiency.

34. How do you secure a Linux server?

Answer:

● Use SSH key-based auth

● Disable root login
● Firewall (iptables, ufw)
● File permissions
● Audit logs
35. Explain port forwarding?

Answer: Port forwarding maps an external port to an internal IP and port,

allowing access to services behind NAT (e.g., SSH server on port 22).

36. What’s a default gateway?

Answer: The router that devices use to send data outside their own network.

37. How does SNMP work?

Answer: SNMP (Simple Network Management Protocol) is used for monitoring

and managing devices. Agents report data to a management system using MIBs
(Management Information Base).

38. What is the difference between Layer 2 and Layer 3 switches?

Answer: Layer 2: Works with MAC addresses, handles VLANs and switching
 Layer 3: Can also perform routing between VLANs or subnets using IP
addresses

39. How does a proxy server work?

Answer: A proxy acts as an intermediary between clients and servers to filter,

cache, or log requests. Useful for security, content filtering, and anonymity.

40. What is the difference between SAN and NAS?

Answer: SAN (Storage Area Network): Block-level storage, used for databases
and high-performance applications

NAS (Network Attached Storage): File-level storage, used for file sharing and
archiving

41. What’s the default firewall management tool in CentOS 7/8?

Answer: In CentOS 7 and 8, firewalld is the default firewall management tool.

42. How do you create and manage services in CentOS using systemd?

Answer: In CentOS 7 and later, systemd replaces the older SysV init
system. To manage services:

● Start a service: systemctl start httpd

Enable it at boot: systemctl enable httpd
● Check status: systemctl status httpd
● Stop a service: systemctl stop httpd

43. How do Trojans typically spread?

Answer:

● Phishing emails with malicious attachments

● Drive-by downloads from compromised websites
● Malicious software downloads (e.g., fake games, cracked tools)
● Infected USB drives or external devices
● Social engineering tactics
44. What is zoning in SAN??
 Answer: Zoning controls access between servers and storage devices on Fibre
Channel networks. It defines which initiators (hosts) can see which targets
(storage).

45. What is NAS failover?

Answer: NAS failover provides high availability by allowing a standby NAS node
to take over services if the primary node fails. Used in clustered NAS systems.

46. How does a firewall differ from a proxy server?

Answer: A firewall filters traffic based on rules. A proxy acts as an intermediary

and hides user identity.

47. What is the role of NAC (Network Access Control)?

Answer: Ensures only compliant and authenticated devices access the network.

48. What is the difference between a policy, standard, and procedure?

Answer:

Policy: High-level rule or direction

Standard: Specific mandatory controls

Procedure: Step-by-step implementation

49. What is a WAF?

Answer: Web Application Firewall – filters and monitors HTTP traffic to protect
web apps from common attacks like XSS, SQLi.

50. What is a honeypot?

Answer: A honeypot is a decoy system or server intentionally designed to

appear vulnerable and attractive to attackers. Its purpose is to:

● Lure cybercriminals or malware away from real systems

● Monitor their behavior and techniques
● Gather threat intelligence (TTPs – Tactics, Techniques, and Procedures)
● Detect intrusions early