Cybersecurity is a vast domain and there are a wide variety of questions that could be asked during an interview. Recruiters mostly focus on the technical aspects and knowledge of tools and techniques to ensure a secure framework. Here are a few commonly asked cybersecurity interview questions that you might face while seeking jobs in the cybersecurity domain.
What is data leakage and what causes it?
The unauthorized transmission of data from within an organization to an external entity or destination is known as data leakage.
The many factors that contribute to data leakage are:
– Weak passwords
– Theft of company assets
– The exploitation of vulnerabilities by Hackers
– Accidental e-mails
– Malicious attacks
– Loss of paperwork
– System errors or misconfiguration
– Inadequate security features for shared drives and documents
– Unsecured back-up
How can data be safeguarded?
– Data Loss Prevention Software
– Email Encryption
– Training employees on password implementation
– Two-Factor Authentication
– Using Virtual Private Networks
– Monitor and regularize usage of physical devices
– Periodic Reviews of IT Infrastructure
– Regularly update cyber-security policies
– Wipe the old devices clean before disposing them
The most common data loss prevention techniques are:
– Cryptographic hashing
– Data fingerprinting (read, hash and store)
Explain the threat, vulnerability, and risk?
Vulnerability is the gap or weakness in a security program that could be exploited to acquire unauthorized access to a company’s asset.
Threat is anything that can intentionally or accidentally exploit a vulnerability to damage or destroy an asset.
Risk is the potential of a threat to exploit a vulnerability and destroy or damage an asset. If a system is not secure enough and has the chances of data loss or damage, it’s under high risk.
What are the different types of web server vulnerabilities?
Some of the web server vulnerabilities are:
– Default Settings
– Bugs in Operating System or web server
5. What is SSL? Is it enough when it comes to encryption?
SSL is not hard data encryption. It is an identity verification technique to understand that the person one is conversing with is in fact who they say they are. SSL and TLS are used almost everywhere and by everyone, and because of this popularity, it faces the risk of being attacked via its implementation and its very known methodology (eg.: The Heartbleed bug). Additional security is required for data-in-transit and data-at-rest, as SSL can be easily stripped in certain circumstances.
Describe the 3 major first steps for securing your Linux server.
The three broad steps to secure a Linux Server are:
Auditing – A server audit is performed to find our obscure issues that can challenge the server security or stability. The system is scanned or audited for security issues using a tool called Lynis. Each category is separately scanned and a hardening index is subsequently provided to the auditor to take further actions.
Hardening: Once the audit is complete, the system needs to be hardened based on the security level it requires. This process mainly involves taking the right steps against the security issues identified while auditing.
Compliance: Sticking to the policy outline and the technical baseline is an important aspect of security to maintain a common standard for the same.
What are the techniques used in preventing a brute force login attack?
There are three techniques to prevent Brute force login attack:
Account Lockout Policy: After a set number of failed attempts the account is locked out until the administrator unlocks it.
Progressive Delays: After three failed login attempts, the account will be locked for a certain time period. With each failed login attempt after this, the lock-out period will keep increasing, hence making it impractical for the automated tools to attempt forced login.
Challenge-response test: This is primarily to prevent automatic submissions on the login page. Tools like free reCaptcha can be used to ask the user to manually input some text or solve a simple problem to ensure that a user is an actual person.
What is Phishing and how can it be prevented?
Phishing is a social engineering attack intended to steal data from users. The data attacked is usually the login credentials, credit card numbers, and bank account details with an intention to deceit or scam users. The social engineer impersonates genuine web pages and asks for login and other details.
Some of the ways to prevent phishing are:
– Two-factor Authentication involving two identity confirmation methods
– Filters to flag high-risk e-mails
– Augmented password logins using identity cues
– Train your employees to beware of certain tell-tail e-mails, and on information sharing tactics
– Have a guard against Spam
What is a CIA triad?
It is a standard for implementing Information Security and is common across various types of systems and/or across organizations.
Confidentiality: Only the concerned audience can access the data.
Integrity: Ensures that data is kept intact without any foul play in the middle
Availability: Of data and computers to authorized parties, as needed
Explain SSL encryption
Secured Sockets Layer is the standard to establish an encrypted link between a browser and a web server. It secures the data exchanged between the web server and the browser, and keeps it private and integral. SSL is the industry standard to protect online transactions between businesses and their respective customers and is used by millions of websites.
What are salted hashes?
A password is protected in a system by creating a hash value of that password. A ‘salt’ is a random number which is added to this hash value and stored in the system. This helps against the dictionary attacks.
What are some common cyber-attacks?
Some of the most common cyber-attacks are:
– Password Attacks
– Man in the Middle
– Drive-By Downloads
– Rogue Software
How does tracert or tracerout work?
These are used to determine the route from the host computer to a remote machine. They also identify how packets are redirected, if they take too long to traverse, and the number of hops used to send traffic to a host.
What is the difference between symmetric and asymmetric encryption?
In symmetric encryption, a single key is used for both encryption and decryption. While asymmetric encryption uses different keys. Also, symmetric is much faster but is more difficult to implement as compared to asymmetric.
Is it possible to login to Active Directory from Linux or Mac box?
Yes, it is possible to access the active directory from a Linux or a Mac box system by using the Samba program for implementing the SMB protocol. Depending on the version, this allows for share access, printing, or even Active Directory membership.
Stay tuned to this page for more such information on cybersecurity interview questions and career assistance. If you are not confident enough yet and want to prepare more to grab your dream job in the field of Cyber-Security, upskill with Advanced Computer Security Program: A program by Stanford Center for Professional Development, delivered and supported by Great Learning.