Top 30 Cybersecurity Interview Questions [For Freshers]

the video on top 30 cyber security interview questions for complete freshers okay this is the mock interview I'm brashes Gupta and with me I have Jamin Pak so let's get started and but but but before we go ahead and um you know start with the mock interview make sure you subscribe the channel and if you are an existing subscriber make sure you press the Bell icon so that you get notified immediately okay and if you want to join my free webinar on cyber security career road map the link is in the description below okay so let's get started quickly hi Jam how are you I'm good rash how are you I'm good thank you so much yeah so R let's get started with the interview questions sure my first question is on C Tri what is C Tri so uh CIA Triad is basically uh you know uh it's it's composed of confidentiality integrity and availability okay and uh you know uh we have it's it's a basically a foundation of entire cyber security whenever a company need to deploy a new security control in the network or maybe need to create a new policy they have to look at CIA Tri they they actually tend to look at the CIA right now when we talk about the confidentiality it it is about avoiding any kind of unauthorized access to the network uh maybe possibly you know if we have any y unauthorized access we this could lead to uh data breaches this could lead to you know uh information disclosure as well so organization need to deploy all the possible controls security solution to avoid such kind of uh issue with the confidentiality solution could be encryption okay encrypting the data maybe uh data in use data in motion or maybe a solution could be access control like identity management access management privilege management solution um now when we talk about the Integrity this is all about uh uh this is all about avoiding any kind of unauthorized changes in the file or in the data okay now uh doing that we we basically make sure if the data is been sent from a person a uh and reaches to dat uh person B the data should never be modified in between okay and uh there are multiple solution the most popular one is the hashing solution digital certificates uh for making sure it's authorized uh from the same person it's been created by the same person or we also have file Integrity monitoring solution as well which tracks every changes in the system file or data next we have availability this is about the um you know making sure our data is available all the time uh whenever the user need it okay so it it protect us from attacks like Deni service attack or ransomware attack and there are multiple solutions to overcome to to mitigate such thread as well like we can go for denial of service attack protection solution like web application firewall uh Solutions like U big ipfi load balance I mean not load balancer but ASM Cloud flare a Kamai solution impera solution so these are the solution which is used for um defending against the ransomware attack we can go for antivirus solution as well so the this is the CIA Triad in in a way yeah okay got it so is tell me what is triaa so yeah I mean uh so basically AAA is the combination of authentication authorization and accounting okay so it's it's a part of access control so authentication involves uh you know involves a process where user provide the information about who they are actually so user need to submit his own information to get access into the system so they have to submit the information uh what they claim to be okay so uh if they claim to be admin they have to submit the admin credentials if they are claiming to be rajnish Gupta they have to submit the credential of rajnish Gupta username and his password only okay once he get authenticated then the authorization start okay and uh during the authorization a user can be granted privileges to a certain um certain resources into the network but that's all based on what privileges has been assigned to that group or if that user is a part of group then what you uh privileges has been assigned to that specific group finally we have an accounting this is all about tracking all the changes tracking all the activities done by this same user so all these three it combined together it's called AAA so yeah okay okay uh so my next question is on firewall what is the difference between stateful firewall and state stateless firewall so uh basically when we talk about the stateful firewall I mean where uh when we talk about the stateless firewall uh or let let me first tell you about the stateful Maybe so stateful is the power wall where stateful power wall are the one where where it maintains the uh connection table in the firewall so let me give you an example what happen is whenever the packet crosses the firewall it makes an entry into the connection table okay uh with that it can verify if the if the return traffic comes in is it the part of the existing session or is it entirely a new one so we verify I mean when we I talk about the session it is about the TCP 3way handshake session so if it is the new one the packet will be dropped immediately unless there is an explicit rule for it whereas if you look at the stateless Parable it is uh it treats every packet as an individual packet so there is no session on or connection table being maintained in the network so yeah okay MH have you heard about dos attack yeah absolutely okay can you please explain that and how to mitigate it yeah absolutely so uh dos attack is an attack where uh the uh multiple compromise system uh the the uh multiple compromise system basically Target or flood the victim server uh so much so that uh it it it stops serving the genuine user so it's all about overwhelming the victim server and causing it to be become inaccessible for the legitimate users so that's why it is called as denial of service uh but if the uh if all the compromise servers or the compromise uh systems or computers are from globally spread machines then it becomes it is called as distributed denal service okay and um so yeah I mean um in order to mitigate it uh uh in my in my point of view I mean there's no prevention Technique we can't really avoid DS attack to to come uh we can't really prevent it from happening but uh what we can actually do is on the mitigation side uh we can work on the rate limitation we can work on implementing some dos mitigation tools Solutions like U akami Solutions imper solution or Cloud Fair kind of solution so there are different web application firewall as well which can be used to rate limit the amount of traffic redirect the traffic uh keep a track of all the traffic as well the source IP address track traffic known IP address blocking as well so these are some of the mitigation Technique we can go for yeah okay got it so please tell me about uh difference between vulnerability assessment and penetration testing so vulnerability assessment is just about finding the identifying and discovering the vulnerability in the system so this is usually done by the you know tools like table qualus or you know inside VM these tool automatically run automatically discover the vulnerabilities into the network once we once we run the or maybe once we run it or maybe uh once we should schedule it for a specific period And when we talk about the penetration testing this is all about uh simulating the real world attacks or maybe this basically starts once we find the vulnerability okay once we have discovered the vulnerability then we actually exploit those vulnerability to verify how impactful it is and we verify it you know if if we can gain unauthorized access so this involve a lot of manual uh techniques and uh some automated uh testing as well so yeah that's pator testing okay so res my next question is on the cyber attacks what are the common types of cyber security attacks well on cyber security there are multiple common attacks and as per my understanding I think malware is the most common one and even in the malware we have ransomware which is the very very common uh and very you know important for every organization critical for every organization to defend um then we have fishing technique social engineering technique where you know you know attacker or maybe criminals attempt to obtain this sensitive information by uh you know by sending some uh uh smartly crafted email or any other fishing technique as well so that's that's the one maybe email fishing I would say very specific then dos attack is very common uh I think man man in the middle attack is also very common but majorly on the wireless side of the house then um on the web web application I think uh Crosset scripting attack is very common uh csrf attack the cross side scripting attack is very common file upload uh I don't see injection attack uh as very common attack technique but yeah cross scripting attack is still very popular as in the I mean I think uh common Trend at this moment so yeah these are some of the common types of attack uhuh Les can you please tell me what is the difference between hashing and encryption so uh basically hashing is the one-way process it's converts the data convert any random data any kind of a data into a a fixed length string okay it's called a hash value or a digest so it's a one-way process because once we convert that data we cannot get it back so usually the purpose is usually there in when we want to store the password some sensitive information uh you know in the databases where even if the even if the entire uh even if the entire uh you know uh database get compromised by the attacker they will never know the exact password that's why whenever we hear B Ling in database get uh breach and everything they get to know about the username but they never know their password so that's that's possible because of hashing it is also useful in the blockchain where uh you know we were able to track every transaction by using the hash value of those transaction as well and um when it comes to the encryption encryption is a two-way process where we convert any plain text information into a gibberish data or you know uh random data random text by using a key and we can get it back as well by using maybe the uh by using maybe the same key or maybe a different key altoe that depends on the algorithm but getting the data back is pretty much possible in encryption it is used when we when we want to store the data or maybe want we want to send the data and we want to recover it as well those situation has become very important and to achieve the confidentiality as well so yeah that's where encryption is used okay go back let me ask you a basic question what is OSI model sure OSI model is basically it's a framework I would say to understand how how system talk to each other in the internet okay so this starts with the physical aay which where we just have physical machine um you know uh you know work cable and everything then we have data link layer which take care of forwarding the data on the layer to like ethernet uh right so where we have a switches switch forward the data based on the Mac address uh we call it as frame on the layer two then on the network layer we have a routers which forwards the data based on the IP address we also have routing protocol and you know routed protocol as well reiding on them reiding on the same layer then we have transport layer where TCP and UDP works this is where socket to socket communication happen and we can decide whether we want to have a reliable communication or unreliable communication if we want to have a reliable communication we can choose TCP unreliable UDP and uh then we have H session layer where the session termination creation management happens then we have presentation layer where the data encoding decoding data encryption decryption all happen finally we have the application layer where the actual user talk to the application just like we have HTTP uh SMTP protocol DNS so everything resides on there so that that's OSI model yeah okay mhm so tell me about TCP 3-way handshake sure uh TCP 3-way handshake is a process of establishing the connection with the client and server so this involve the Client First sending this send packet basically on the TCP packet uh packet on the TCP layer I would say or the on the uh on the transport layer it consists of multiple Flats TCP Flags so there are Six Flags each indicates a specific indication I mean each indicates a specific uh uh you know uh parameter about what all H what it is about what this package is is all about so if it is send flag has been set that indicates that the client want to talk to the server this packet reaches to the server and then s if server acknowledge this and it also add an sync flag as well so that means the server says yes I I I I acknowledge this packet and I also want to talk to you or or maybe I'm ready to talk to you so the server send this sin and act finally the client acknowledge it and you know acknowledge the packet confirm the receipt of the server send packet and then these the actual traffic goes on so this sin syak and a completes the three-way hand Shi training okay have you heard about a white box test and a black box test yes absolutely so um basically white box yeah sure so box testing is uh involves you know it's it's a structural testing where the uh tester know about what what what we have in the network okay uh the the tester know about the source code or the design documentation or have uh you know uh have an understanding about the internal network setup so this is basically in the white box testing the security tester or maybe penetration tester know about the internal Network uh partially and then he basically start doing the testing identify different vulnerability and then perform some security testing or penetration testing in blackbox testing it's a functional testing which involves testing of functionality of the system application without having much of knowledge about the system as well so where the tester don't have much knowledge about overall system into the network and then still try to find out uh objective and you know try to find the vulnerability in the system as well so that that's that's that's about blackbox testing yeah okay so tell me about the difference between vulnerability risk and threat sure vulnerability is basically a flaw in the system U or maybe you know configuration as well which can be exploited so it could be software bug it could be misconfiguration now dated software version these are all vulnerability not just that even human can be vulnerable as well to different fishing attack as well so and next we have threat so threat is basically any potential danger uh that could exploit the vulnerability and cause uh damage to the network as well like DS attack malware uh these are all threats right when the risk is basically the likelihood that the the uh threat will exploit the vulnerability now the likelihood is calculated based on a formula uh which is about vulnerability into threat or maybe likelihood uh into the likelihood and the impact of the threat so that's how the uh risk is actually calculated so if the the the chances of getting this vulnerability uh you know chances of getting this uh uh likelihood is very high that this vulnerability will be exploited then the risk is High and um the impact is calculated based on how much the organization would lose if the service is not available for an hour or so or maybe for a day as well so based on that the risk is calculated so yeah okay so then what are HIDs and NS so HIDs is the host based intrusion detection system um so this the these are these are the softwares that monitors and analyze the internal internal system of any end point and detect malicious activity policy violation file system changes login system calls nids is all about it's again a software as well which monitors the network based anomalous connection anomalous as in suspicious connection so uh um you know um maybe unwanted Network traffic suspicious Network traffic certain shoot in shoot up in the network traffic as well usually um uh both uh you know uh a host based intrusion system is is usually integrated in the uh endpoint detection system or maybe a business or maybe I would say endpoint detection system or endpoint protection system as well in the network so in simple organization deploy their antivirus system usually the HIDs are there in the system itself but uh nids is more about uh you know more about need to be captured uh on the network layer uh but it can also monitor on the host level as well so there are different uh solution in the market as well which is open source so like Su Kata is a network based intrusion detection system snot is also not network based intrusion detection system on the HIDs we have Os or wazu as well which can perform the same activity so yeah that's what okay great so what is indicator of compromise well indicator of compromise is like an Evidence it's it's an observable behavior that indicates that uh you know a system has been breached or breach has been occurred so example could be unusual Network traffic p pattern or unauthorized file modification or unexpected system Behavior so uh so this is more of a digital forensics data uh that indicates that the incident has been occurred so this this is very important for sock analyst engineer to detect them as soon as possible so this could be data about uh you know blacklisted IP address detection of certain blacklisted IP address or some known malware samples or file hash or maybe some known process name as well or malicious process name as well so yeah okay great so what are top 10 vulnerabilities of O so basically OAS top 10 vulnerabilities it changes every almost very frequently in in a in a span of 3 4 years maybe so uh we have multiple vulnerabilities I I'm not sure about the current top 10 vulnerability but the one that I saw last time that has the injection vulnerabilities where injection is basically a flaw where the untrusted data is sent over the to The Interpreter as a part of command or query maybe SQL injection OS command injection ldap injection so that alls come all come come under the injection uh injection attack then we have brok broken authentication as well where we have uh vulnerability in the authentication system that could that could possibly you know allow a user to get access to the network maybe Brute Force attack right or maybe insecure password storage or um we also have some other Vol ability as well maybe sensitive data exposure XML uh external entity which is called xxe so this is the vulnerability where it's the vulnerability in the XML parer if you have an outdated XML Engine That Could lead to this problem um there's a Crosset scripting attack which is very popular which is about uh when an untrusted data is included in the web page without the proper validation so this would happen uh csrf xsrf so yeah these are all part of it so these are some of the you know uh top 10 [Music] vulnerabilities okay let me ask you a question on SSL what is SSL handshake sure uh so SSL handshake is the is is basically the process of uh you know process of negotiating and establishing a secure connection between client and server and this The Client First send the Hello message to the server along with all the cipher suit that that's it support uh including the algorithm and S session parameters as well then the server respond with its own Hello message uh choosing the strongest mutually supported I would say ciphers Su uh maybe generating the sis key as well after that so it also share what certificates encryption hashing algorithm it support to uh supports to and then the server sends its own digital certificate to the client that okay this is my certificate now go and verify so once once it does that then the client maybe us or not basically our client but actually our browser uh look at our all the certificate listed in our browser certificate manager and then it verify the certificate by the root certificates that we have on our system and then client verify the certificates and generate a premaster seet and then encrypt it with the server public key and send it over to the server both client and server then derive the session key from the premaster secret and other negotiation they also share the other parameters as well and then the encrypted channel will be established and then the actual data can move further on it so yeah that that's the SSL hatrick okay uh explain cyber kill to in process okay cyber killchain is very interesting it's uh I haven't seen it being used in current uh in current uh uh Enterprise Network but cyber killchain is a framework which is used to describe uh you know how us uh yeah I mean uh uh it is used to describe the stages of cyber attacks as per my understanding um that what that's what I read on multiple um you know article videos and uh different documentation as well uh that how the attacker process or different stages work so it typically consists of stages from reconnaissance to weaponization in the reconnaissance uh as as far as I read uh some of the documentation reconnaissance is all about uh Gathering the information about the target weaponization is all about building up the Mal delivery is all about sending the uh payload or malware to the victim Machine by maybe fishing technique or spare fishing whatever it is then exploitation is all about exploiting the vulnerability in the Target machine then then next we have installation phase where we talk about how the uh exploit will be installed and the command and control is the next step where the attacker establish the connection to the Mal through the secure Channel as well then finally action and objective this is the seventh step which is about what action that attacker need to establish maybe data disruption disrupting the network or maybe data exfiltration getting the data to their own uh attacker server so this is this is all the different steps uh we have in the Cyber killchain yeah I think as far as I read it I mean this was built by Martin uh long back currently it is um most uh you know I I read it multiple article and I've seen that currently organization uses miter attack framework for understanding uh the different stages or techniques used by the attackers so yeah that's correct so R then tell me uh how does trace out work so TR route uh you know I have used the TR route as well uh usually TR route is diagnosis tool this is used to know the different hops between source and the destination so I can use the tress rout from my computer to maybe google. com and basically it uses the the TTL parameter which is time to leave parameter so it will send the first packet by keeping d detail value is one and then it will uh then the packet crosses the first hop and it detail value get expired that's how we get the information about the first H icmp time exceed message that's what we usually get it next time the packet will be sent by keeping the TL value as two it crosses the first hop and get stuck uh the in the second hop the the T value get expired and we get the information about the second H uh it will keep happening until it reach to the uh ultimate destination so that's how the rout gives us the information about different hops in between the source and the desition so okay yeah then explain what is the in incident response process sure I mean although I haven't worked uh practically in the incident response um uh but I am aware about the process where we I think we have nest and as the major uh framework for uh incident response which talks about uh different steps involved in this so we have I think six steps first is preparation then detection then conment uh eradication recovery and post incident activity in the preparation we make sure we have all the policy procedures team roles uh solution in place uh for Preparation then we have detection step which talks about detecting those security incident at the right time without any delay by by deploying our detection tools in the network and um once the alert has been detected then we perform the analysis next step is the contentment it is uh it is all about making sure we isolate the machine from the network so that it won't damage the network further or won't move Lally across the network like ransomware uh does next we have eradication this is all about eradicating the malware from the network uh maybe formatting the machine or cleaning the erasing the malware from the machine which is I don't think this that would be used usually then we have recovery which is uh making sure the system is clean and then we can get the system back to the network and finally we have post incident activity where we do the documentation and create the reports so that's that that is the incident response as per my understanding okay tell me about the PK pki what is pki so pki is a public key infrastructure that's that's all about that talks all about the uh public private uh key pair and digital certificates so pki is all about different component this doesn't this doesn't indicates a single framework or single technology or single product or solution it's about the entire ecosystem of asymmetric key asymmetric key is basically uh an algorithm where let's say we have a source and destination and they want to send the encrypted packet so they uses the S symmetric key in such a way that both the party generate a public and private key uh or we call it as key pair okay they will use the they will use the public key to encrypt the data but to to decrypt the same data they will use the their own private key okay public key is meant to be shared with the other party private key is meant to be kept it themselves a secret okay now this uh the use of this public private key and certificate as well is come under the public infrastructure digital certificates is basically is all about authentication that uh you know you are talking to the genuine person who he's claiming to be okay so let's say I want to talk to google. com on the internet um you know I I want to make sure that he is really google.

com so it is really google. com so to make sure that happen Google so. com usually share its own certificates so the moment I get the certificate I need to verify the identity of it so the identity is verified by using the digital certificates I verify the validity of certificate the root certificate information and all the other information so this all combined together is called as public key infrastructure yeah okay perfect so tell me about SQL injection what is SQL injection so SQL injection is a type of attack where uh uh attacker I mean I my experience is more on the home lab so I've done the sill injection attacks in the KX and did those testing in my home lab uh based on my understanding it is the attack where the attacker exploit the vulnerability in the ex uh in the input validation if the server is not doing enough input validation this could happen where attacker can send the malicious SQL commands to retrieve uh you know uh you know uh unauthorized access to the all the data into the network so what is the problem is the server need to have a validation check input validation check that this command should be allowed this shouldn't be allow if it is not done properly uh anyone can send the you know malicious SQL command to retrieve all the data commands like one is equal to one Union operator can create a problem or can perform per form the data manipulation as well so yeah okay so Raj have you heard about zero vulnerability yeah I mean I I read it uh online yeah okay then what is it so it's a it's a security weakness it's a security flaw in the software or the hardware that is unknown to the vendor as well so usually whenever there's a vulnerability of discovered the machine the vendor need to report it to all its customer or maybe it goes on the nist or CV details as well or maybe on their official website so attackers can actually exploit the zero day vulnerability by launch launching the attack before the patch of the fix is even available so this way the uh Defender gets no day to respond to such attacks because if they have a patch available they can quickly patch and you know they can sit and be relaxed but if they don't even know what to do with it you know they can they will be sitting idle and you know they they are completely helpless that's why it is called zero day to respond and zero day attack so yeah okay so then Ros tell me about the princip principle of least privilege what is it okay so yeah sure thank you so principle of the privilege in my understanding it's a concept that that talks about that the individual or system should only have should only be granted minimum of very minimum uh level of access or privileges uh you know required to perform their task they should not get unnecessary privileges in the network right in the organization so by the the the principle is by limiting the access rights to only what is needed what is essential the uh this principle uh helps the helps to reduce the overall impact um of any kind of uh Insider threats or security breaches in the network as well so it's also yeah so I think that's that's the principle of lease privileges yeah yeah that's correct uh my next question is on framework what is miter attack framework so uh miter attack framework I I read it on their official I went through their official website I used the uh attack Navigator as well I even I have seen a lot of tool like Splunk or wazu in my home lab and I've seen uh you know attack navig uh miter attack techniques being used as well I think this framework is a is very important because this gives us the set of set of tactics techniques and procedures used by the attackers this help us to be very focused about uh different technique used by our the organization specific adversaries and the attackers right so we can prioritize which techniques to work on which what kind of a uh security solution we need to have it at this moment to protect against this attack Behavior so th this becomes very helpful um you know and they their official website gives us the table of all the technique uh sorry teches on the top uh about what's the attacker objective and uh techniques under each techniques under each tactics talks about how they want to accomplish these uh objective and each techniques then have their own their own procedure which talks about step by step process uh being executed by that specific attacker so that that's that's that's the miter attack framework yeah okay so then what is zero trust framework then okay zero trust is very um I mean based on my uh my understanding I read a lot of articles on it I think this is very popular in the Enterprise Network now that uh it say is that never trust always verify this this concept talks uh is about uh having same kind of security level as as the external user okay external uh access so uh the access to the resources of the data will only be granted uh will be strictly on the authentication authorization and continuously monitoring irrespective of user location or the POS position in the network whether the user is sitting inside or outside the same kind of security validation will be performed so the the pro the purpose is to avoid any kind of lateral movement in the network so that it's it's considered that the attackers is all attacker is already in the network and uh he might be trying to uh move from one machine to another so usually what used to happen earlier is uh within the network there wasn't enough security control used because we trust all the all the people inside of our house right so but in zero trust we stop doing it so even if somebody is inside the request from internal to uh internal server to another internal server will be verified by the security controls for this there are multiple Solutions I think uh there are multiple data center solution as well uh uh there was one one product called alumio I heard about Cisco toration as well zscaler is also very popular for remote access zero trust Security Solutions as well so yeah the these are this is the zero trust framework yeah okay so we just now talk about the Frameworks let me ask you this question that uh what are some common threat vectors so there are multiple threat vectors I mean some of the common one is of course fishing uh which can attackers can send the militias of fraudulent email message website tracks to disclo to to get unauthorized access or get the disclos that Force the user to disclose the information malware of course uh a sill injection dos attack is also very common uh social engineering is also very common Brute Force attack is also a common attack VOR uh what is really concerning is the supply chain attack where the attacker can compromise this software or the hardware in the supply chain to inject any malicious Cod that that's where the you know vendor third party vendor their security also become very important so yeah okay let me ask you now some B basic questions what is AR okay so AR is basically address resolution protocol it is used to get the MAC address against the IP address so in the ethernet Network what happen is if let's say a user want to talk to another network uh or maybe in any any system it needs the I mean sorry only in the ethernet network if the user want to talk to another system it needs the destination Mac address so for that it for always check the AR table on the computer even on the Windows as well we can look at the AR we can enter the AR command in the command prompt and we can see the uh Mac address if it is not present maybe it's the first time we are opening up the computer in the early morning uh the computer will send the broadcast message to all the system in the network maybe trying to get the MAC address of the other computer maybe on the default gateway or the router as well so it will send the message asking for the default gateway I mean a MAC address of the default gateway or maybe other computer in exchange to that it will get the MAC address so this is done by using the uh address resolution protocol or op yeah okay perfect and what is DSP so dscp is is is a protocol which helps to dynamically assign the IP address or network configuration um it manage the IP address pool lease time as well the it follows the process which is discover offer and uh request and uh acknowledgement phase uh in the Discover the I mean the Discover the computer will actually send a broadcast let's say we uh we we just connected our computer in the network to talk to anything to talk to anyone on the internet we need the IP address right so we the our computer will send the broadcast message and this broad this will be the dscp broadcast message uh discover message this will go to everyone ask majorly looking for the dscp server now the dscp server will receive it and it will send the offer message to the client machine then our client machine will send the request message saying that yes I want to get the IP address I want to get the default gateway I want to get the subnet marks I want to get the D server and finally the uh we get the acknowledgement and we get the all the IP address and information about the system as well so yeah that's what a dscp is okay then tell me about the HTTP response codes sure so HTTP there are multiple Response Code in the sttp uh I I don't remember almost all the Response Code but I know some of the popular one so what happened is um in the in order to get get the you know in the STP which is uh you know which is the TCP based communication the computer send the request message and if and the server acknowledge it by sending the Response Code so there is a there's a range from 100 to 500 I guess and U if the let's say the computer can send get message post message put message delete message so let's say if we want to see the Google page we send the get message to see the Google page so we send the google.

com and get message if there answer is present we'll see we'll get the 200 Response Code that means okay that means request will succeed and if we see the 300 or 301 that means the data has been moved permanently to new location if we see 404 that means the uh data is not present maybe we are looking for a certain page which doesn't even exist exist maybe Rish gta.