Top 100+ Cyber Security Interview Questions

and Answers

Here are Cyber Security interview questions and answers for fresher as well
experienced candidates to get their dream job.

1) Wha
Whatt is ccyber
ybersecurity?
security?
Cybersecurity refers to the protection of hardware, so!ware, and data from attackers.
The primary purpose of cyber security is to protect against cyberattacks like accessing,
changing, or destroying sensitive information.

2) What are the elements of cybersecurity?

Major elements of cybersecurity are:

Information security
Network security
Operational security
Application security
End-user education
Business continuity planning

3) What are the advantages of cyber security?

Benefits of cyber security are as follows:
 It protects the business against ransomware, malware, social engineering, and
phishing.
It protects end-users.
It gives good protection for both data as well as networks.
Increase recovery time a!er a breach.
Cybersecurity prevents unauthorized users.

4) Define Cryptography.
It is a technique used to protect information from third parties called adversaries.
Cryptography allows the sender and recipient of a message to read its details.

5) Di"erentiate between IDS and IPS.

Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful
while preventing the intrusion. In the Intrusion Prevention System (IPS), the system
finds the intrusion and prevent it.

6) What is CIA?
Confidentiality, Integrity, and Availability (CIA) is a popular model which is designed to
develop a security policy. CIA model consists of three concepts:

Confidentiality: Ensure the sensitive data is accessed only by an authorized user.

Integrity: Integrity means the information is in the right format.
Availability: Ensure the data and resources are available for users who need them.

7) What is a Firewall?
It is a security system designed for the network. A firewall is set on the boundaries of
any system or network which monitors and controls network tra"ic. Firewalls are
mostly used to protect the system or network from malware, worms, and viruses.
Firewalls can also prevent content filtering and remote access.

8) Explain Traceroute
It is a tool that shows the packet path. It lists all the points that the packet passes
through. Traceroute is used mostly when the packet does not reach the destination.
Traceroute is used to check where the connection breaks or stops or to identify the
failure.
9) Di"erentiate between HIDS and NIDS.

Parameter HIDS NIDS

NIDS is used for the

Usage HIDS is used to detect the intrusions.
network.

What does It monitors suspicious system activities It monitors the tra"ic of all
it do? and tra"ic of a specific device. device on the network.

urse

m
, IIT

ore

10) Explain SSL

SSL stands for Secure Sockets Layer. It is a technology creating encrypted connections
between a web server and a web browser. It is used to protect the information in online
transactions and digital payments to maintain data privacy.

11) What do you mean by data leakage?

Data leakage is an unauthorized transfer of data to the outside world. Data leakage
occurs via email, optical media, laptops, and USB keys.

12) Explain the brute force attack. How to prevent it?

It is a trial-and-error method to find out the right password or PIN. Hackers repetitively
try all the combinations of credentials. In many cases, brute force attacks are
automated where the so!ware automatically works to login with credentials. There are
ways to prevent Brute Force attacks. They are:

Setting password length.

Increase password complexity.
Set limit on login failures.

13) What is port scanning?

It is the technique for identifying open ports and service available on a specific host.
Hackers use port scanning technique to find information for malicious purposes.

14) Name the di"erent layers of the OSI model.

Seven di"erent layers of OSI models are as follows:

1. Physical Layer
2. Data Link Layer
3. Network Layer
 4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer

15) What is a VPN?

VPN stands for Virtual Private Network. It is a network connection method for creating
an encrypted and safe connection. This method protects data from interference,
snooping, censorship.

16) What are black hat hackers?

Black hat hackers are people who have a good knowledge of breaching network
security. These hackers can generate malware for personal financial gain or other
malicious reasons. They break into a secure network to modify, steal, or destroy data
so that the network can not be used by authorized network users.

17) What are white hat hackers?

White hat hackers or security specialist are specialized in penetration testing. They
protect the information system of an organization.

18) What are grey hat hackers?

Grey hat hackers are computer hacker who sometimes violate ethical standards, but
they do not have malicious intent.

19) How to reset a password-protected BIOS configuration?

There are various ways to reset BIOS password. Some of them are as follows:

Remove CMOS battery.

By utilizing the so!ware.
 By utilizing a motherboard jumper.
By utilizing MS-DOS.

20) What is MITM attack?

A MITM or Man-in-the-Middle is a type of attack where an attacker intercepts
communication between two persons. The main intention of MITM is to access
confidential information.

21) Define ARP and its working process.

It is a protocol used for finding MAC address associated with IPv4 address. This
protocol work as an interface between the OSI network and OSI link layer.

22) Explain botnet.

It’s a number of internet-connected devices like servers, mobile devices, IoT devices,
and PCs that are infected and controlled by malware.

23) What is the main di"erence between SSL and TLS?

The main di"erence between these two is that SSL verifies the identity of the sender.
SSL helps you to track the person you are communicating to. TLS o"ers a secure
channel between two clients.

24) What is the abbreviation of CSRF?

CSRF stands for Cross-Site Request Forgery.

25) What is 2FA? How to implement it for a public website?

TFA stands for Two Factor Authentication. It is a security process to identify the person
who is accessing an online account. The user is granted access only a!er presenting
evidence to the authentication device.

26) Explain the di"erence between asymmetric and symmetric

encryption.
Symmetric encryption requires the same key for encryption and decryption. On the
other hand, asymmetric encryption needs di"erent keys for encryption and
decryption.

27) What is the full form of XSS?

XSS stands for cross-site scripting.

28) Explain WAF

WAF stands for Web Application Firewall. WAF is used to protect the application by
filtering and monitoring incoming and outgoing tra"ic between web application and
the internet.
29) What is hacking?
Hacking is a process of finding weakness in computer or private networks to exploit its
weaknesses and gain access.

For example, using password cracking technique to gain access to a system.

30) Who are hackers?

A Hacker is a person who finds and exploits the weakness in computer systems,
smartphones, tablets, or networks to gain access. Hackers are well experienced
computer programmers with knowledge of computer security.

31) What is network sni"ing?

Network sni"ing is a tool used for analyzing data packets sent over a network. This can
be done by the specialized so!ware program or hardware equipment. Sni"ing can be
used to:

Capture sensitive data such as password.

Eavesdrop on chat messages
Monitor data package over a network
32) What is the importance of DNS monitoring?
Yong domains are easily infected with malicious so!ware. You need to use DNS
monitoring tools to identify malware.

33) Define the process of salting. What is the use of salting?

Salting is that process to extend the length of passwords by using special characters.
To use salting, it is very important to know the entire mechanism of salting. The use of
salting is to safeguard passwords. It also prevents attackers testing known words
across the system.

For example, Hash(“QxLUF1bgIAdeQX”) is added to each and every password to

protect your password. It is called as salt.

34) What is SSH?

SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides
system administrators secure way to access the data on a network.

35) Is SSL protocol enough for network security?

SSL verifies the sender’s identity, but it does not provide security once the data is
transferred to the server. It is good to use server-side encryption and hashing to protect
the server against a data breach.

36) What is black box testing and white box testing?

Black box testing: It is a so!ware testing method in which the internal structure or
program code is hidden.
White box testing: A so!ware testing method in which internal structure or
program is known by tester.

37) Explain vulnerabilities in network security.

Vulnerabilities refer to the weak point in so!ware code which can be exploited by a
threat actor. They are most commonly found in an application like SaaS (So!ware as a
service) so!ware.

38) Explain TCP Three-way handshake.

It is a process used in a network to make a connection between a local host and server.
This method requires the client and server to negotiate synchronization and
acknowledgment packets before starting communication.

39) Define the term residual risk. What are three ways to deal
with risk?
It is a threat that balances risk exposure a!er finding and eliminating threats.

Three ways to deal with risk are:

1. Reduce it
2. Avoid it
3. Accept it.

40) Define Exfiltration.

Data exfiltration refers to the unauthorized transfer of data from a computer system.
This transmission may be manual and carried out by anyone having physical access to
a computer.
41) What is exploit in network security?
An exploit is a method utilized by hackers to access data in an unauthorized way. It is
incorporated into malware.

42) What do you mean by penetration testing?

It is the process of checking exploitable vulnerabilities on the target. In web security, it
is used to augment the web application firewall.

43) List out some of the common cyber-attack.

Following are the common cyber-attacks which can be used by hackers to damage
network:

Malware
Phishing
Password attacks
DDoS
Man in the middle
Drive-by downloads
Malvertising
Rogue so!ware
44) How to make the user authentication process more secure?
In order to authenticate users, they have to provide their identity. The ID and Key can
be used to confirm the user’s identity. This is an ideal way how the system should
authorize the user.

45) Explain the concept of cross-site scripting.

Cross-site scripting refers to a network security vulnerability in which malicious scripts
are injected into websites. This attack occurs when attackers allow an untrusted source
to inject code into a web application.

46) Name the protocol that broadcast the information across all
the devices.
Internet Group Management Protocol or IGMP is a communication protocol that is used
in game or video streaming. It facilitates routers and other communication devices to
send packets.

47) How to protect email messages?

Use cipher algorithm to protect email, credit card information, and corporate data.

48) What are the risks associated with public Wi-Fi?

Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sni"ing, war-
driving, brute force attack, etc.

Public Wi-Fi may identify data that is passed through a network device like emails,
browsing history, passwords, and credit card data.

49) What is Data Encryption? Why it is important in network

security?
Data encryption is a technique in which the sender converts the message into a code. It
allows only authorized user to gain access.

50) Explain the main di"erence between Di"ie-Hellman and RSA.

Di"ie-Hellman is a protocol used while exchanging key between two parties while RSA
is an algorithm that works on the basis two keys called private and public key.

51) What is a remote desktop protocol?

Remote Desktop Protocol (RDP) is developed by Microso!, which provides GUI to
connect two devices over a network.

The user uses RDP client so!ware to serve this purpose while other device must run
RDP server so!ware. This protocol is specifically designed for remote management and
to access virtual PCs, applications, and terminal server.

52) Define Forward Secrecy.

Forward Secrecy is a security measure that ensures the integrity of unique session key
in event that long term key is compromised.

53) Explain the concept of IV in encryption.

IV stands for the initial vector is an arbitrary number that is used to ensures that
identical text encrypted to di"erent ciphertexts. Encryption program uses this number
only once per session.

54) Explain the di"erence between stream cipher and block

cipher.

Parameter Stream Cipher Block Cipher

How does it Stream cipher operates on small Block cipher works on large
work? plaintext units data blocks.
 Code
It requires less code. It requires more code.
requirement

Usage of key Key is used only once. Reuse of key is possible.

Application Secure Socket layer. File encryption and database.

Stream cipher is used to Block cipher is used to

Usage
implement hardware. implement so!ware.

55) Give some examples of a symmetric encryption algorithm.

Following are some examples of symmetric encryption algorithm.

RCx
Blowfish
Rijndael (AES)
DES

56) What is the abbreviation of ECB and CBC?

The full form of ECB is Electronic Codebook, and the full form of CBC is Cipher Block
Chaining.

57) Explain a bu"er overflow attack.

Bu"er overflow attack is an attack that takes advantage of a process that attempts to
write more data to a fixed-length memory block.

58) Define Spyware.

Spyware is a malware that aims to steal data about the organization or person. This
malware can damage the organization’s computer system.
59) What is impersonation?
It is a mechanism of assigning the user account to an unknown user.

60) What do you mean by SRM?

SRM stands for Security Reference Monitor provides routines for computer drivers to
grant access rights to object.

61) What is a computer virus?

A virus is a malicious so!ware that is executed without the user’s consent. Viruses can
consume computer resources, such as CPU time and memory. Sometimes, the virus
makes changes in other computer programs and insert its own code to harm the
computer system.

A computer virus may be used to:

Access private data like user id and passwords

Display annoying messages to the user
Corrupt data in your computer
Log the user’s keystrokes

62) What do you mean by Authenticode?

Authenticode is a technology that identifies the publisher of Authenticode sign
so!ware. It allows users to ensure that the so!ware is genuine and not contain any
malicious program.

63) Define CryptoAPI

CryptoAPI is a collection of encryption APIs which allows developers to create a project
on a secure network.
64) Explain steps to secure web server.
Follow the following steps to secure your web server:

Update ownership of file.

Keep your webserver updated.
Disable extra modules in the webserver.
Delete default scripts.

65) What is Microso! Baseline Security Analyzer?

Microso! Baseline Security Analyzer or MBSA is a graphical and command-line
interface that provides a method to find missing security updates and
misconfigurations.

66) What is Ethical hacking?

Ethical hacking is a method to improve the security of a network. In this method,
hackers fix vulnerabilities and weakness of computer or network. Ethical hackers use
so!ware tools to secure the system.

67) Explain social engineering and its attacks.

Social engineering is the term used to convince people to reveal confidential
information.

There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-
based, and 3) Computer-based.

Human-based attack: They may pretend like a genuine user who requests higher
authority to reveal private and confidential information of the organization.
Computer-based attack: In this attack, attackers send fake emails to harm the
computer. They ask people to forward such email.
Mobile-based attack: Attacker may send SMS to others and collect important
information. If any user downloads a malicious app, then it can be misused to
access authentication information.
68) What is IP and MAC Addresses?
IP Address is the acronym for Internet Protocol address. An internet protocol address is
used to uniquely identify a computer or device such as printers, storage disks on a
computer network.

MAC Address is the acronym for Media Access Control address. MAC addresses are used
to uniquely identify network interfaces for communication at the physical layer of the
network.

69) What do you mean by a worm?

A Worm is a type of malware which replicates from one computer to another.

70) State the di"erence between virus and worm

Parameter Virus Worm

How they infect It inserts malicious code into a Generate it’s copy and spread
a computer? specific file or program. using email client.

Virus need a host program to They do not require any host

Dependency
work to function correctly.

It is linked with .com, .xls, .exe, It is linked with any file on a

Linked with files
.doc, etc. network.

A"ecting speed It is slower than worm. It faster compared to a virus.

71) Name some tools used for packet sni"ing.

Following are some tools used for packet sni"ing.

Tcpdump
Kismet
 Wireshark
NetworkMiner
Dsni"

72) Explain anti-virus sensor systems

Antivirus is so!ware tool that is used to identify, prevent, or remove the viruses present
in the computer. They perform system checks and increase the security of the
computer regularly.

73) List out the types of sni"ing attacks.

Various types of sni"ing attacks are:

Protocol Sni"ing
Web password sni"ing
Application-level sni"ing
TCP Session stealing
LAN Sni"ing
ARP Sni"ing

74) What is a distributed denial-of-service attack (DDoS)?

It is an attack in which multiple computers attack website, server, or any network
resource.

75) Explain the concept of session hijacking.

TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most
common method of session hijacking. In this method, attackers use IP packets to insert
a command between two nodes of the network.

76) List out various methods of session hijacking.

Various methods of session hijacking are:

Using packet Sni"ers

Cross-Site Scripting (XSS Attack)
IP Spoofing
Blind Attack

77) What are Hacking Tools?

Hacking Tools are computer programs and scripts that help you find and exploit
weaknesses in computer systems, web applications, servers, and networks. There are
varieties of such tools available on the market. Some of them are open source, while
others are a commercial solution.

78) Explain honeypot and its Types.

Honeypot is a decoy computer system which records all the transactions, interactions,
and actions with users.

Honeypot is classified into two categories: 1) Production honeypot and 2) Research

honeypot.

Production honeypot: It is designed to capture real information for the

administrator to access vulnerabilities. They are generally placed inside
production networks to increase their security.
Research Honeypot: It is used by educational institutions and organizations for
the sole purpose of researching the motives and tactics of the back-hat
community for targeting di"erent networks.

79) Name common encryption tools.

Tools available for encryptions are as follows:

RSA
Twofish
 AES
Triple DES

80) What is Backdoor?

It is a malware type in which security mechanism is bypassed to access a system.

81) Is it right to send login credentials through email?

It is not right to send login credentials through email because if you send someone
userid and password in the mail, chances of email attacks are high.

82) Explain the 80/20 rule of networking?

This rule is based on the percentage of network tra"ic, in which 80% of all network
tra"ic should remain local while the rest of the tra"ic should be routed towards a
permanent VPN.

83) Define WEP cracking.

It is a method used for a security breach in wireless networks. There are two types of
WEP cracking: 1) Active cracking and 2) Passive cracking.

84) What are various WEP cracking tools?

Well known WEP cracking tools are:

Aircrack
WebDecrypt
Kismet
WEPCrack

85) What is a security auditing?

Security auditing is an internal inspection of applications and operating systems for
security flaws. An audit can also be done via line by line inspection of code.

86) Explain phishing.

It is a technique used to obtain a username, password, and credit card details from
other users.

87) What is Nano-scale encryption?

Nano encryption is a research area which provides robust security to computers and
prevents them from hacking.

88) Define Security Testing?

Security Testing is defined as a type of So!ware Testing that ensures so!ware systems
and applications are free from any vulnerabilities, threats, risks that may cause a big
loss.

89) Explain Security Scanning.

Security scanning involves identifying network and system weaknesses and later
provides solutions for reducing these risks. This scanning can be performed for both
Manual as well as Automated scanning.

90) Name the available hacking tools.

Following is a list of useful hacking tools.

Acunetix
WebInspect
Probably
Netsparker
Angry IP scanner:
 Burp Suite
Savvius

91) What is the importance of penetration testing in an

enterprise?
Here are two common application of Penetration testing.

Financial sectors like stock trading exchanges, investment banking, want their
data to be secured, and penetration testing is essential to ensure security.
In case if the so!ware system is already hacked and the organization would like to
determine whether any threats are still present in the system to avoid future
hacks.

92) What are the disadvantages of penetration testing?

Disadvantages of penetration testing are:

Penetration testing cannot find all vulnerabilities in the system.

There are limitations of time, budget, scope, skills of penetration testers.
Data loss and corruption
Down Time is high which increase costs

93) Explain security threat

Security threat is defined as a risk which can steal confidential data and harm
computer systems as well as organization.

94) What are physical threats?

A physical threat is a potential cause of an incident that may result in loss or physical
damage to the computer systems.
95) Give examples of non-physical threats
Following are some examples of non-physical threat:

Loss of sensitive information

Loss or corruption of system data
Cyber security Breaches
Disrupt business operations that rely on computer systems
Illegal monitoring of activities on computer systems

96) What is Trojan virus?

Trojan is a malware employed by hackers and cyber-thieves to gain access to any
computer. Here attackers use social engineering techniques to execute the trojan on
the system.

97) Define SQL Injection

It is an attack that poisons malicious SQL statements to database. It helps you to take
benefit of the design flaws in poorly designed web applications to exploit SQL
statements to execute malicious SQL code. In many situations, an attacker can escalate
SQL injection attack in order to perform other attack, i.e. denial-of-service attack.

98) List security vulnerabilities as per Open Web Application

Security Project (OWASP).
Security vulnerabilities as per open web application security project are as follows:

SQL Injection
Cross-site request forgery
Insecure cryptographic storage
Broken authentication and session management
Insu"icient transport layer protection
Unvalidated redirects and forwards
Failure to restrict URL access
99) Define an access token.
An access token is a credential which is used by the system to check whether the API
should be granted to a particular object or not.

100) Explain ARP Poisoning

ARP (Address Resolution Protocol) Poisoning is a type of cyber-attack which is used to
convert IP address to physical addresses on a network device. The host sends an ARP
broadcast on the network, and the recipient computer responds back with its physical
address.

ARP poisoning is sending fake addresses to the switch so that it can associate the fake
addresses with the IP address of a genuine computer on a network and hijack the
tra"ic.

101) Name common types of non-physical threats.

Following are various types of non-physical threats:

Trojans
Adware
Worms
Spyware
Denial of Service Attacks
Distributed Denial of Service Attacks
Virus
Key loggers
Unauthorized access to computer systems resources
Phishing

102) Explain the sequence of a TCP connection.

The sequence of a TCP connection is SYN-SYN ACK-ACK.
103) Define hybrid attacks.
Hybrid attack is a blend of dictionary method and brute force attack. This attack is
used to crack passwords by making a change of a dictionary word with symbols and
numbers.

104) What is Nmap?

Nmap is a tool which is used for finding networks and in security auditing.

105) What is the use of EtterPeak tool?

EtterPeak is a network analysis tool that is used for sni"ing packets of network tra"ic.

106) What are the types of cyber-attacks?

There are two types of cyberattacks: 1) Web-based attacks, 2) System based attacks.

107) List out web-based attacks

Some web-based attacks are: 1) SQL Injection attacks, 2) Phishing, 3) Brute Force, 4)
DNS Spoofing, 4) Denial of Service, and 5) Dictionary attacks.

108) Give examples of System-based attacks

Examples of system-based attacks are:

Virus
Backdoors
Bots
Worm
109) List out the types of cyber attackers
There are four types of cyber attackers. They are: 1) cybercriminals, 2) hacktivists, 3)
insider threats, 4) state-sponsored attackers.

110) Define ac
accident
cident
cidental
al thr
threea t s
They are threats that are accidently done by organization employees. In these threats,
an employee unintentionally deletes any file or share confidential data with outsiders
or a business partner going beyond the policy of the company.