Tutorial Study Image

Cyber Security Interview Questions

Cyber security involves the methods and policies which help an individual or an organization to protect their hardware and software devices and sensitive information from attackers and hackers who are active in cyberspace. The main objective of cybersecurity is to keep sensitive information from illegal access, modification, or destruction.

Cybersecurity is divided into different types according to its applicability and design. they are,

  1. Infrastructure security
  2. Network Security
  3. Cloud Security
  4. Internet Of Things Security
  5. Application Security
  6. Operational Security 


The objective of cyber security is mainly to protect our systems and devices and the sensitive information from the attackers from the cyber criminals from inside or outside. the advantages are,

  • Protects devices and systems from illegal access and destruction
  • Protects sensitive information from hackers
  • Protects the users using the cyberspace
  • Protects the network devices and hosts
  • Prevents the illegal users and their access
  • Protects from viruses, worms, and malware


Cryptography is the method or technique that secures the data and communications from the cyber attackers between the users. Cryptography is involved in the study of making safe communication methods that make the sensitive information can only be seen by end-users. It involves encryption, decryption, etc.

IDS stands for Intrusion Detection System, it detects all the intrusions in a organizations network and alert the system admin about the intrusion. Intrusion Detection System is good in handling inside attacks and outside attacks.

IPS means Intrusion Prevention System which helps the system admin of an organization to detect and prevent intrusions in an organization's network both from outside and inside.

CIA stands for three important things that are needed while making a security policy. CIA is a model that is used for making security policies for securing sensitive data. CIA refers

  • Confidentiality: It helps make sure that data is only used by authorized users
  • Integrity: Helps to make sure the data is consistent and accurate and in the right format.
  • Availability: Helps to make sure the data is available for the authentic users while they need it.

A firewall is a security measure to protect a system or network from external attackers. Firewall act as a wall between the system or network from the outside network which monitors and filters the malicious data packets from entering into the system or network. It helps to protect from malware, virus, hackers, adware, and many more attacks from cyberspace.

Data is sent through the network as packets, and these packets travel through different network devices called points to reach the destination. Traceroute is a tool that is used to check all the points where a packet travels before reaching its destination. traceroute lists all the network points the data packet travels before reaching its receiver.

Traceroute is helpful in finding the cause, why a data packet doesn't reach the destination, is there are any network breaks.

NIDS monitors the network traffic for all types of anomalies and malicious packets which can be an attack originated from inside or outside the organization.

HIDS stands for Host Intrusion Detection System which will be running on all the network host systems. HIDS helps to detect all the anomalies in the traffic which originates from inside the organization and also helps to detect the malicious packets that NIDS failed to catch.

SSL means Secure Socket Layer. SSL is an encryption technique that encrypts the connection between the server and the client which helps to encrypt and protect the information transfer between the client browser and web server. SSL is useful in online money transfer and online payment. 

A crime that happens in cyberspace or using any network is called cyber crime. A person who is behind a cybercrime is called a cyber-criminal. for example,

  • Hacking
  • malware
  • ransomware
  • creating virus 
  • information theft
  • online frauds 

The primary goal of cybersecurity is to protect user information and devices from cyber attacks. It includes the stealing of sensitive information, illegal access, hacking, and a lot more which is beyond our scope.

A threat in cyber security can be defined as any type of hazard from inside or outside of an organization that disturbs the normal functioning of the organization, involves corrupting information, destroying the data or devices. examples of threats can be

  • virus
  • malware
  • hacking
  • worms
  • phishing attacks 

Vulnerability is a technical flaw or an issue in the architecture of the system or the network which can be a threat in the future. vulnerability can be in hardware, software, or even in applications. Vulnerability can be physical or software or even human vulnerability. to deal with vulnerability there is a system called vulnerability management.

A data leak can be defined as an illegal transfer of sensitive data without proper authorization. This is a kind of cyber attack usually happens in email, laptops, etc.

Brute force attack is a method that cybercriminals use to get the user login credentials like username and password. In this method, the criminals use automated machines that try all the possible combinations of user credentials until it gets the right credentials. it is called the Trial and Error method.

Possible methods to prevent such brute force attacks are,

  1. Use a strong username and password that must-have combination of letters, numbers, and special characters
  2. Set a predefined number of login attempts
  3. Make the password lengthy

Each application connects to the internet using different ports and they have numbers called port numbers. Port scanning is a method for analyzing the ports and services available in a system that will help hackers to access information.

The transmission of data between the end-users is not in plain text format. For proper security, convert the plain text into a different form that cannot be read by hackers. The process of converting the plain text into the alternate format is called encoding or encryption.

Decoding is the reverse process of encoding. In decoding, the encrypted data is converted back to the original plain text format, so the receiver can read and understand the meaning of the data. The process in which the encrypted data is converted to its original form is called decryption or decoding.

In the encryption process, the data is converted from plain text to an alternate form called ciphertext. and in the decryption process, the ciphertext is converted back to an original text called decipher-text

Encryption is the process of converting plain text into ciphertext. The converting of plain text to cipher text is done using a secret key. symmetric encryption method uses the same key for encryption and decryption.

Sharing a single key by the sender and receiver for encoding and decoding a text is not that safe. In more complex encryption methods it uses two different keys, one for encrypting the data which is called a public key, and the other is for decrypting the data called a secret key. Such a type of encryption that involves two different keys is called Asymmetric Encryption. Example: RSA

Hashing is a cryptographic method that takes input data of any size and type and converts them into unique fixed-size enciphered text strings called a hash. 

Hashing is like encryption, but in hashing the conversion of data to the message digest is permanent. which means, there is no decryption in hashing, which means the enciphered data cannot be reverted back.

Hashing is used to maintain the integrity of data whereas encryption is for maintaining the confidentiality of data. 

Hashing is mainly used in comparing the huge amount of data in this hashed format. which means we can able to compare the hashes of different data that is helpful in authenticating systems that can store the hash values and compare the hash values while validating user credentials. It is helpful to avoid strong user credentials in raw format. other uses include,

  1. Used in digital signatures
  2. Helps to avoid the data duplication


There are many hashing algorithms available, but the commonly and popularly used ones are,

  • Message-Digest Algorithm MD5
  • Secure Hashing Algorithm SHA
  • Tiger Cipher Algorithm
  • WHIRLPOOL Algorithm
  • RIPMEND Algorithm

OSI model stands for Open Systems Interconnection model, it is a conceptual model that describes how a machine or a system interconnects with the network devices and systems. OSI model has divided that interconnection into 7 layers, each performing different independent functions. The layers are

  • Physical layer
  • Datalink layer
  • Network layer
  • Transportation layer
  • Session layer
  • Presentation layer
  • Application layer

VPN stands for Virtual Private Network. VPN creates a virtual encrypted channel between the end-users for safe and private communication. VPN helps to protect the data transfer from all interference snooping, etc. 

They are highly skilled and knowledgeable persons who can able to break security methods and steal or destroy sensitive information or device. These persons use dark and deep web resources and tools for their operation which are considered as a cybercrime. for example creating viruses, worms, malware, hacking, illegal access, etc

They are also highly skilled persons working for a positive cause. They help the organizations and persons to find and clear the security flaws in the system. They are skilled penetration testers and they help organizations and even government to secure their sensitive information.

these are persons in between the black and white hat hackers who break some ethical standards but their intention is not for causing damage to organizations or persons. they will not be in any malicious activity.

The most simple way is to remove the CMOS battery which provides power to basic functions and memory of a system, else,

  1. use software
  2. use motherboard jumper
  3. use MS DOS

MITM attack is also called middle man attack. In this type of cyber attack, an attacker stands in the middle to decode the communication between two users without their knowledge and use their communication to get sensitive information.

ARP stands for Address Resolution Protocol, which is a network protocol that is used to get the system MAC address if the IP address is known. ARP stands as an interface between the Datalink layer and the Network layer of the OSI model.

RARP means Reverse Address Resolution protocol. It is a network protocol that is reverse of ARP. RARP gives the IP address of the system if the physical address of the system is known. 

Devices on networks that act like zombies are called botnets. It can be systems, routers, servers, or any network device which is infected and under the control of malware.

SSL and TSL are both cryptographic protocols that help to make a secure connection between the server and the client. In SSL the sender identity will be checked and verified but in the case of TSL, it creates a secure channel for communication.

CSRF is the short form of Cross-Site Request Forgery. 

It is a security measure that an organization takes when they understand there may be chances of flaws or vulnerabilities in their network or systems. Vulnerability assessment is a process of finding all the vulnerabilities and flaws in the network and systems and prioritizing fixing them.

It is a process that hired ethical hackers to do in an organization. They search and find all the vulnerabilities and flaws inside the network and systems of an organization. While doing Penetration testing the organization set up all their security measures to check any chances for hacking their network.

VPN creates an encrypted secure tunnel between the user system and the VPN server so that the user can access and collect all the information from the network without losing their privacy and security.

Port scanning is a method to find the services and ports that are open. Both the network administrator and hackers use this port scanning to get info about the ports. some of the port scanning methods are

  • Stealth Scanning
  • UDP
  • TCP Connect
  • TCP Half open
  • Ping Scan



These three methods are for transmitting data through the network

  • Unicasting: This method is for transmitting data from a single sender to a single receiver, It is an end-to-end communication.
  • Multicasting: It is a method of transmitting data from one or more sources to multiple receivers
  • Broadcasting: Broadcasting is a method of transmitting data from a single sender to a large number of receivers. For example TV, radio, etc

Patch management is a process of updating the software and operating systems of systems and network devices to make it up to date. Making the software and OS up to date will help them to prevent many cyber attacks and viruses. For example, Windows patches that were officially released, Many security patches for different software, etc

Patch management tools are used to keep the software up to date in all time. Some of the commonly used tools are,

  • Atera
  • Ninja RMM
  • Acronis cyber protect
  • PDQ Deploy
  • Acronis cyber protect cloud
  • Automox
  • Microsoft system center
  • SmartDeploy


Honey pots are the created attack targets that attract the attackers, which are made by organizations and government to understand how attacker use their network and to know how many vulnerabilities are there in their networks.

Honeypots in cyber security
Working of honeypots in cyber security


It is more of a physical attack as the attacker tries to find the sensitive information by peeking through your shoulder while you typing the sensitive information. It usually happens when you tries to access your sensitive information in a public place. 

There is a huge number of cyber attacks in which some of the common types of cyberattacks are,

  • Virus
  • Worms
  • Malware
  • phishing
  • Cross-site scripting XSS
  • Denial of service DOS
  • Man in the middle attack
  • Brute force attack
  • SQL injection attack
  • Session Attack


XSS stands for Cross-Site Scripting attack. It is an attack in which the attacker injects some client-side scripts that are malicious into the web pages. It can able to crash the server, hijack the session, change the cookies, etc.

Some of the measures to prevent XSS attacks are

  • Encoding special characters
  • Validating user inputs
  • Sanitizing user inputs
  • Use anti XSS tools
  • Use HTML XSS filter

TFA stands for Two Factor Authentication. It is a security measure for providing an additional layer of security for the users to login. In this method, the users will give access to their accounts after completing two authentication methods.

For example, in TFA in Gmail, we can have login only after entering our username and password and then enter a code which sent to our registered mobile. 

WAF stands for Web Application Firewall. It is a firewall that helps the application from external attacks by monitoring the traffic that the application sends and receives to and from the network. 

Hacking is the process of finding vulnerabilities in the network and systems and using those vulnerabilities to steal, modify, corrupt, or even destroy sensitive information or a device is called hacking. Example password hacking, social account hacking, bank account hacking, etc

Network sniffing is a process done using a network tool for analyzing the data packets that are transmitted over the network. For doing the network sniffing, sophisticated machines and software are available.  The main purpose of network sniffing is

  1. extract sensitive information from the packets
  2. Check any important information in chat
  3. Monitor packets transmitted over the network


There are many web domains which is fresh and can be easily affected by malicious malware. DNS monitoring has a set of tools that help to identify malicious malware. 

Salting is a process of adding a combination of special characters to the end of passwords so that the length of the passwords can be increased and it increases the security of passwords from the attackers. the combination of special characters that we add to the password is called salt.

SSH is the short form of Secure Socket Shell or Secure Shell. It helps the system admins to access the data and monitor the data in a network.

In cyber security, Black Box testing is a kind of testing the program or a device whose code or internal structure is not visible to the tester.

White box testing is a method of testing in cyber security in which the internal structure of the system or the code of a program is visible to the tester. 

TCP protocol uses a three-way handshake to make a reliable connection between the host and client which is a full-duplex connection. In a three-way handshake, both the host and client synchronize each other and acknowledge each other.

Data exfiltration is the process of accessing and copying data illegally from a system. data transfer is done by physically accessing the system and copying the data.

Exploit is a hacking method that is used by hackers to get access to sensitive data illegally using the help of malware.

IGMP is the short form of Internet Group Management Protocol which helps the network devices and hosts to share a single IP address. By sharing the single IP address it can able to receive the same data. IGMP is used mainly in video streaming and online gaming.

emails are protected using the cipher algorithm. It also helps in encrypting the credit card and organization data.

The Diffie-Hellman algorithm is a symmetric encryption method that uses only a single public key for encryption and decryption. The diffie-Hellman algorithm is a key exchange algorithm that helps the two hosts to transmit mutual secret messages through a public channel without broadcast to the internet. 

The remote desktop protocol is designed by Microsoft which is used to access the desktop of another system over internet if both the systems have RDP running in the background. 

The only condition is that both systems must have RDP software running. This will be very helpful to access a system remotely and its applications.

Each session has a unique session key. Forward secrecy helps to check and make sure the integrity of that unique session key or id.

It is a type of attack where the attacker makes a program to store more data than a buffer can hold. Buffer is fixed-size temporary storage space.

Once the buffer is full, the program tries to store the data outside the buffer causing corruption in data and even crashing the program or running some malicious code. It opens a window for the attackers to get access and modify process address space.

Spyware is a kind of malware that runs inside a system without the user's knowledge and it sends sensitive information from the victim's computer to the attacker. it can damage a whole organization.

SRM is a short form of Security Reference Monitor, which helps the computer to assign the routines to all drivers in the system.

The virus can be defined as a malicious bit of program code that is intended to do some malicious activities without the user's knowledge. The virus can also able to spread from one system to another and can infect any number of systems. A virus can able to

  1. corrupt your data
  2. manipulate the data
  3. steal the sensitive data
  4. destroy a computer system
  5. destroy network devices

It is a collection of APIs that is used for encryption. CryptoAPIs help the programmers to develop projects on network secuerly.

We have to follow these steps to secure a web server,

  1. Delete unwanted scripts from the server
  2. Disable all the modules which are not necessary
  3. Always keep the webserver updated
  4. Always keep the website ownership updated

Social engineering is a method to make people trust to share confidential information. Social engineering is done using three methods such as

  • Human-based attack
  • Computer-based attack
  • mobile-based attack

The Worm is a malicious program code that can able to replicate and spread from one computer to another in a network.

Mostly, worms are spread using emails, and worms infect at a faster rate than viruses.

There are many tools that hackers use for packet sniffing, some of them are

  • TCPdump
  • Kismet
  • Wireshark
  • NetworkMiner
  • Dsniff

Different types of sniffing attacks are

  • TCP session stealing
  • Application-level sniffing
  • Web password sniffing
  • protocol sniffing
  • LAN sniffing
  • ARP sniffing

DDOS or Distributed Denial Of Service attack is the same as Denial of Service attack but uses more than one system to do DOS attack.

DOS Attack: In this type of attack, the attacker sends a huge amount of junk requests to a server to make the server resources exhausted and cant able to process the genuine requests.

Session hijacking is a type of session misusing and also called cookie hijacking. Sessions are created for user security and safety and the attacker takes over that session by exploiting the session id.

For doing session hijacking the attackers use IP spoofing. In this method, the hackers use IP packets to make commands in the network.

There are different ways an attacker uses the session hijacking, some of them are

  • Using packet sniffing
  • Cross-site scripting
  • IP spoofing
  • Blind attack

For the ease of hacking, a lot of tools are available now in the form of scripts and programs that help to find loopholes in the security of networks and servers. In the deep and dark web, there are a lot of tools that are really available.

The common methods of encryption that includes both symmetric and asymmetric are

  • RSA
  • AES

The Backdoor is a type of malware that can able to attack any computer system bypassing all the security measures.

As the name suggests it enters through the backdoor even if we have a lot of security measures at the front.

It is a basic principle that is used in networking regarding network traffic. This principle states that 80 percent of traffic will be local and 20 percent should be routed to a VPN.

WEP is a security mechanism in wireless connectivity and the term WEP cracking means finding a security loophole in the wireless network connection. In broad, we can divide the WEP cracking into two types

  • Active cracking
  • Passive cracking

There are different tools available for cracking the WEP and some of them are

  • Aircrack
  • WebDecrypt
  • Kismet
  • WEPCrack

Auditing is a concept of inspecting the content which is auditing means if we are doing financial auditing we have to check all the ledger and cash and balance to get the result of financial auditing.

Here in security auditing, we have to check all the security measures and the possible loopholes that already have or chance to have in the future in the network or in the operating system.

Phishing is a cyber attack that aims to gather sensitive information from the user like their credentials or bank details or debit or credit card details. 

In phishing attack the attacker send the mails or messages that pretend to come from a genuine source and asking for the sensitive information.

Nano encryption is an upcoming research area in the field of cyber security which provides robust security to the systems and network that prevents cyber criminals.

There are a lot of hacking tools and methods that available in the internet, some of them are

  • Acunetix
  • WebInspect
  • Probably
  • Netsparker
  • Angry IP scanner
  • Burp Suite
  • Savvius

Security testing is a process of testing the network and systems and software to check if they have any risk or vulnerability that can make the attackers easily destroy them or steal data from them.

Trojan horse is a kind of malware that infect the system and gain complete access to the victim's system. Trojans are mainly used by hackers and cybercriminals.

SQL injection is a concept of adding some malicious SQL codes into a database of a website. Attackers use the vulnerabilities of the poorly designed database to add such SQL code so that attackers can run malicious SQL codes to damage the website.

OWASP is the short form of Open Web Application Security Project and the vulnerabilities according to them are

  • SQL injection
  • Cross-site forgery
  • insecure cryptographic storage
  • Bad transport layer protection
  • Open URL access
  • Nonverified redirects

ARP means Address Resolution Protocol which is a protocol that gives the physical address of a system whose IP address is known.

ARP poisoning is an attacking style that sends the unreal or fake address to a network device and it associates that fake address with the IP address of a real system. the motive of ARP poisoning is to hijack the traffic that comes to a system.

There is numerous cyber-attack which is beyond our scope, some of them are

  • Trojans
  • Adware
  • Worm
  • Spywares
  • DOS Attacks
  • DDOS Attacks
  • Scareware
  • Virus
  • Malware
  • Bulling
  • Stalking
  • Phishing

Nmap is a security tool that is used in security auditing to search and find the networks available.

A hybrid attack is an attack that is used for hacking passwords by changing the dictionary word with some symbols. A hybrid attack is a combinational attack which is a combination of brute force attack and dictionary method.

EtterPeak is a network tool that is used by the attackers to sniff the packets which are moving through the network to access some sensitive information from them.

Popular Programs