1. What is Cybersecurity?
Cybersecurity involves the practice of protecting systems, networks, and programs from digital attacks, theft, and damage to ensure confidentiality, integrity, and availability of information.
2. What is the CIA Triad in Cybersecurity?
The CIA Triad stands for Confidentiality, Integrity, and Availability. It is a model designed to guide policies for information security within an organization.
3. What are the types of Cyber Security?
The assets of every company are made up of a variety of various systems. These systems have a strong cybersecurity posture, which necessitates coordinated actions across the board. As a result, cybersecurity can be divided into the following sub-domains:
Network security: It is the process of securing a computer network against unauthorized access,
intruders, attacks, disruption, and misuse using hardware and software. This security aids in the protection of an
organization's assets from both external and internal threats. Example: Using a Firewall.
Application security:
It entails safeguarding software and devices against malicious attacks. This can be accomplished by regularly updating
the apps to ensure that they are secure against threats.
Data security: It entails putting
in place a strong data storage system that ensures data integrity and privacy while in storage and transport.
Identity management:
It refers to the process of identifying each individual's level of access inside an organization. Example: Restricting
access to data as per the job role of an individual in the company.
Operational security: It
entails analyzing and making decisions about how to handle and secure data assets. Example: Storing data in an
encrypted form in the database.
Mobile security: It refers to the protection of organizational
and personal data held on mobile devices such as cell phones, PCs, tablets, and other similar devices against a
variety of hostile attacks. Unauthorized access, device loss or theft, malware, and other threats are examples of
these dangers.
Cloud security: It refers to the safeguarding of data held in a digital
environment or in cloud infrastructures for an organization. It employs a variety of cloud service providers,
including AWS, Azure, Google, and others, to assure protection against a variety of threats.
4. What are the benefits of Cyber Security?
The following are some of the advantages of putting cybersecurity in place and keeping it up to date:
- Businesses are protected from cyberattacks and data breaches.
- Both data and network security are safeguarded.
- Unauthorized user access is kept to a minimum.
- There is a quicker recovery time after a breach.
- Protection for end-users and endpoint devices.
- Regulatory compliance.
- Operational consistency.
- Developers, partners, consumers, stakeholders, and employees have a higher level of trust in the company's reputation.
5. What do you mean by a Null Session?
A null session occurs when a user is not authorized using either a username or a password. It can provide a security concern for apps because it implies that the person making the request is unknown.
6. What are the common types of cyber security attacks?
The common types of cyber security attacks are:-
- Malware
- Cross-Site Scripting (XSS)
- Denial-of-Service (DoS)
- Domain Name System Attack
- Man-in-the-Middle Attacks
- SQL Injection Attack
- Phishing
- Session Hijacking
- Brute Force
7. How can you avoid a brute force attack?
There are a variety of techniques for stopping or preventing brute force attacks.
A robust password policy is the most evident. Strong passwords should be enforced by every web application or public
server. Standard user accounts, for example, must contain at least eight characters, a number, uppercase and lowercase
letters, and a special character. Furthermore, servers should mandate password updates on a regular basis.
Brute
Force attack can also be avoided by the following methods:-
- Limit the number of failed login attempts.
- By altering the sshd_config file, you can make the root user unreachable via SSH.
- Instead of using the default port, change it in your sshd config file.
- Make use of Captcha.
- Limit logins to a certain IP address or range of IP addresses.
- Authentication using two factors
- URLs for logging in that are unique
- Keep an eye on the server logs.
8. Differentiate between Information protection and information assurance.
Information protection protects data from unauthorized access by utilizing encryption, security software, and other
methods.
Information Assurance ensures the data's integrity by maintaining its availability, authentication, and
secrecy, among other things.
9. What do you mean by perimeter-based and data-based protection?
Perimeter-based cybersecurity entails putting security measures in place to safeguard your company's network from hackers. It examines people attempting to break into your network and prevents any suspicious intrusion attempts.
The term "data-based protection" refers to the use of security measures on the data itself. It is unaffected by network connectivity. As a result, you can keep track of and safeguard your data regardless of where it is stored, who accesses it, or which connection is used to access it.
10. Differentiate between Symmetric and Asymmetric Encryption.
| Symmetric Encryption | Asymmetric Encryption |
|---|---|
| Both encryption and decryption can be done using just one key. | It takes two keys to encrypt and decrypt data respectively. |
| In this technique, the encryption system is very fast. | In this technique, the encryption system is slow. |
| When a huge volume of data must be transferred, it is used. | When a small volume of data must be transferred, it is used. |
| When compared to asymmetric key encryption, symmetric key encryption uses fewer resources. | When compared to symmetric key encryption, asymmetric key encryption uses more resources. |
| The ciphertext is the same size as or smaller than the plain text. | The ciphertext is the same size as or greater than the plain text. |
| Eg :- AES, DES | Eg :- DSA and RSA |
11. Differentiate between Black Box Testing and White Box Testing.
| Black Box Testing | White Box Testing |
|---|---|
| It's a type of software testing in which the program's or software's internal structure is concealed. | It is a method of software testing in which the tester is familiar with the software's internal structure or code. |
| It is not necessary to have any prior experience with implementation. | It is not necessary to have prior experience with implementation. |
| On the basis of the requirement specifications paper, this testing can begin. | This form of software testing begins once the detailed design document has been completed. |
| It takes the least amount of time. | It takes the most amount of time. |
| It is the software's behavior testing. | It is the software's logic testing. |
| It is relevant to higher levels of software testing. | It is relevant to lower levels of software testing. |
12. Differentiate between Stream Cipher and Block Cipher.
The major distinction between a block cypher and a stream cypher is that a block cypher turns plain text into ciphertext one block at a time. Stream cypher, on the other hand, converts plain text into ciphertext by taking one byte of plain text at a time.
| Block Cipher | Stream Cipher |
|---|---|
| By converting plaintext into ciphertext one block at a time, Block Cipher converts plain text into ciphertext. | Stream Cipher takes one byte of plain text at a time and converts it to ciphertext. |
| Either 64 bits or more than 64 bits are used in block ciphers. | 8 bits are used in stream ciphers. |
| The ECB (Electronic Code Book) and CBC (Common Block Cipher) algorithm modes are utilized in block cipher (Cipher Block Chaining). | CFB (Cipher Feedback) and OFB (Output Feedback) are the two algorithm types utilized in stream cipher (Output Feedback). |
| The Caesar cipher, polygram substitution cipher, and other transposition algorithms are used in the block cipher. | Stream cipher uses substitution techniques such as the rail-fence technique, columnar transposition technique, and others. |
| When compared to stream cipher, a block cipher is slower. | When compared to a block cipher, a stream cipher is slower. |
13. What is the difference between virus and worm?
A virus is a piece of harmful executable code that is attached to another executable file and can modify or erase
data. When a virus-infected computer application executes, it takes action such as removing a file from the computer
system. Viruses can't be managed from afar.
Worms are comparable to viruses in that they do not alter the
program. It continues to multiply itself, causing the computer system to slow down. Worms can be manipulated with
remote control. Worms' primary goal is to consume system resources.
14. What do you mean by Active reconnaissance?
Active reconnaissance is a type of computer assault in which an intruder interacts with the target system in order to
gather information about weaknesses.
Port scanning is commonly used by attackers to detect vulnerable ports,
after which they exploit the vulnerabilities of services linked with open ports.
This could be done using
automatic scanning or manual testing with tools like ping, traceroute, and netcat, among others. This sort of recon
necessitates interaction between the attacker and the victim. This recon is faster and more precise, but it generates
far more noise. Because the attacker must engage with the target in order to obtain information, the recon is more
likely to be detected by a firewall or other network security device.
15. Code Snippet: Sample Encryption in Python
# Python code for simple encryption
def encrypt(message, key):
encrypted_message = ""
for char in message:
encrypted_message += chr(ord(char) + key)
return encrypted_message
# Example usage
message = "Hello, World!"
key = 3
encrypted_message = encrypt(message, key)
print("Encrypted Message:", encrypted_message)