Cyber Security Officer track Technical Interview Questions

1- What’s Firewall and it’s types ?

• A firewall is a system, or group of systems that enforces an access control policy between networks
to prevent network attacks.
• Packet Filtering Firewall ( Stateless ) : usually part of a router firewall, which permits or denies
traffic based on layer 3 and layer 4 information.
• Stateful Firewall : the most common firewall techologies in use. Stateful firewalls provide stateful
packet filtering by keep tracking the connection information maintained in a state table using layer
3 , 4 and 5 .
• Application Gateway Firewall ( Proxy Firewall ) : It filters information at layer 3 , 4 , 5 and 7. Most
of the Firewall control and filtering is done in software. When a client needs to access a remote
server, it connects to a proxy server. The proxy server connects to the remote server on behalf of
the client .
• Next Generation Firewall : It’s beyond stateful firewalls by providing integrated intrusion
prevention.

2- What’s Anti-Virus and Examples ?

• Anti-Virus are software for computer used to detect, prevent and remove malware, including
computer viruses, worms and trojan horses.
• McAfee - Norton - Kaspersky

3- What’s Proxy ?
• Instead of connecting directly to a server A Proxy Server is a server application that acts as an
intermediary between a client requesting a resource and the response of the server providing the
resource.

4- What’s difference between firewall and antivirus?

• A firewall designed to protect systems and networks from malicious attacks. The general term used
for a firewall is a packet filter. A firewall works at network protocol level.
• Anti-Virus is a software utility program designed to protect a system from internal attacks.
Antivirus identifies and corrects any weaknesses found in the computer system. The main function
of an antivirus is to scan, detect, prevent and remove any existential threat to the computer
system.

5- What’s Spam ?
• Also known as junk mail, this is unsolicited email which often contains harmful malware, or
deceptive content

6- What’s Worm ?
• Computer worms are similar to viruses because they replicate and can cause the same type of
damage.
• Worms rplicate themselves by independently exploiting vulnerabilities in networks, they can slow
down networks as they spread from system to system.
7- What’s the types of Threat Actors and Hackers?
• Script Kiddies
• Vulnerability Brokers
• Cyber criminals
• State-sponsored
• Hacktivists
• White hat hackers
• Grey hat hackers
• Black hat hackers

8- Types of Attacks ?
• IP address spoofing
• Password-based
• Denial-of-service ( DoS )
• Man-in-the-middle attack ( MiTM )
• Sniffer attack
• Data modification

9- What’s the 5 phases of any attack ?

• Reconnaissance :- is the preparation phase, it seeks to gather information about the target there’s
two types of recon attack.
1. Active Reconnaissance which permits direct interaction by any mean with the target.
2. Passive Reconnaissance which does not permit any direct interaction with the target.
• Scanning :- is the pre-attack phase, it’s done on the basis of information gathered during recon
phase. This phase includes the usage of port scanners, netmappers and other tools. Information
extracted by the attacker during this phase are live machines, os details, …
• Gaining Access :- is the point where the attacker start to exploit all vulnerabilities he found and
gain access to the system or the application.
• Maintaining Access :- is the retention the system’s owner by using Trojan, Malware, Rootkits or
Backdoor.
• Cleaning Tracks :- Hiding any details or malicious acts to prevent being uncovered.

10- What’s IDS & IPS ?

• Intrusion Detection Systems were implemented to passively monitor the traffic on a network . the
IDS compares the captured traffic stream with known malicious signatures.( Traffic Mirroring )
• Intrusion Prevention Systems same as IDS except it’s Actively apply in the network, that the traffic
must be checked by the IPS so it can be inter the internal network.( Applied Inline )
• Both Technologies are deployed as sensors. Both use signatures to detect patterns. Both can detect
atomic patterns or composite patterns.

11- What’s Honeypot ?

• Honeypots are simulated networks or servers that are designed to attrack attackers. The
information gathered from the honeypots can then be shared with threat intelligence platform
subscribers.
12- What’s Access Control List ?
• ACL is a series of IOS commands that are used to filter packets based on information found in the
packet header. ACL uses a sequential list of permit or deny statement Known as access control
entries ( ACEs ) or ACL statements.

13- What’s the Types of Access Control List ?

• Standard ACLs : Only filter at Layer 3 using the source IPv4 address only.
• Extended ACLs : Filter at Layer 3 using the source and destination Ipv4 address and Filter at Layer 4
using TCP, UDP ports.
• Numbered ACLs
• Named ACLs

14- What’s Authentication, Authorization and Accounting ( AAA )?

• Authentication :- Users and administrators must prove their identity before accessing the network
and network resources. Authentication can be established using username and password
combinations, challenge and respone questions, token cards, biometric authentication and other
methods.
• Authorization :- After the user is authenticated, authorization services determine which resources
the user can access and what actions the user is allowed to perform.
• Accounting :- Accounting records and monitor what the user doing.

15- What’s Confidentiality, Integrity , Availability, Authentication and Non-reputational ?

• Confidentiality :- Only authorized individuals, entities or processes can access sensitive
information.
• Integrity :- This refers to the protection of data from unauthorized alteration or manipulation.
• Availability :- Authorized users must have uninterrupted access to the network resources and data
that they require.
• Authentication :- This Guarantees that the message is not a forgery and actually comes from
authentic source.
• Non-Repudiation :- Guarantees that the sender cannot repudiate or refute the validity of a
message sent.

16- What’s Cryptography ?

• It is the art of generating codes to protect informations and communications, these codes are
called Algorithms.

17- What’s Encoding, Encryption and Hashing?

• Encoding :- is a process of changing data into a new format using a scheme and it is a reversible
process. Encoding is commonly used when data cannot be transferred in its current format
between systems. Encoding is not used to protect or secure data.
• Encryption :- it is the process of converting plain text into a cipher or an unrecognizable format
which cannot be reversed without a key. Encryption is used to protect data.
• Hashing :- is a one-way mathematical function where data is transformed into a fixed length string.
Known as hash, message digest or digital fingerprint.
18- Types of Encryption
• Symmetric Encryption use the same pre-shared key to encrypt and decrypt data. A pre-shared key,
also called a secret key. Example :
1. Data Encryption Standard ( DES )
2. 3DES
3. Advanced Encryption Standard ( AES )
• Asymmetric Encryption also called public key algorithms are designed so that the key that is used
for encryption is different from the key that is used for decryption. Example :
1. Diffie – Hellman ( DH )
2. Digital Signature Algorithm ( DSA )
3. Rivest, Shamir and Adleman Encryption Algorithms ( RSA )
4. ElGamal