Cyber Security Fundamental Questions & Answers You must know
Cyber Security Fundamental Questions & Answers
What is a brute force attack?
A brute force attack, or exhaustive search, is a cryptographic hack that uses trial-and-error to guess possible combinations for passwords used for logins, encryption keys, or hidden web pages.
What is password spraying?
Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on the list of usernames with default passwords on the application.
What are public and private keys in cryptography?
Private Key is used to both encrypt and decrypt the data and is shared between the sender and receiver of encrypted data. The public key is only used to encrypt data and to decrypt the data, the private key is used and is shared.
What is the best Wi-Fi encryption to use?
As the most up-to-date wireless encryption protocol, WPA3 is the most secure choice. Some wireless APs do not support WPA3, however. In that case, the next best option is WPA2, which is widely deployed in the enterprise space today.
Which Wi-Fi encryption is fastest?
WPA 2 Is the Fastest Option. WPA 2 using AES encryption is the fastest option of all the ones that are available at the moment.
What is the meaning of Salt in Hash?
Before each password is hashed, a unique, random string of characters known only to the site is added to it. Typically, this “salt” is placed in front of each password. Because the salt value must be retained by the site, it is common for sites to use the same salt for each password.
Because the salt is not an encryption key, it can be stored with the username in the password database.
Even if two users choose identical passwords, salts will generate unique passwords.
What is CVSS (Common Vulnerability Scoring System)?
CVSS, known as the Common Vulnerability Scoring System, is a free and open industry standard for scoring the severity of vulnerabilities in computer systems. CVSS scores vulnerabilities and allows responders to prioritize resources and responses accordingly.
A vulnerability is assigned a CVSS base score between 0.0 and 10.0 — a score of 0.0 represents no risk; 0.1 – 3.9 represents a low risk; 4,0 – 6.9, medium; 7.0 – 8.9, high; and 9.0 – 10.0 is a critical risk score.
What is OSINT?
The term OSINT stands for open-source intelligence, which refers to any type of information that can legally be collected about an individual or organization from free, public sources.
The OSINT framework isn’t a piece of software, but rather a collection of tools that make your OSINT tasks much easier. Gathering OSINT can be done in three ways: passive, semi-passive, and active.
What is Nmap?
Network Mapper, also known as Nmap, is an open-source security auditing and network scanning program developed by Gordon Lyon. It is designed to perform quick scanning of large networks and single hosts.
It is an information-gathering tool used for recon reconnaissance, i.e. it scans hosts and services on a computer network by sending packets and analyzing their responses.
Why do hackers use Nmap?
The Nmap application can be used by hackers to gain access to uncontrolled ports on a system. In order to successfully crack a system, all the hacker needs to do is run Nmap on the system, look for vulnerabilities, and figure out how to exploit them.
What is Kali Linux?
Kali Linux is an open-source, Debian-based Linux distribution designed for various IT security tasks, including penetration testing, security research, computer forensics, and reverse engineering.
It was developed by Mati Aharoni and Devon Kearns. It is maintained and funded by Offensive Security.
Kali Linux is a specially designed OS for network analysts, Penetration testers, or in simple words, it is for those who work under the umbrella of cybersecurity and analysis.
What is the meaning of DNS MX records?
Have you ever wondered how email is delivered to your domain? It may seem like it’s handled by an email client, but there’s more to it. In order for messages to be sent to the right place, the server needs to know how and where to deliver them. That’s where Mail Exchange (MX) records come in.
The purpose of an MX record is to route emails to a mail server using the Simple Mail Transfer Protocol (SMTP).
DNS records called Mail Exchange (MX) records are necessary for delivering emails to your address.
An MX record tells the world which mail servers are accepting incoming mail for your domain. It also tells the world where emails sent to your domain should be routed to.
What does the padlock symbol mean?
When you go to a site that has a padlock icon next to the site name, it means the site is secured with a digital certificate. This means that any information sent between your browser and the website is sent securely, and can’t be intercepted and read by someone else while the information is in transit.
Https use which encryption technique?
Communication over HTTPS is encrypted using an encryption protocol. The protocol is called Transport Layer Security (TLS), but it was formerly known as Secure Sockets Layer (SSL). An asymmetric public key infrastructure is used to secure communications using this protocol.
HTTPS enables website encryption by running HTTP over the Transport Layer Security (TLS) protocol.
How strong is HTTPS encryption?
Most of today’s SSL/TLS certificates offer 256-bit encryption strength. This is great as it’s almost impossible to crack the standard 256-bit cryptographic key.
How can we protect our network?
A good firewall helps to prevent unwanted traffic from entering or leaving your wireless network without your knowledge.
What protocol is used to secure networks?
SSL – A Secure Socket Layer (SSL) is a network security protocol primarily used for ensuring secure internet connections and protecting sensitive data. This protocol can allow for server/client communication as well as server/server communication.
What is General Data Protection Regulation (GDPR)?
A General Data Protection Regulation (GDPR) sets guidelines for the collection and processing of personal information from individuals living in the European Union (EU).
GDPR aims to provide standardized data protection laws across all member countries. As a result, EU citizens should be able to understand how their data is being used, and even raise complaints, even if they are not in the country where the data is stored. The regulation came into effect on May 25, 2018.
An individual’s personal data is any information that can be used directly or indirectly to identify that individual. Names and email addresses are obvious examples. Personal data can also include information about location, ethnicity, gender, biometrics, religious beliefs, web cookies, and political opinions.
What are security standards for credit card transactions?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.
The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.
In short, if you are accepting payments (even if you fully outsource them), you need to be PCI compliant. The biggest factor in determining how many security controls you need to meet is the type of payment gateway you are using.
Learn more here for PCI standards:
https://www.bu.edu/cfo/comptroller/departments/cashier/resources/pci-data-security-standards/
What are insecure protocols?
Examples of insecure protocols are FTP, Telnet, and the early versions of SNMP (v1 and v2c). Insecure protocols allow attackers and hackers to easily have access to your data and even to remote controls.
What is a web shell?
A web shell is a malicious script written in any of the popular web application languages – PHP, JSP, and ASP. Web shells are installed on a webserver to facilitate remote administration.
A web shell could be programmed in any programming language that is supported on a server. Web shells are most commonly written in the PHP programming language due to the widespread usage of PHP for web applications. Active Server Pages, ASP.NET, Python, Perl, Ruby, and Unix shell scripts are also used, but they are less commonly used.
By using a web shell, an attacker can issue shell commands, escalate privileges on the web server, upload, delete, download, and execute files.
What is SCCM?
SCCM (System Center Configuration Manager) is a Microsoft product that manages, deploys, and secures devices and applications across an enterprise. Administrators commonly use SCCM for endpoint protection, patch management, and software distribution.
It makes it easier for organizations to distribute relevant operating systems, applications, and updates quickly and cost-effectively to Windows users.
What is Windows defender?
Microsoft’s Windows Defender program protects a computer from malicious software. It was designed to combat unauthorized access to Windows computers and protect them from unwanted software. Introduced with the Windows Vista installation pack, it is now available for free download as part of Microsoft Security Essentials.
How to turn on windows defender, read here –
https://docs.microsoft.com/en-us/mem/intune/user-help/turn-on-defender-windows
What is Microsoft Windows Active Directory?
Active Directory (AD) is Microsoft’s proprietary directory service. Admins can manage permissions and access to network resources with this tool which runs on Windows Server. Active Directory stores data as objects. An object is a single element, such as a user, group, application, or device such as a printer.
What is group policy?
Group Policy is a Windows feature that allows network administrators to regulate the working environment of users and computer accounts in Active Directory through a number of complex settings. It essentially gives administrators a consolidated location to manage and modify operating systems, programs, and user preferences.
Group Policy is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
Examples:
For example, a Group Policy can be used to enforce a password complexity policy that prevents users from choosing an overly simple password. Other examples include: allowing or preventing unidentified users from remote computers to connect to a network share or to block/restrict access to certain folders.
What is LAPS?
The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain-joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.
What is the password policy in Active Directory?
By default, Active Directory is configured with a default domain password policy. This policy defines the password requirements for Active Directory user accounts such as password length, age, and so on.
What is an IoC in cyber security?
In the forensics industry, an Indicator of Compromise (IOC) is evidence on a computer that suggests that the network’s security has been compromised.
Indicators of compromise (IoC) are clues and proof of a data breach during a cybersecurity incident. These digital breadcrumbs can reveal not just that an attack has occurred, but often, what tools were used in the attack and who’s behind them.
Can firewalls prevent denial of service attacks?
Firewalls Can’t Protect You from DDoS Attacks.
Although firewalls are designed to, and still do, protect networks from a variety of security issues, there are gaping holes when it comes to DDoS and malicious server targeted attacks.
What is Denial of service?
A denial-of-service attack is designed to slow or takedown machines or networks making them inaccessible to those who require them. In a DoS situation, information systems, devices, or other network or machine resources – email, online accounts, e-commerce sites, and other services — become unavailable. While direct theft or data loss may not be the intent of a DoS assault, it can have a significant financial impact on the targeted company as it spends time and money to get back on its feet. Additional expenses include lost business, dissatisfied consumers, and reputational damage.
What does the ping command do?
Ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. Used without parameters, this command displays Help content. You can also use this command to test both the computer name and the IP address of the computer.
What is the Internet Control Message Protocol (ICMP)?
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address.
The main purpose of ICMP is to report errors. When two devices connect via the Internet, the ICMP sends out errors to the sending device if any of the data fails to reach its intended destination. If a packet of data is too large for a router to handle, the router will drop it and send an ICMP message back to the data’s original source.
Which types of ICMP messages are used for ping?
Ping uses two ICMP codes: 8 (echo request) and 0 (echo reply).
How many types of ICMP messages are there?
Echo Reply (0), Echo Request (8), Redirect (5), Destination Unreachable (3), Traceroute (30), Time Exceeded (11). Many of these ICMP types have a “code” field.
What is C&C traffic?
A command-and-control [C&C] server is a computer-controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.
What is DNS?
DNS is a protocol that is part of the TCP/IP protocol stack, which defines how computers communicate data on the internet and many private networks. A DNS service is used to connect a site’s domain name to its IP address. A DNS server, also known as a name server, is responsible for maintaining a large database that maps domain names to IP addresses.
What is DNS sinkholing?
A DNS sinkhole is also known as a sinkhole server, Internet sinkhole, or Blackhole DNS. At the business level, DNS sinkhole can be used to deny access to malicious URLs. It is also feasible to block access to any of the websites using the DNS sinkhole approach. This can be used to block access to specific websites that violate corporate regulations, such as social networking sites or sites with abusive content.
A DNS sinkhole can be deployed across the company to restrict C&C traffic and other harmful traffic.
DNS sinkholing is a technique for providing incorrect DNS resolution and redirecting users to various resources instead of dangerous or inaccessible material.
read more here:
https://resources.infosecinstitute.com/topic/dns-sinkhole/
What is the CIA in security?
These three letters stand for confidentiality, integrity, and availability, otherwise known as the CIA triad. Together, these three principles form the cornerstone of any organization’s security infrastructure; in fact, they (should) function as goals and objectives for every security program.
What is APT?
An advanced persistent threat (APT) is a generic term for an attack operation in which an intruder, or a group of intruders, establishes a long-term unlawful presence on a network in order to harvest extremely sensitive data.
What is ATP in cyber security?
Advanced Threat Protection (ATP) is a suite of analysis tools designed to defend against advanced threats that use known and unknown attack vectors.
What is the maximum character length for a strong password according to NIST?
According to NIST recommendations, passwords should contain at least eight characters and can be as long as 64 characters. The NIST also recommends using passphrases to encourage setting longer passwords. For many organizations, the minimum length of 8 characters is pretty much the standard.
Cyber Security Fundamental Questions & Answers
What is Sandbox?
Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains “sandboxed” and runs separately from the host machine. A sandbox is temporary. When it’s closed, all the software and files and the state are deleted.
What is the purpose of the sandbox?
A sandbox is a test environment that allows users to run programs or browse files without harming the application, system, or platform they’re running on. Sandboxes are used by software developers to test new computer code. Sandboxes are used by cybersecurity specialists to evaluate potentially harmful software.
How users may authenticate? something they are, they see, they know or they have?
Authentication is the first step in access control, and there are three common factors used for authentication: something you know, something you have, and something you are.
- Something you know (such as a password)
- Something you have (such as a smart card)
- Something you are (such as a fingerprint or other biometric method)
What is TCP protocol?
Transmission Control Protocol (TCP) – a connection-oriented communications protocol that facilitates the exchange of messages between computing devices in a network.
It is the most common protocol in networks that use the Internet Protocol (IP); together they are sometimes referred to as TCP/IP.
What is UDP protocol?
The User Datagram Protocol, or UDP, is a communication protocol used across the Internet for especially time-sensitive transmissions such as video playback or DNS lookups. It speeds up communications by not formally establishing a connection before data is transferred.
Cyber Security Fundamental Questions & Answers
What is the difference between TCP and UDP?
TCP is a connection-oriented protocol, whereas UDP is a connectionless protocol. A key difference between TCP and UDP is speed, as TCP is comparatively slower than UDP. Overall, UDP is a much faster, simpler, and more efficient protocol, however, retransmission of lost data packets is only possible with TCP.
What is the netstat command used for?
The network statistics (netstat) command is a networking tool that can be used for troubleshooting and configuration as well as network connection monitoring.
The netstat command generates displays that show network status and protocol statistics. You can display the status of TCP and UDP endpoints in a table format, routing table information, and interface information.
What is phishing?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.
Phishing assaults occur when a person sends a fake message that appears to come from a trusted source. Email is the most used method of communication. The purpose is to steal sensitive information such as credit card and login information or to infect the victim’s computer with malware.
Cyber Security Fundamental Questions & Answers
What is Firewall?
Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet.
Cyber Security Fundamental Questions & Answers
Cyber Security Fundamental Questions & Answers
Cyber Security Fundamental Questions & Answers
