Cyber Security is an interesting domain and so are the interviews. Owning to the broad range of topics in the information security domain, identifying the key areas seems challenging. From the perspective of the industry, some concepts definitely need a strong hold to stay firm in this domain. A few questions mentioned below constitute the most frequently asked interview questions and make sure you understand all of the clearly.
2. What do you understand by a Zero-Day attack?
Zero-day attacks make use of zero-day vulnerabilities. As we are aware, software vendors frequently release security patches to fix known issues and upgrade the security of their products. Sometime however, there lie vulnerabilities in the products that are either unknown to the vendor or the patch work is in progress. Such vulnerabilities are call zero-day vulnerabilities. In simple terms, any vulnerability for which a public patch is not available can be referred to as zero-day vulnerability.
Zero Day Initiative is a famous example of websites that publish information about zero-day vulnerabilities.
3. What is SSL and why its important
SSL (Secure Sockets Layer) is a standard security protocol used for establishing encrypted communication channel between a browser and web server in an online communication.
The advantage of SSL lies in the fact that since the data is encrypted, any attempt to intercept the data may give access to encrypted data only. This results in secure transmission of data including identity information like username, passwords e.t.c.
4. Where do you get your security news?
Its of utmost importance to stay updated in the field of information security. The treat landscape is constantly evolving with new threat vectors getting introduced. Numerous sources for security news are available today. The ones that are followed by me are as follows:
- The Hacker News
- Krebs on Security
- Trend Micro Blog
- Threat Post
- Naked Security
5. Explain phishing and how it can be prevented.
Phishing is a method of trying to gather personal information such as usernames, passwords and credit card details using deceptive e-mails and websites.
Phishing can be prevented and/or the damages can be minimized by adopting advanced technical security measures, specialized trainings, public awareness etc. ‘
6. What do you understand by hashing. Explain
Hashing is a technique for ensuring the integrity of the data, as it helps to ascertain that data has not been modified from its original form. With the use of hashing algorithms like MD5, SHA1, SHA2 amd SHA3, an irreversible fixed length hash value is generated for the provided dataset. This hash value is unique to the supplied input and will drastically change in case of the slightest modification to the supplied input.
Hashing is commonly used in implementing digital signatures and back-end password storage.