Network security interview questions & answers
1. Top 150+NETWORK SECURITY INTERVIEW
QUESTIONS & ANSWERS
Are you looking for a Network Security job in a reputed organization? If yes, then you are
searching for it at the right place. Browse the wisdomjobs page to get a collection of all the
jobs related to Network Security and also the other information like the job application process,
the salary expected and the growth path in this job. In a Network Security job, you will control
the authentication to access the data in a network. As a Network Security administrator, you will
have to protect both, the hardware and the software of the organization from the threats like
viruses, malwares, hackers and stop them from entering the network. To help you through the
job process, we have designed a few Network Security job interview questions and
answers which will make your job interview simple.
1. Question 1. Why Does Active Ftp Not Work With Network Firewalls?
Answer :
When a user initiates a connection with the FTP server, two TCP connections are
established. The second TCP connection (FTP data connection) is initiated and
established from the FTP server. When a firewall is between the FTP client and
server, the firewall would block the connection initiated from the FTP server since it is
a connection initiated from outside. To resolve this, Passive FTP can be used or the
firewall rule can be modified to add the FTP server as trusted.
2. Question 2. Which Feature On A Network Switch Can Be Used To Prevent
Rogue Dhcp Servers?
Answer :
DHCP Snooping
3. Question 3. Which Feature On A Cisco Ios Firewall Can Be Used To Block
Incoming Traffic On A Ftp Server?
Answer :
Extended ACL.
4. Question 4. Name One Secure Network Protocol Which Can Be Used Instead Of
Telnet To Manage A Router?
Answer :
SSH
5. Question 5. Provide A Reason As To Why Https Should Be Used Instead Of
Http?
Answer :
HTTP sends data in clear text whereas HTTPS sends data encrypted.
6. Question 6. How Can You Prevent A Brute Force Attack On A Windows Login
Page?
Answer :
2. Setup a account lockout for specific number of attempts, so that the user account
would be locked up automatically after the specified number.
7. Question 7. In An Icmp Address Mask Request, What Is The Attacker Looking
For?
Answer :
The attacker is looking for the subnet/network mask of the victim. This would help the
attacker to map the internal network.
8. Question 8. Why Is Ripv1 Insecure In A Network?
Answer :
RIPv1 does not use a password for authentication as with RIPv2. This makes it
possible to attackers to send rogue RIP packets and corrupt the routing table.
9. Question 9. Which Feature On A Network Switch Can Be Used To Protect
Against Cam Flooding Attacks?
Answer :
Port-Security feature can be used for the same. In a cam flooding attack, the attacker
sends a storm of mac-addresses (frames) with different values. The goal of the
attacker is to fill up the cam table. Port-Security can be used to limit the number of
mac-addresses allowed on the port.
10.Question 10. Which Protocol Does Https Uses At The Transport Layer For
Sending And Receiving Data?
Answer :
TCP
11.Question 11. ____ Typically Involves Using Client-side Scripts Written In
Javascript That Are Designed To Extract Information From The Victim And
Then Pass The Information To The Attacker?
Answer :
Correct Answer: Cross site scripting (XSS)
12.Question 12. What Is Srm (security Reference Monitor)?
Answer :
The Security Reference Monitor is the kernel mode component that does the actual
access validation, as well as audit generation
13.Question 13. In A Company Of 500 Employees, It Is Estimated That _____
Employees Would Be Required To Combat A Virus Attack?
Answer :
five employees.
14.Question 14. According To The Research Group Postini, Over ____ Of Daily E-
mail Messages Are Unsolicited And Could Be Carrying A Malicious Payload?
Answer :two-thirds.
15.Question 15. A Software-based ____ Attempt To Monitor And Possibly Prevent
Attempts To Attack A Local System?
Answer :
HIDS
16.Question 16. A Security ____ Focuses On The Administration And Management
Of Plans, Policies, And People?
3. Answer :
manager.
17.Question 17. Under The _____ , Healthcare Enterprises Must Guard Protected
Health Information And Implement Policies And Procedures To Safeguard It,
Whether It Be In Paper Or Electronic Format?
Answer :HIPAA.
18.Question 18. How Did Early Computer Security Work?
Answer :
It was pretty simple- just passwords to protect one's computer. With the innovation of
the internet, however, computers have increased security with firewalls and hundreds
of anti-virus programs.
19.Question 19. What Is A Firewall?
Answer :
A Firewall is software that blocks unauthorized users from connecting to your
computer. All computers at Bank Street are protected by a firewall which is monitored
and updated by CIS.
20.Question 20. Business ____ Theft Involves Stealing Proprietary Business
Information Such As Research For A New Drug Or A List Of Customers That
Competitors Are Eager To Acquire?
Answer :data.
21.Question 21. ____ Monitor Internet Traffic And Block Access To Preselected
Web Sites And Files?
Answer :
Internet content filters.
22.Question 22. What Is Another Name For Unsolicited E-mail Messages?
Answer :
spam
23.Question 23. The ____ Is The Link Between The Cellular Network And The
Wired Telephone World And Controls All Transmitters And Base Stations In
The Cellular Network?
Answer :
MTSO
24.Question 24. ____ Technology Enables A Virtual Machine To Be Moved To A
Different Physical Computer With No Impact To The Users?
Answer :
Live migration
25.Question 25. A(n) ____ Finds Malicious Traffic And Deals With It Immediately?
Answer :
IPS
26.Question 26. A ____ Virus Infects The Master Boot Record Of A Hard Disk
Drive?
Answer :
boot
27.Question 27. Can Police Track An Ip Address After It Has Been Changed?
4. Answer :
Sometimes-for example, if the user has a dynamic IP address, and their IP address
changes within this system as usual, it can generally be tracked. If the user uses a
proxy service to make their IP address appear as if it is located in some random
other p
28.Question 28. ____ Is A Software Program That Delivers Advertising Content In
A Manner That Is Unexpected And Unwanted By The User?
Answer :
Adware
29.Question 29. Encryption Under The Wpa2 Personal Security Model Is
Accomplished By ____?
Answer :
AES-CCMP
30.Question 30. According To The 2007 Fbi Computer Crime And Security Survey,
The Loss Due To The Theft Of Confidential Data For 494 Respondents Was
Approximately ____?
Answer :
$10 million.
31.Question 31. ____, Also Called Add-ons, Represent A Specific Way Of
Implementing Activex And Are Sometimes Called Activex Applications?
Answer :
ActiveX controls.
32.Question 32. What Is A Sid (security Id)?
Answer :
SID stands for Security Identifier and is an internal value used to uniquely identify a
user or a group. A SID contain * User and group security descriptors * 48-bit ID
authority * Revision level * Variable sub authority values
33.Question 33. ____ Can Fully Decode Application-layer Network Protocols. Once
These Protocols Are Decoded, The Different Parts Of The Protocol Can Be
Analyzed For Any Suspicious Behavior?
Answer :
Protocol analyzers
34.Question 34. A ____ Is A Computer Program Or A Part Of A Program That Lies
Dormant Until It Is Triggered By A Specific Logical Event?
Answer :
logic bomb
35.Question 35. A ____ Is A Cumulative Package Of All Security Updates Plus
Additional Features.
Answer :
service pack
36.Question 36. The Goal Of ____ Is To Prevent Computers With Suboptimal
Security From Potentially Infecting Other Computers Through The Network?
Answer :
NAC
5. 37.Question 37. ____ Is A Windows Vista And Windows Xp Service Pack 2 (sp2)
Feature That Prevents Attackers From Using Buffer Overflow To Execute
Malware?
Answer :
DEP
38.Question 38. ____ Are Portable Communication Devices That Function In A
Manner That Is Unlike Wired Telephones?
Answer :
Cell phones
39.Question 39. A ____ Is A Single, Dedicated Hard Disk-based File Storage
Device That Provides Centralized And Consolidated Disk Storage Available To
Lan Users Through A Standard Network Connection?
Answer :
NAS
40.Question 40. What Is Administrator Privileges When Trying To Install A
Download?
Answer :
Administrator privileges allows the user full access to a program or network second
only to the system account. If you don't have administrator privileges, you cannot do
certain things You may be able use a program, but not upgrade it.
41.Question 41. With Operating System Virtualization, A Virtual Machine Is
Simulated As A Self-contained Software Environment By The ____ System (the
Native Operating System To The Hardware)?
Answer :
host
42.Question 42. While Most Attacks Take Advantage Of Vulnerabilities That
Someone Has Already Uncovered, A(n) ____ Occurs When An Attacker
Discovers And Exploits A Previously Unknown Flaw?
Answer :
zero day
43.Question 43. ____ Enables The Attacker's Computer To Forward Any Network
Traffic It Receives From Computer A To The Actual Router?
Answer :
IP forwarding.
44.Question 44. A(n) ____ Is A Computer Programming Language That Is Typically
Interpreted Into A Language The Computer Can Understand?
Answer :
scripting language
45.Question 45. In A ____ Attack, Attackers Can Attackers Use Hundreds Or
Thousands Of Computers In An Attack Against A Single Computer Or
Network?
Answer :
distributed
6. 46.Question 46. What Is The Maximum Fine For Those Who Wrongfully Disclose
Individually Identifiable Health Information With The Intent To Sell It?
Answer :
$250,000
47.Question 47. _____ Ensures That Information Is Correct And That No
Unauthorized Person Or Malicious Software Has Altered That Data?
Answer :
Integrity
48.Question 48. The Plain Text To Be Transmitted Has A Cyclic Redundancy
Check (crc) Value Calculated, Which Is A Check Sum Based On The Contents
Of The Text. Wep Calls This The ____ And Append It To The End Of The Text?
Answer :
Correct Answer: integrity check value (ICV)
49.Question 49. The _____ Act Is Designed To Broaden The Surveillance Of Law
Enforcement Agencies So They Can Detect And Suppress Terrorism?
Answer :
USA Patriot
50.Question 50. The Single Most Expensive Malicious Attack Was The 2000 ____,
Which Cost An Estimated $8.7 Billion?
Answer :
Love Bug.
51.Question 51. Live Migration Can Be Used For ____; If The Demand For A
Service Or Application Increases, Then Network Managers Can Quickly Move
This High-demand Virtual Machine To Another Physical Server With More Ram
Or Cpu Resources?
Answer :
load balancing
52.Question 52. The ____ Are The Operating System Settings That Impose How
The Policy Will Be Enforced?
Answer :
configuration baselines
53.Question 53. ____ Involves Using Someone's Personal Information, Such As
Social Security Numbers, To Establish Bank Or Credit Card Accounts That Are
Then Left Unpaid, Leaving The Victim With The Debts And Ruining Their Credit
Rating?
Answer :
Identity theft
54.Question 54. Targeted Attacks Against Financial Networks, Unauthorized
Access To Information, And The Theft Of Personal Information Is Sometimes
Known As ____?
Answer :
cybercrime
55.Question 55. The Goal Of ____ Is To Make It Harder To Predict Where The
Operating System Functionality Resides In Memory?
7. Answer :
ASLR
56.Question 56. Instead Of The Web Server Asking The User For The Same
Information Each Time She Visits That Site, The Server Can Store That User-
specific Information In A File On The User's Local Computer And Then Retrieve
It Later. This File Is Called A(n) ____?
Answer :
cookie
57.Question 57. One Type Of Virtualization In Which An Entire Operating System
Environment Is Simulated Is Known As ____ Virtualization?
Answer :
operating system
58.Question 58. Wep Accomplishes Confidentiality By Taking Unencrypted Text
And Then Encrypting Or "scrambling" It Into ____ So That It Cannot Be Viewed
By Unauthorized Parties While Being Transmitted?
Answer :
ciphertext.
59.Question 59. ____ Authentication Is Based Upon The Fact That Only Pre-
approved Wireless Devices Are Given The Shared Key?
Answer :
Shared key
60.Question 60. ____ Work To Protect The Entire Network And All Devices That
Are Connected To It?
Answer :
NIPS
61.Question 61. Flash Memory Is A Type Of ____, Non Volatile Computer Memory
That Can Be Electrically Erased And Rewritten Repeatedly?
Answer :
EEPROM
62.Question 62. What Is The Primary Function Of A Firewall?
Answer :
Its primary function is to prevent accesses from untrusted (or undesired) external
systems to internal systems and services, and to prevent internal users and systems
to access external untrusted or undesired systems and services. More generally, its
pur
63.Question 63. ____ Hinges On An Attacker Being Able To Enter An Sql Database
Query Into A Dynamic Web Page?
Answer :
SQL injection
64.Question 64. ____ Are Designed To Inspect Traffic, And Based On Their
Configuration Or Security Policy, They Can Drop Malicious Traffic?
Answer :
NIPS
8. 65.Question 65. An Attacker Could Alter The Mac Address In The Arp Cache So
That The Corresponding Ip Address Would Point To A Different Computer,
Which Is Known As ____?
Answer :
ARP poisoning.
66.Question 66. Creating And Managing Multiple Server Operating Systems Is
Known As ____ Virtualization?
Answer :
server
67.Question 67. A ____ Is A Program Advertised As Performing One Activity But
Actually Does Something Else?
Answer :
Trojan
68.Question 68. A(n) ____ Attack Makes A Copy Of The Transmission Before
Sending It To The Recipient?
Answer :
replay
69.Question 69. ____ Is An Image Spam That Is Divided Into Multiple Images?
Answer :
GIF layering
70.Question 70. A Computer ____ Is A Program That Secretly Attaches Itself To A
Legitimate "carrier," Such As A Document Or Program, And Then Executes
When That Document Is Opened Or Program Is Launched?
Answer :
virus
71.Question 71. _____ Ensures That Only Authorized Parties Can View
Information?
Answer :
Confidentiality
72.Question 72. Coppa Requires Operators Of Online Services Or Web Sites
Designed For Children Under The Age Of _____ To Obtain Parental Consent
Prior To The Collection, Use, Disclosure, Or Display Of A Child's Personal
Information?
Answer :
13
73.Question 73. ____ Is A Process Of Ensuring That Any Inputs Are "clean" And
Will Not Corrupt The System?
Answer :
Input validation
74.Question 74. In Order To Avoid Detection Some Viruses Can Alter How They
Appear. These Are Known As ____ Viruses?
Answer :
metamorphic
9. 75.Question 75. ____ Is A Language Used To View And Manipulate Data That Is
Stored In A Relational Database?
Answer :
SQL
76.Question 76. What Is The Most Secure Operating System?
Answer :
Security is a difficult and sometimes controversial thing to analyze. The only truly
"secure" operating systems are those that have no contact with the outside world.
The firmware in your DVD player is a good example. Among all modern general
purpose op.
77.Question 77. What Do You Do If Spybot Will Not 'immunize'?
Answer :
redownload spybot.
78.Question 78. The Goal Of A ____ Is To Hide The Ip Address Of Client Systems
Inside The Secure Network?
Answer :
proxy server
79.Question 79. ____ Uses "speckling" And Different Colors So That No Two
Spam E-mails Appear To Be The Same?
Answer :
Geometric variance
80.Question 80. What Is Sam (security Account Manager)?
Answer :
SAM stands for Security Account Manager and is the one who maintains the security
database, stored in the registry under HKLMSAM. It serves the Local Security
Authority (LSA) with SIDs. The SAM maintains the user account database.
81.Question 81. Today's Computer Systems Have A(n) ____ Chip In Which The
Contents Can Be Rewritten To Provide New Functionality?
Answer :
PROM
82.Question 82. ____ Is A Means Of Managing And Presenting Computer
Resources By Function Without Regard To Their Physical Layout Or Location?
Answer :
Virtualization
83.Question 83. A ____ Virus Can Interrupt Almost Any Function Executed By The
Computer Operating System And Alter It For Its Own Malicious Purposes?
Answer :
resident
84.Question 84. Why Is Wep Security Not Recommended For Wireless Networks?
Answer :
WEP security is easily compromised - usually in 60 seconds or less. Part of the
problem is that WEP security was developed for backward compatibility with older
devices and is a less strong security measure.
10. 85.Question 85. Besides Default Rule Sets, What Activities Are Actively Monitored
By Your Ids?
Answer :
IDSs come with default rule sets to look for common attacks. These rule sets must
also be customized and augmented to look for traffic and activities specific to your
organization’s security policy. For example, if your organization’s security policy
prohibits peer-to-peer communications, then a rule should be created to watch for
that type of activity. In addition, outbound traffic should be watched for potential
Trojans and backdoors.
86.Question 86. What Type Of Traffic Are You Denying At The Firewall?
Answer :
There should be a default deny rule on all firewalls to disallow anything that is not
explicitly permitted. This is more secure than explicitly denying certain traffic because
that can create holes and oversights on some potentially malicious traffic.
87.Question 87. Where Is Your Organization's Security Policy Posted And What Is
In It?
Answer :
There should be an overall policy that establishes the direction of the organization
and its security mission as well as roles and responsibilities. There can also be
system-specific policies to address for individual systems. Most importantly, the
policies should address the appropriate use of computing resources. In addition,
policies can address a number of security controls from passwords and backups to
proprietary information. There should be clear procedures and processes to follow for
each policy. These policies should be included in the employee handbook and
posted on a readily accessible intranet site.
88.Question 88. What Is Security Policy In A Distributed Network Environment?
Answer :
The security policy anything really, whatever your admin enforces. Everything from
what programs you are allowed to what wallpaper you have can be controlled
through GPO's. Usually you will find the common one are that every computer has to
get updates, every computer has to have an AV
89.Question 89. What Is Preprocessing In Ids?
Answer :
Before analysis all the captured data needs to be organized in a particular format or
pattern for the classification purpose this whole process of organizing data is known
as preprocessing. In this process data that is collected from the IDS or IPS sensors
needs to be put into some canonical format or a structured database format based on
the preprocessing. Once the data is formatted it is further broken down into
classifications, which totally depends on the analysis scheme used. Once the data is
classified, it is concatenated and used along with predefined detection templates in
which the variables are replaced with real-time data.
90.Question 90. What Are The Tolerable Levels Of Impact Your Systems Can
Have?
Answer :
11. An organization must understand how an outage could impact the ability to continue
operations. For example, you must determine how long systems can be down, the
impact on cash flow, the impact on service level agreements, and the key resources
that must be kept running.
91.Question 91. How Are Subnets Used To Improve Network Security?
Answer :
Subnets improve network security and performance by arranging hosts into different
logical groups. Subnetting is required when one network address needs to be
distributed across multiple network segments. Subnetting is required when a
company uses two or more types of network technologies like Ethernet and Token
Ring.
92.Question 92. What Does Your Network/security Architecture Diagram Look
Like?
Answer :
The first thing you need to know to protect your network and systems is what you are
protecting. You must know:
o The physical topologies
o Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.)
o Types of operating systems
o Perimeter protection measures (firewall and IDS placement, etc.)
o Types of devices used (routers, switches, etc.)
o Location of DMZs
o IP address ranges and subnets
o Use of NAT In addition, you must know where the diagram is stored and
that it is regularly updated as changes are made.
93.Question 93. What Security Measures Are In Place For In-house Developed
Applications?
Answer :
Any development that is taking place in house should include security from the
beginning of the development process. Security needs to be a part of standard
requirements and testing procedures. Code reviews should be conducted by a test
team to look for vulnerabilities such as buffer overflows and backdoors. For security
reasons, it is not a good idea to subcontract development work to third parties.
94.Question 94. Why Is 802.11 Wireless More Of A Security Problem Than Any
Other Type Of Network?
Answer :
Wireless is typically less secure because it uses radio waves for transmission. In
other words, you have your data "floating" in airspace which makes it more
susceptible to being compromised (hacked). With a wired connection someone
cannot "steal" your data frames (packets) unless they physically connect to the
network cabling. Additionally, the level of security built into wireless technology is
less advanced than that of wired networks. This is mainly due to the fact that 802.11
is a relatively newer protocol standard. Manufacturers (both hardware and software)
are developing better security for wireless systems and it is possible to harden the
security of a WLAN by using the current security protocols along with using some
12. third-party software. For additional specific information read the RFC standards for
802.11.
95.Question 95. What Resources Are Located On Your Internal Network?
Answer :
In addition to internal web, mail, and DNS servers, your internal network could also
include databases, application servers, and test and development servers.
96.Question 96. What Is Your Backup Policy?
Answer :
VPNs should be used for remote access and other sensitive communication. IPSEC
is a great choice for this purpose. Strong encryption protocols such as 3DES and
AES should be used whenever possible. Web access to sensitive or proprietary
information should
97.Question 97. You Are Working On A Router That Has Established Privilege
Levels That Restrict Access To Certain Functions. You Discover That You Are
Not Able To Execute The Command Show Running-configuration. How Can
You View And Confirm The Access Lists That Have Been.
Answer :
show ip interface Ethernet 0 The only command that shows which access lists have
been applied to an interface is show ip interface Ethernet 0. The command show
access-lists displays all configured access lists, and show ip access-lists displays all
configured IP access lists, but neither command indicates whether the displayed
access lists have been applied to an interface.
98.Question 98. What Is The Defining Difference Between Computer Security And
Information Security?
Answer :
Ar 25-2
99.Question 99. How Are You Monitoring For Trojans And Back Doors?
Answer :
In addition to periodic vulnerability scanning, outgoing traffic should be inspected
before it leaves the network, looking for potentially compromised systems.
Organizations often focus on traffic and attacks coming into the network and forget
about monitoring outgoing traffic. Not only will this detect compromised systems with
Trojans and backdoors, but it will also detect potentially malicious or inappropriate
insider activity.
100. Question 100. What Types Of Idss Does Your Organization Use?
Answer :
To provide the best level of detection, an organization should use a combination of
both signature-based and anomaly-based intrusion detection systems. This allows
both known and unknown attacks to be detected. The IDSs should be distributed
throughout the network, including areas such as the Internet connection, the DMZ,
and internal networks.
101. Question 101. How Does An Encryption Help Security Of An Network?
Answer :
One of the key objectives of computer security is confidentiality - information is only
available to those who are supposed to have access to it. Encryption helps protect
13. confidentiality of information transmitted over a network by (if it works as intended)
making it difficult or impossible for someone who is not authorized to have the
information to make sense of it if they intercept the information in transit. In cases of
data stored on a network, if it is stored in encrypted form, it can make it difficult or
impossible for an attacker to get anything useful from the encrypted file.
102. Question 102. How Can An Operating Systems Help Administrators
Control A Network And Manage Security?
Answer :
To Abe able to manage and control a network properly, your computer would have to
have server preferences. Server Operating Systems such as Microsoft Server 2008
can be used for security management over a network, but requires a fair bit of insight
to operate and are mostly used by IT professionals only. Group Policy Controls, an
Advanced firewall with by the minute updates, Network Access Protection, Network
Policy and access System. Windows 7 has a few network security capabilities built
in...
103. Question 103. How Often Are You Performing Vulnerability Scanning?
Answer :
An organization should be performing vulnerability scanning as often as possible,
depending on the size of the network. The scanning should be scheduled to allow
adequate time to review the reports, discover anything that has changed, and
mitigate the vulnerability.
104. Question 104. Why Is Your Federal System A Double Security?
Answer :
because it contains top secret information.
105. Question 105. How Often Are Your Systems Patched?
Answer :
Systems should be patched every time a new patch is released. Many organizations
don’t patch regularly and tend to not patch critical systems because they don’t want
to risk downtime. However, critical systems are the most important to patch. You
must schedule regular maintenance downtime to patch systems. As vulnerabilities
are discovered, attackers often release exploits even before system patches are
available. Therefore, it is imperative to patch systems as soon as possible.
106. Question 106. What Is Availability For Ia Security?
Answer :
One of the basic themes of IA is that it is composed of three principles - which have
the memorable acronym CIA. C = confidentiality: only those who should be able to
see the data can see it. I = integrity: the data is only changed by those authorized to
change it and is not being corrupted accidentally or intentionally. A = availability:
users can access the data when they want to or need to.
107. Question 107. What Are The Specific Threats To Your Organization?
Answer :
In addition to identifying the critical business systems and processes, it is important
to identify the possible threats to those systems as well as the organization as a
whole. You should consider both external and internal threats and attacks using
various entry points (wireless, malicious code, subverting the firewall, etc.). Once
14. again, this will assist in implementing the appropriate security protections and
creating business continuity and disaster recovery plans
108. Question 108. How Does Symmetric Key Encryption Work?
Answer :
Symmetric encryption requires that both parties (sender and receiver) know and have
the exact same encryption key. This key is used both for encrypting and decrypting
the data. Using the same encryption algorithm means that only those individuals that
know or have the same key will be able to read any messages encrypted by the
symmetric key.
109. Question 109. What Is Ring Protection In Sdh?
Answer :
Ring protection is a system where multiplexers are connected in a ring topology. If a
single span fails traffic switches around the other side of the ring.
110. Question 110. What Physical Security Controls Are In Place In Your
Organization?
Answer :
Physical security is a large area that must be addressed by an organization.
Examples of physical controls includes physical access controls (signs, locks,
security guards, badges/PINs, bag search/scanning, metal detectors), CCTV, motion
detectors, smoke and water detectors, and backup power generators.
111. Question 111. What Is Meant By The Term Securing Your Perimeter
Network Security?
Answer :
your perimeter network is the network you operate such as you have the internet and
your network your network is your perimeter
112. Question 112. Is Stand Alone Computer Secure?
Answer :
Of course viruses can be spread through floppy disks, usb keys or other methods so
being a standalone computer not connected to any network doesn't mean the
computer can not be infected though the information cannot be leaked via the
network to external persons. However, there is also physical security of the computer
itself, and that where it gets interesting depending on who and what your trying to
secure the pc from. If for instance the pc is sitting in a public area, and you are not
worried just about external threats but also potential employee data theft then one
should assume no information on the pc is secure even if the pc is standalone.
113. Question 113. Which Layer Is Done By Congestion Control?
Answer :
at the network layer, congestion control mechanism takes place.
114. Question 114. What Types Of Attacks Are You Seeing?
Answer :
Typically an organization sees a constant stream of port scan attacks. These are a
regular occurrence on the Internet as a result of attackers and worms. An
organization should not be seeing many substantial attacks such as compromises,
backdoors, or exploits on systems. This would indicate that the security defenses are
weak, patching may not be occurring, or other vulnerabilities exist.
15. 115. Question 115. How Can A Switch Help Reduce Network Security
Problems?
Answer :
Switches use routing table which does allow to brandband your connection requests
how hubs do. It protects you from sniffing programs.
116. Question 116. What Is Security?
Answer :
Security is the degree of protection to safeguard a nation, union of nations, persons
or person against danger, damage, loss, and crime. Security as a form of protection
are structures and processes that provide or improve security as a condition. The
Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines
security as "a form of protection where a separation is created between the assets
and the threat". This includes but is not limited to the elimination of either the asset or
the threat.
117. Question 117. How Are You Protecting Against Social Engineering And
Phishing Attacks?
Answer :
The best way to protect against social engineering and phishing attacks is to educate
the users. Employees should attend security awareness training that explains these
types of attacks, what to expect, and how to respond. There should also be a publicly
posted incidents email address to report suspicious activity.
118. Question 118. What Is The Need For Network Security?
Answer :
The need for network security is quite obvious, (no offense to the asker), but, it is
simply thus: There are criminal activities in every field, computers being no
exception. People like to store private information on computers. If a criminal was
able to slip onto your network, they would be able to access any unguarded
computer, and retrieve information off of it once they have access. Make sure you
keep AT LEAST ONE password on every computer you own, multiple different ones
if it allows it.
119. Question 119. Difference Between Network And Operating System
Security?
Answer :
Network security concentrates on the packets of information flowing between
computer systems. Operating System security controls access to resources on the
server itself. Therefore, the two are looking at different things in terms of security.
120. Question 120. What Is Your Wireless Infrastructure?
Answer :
Part of knowing your network architecture includes knowing the location of wireless
networks since they create another possible entry point for an attacker. You must
also confirm whether they are being used for sensitive data and are they secured as
best as possible.
121. Question 121. What Desktop Protections Are Used?
Answer :
16. Desktops should have a combination of anti-virus software, personal firewall, and
host-based intrusion detection. Each of these software packages must be regularly
updated as new signatures are deployed. They must also be centrally managed and
controlled.
122. Question 122. What Is The Difference Between An Exploit And
Vulnerability In Information Security?
Answer :
A vulnerability is a weak point in a system. This implies a risk, especially to
confidential information. An exploit is a means of taking advantage of the vulnerability
and using it to take advantage of a system or network. Just because something has
been identified as a vulnerability doesn't mean that it has been used to compromise a
system. The presence of the exploit means someone has successfully used that
weakness and taken advantage of it.
123. Question 123. What Applications And Services Are Specifically Denied By
Your Organization's Security Policy?
Answer :
Your organization’s security policy should specify applications, services, and
activities that are prohibited. These can include, among others:
o Viewing inappropriate material
o Spam
o Peer-to-peer file sharing
o Instant messaging
o Unauthorized wireless devices
o Use of unencrypted remote connections such as Telnet and FTP
124. Question 124. What Is Message Control System?
Answer :
A method for controlling messages in a software system. The method activates a
report-handling module when a subroutine has a message to send. The subroutine
passes an identification to the report-handling module. The subroutine then passes a
message and message level to the report handling module. The report-handling
module then determines the message level to be reported for that subroutine, the
process from which that subroutine is sending messages and the message level to
be reported for that process. If the message level of the message compares correctly
to the message level of the subroutine and the process, the message is reported.
125. Question 125. How Do You Stop A Computer To Broadcast?
Answer :
Three basic ways: On most laptops there is a switch on the front On most towers
there is a USB stick to unplug On all computers WIFI and Blue-tooth can be disabled
from "my computer".
126. Question 126. How Is Your Wireless Infrastructure Secured?
Answer :
Wireless access must at least use WEP with 128-bit encryption. Although this
provides some security, it is not very robust, which is why your wireless network
should not be used for sensitive data. Consider moving to the 802.11i standard with
AES encryption when it is finalized
17. 127. Question 127. How Do You Remove Network Security Keys?
Answer :
go to your router options on your computer and it should say remove
128. Question 128. How Often Is Your Disaster Recovery Plan Tested?
Answer :
The plan is no good unless it is tested at least once a year. These tests will iron out
problems in the plan and make it more efficient and successful if/when it is needed.
Testing can include walkthroughs, simulation, or a full out implementation.
129. Question 129. Where, When, And What Type Of Encryption Is Used?
Answer :
VPNs should be used for remote access and other sensitive communication. IPSEC
is a great choice for this purpose. Strong encryption protocols such as 3DES and
AES should be used whenever possible. Web access to sensitive or proprietary
information should be protected with 128-bit SSL. Remote system administration
should use SSH. Sometimes file system encryption is also used to protect stored
data.
130. Question 130. How Often Are Logs Reviewed?
Answer :
Logs should be reviewed every day. This includes IDS logs, system logs,
management station logs, etc. Not reviewing the logs is one of the biggest mistakes
an organization can make. Events of interest should be investigated daily. It can be a
very tedious task for a single person to do this job as their only assignment (unless
they really enjoy it). It is better to have a log review rotation system amongst the
security team.
131. Question 131. What Is Network Security?
Answer :
Network security[1] consists of the provisions and policies adopted by a network
administrator to prevent and monitor unauthorized access, misuse, modification, or
denial of a computer network and network-accessible resources. Network security
involves the authorization of access to data in a network, which is controlled by the
network administrator. Users choose or are assigned an ID and password or other
authenticating information that allows them access to information and programs
within their authority. Network security covers a variety of computer networks, both
public and private, that are used in everyday jobs conducting transactions and
communications among businesses, government agencies and individuals. Networks
can be private, such as within a company, and others which might be open to public
access. Network security is involved in organizations, enterprises, and other types of
institutions. It does as its title explains: It secures the network, as well as protecting
and overseeing operations being done. The most common and simple way of
protecting a network resource is by assigning it a unique name and a corresponding
password.
132. Question 132. How Do You Prevent Ddos Attack?
Answer :
You do not have much choice, only correctly configured firewall/iptables (which is not
a trivial task to do) can help you to prevent it. But there is no 100%
18. 133. Question 133. What Is Included In Your Disaster Recovery Plan?
Answer :
Your disaster recovery plan (DRP) should include recovery of data centers and
recovery of business operations. It should also include recovery of the accrual
physical business location and recovery of the business processes necessary to
resume normal operations. In addition, the DRP should address alternate operating
sites.
134. Question 134. What Is Your Organization's Password Policy?
Answer :
A password policy should require that a password:
o Be at least 8 characters long
o Contain both alphanumeric and special characters
o Change every 60 days
o Cannot be reused after every five cycles
o Is locked out after 3 failed attempts In addition, you should be performing
regular password auditing to check the strength of passwords; this should
also be documented in the password policy.
135. Question 135. What Resources Are Located On Your Dmz?
Answer :
Only systems that are semi-public should be kept on the DMZ. This includes external
web servers, external mail servers, and external DNS. A split-architecture may be
used where internal web, mail, and DNS are also located on the internal network.
136. Question 136. Are You Performing Content Level Inspections?
Answer :
In addition to the content level inspection performed by the IDS, specific content
inspections should also be performed on web server traffic and other application
traffic. Some attacks evade detection by containing themselves in the payload of
packets, or by altering the packet in some way, such as fragmentation. Content level
inspection at the web server or application server will protect against attacks such as
those that are tunneled in legitimate communications, attacks with malicious data,
and unauthorized application usage.
137. Question 137. What Are Your Critical Business Systems And Processes?
Answer :
Identifying your critical business systems and processes is the first step an
organization should take in order to implement the appropriate security protections.
Knowing what to protect helps determine the necessary security controls. Knowing
the critical systems and processes helps determine the business continuity plan and
disaster recovery plan process. Critical business systems and processes may include
an ecommerce site, customer database information, employee database information,
the ability to answer phone calls, the ability to respond to Internet queries, etc.
138. Question 138. What Is An Ip Grabber?
Answer :
An ip grabber is a program that will find the ip address of another computer. Often
used by hackers.
19. 139. Question 139. What Is The Difference Between Network Security And
Cryptography?
Answer :
Cryptography is the deliberate attempt to obscure or scramble the information so that
only an authorized receiver can see the message. Network security may employ
cryptography, but has many other tools to secure a network, including firewalls,
auditing, Intrusion Detection Systems, and so forth. Cryptography would be used only
when trying to keep messages secret when sending them across a network or
keeping information secret in a file.
140. Question 140. What Are The Three Legs Of Network Security?
Answer :
The three main tenets of security overall area: Confidentiality Availability Integrity.
141. Question 141. What Type Of Remote Access Is Allowed?
Answer :
Remote access should be tightly controlled, monitored, and audited. It should only be
provided over a secure communication channel that uses encryption and strong
authentication, such as an IPSEC VPN. Desktop modems (including applications
such as PCAnywhere), unsecured wireless access points, and other vulnerable
methods of remote access should be prohibited.
142. Question 142. How Do You Secure A Wireless Network?
Answer :
Most wireless routers allow you to encrypt using a passphrase. When you do choose
a password, make sure that it uses uppercase, lowercase, numbers, and special
characters. You will want to stay away from any words or phases that can be found in
the dictionary. And set it for WPA2
143. Question 143. What Is An Arp And How Does It Work?
Answer :
ARP(ADDRESS RESOLUTION PROTOCOL) is a network layer protocol which
associates the physical hardware address of a network node(commonly known as a
MAC ADDRESS) to its ip address. now an ARP creates a table known as ARP
CACHE/TABLE that maps ip addresses to the hardware addresses of nodes on the
local network.
if based on the ip address it sees that it has the node's mac address in its ARP
TABLE then transmitting to that ip address is done quicker because the destination is
known and voila network traffic is reduced.
144. Question 144. Explain What Are Digital Signatures And Smart Cards?
Answer :
Digital signature : Information that is encrypted with an entity private key and is
appended to a message to assure the recipient of the authenticity and integrity of the
message. The digital signature proves that the message was signed by the entity that
owns, or has access to, the private key or shared secret symmetric key.
smart cards : Smart cards help businesses evolve and expand their products and
services in a rapidly changing global market. In addition to the well known
commercial applications (banking, payments, access control, identification, ticketing
and parking or toll collection), in recent years, the information age has introduced an
20. array of security and privacy issues that have called for advanced smart card security
applications (secure logon and authentication of users to PC and networks, storage
of digital certificates, passwords and credentials, encryption of sensitive data,
wireless communication subscriber authentication, etc.)
145. Question 145. Explain Difference Between Broadcast Domain And
Collision Domain?
Answer :
Broadcast Domain
send the packet to all the Present Network
IT may be send by the person
it may broadcast by the switch when the address not found in the Network.
For breaking broadcast domain We can Use Router
Collision Domain:
Switch has no collision as compare to hun (layer on Device Broadcast Domain is the
area where when one device in the network sends the data or packet it will received
by all the devices present over the network.
146. Question 146. What Is Kerberos Protocol?
Answer :
Kerberos is an authentication protocol, it is named after a dog who is according to the
Greek mythology, - is said to stand at the gates of Hades.In the terms of computer
networking it is a collection of software used in large networks to authenticate and
establish a user's claimed identity. It is developed by MIT and using a combination of
encryption as well as distributed databases so that the user can log in start a
session.
It has some disadvantages though. As I said Kereberos had been developed by MIT
under the project Athena, - Kerberos is designed to authenticate the end users on the
servers.
147. Question 147. Explain How Does Trace Route Work? Now How Does
Trace Route Make Sure That The Packet Follows The Same Path That A
Previous (with Ttl - 1) Probe Packet Went In?
Answer :
First of all see traceroute works using ICMP packets. First source sends an ICMP
packet with Time to Live (TTL) field as 1 to the destination address. Now
intermediate router receives the packet and sees that TTL field has expired, so it
sends a ICMP TTL expired reply. Now the source machine again sends the ICMP
packet with TTL field as 2. This time second intermediate router replies. This process
is repeated till destination is reached. That way the source can get the entire route
upto destination.
148. Question 148. Explain What Are All The Technical Steps Involved When
The Data Transmission From Server Via Router?
Answer :
When a packet is sent out of a server, It has source and Destination IP, source and
destination Port no and source and destination Mac ID, first it is sent to the switch,
The switch checks the packet whether the MAC ID is in the MAC-Address-Table if
21. not it broad casts the message if the destination IP is not in the same segment Then
it forward the packet to the gateway (normally the router or firewall). then the
router/firewall checks its routing table and access lists if it has the information about
the destination IP and if it has access to the destination IP it forwards it to the next
hop, and if any one of the condition fails it just drops the packet.
149. Question 149. Explain For A Small Lan Which Class Of Addressing Is
Used?
Answer :
For small lan we use class-c address Explanation:In class C ip address the first three
bytes out of four are for network address while the last byte is for host address which
can range from 1-254 which is smallest lan possible whereas class B has two bytes
and class A has three bytes reserved for host address which increases number of
hosts in those classes.
150. Question 150. Explain What Does Cia Stand For In Security Management?
Answer :
Confidentiality, Integrity and Availability CIA means Certified Internal Auditor.
globally accepted and recognized certificate in the field of internal audits.
151. Question 151. Explain In Mobile And Computer And Home Is It Possible
That We See And Listen Person Voice And Activity Carefully For Destroying
Their Privacy?
Answer :
Yes, it can be possible by third party software in computer and 3g in mobile.In
computer third software like skype can be better media of communication method.
152. Question 152. Explain What Is The Role Of Single Sign On In
Authentication Technologies?
Answer :
Single sign-on (SSO) is mechanism whereby a single action of user authentication
and authorization can permit a user to access all computers and systems where he
has access permission, without the need to enter multiple passwords. Single sign-on
reduces human error, a major component of systems failure and is therefore highly
desirable but difficult to implement.
single sign on is an authentication mechanism with session or cookie preservation,
where in user is prompted only only once in a particular session with a computer s/he
uses, and the same credentials are used across multiple platform for accessing
different applications. it is like logging into your computer by authenticating to the
domain controller and be able to access multiple intranet site. second example could
to login to a single website, and have same authentication used for different
applications like forums, image gallery and email etc.
153. Question 153. Explain How Do We Use Rsa For Both Authentication And
Secrecy?
Answer :
RSA is based upon public key/private key concept. For authentication one can
encrypt the hash (MD5/SHA) of the data with his private key. This is known as digital
signature. And secrecy is achieved by encrypting the data with the public key of the
target user. Generally we dont use RSA for encryption because of key size (1024
22. bits). Rather a symmetric session key (128/256 bit) is established between
communicating parties and is used for encryption.
RSA -- Authentication can be achieved by using nonce value (prime number).
Eg: A wanna communicate with B
The val An1 is encrypted with private key of A and then with pub key of B. so B can
decrypt it and then B should send back the An1 to A stating it none other than B
Secrecy is also maintained because they use their own private keys for decryption
154. Question 154. What Is Difference Between Discretionary Access Control
And Mandatory Access Control?
Answer :
DAS (discretionary access control) is used by itself according to it it is access and
controlled while mas it has to be compulsory give the access controlled.
MAC is designed and enforced in the initial stages and can not be changed by entity;
from a laymen angle: OS writing to BIOS is not allowed. DAC is designed in such a
way that access shall be granted based on the discretion; ex. database table access.
155. Question 155. Explain What Is Difference Between Arp & Rarp? How Both
Of These Protocols Will Work, And Where It Will Use?
Answer :
ARP -Meaning of ARP "Address Resolution Protocol", is used to map ip Network
addresses to the hardware (Media Access Control sub layer) addresses used by the
data link protocol. The ARP protocol operates between the network layer and the
data link layer in the Open System Interconnection (osi) model.
RARP-RARP (Reverse Address Resolution Protocol) is a protocol by which a
physical machine in a local area network can request to learn its IP address from a
gateway server's Address Resolution Protocol (ARP) table or cache. A network
administrator creates a table in a local area network's gateway router that maps the
physical machine (or Media Access Control - MAC address) addresses to
corresponding Internet Protocol addresses. When a new machine is set up, its RARP
client program requests from the RARP server on the router to be sent its IP address.
Assuming that an entry has been set up in the router table, the RARP server will
return the IP address to the machine which can store it for future use. RARP is
available for Ethernet, Fiber Distributed-Data Interface, and token ring LANs.
156. Question 156. Explain What Is Meant By Port Blocking Within Lan?
Answer :
Restricting the users from accessing a set of services within the local area network is
called port blocking.
we,ll give you the fine example its nothing but we have to block the switch port with
particular maC address..for example we have 8-port switch ,in that first port we
connected a machine that belongs to this mac address {4e5a.23bf.34ae.9a4c} and
we block the switch port with this mac address for instance you unplug the original
host and plug the other one now your new machine will be prevented from accessing
switch port thats the idea.... so if u enabling port blocking command in a switch only
particular machine or intended machine allow to use access ,other machine will be
23. restricted... port blocking is used for security purpose...otherwise some intruders
enter into your company and destroy your lan with single laptop thats it
157. Question 157. Explain How Do We Do Authentication With Message
Digest(md5)? (usually Md Is Used For Finding Tampering Of Data)
Answer :
The unique number will be generated by MD5, if it is tamped with someone, the value
will be changed so you know you are tampered
158. Question 158. The Unique Number Will Be Generated By Md5, If It Is
Tamped With Someone, The Value Will Be Changed So You Know You Are
Tampered?
Answer :
o OSPF has two primary characteristics. The first is that the protocol is open,
which means that its specification is in the public domain. The OSPF
specification is published as Request For Comments (RFC) 1247.
The second principal characteristic is that OSPF is based on the SPF
algorithm, which sometimes is referred to as the Dijkstra algorithm, named for
the person credited with its creation.
o OSPF is a link-state routing protocol that calls for the sending of link-state
advertisements (LSAs) to all other routers within the same hierarchical
area. Information on attached interfaces, metrics used, and other variables
is included in OSPF LSAs. As OSPF routers accumulate link-state
information, they use the SPF algorithm to calculate the shortest path to
each node.