FireCompass Interview Questions and Answers

CIA stands for Confidentiality, Integrity, and Availability, the three core principles of information security.

• Confidentiality: Ensuring that information is only accessible to those who are authorized to view it.

• Integrity: Ensuring that information is accurate and has not been tampered with.

• Availability: Ensuring that information is accessible when needed by authorized users.

• Examples: Encrypting sensitive data to maint...read more

Nmap is a powerful network scanning tool used to discover hosts and services on a network.

• Use 'nmap -sP <target>' to perform a ping scan to check which hosts are online

• Use 'nmap -sS <target>' to perform a TCP SYN scan to identify open ports

• Use 'nmap -A <target>' to enable OS detection, version detection, script scanning, and traceroute

• Use 'nmap -O <target>' to perform OS detection on the target ...read more

Call by value passes a copy of the actual parameter, while Call by reference passes the address of the actual parameter.

• In Call by value, changes made to the formal parameter do not affect the actual parameter.

• In Call by reference, changes made to the formal parameter affect the actual parameter.

• Example for Call by value: void swap(int x, int y) { int temp = x; x = y; y = temp; }

• Example for Call by reference: void swap...read more

One way to find the IP address of a website is by using the nslookup command in the command prompt.

• Open the command prompt on your computer

• Type 'nslookup' followed by the website URL (e.g. nslookup www.google.com)

• The IP address of the website will be displayed in the 'Address' section

The * on the tracert command indicates a timeout for a particular hop in the network path.

• The * symbol is displayed when a particular hop in the network path does not respond within the specified time limit.

• This could be due to network congestion, firewall blocking ICMP packets, or the target host being offline.

• The tracert command sends ICMP packets to each router in the path to a destination, and if a router does not ...read more

The harvester tool is a data collection tool used for gathering information from various sources.

• The harvester tool can be used for collecting email addresses, usernames, and other information from websites and social media platforms.

• It is commonly used by security analysts to gather intelligence on potential threats or vulnerabilities.

• The tool can also be used for reconnaissance purposes to gather information about a ...read more

nmap is a powerful network scanning tool used for discovering hosts and services on a network.

• nmap -h: Display a brief help message

• nmap -H: Display a detailed help message

• nmap --help: Display all available options and usage information

The OSI model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven layers.

• Layer 1 - Physical layer: Deals with physical connections and transmission of raw data over a physical medium (e.g. cables)

• Layer 2 - Data Link layer: Responsible for node-to-node communication, error detection, and flow control (e.g. Ethernet switches)

• Layer 3 - Network layer: Manages rout...read more

Encoding, hashing, and encryption are methods used to protect data by transforming it into a different format.

• Encoding is the process of converting data into a different format using a scheme that is publicly available. Example: Base64 encoding.

• Hashing is the process of converting data into a fixed-size string of characters using a mathematical algorithm. Example: SHA-256 hashing.

• Encryption is the process of converting...read more

Research and analyze certificates used on websites

• Use tools like SSL Labs to analyze SSL certificates

• Look for certificate details like issuer, expiration date, and encryption strength

• Check for any potential vulnerabilities or misconfigurations

• Verify if the certificates are properly installed and configured

To find the origin IP of a website, you can use tools like ping, nslookup, or online IP lookup services.

• Use the 'ping' command in the command prompt or terminal to get the IP address of the website.

• Use 'nslookup' command to query DNS servers for the IP address of the website.

• Use online IP lookup services like 'iplocation.net' or 'whatismyipaddress.com' to find the origin IP of a website.