Gruh Finance Interview Questions and Answers

Threat, vulnerability, and risk are related to security while authentication and authorization are related to access control.

• Threat is a potential danger that can exploit a vulnerability and cause harm.

• Vulnerability is a weakness in a system that can be exploited by a threat.

• Risk is the likelihood of a threat exploiting a vulnerability and the impact it will have.

• Authentication is the process of verifying the identity of a user or system.

• Authorization is the process of granti...read more

CIA triads are confidentiality, integrity, and availability. HTTPS is a secure version of HTTP.

• CIA triads are the three pillars of information security.

• Confidentiality ensures that only authorized parties can access data.

• Integrity ensures that data is not tampered with or altered.

• Availability ensures that data is accessible to authorized parties when needed.

• HTTPS is a secure version of HTTP that encrypts data in transit.

• HTTPS uses SSL/TLS certificates to verify the identity o...read more

OWASP Top 10 is a list of common web application vulnerabilities. CIA model is a framework for information security.

• OWASP Top 10 includes vulnerabilities like injection, broken authentication, and cross-site scripting.

• CIA model stands for confidentiality, integrity, and availability.

• It is used to evaluate and improve the security of information systems.

• For example, a company may use the CIA model to ensure that customer data is kept confidential, is not tampered with, and is ...read more

OWASP Top 10 is a list of common web application vulnerabilities.

• Injection (SQL, LDAP, etc.)

• Broken Authentication and Session Management

• Cross-Site Scripting (XSS)

• Broken Access Control

• Security Misconfiguration

• Insecure Cryptographic Storage

• Insufficient Transport Layer Protection

• Unvalidated and Unsanitized Input

• Using Components with Known Vulnerabilities

• Insufficient Logging and Monitoring

Ports and tools used in information security

• Common ports used in information security include 80 (HTTP), 443 (HTTPS), 22 (SSH), and 3389 (RDP)

• Tools used in information security include Nmap, Wireshark, Metasploit, and Nessus

• Port scanning tools like Nmap are used to identify open ports on a target system

• Packet sniffing tools like Wireshark are used to capture and analyze network traffic

• Vulnerability scanners like Nessus are used to identify vulnerabilities in a target system

• Ex...read more

VAPT stands for Vulnerability Assessment and Penetration Testing, a process used to identify and address security vulnerabilities in a system.

• VAPT involves conducting a thorough assessment of a system to identify potential vulnerabilities.

• Penetration testing is then performed to exploit these vulnerabilities in a controlled manner to assess the system's security.

• The goal of VAPT is to identify and address security weaknesses before they can be exploited by malicious actors.

• Co...read more