10+ Anshika ITI Interview Questions and Answers

Threat, vulnerability, and risk are related to security while authentication and authorization are related to access control.

• Threat is a potential danger that can exploit a vulnerability and cause harm.

• Vulnerability is a weakness in a system that can be exploited by a threat.

• Risk is the likelihood of a threat exploiting a vulnerability and the impact it will have.

• Authentication is the process of verifying the identity of a user or system.

• Authorization is the process of granti...read more

CIA triads are confidentiality, integrity, and availability. HTTPS is a secure version of HTTP.

• CIA triads are the three pillars of information security.

• Confidentiality ensures that only authorized parties can access data.

• Integrity ensures that data is not tampered with or altered.

• Availability ensures that data is accessible to authorized parties when needed.

• HTTPS is a secure version of HTTP that encrypts data in transit.

• HTTPS uses SSL/TLS certificates to verify the identity o...read more

OWASP Top 10 is a list of common web application vulnerabilities. CIA model is a framework for information security.

• OWASP Top 10 includes vulnerabilities like injection, broken authentication, and cross-site scripting.

• CIA model stands for confidentiality, integrity, and availability.

• It is used to evaluate and improve the security of information systems.

• For example, a company may use the CIA model to ensure that customer data is kept confidential, is not tampered with, and is ...read more

OWASP Top 10 is a list of common web application vulnerabilities.

• Injection (SQL, LDAP, etc.)

• Broken Authentication and Session Management

• Cross-Site Scripting (XSS)

• Broken Access Control

• Security Misconfiguration

• Insecure Cryptographic Storage

• Insufficient Transport Layer Protection

• Unvalidated and Unsanitized Input

• Using Components with Known Vulnerabilities

• Insufficient Logging and Monitoring

Ports and tools used in information security

• Common ports used in information security include 80 (HTTP), 443 (HTTPS), 22 (SSH), and 3389 (RDP)

• Tools used in information security include Nmap, Wireshark, Metasploit, and Nessus

• Port scanning tools like Nmap are used to identify open ports on a target system

• Packet sniffing tools like Wireshark are used to capture and analyze network traffic

• Vulnerability scanners like Nessus are used to identify vulnerabilities in a target system

• Ex...read more

VAPT stands for Vulnerability Assessment and Penetration Testing, a process used to identify and address security vulnerabilities in a system.

• VAPT involves conducting a thorough assessment of a system to identify potential vulnerabilities.

• Penetration testing is then performed to exploit these vulnerabilities in a controlled manner to assess the system's security.

• The goal of VAPT is to identify and address security weaknesses before they can be exploited by malicious actors.

• Co...read more

BurpSuite is a web application security testing tool used for scanning, analyzing, and exploiting web applications.

• BurpSuite is commonly used for manual and automated testing of web applications for security vulnerabilities.

• It includes tools for intercepting and modifying HTTP requests, scanning for common security issues, and analyzing responses.

• BurpSuite can be used to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure direct object ref...read more

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

• Acts as a barrier between internal network and external networks

• Filters incoming and outgoing traffic based on set rules

• Can be hardware-based or software-based

• Can block unauthorized access while allowing legitimate traffic

• Can be configured to log and report on network activity

HTTP uses port 80 and HTTPS uses port 443.

• HTTP uses port 80 for communication between web servers and clients.

• HTTPS uses port 443 for secure communication between web servers and clients.

• Port numbers are used to identify specific processes running on a server.

• Other common port numbers include 21 for FTP, 22 for SSH, and 25 for SMTP.

A hacker or unauthorized user is someone who gains unauthorized access to a computer system or network.

• Hackers can be individuals or groups with malicious intent or those who seek to expose vulnerabilities in a system for ethical reasons.

• Unauthorized users can also include employees who abuse their access privileges or individuals who accidentally gain access to a system.

• Examples of unauthorized access include phishing attacks, password cracking, and exploiting software vulne...read more

OWASP Top 10 is a list of the 10 most critical web application security risks.

• Injection

• Broken Authentication

• Sensitive Data Exposure

• XML External Entities (XXE)

• Broken Access Control

• Security Misconfiguration

• Cross-Site Scripting (XSS)

• Insecure Deserialization

• Using Components with Known Vulnerabilities

• Insufficient Logging and Monitoring

A vulnerability is a weakness or flaw in a system that can be exploited by attackers to gain unauthorized access or cause damage.

• Vulnerabilities can exist in software, hardware, or even human behavior.

• Examples of vulnerabilities include unpatched software, weak passwords, and social engineering tactics.

• Vulnerability assessments and penetration testing can help identify and mitigate vulnerabilities.

• Regular updates and patches can also help prevent vulnerabilities from being ex...read more

SQL injection (SQLi) is a type of cyber attack where malicious SQL statements are inserted into an entry field to manipulate the database.

• SQLi occurs when an attacker inserts malicious SQL code into a query to manipulate the database.

• Mitigation techniques include using parameterized queries, input validation, and stored procedures.

• Example scenario: Attacker enters ' OR 1=1;--' into a login form to bypass authentication and gain unauthorized access.