Cyber Security Engineer Interview Questions and Answers for Freshers

Private IP addresses are used within a local network, while public IP addresses are used to identify a network on the internet.

• Private IP addresses are not unique on the internet and are used within a local network to identify devices.

• Public IP addresses are unique on the internet and are used to identify a network on the internet.

• Private IP addresses are in the range of 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255.

• Public IP add...read more

There are 256 hosts in a class C IP address.

• Class C IP addresses have a subnet mask of 255.255.255.0

• The first three octets are used for network identification

• The last octet is used for host identification

• The range of IP addresses in a class C network is from 192.0.0.0 to 223.255.255.255

• Each octet has 8 bits, so the last octet can have 2^8 (256) possible values

The most recent vulnerability is the PrintNightmare vulnerability in Windows Print Spooler service.

• The vulnerability allows attackers to remotely execute code with system-level privileges.

• It affects all versions of Windows and has a CVSS score of 8.8.

• Microsoft has released patches for the vulnerability, but some experts suggest disabling the Print Spooler service as a temporary fix.

SQL injection is a type of cyber attack where malicious SQL statements are inserted into an entry field to manipulate a database.

• Allows attackers to access sensitive data or execute unauthorized actions

• Occurs when user input is not properly sanitized

• Can be prevented by using parameterized queries and input validation

• Example: Entering ' OR 1=1;--' into a login form to bypass authentication

Kerberos protocol is a network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner.

• Developed by MIT in the 1980s

• Uses symmetric key cryptography

• Involves a Key Distribution Center (KDC)

• Prevents eavesdropping and replay attacks

OWASP Top 10 is a list of the most critical web application security risks.

• Injection

• Broken Authentication and Session Management

• Cross-Site Scripting (XSS)

• Broken Access Control

• Security Misconfiguration

• Insecure Cryptographic Storage

• Insufficient Transport Layer Protection

• Unvalidated and Unsanitized Input

• Insufficient Logging and Monitoring

• Using Components with Known Vulnerabilities

TLS (Transport Layer Security) is a protocol that ensures privacy and data integrity between communicating applications.

• TLS encrypts data to ensure confidentiality during transmission.

• It uses cryptographic algorithms to authenticate the parties involved in the communication.

• TLS also provides mechanisms for data integrity to prevent tampering.

• Handshake process involves negotiation of encryption algorithms and exchange of keys.

• Common examples of TLS implementations include HTTP...read more

Three-way handshake is a method used in TCP/IP network to establish a connection between a client and a server.

• Client sends a SYN (synchronize) packet to the server to initiate a connection

• Server responds with a SYN-ACK (synchronize-acknowledgment) packet to acknowledge the request

• Client sends an ACK (acknowledgment) packet back to the server to confirm the connection