What is the difference between a vulnerability, a threat, and a risk?
Vulnerability: A weakness in a system (e.g., unpatched software).
Threat: A potential event that can exploit a vulnerability (e.g., a hacker).
Risk: The potential for loss or damage when a threat exploits a vulnerability.
Explain the CIA Triad.
The core principles of security: Confidentiality (data is secret), Integrity (data is untampered), and Availability (data is accessible).
What is the difference between IDS and IPS?
IDS (Intrusion Detection System): Monitors network traffic and alerts on suspicious activity. (Detection)
IPS (Intrusion Prevention System): Monitors traffic and can block malicious activity automatically. (Prevention)
What is a Firewall and what are its main types?
A network security device that controls traffic based on rules.
Types: Packet-filtering, Stateful, Next-Generation Firewall (NGFW).
What are the different types of hackers?
Black Hat: Malicious hackers.
White Hat: Ethical hackers.
Grey Hat: In-between, may hack without permission but without malicious intent.
What is a DDoS attack and how can you mitigate it?
Flooding a target with excessive traffic from multiple sources to make it unavailable.
Mitigation: Use DDoS protection services (cloud-based), rate limiting, and traffic filtering.
Explain SSL/TLS and how it works.
Protocols that encrypt communication between a client and server. It uses a handshake process to establish a secure session with asymmetric/symmetric encryption.
What is a VPN and why is it used?
A Virtual Private Network creates an encrypted tunnel over a public network (like the internet) to provide secure remote access.
What is the difference between Symmetric and Asymmetric encryption?
Symmetric: Uses a single shared key for both encryption and decryption (fast, e.g., AES).
Asymmetric: Uses a public/private key pair (more secure, e.g., RSA).
What is a Man-in-the-Middle (MitM) attack?
An attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
What are common network scanning tools?
Nmap (port scanning), Nessus (vulnerability scanning), Wireshark (packet analysis).
What is Phishing?
A social engineering attack using fraudulent emails/messages to trick victims into revealing sensitive data.
What is a Malware? Name different types.
Malicious software. Types: Virus, Worm, Trojan, Ransomware, Spyware.
What is a Zero-Day exploit?
An attack that targets a previously unknown vulnerability for which no patch is available.
What is SQL Injection?
An attack where malicious SQL code is inserted into a query, allowing attackers to manipulate the database.
What is Network Segmentation and why is it important?
Dividing a network into smaller segments to control traffic and limit the spread of an attack.
What is Multi-Factor Authentication (MFA) and why is it critical?
Using two or more verification factors to authenticate a user. It adds a critical layer of security beyond just a password.
What is SIEM?
Security Information and Event Management. A tool that aggregates and analyzes log data from various sources for real-time security monitoring.
What is Port Security on a switch?
A feature that restricts a switch port to only allow specific MAC addresses, preventing unauthorized device access.
How does a Stateful Firewall differ from a Stateless one?
Stateless: Filters packets based on static rules (IP, port).
Stateful: Tracks the state of active connections and makes decisions based on context.
What is NAC (Network Access Control)?
A security solution that enforces policies on devices attempting to access the network, ensuring they comply with security standards.
What is the principle of Least Privilege?
Users and systems should be granted only the minimum levels of access necessary to perform their functions.
