Interview Questions.

Top 100+ Network Security Interview Questions And Answers

fluid

Top 100+ Network Security Interview Questions And Answers

Question 1. Why Does Active Ftp Not Work With Network Firewalls?

Answer :

When a consumer initiates a connection with the FTP server,  TCP connections are established. The second TCP connection (FTP facts connection) is initiated and hooked up from the FTP server. When a firewall is among the FTP patron and server, the firewall could block the connection initiated from the FTP server on account that it's far a connection initiated from out of doors. To resolve this, Passive FTP can be used or the firewall rule may be changed to feature the FTP server as relied on.

Question 2. Which Feature On A Network Switch Can Be Used To Prevent Rogue Dhcp Servers?

Answer :

DHCP Snooping

Networking Interview Questions
Question three. Which Feature On A Cisco Ios Firewall Can Be Used To Block Incoming Traffic On A Ftp Server?

Answer :

Extended ACL.

Question 4. Name One Secure Network Protocol Which Can Be Used Instead Of Telnet To Manage A Router?

Answer :

SSH

Networking Tutorial
Question 5. Provide A Reason As To Why Https Should Be Used Instead Of Http?

Answer :

HTTP sends facts in clear text whereas HTTPS sends facts encrypted.

Verilog Interview Questions
Question 6. How Can You Prevent A Brute Force Attack On A Windows Login Page?

Answer :

Setup a account lockout for particular range of attempts, in order that the person account might be locked up mechanically after the required number.

Question 7. In An Icmp Address Mask Request, What Is The Attacker Looking For?

Answer :

The attacker is looking for the subnet/community masks of the sufferer. This could help the attacker to map the inner community.

Penetration Testing Tutorial Switching Interview Questions
Question eight. Why Is Ripv1 Insecure In A Network?

Answer :

RIPv1 does no longer use a password for authentication as with RIPv2. This makes it viable to attackers to ship rogue RIP packets and corrupt the routing table.

Question 9. Which Feature On A Network Switch Can Be Used To Protect Against Cam Flooding Attacks?

Answer :

Port-Security feature may be used for the equal. In a cam flooding assault, the attacker sends a storm of mac-addresses (frames) with distinct values. The aim of the attacker is to fill up the cam table. Port-Security may be used to limit the variety of mac-addresses allowed on the port.

Firewall Support Interview Questions
Question 10. Which Protocol Does Https Uses At The Transport Layer For Sending And Receiving Data?

Answer :

TCP

Cryptography Tutorial
Question 11. ____ Typically Involves Using Client-side Scripts Written In Javascript That Are Designed To Extract Information From The Victim And Then Pass The Information To The Attacker?

Answer :

Correct Answer: Cross website scripting (XSS)

System Verilog Interview Questions
Question 12. What Is Srm (protection Reference Monitor)?

Answer :

The Security Reference Monitor is the kernel mode element that does the actual access validation, in addition to audit generation

Networking Interview Questions
Question 13. In A Company Of 500 Employees, It Is Estimated That _____ Employees Would Be Required To Combat A Virus Attack?

Answer :

five personnel.

Digital Communication Tutorial
Question 14. According To The Research Group Postini, Over ____ Of Daily E-mail Messages Are Unsolicited And Could Be Carrying A Malicious Payload?

Answer :two-thirds.

Question 15. A Software-based ____ Attempt To Monitor And Possibly Prevent Attempts To Attack A Local System?

Answer :

HIDS

Penetration Testing Interview Questions
Question 16. A Security ____ Focuses On The Administration And Management Of Plans, Policies, And People?

Answer :

manager.

Question 17. Under The _____ , Healthcare Enterprises Must Guard Protected Health Information And Implement Policies And Procedures To Safeguard It, Whether It Be In Paper Or Electronic Format?

Answer :HIPAA.

Cryptography Interview Questions
Question 18. How Did Early Computer Security Work?

Answer :

It was pretty easy- just passwords to guard one's computer. With the innovation of the internet, but, computer systems have improved security with firewalls and loads of anti-virus packages.

Verilog Interview Questions
Question 19. What Is A Firewall?

Answer :

A Firewall is software that blocks unauthorized users from connecting on your computer. All computers at Bank Street are covered by a firewall which is monitored and updated by using CIS.

Question 20. Business ____ Theft Involves Stealing Proprietary Business Information Such As Research For A New Drug Or A List Of Customers That Competitors Are Eager To Acquire?

Answer :facts.

Firewall (computing) Interview Questions
Question 21. ____ Monitor Internet Traffic And Block Access To Preselected Web Sites And Files?

Answer :

Internet content material filters.

Question 22. What Is Another Name For Unsolicited E-mail Messages?

Answer :

spam

Question 23. The ____ Is The Link Between The Cellular Network And The Wired Telephone World And Controls All Transmitters And Base Stations In The Cellular Network?

Answer :

MTSO

Check Point Certified Security Administrator (CCSA) Interview Questions
Question 24. ____ Technology Enables A Virtual Machine To Be Moved To A Different Physical Computer With No Impact To The Users?

Answer :

Live migration

Switching Interview Questions
Question 25. A(n) ____ Finds Malicious Traffic And Deals With It Immediately?

Answer :

IPS

Question 26. A ____ Virus Infects The Master Boot Record Of A Hard Disk Drive?

Answer :

boot

CheckPoint Firewall Interview Questions
Question 27. Can Police Track An Ip Address After It Has Been Changed?

Answer :

Sometimes-for instance, if the user has a dynamic IP deal with, and their IP address modifications inside this gadget as normal, it may usually be tracked. If the user makes use of a proxy carrier to make their IP cope with appear as if it's far positioned in some random other p

Firewall Support Interview Questions
Question 28. ____ Is A Software Program That Delivers Advertising Content In A Manner That Is Unexpected And Unwanted By The User?

Answer :

Adware

Question 29. Encryption Under The Wpa2 Personal Security Model Is Accomplished By ____?

Answer :

AES-CCMP

Digital Communication Interview Questions
Question 30. According To The 2007 Fbi Computer Crime And Security Survey, The Loss Due To The Theft Of Confidential Data For 494 Respondents Was Approximately ____?

Answer :

$10 million.

Question 31. ____, Also Called Add-ons, Represent A Specific Way Of Implementing Activex And Are Sometimes Called Activex Applications?

Answer :

ActiveX controls.

Question 32. What Is A Sid (protection Id)?

Answer :

SID stands for Security Identifier and is an internal fee used to uniquely pick out a user or a group. A SID include * User and organization safety descriptors * 48-bit ID authority * Revision degree * Variable sub authority values

Siemens PLC Interview Questions
Question 33. ____ Can Fully Decode Application-layer Network Protocols. Once These Protocols Are Decoded, The Different Parts Of The Protocol Can Be Analyzed For Any Suspicious Behavior?

Answer :

Protocol analyzers

System Verilog Interview Questions
Question 34. A ____ Is A Computer Program Or A Part Of A Program That Lies Dormant Until It Is Triggered By A Specific Logical Event?

Answer :

logic bomb

Question 35. A ____ Is A Cumulative Package Of All Security Updates Plus Additional Features.

Answer :

provider percent

Question 36. The Goal Of ____ Is To Prevent Computers With Suboptimal Security From Potentially Infecting Other Computers Through The Network?

Answer :

NAC

Penetration Testing Interview Questions
Question 37. ____ Is A Windows Vista And Windows Xp Service Pack 2 (sp2) Feature That Prevents Attackers From Using Buffer Overflow To Execute Malware?

Answer :

DEP

Question 38. ____ Are Portable Communication Devices That Function In A Manner That Is Unlike Wired Telephones?

Answer :

Cell phones

Question 39. A ____ Is A Single, Dedicated Hard Disk-primarily based File Storage Device That Provides Centralized And Consolidated Disk Storage Available To Lan Users Through A Standard Network Connection?

Answer :

NAS

Question 40. What Is Administrator Privileges When Trying To Install A Download?

Answer :

Administrator privileges allows the person full get entry to to a software or community second simplest to the system account. If you don't have administrator privileges, you cannot do sure matters You can be capable use a application, however no longer improve it.

Cryptography Interview Questions
Question 41. With Operating System Virtualization, A Virtual Machine Is Simulated As A Self-contained Software Environment By The ____ System (the Native Operating System To The Hardware)?

Answer :

host

Question forty two. While Most Attacks Take Advantage Of Vulnerabilities That Someone Has Already Uncovered, A(n) ____ Occurs When An Attacker Discovers And Exploits A Previously Unknown Flaw?

Answer :

zero day

Firewall (computing) Interview Questions
Question 43. ____ Enables The Attacker's Computer To Forward Any Network Traffic It Receives From Computer A To The Actual Router?

Answer :

IP forwarding.

Question 44. A(n) ____ Is A Computer Programming Language That Is Typically Interpreted Into A Language The Computer Can Understand?

Answer :

scripting language

Question forty five. In A ____ Attack, Attackers Can Attackers Use Hundreds Or Thousands Of Computers In An Attack Against A Single Computer Or Network?

Answer :

allotted

Question forty six. What Is The Maximum Fine For Those Who Wrongfully Disclose Individually Identifiable Health Information With The Intent To Sell It?

Answer :

$250,000

Question forty seven. _____ Ensures That Information Is Correct And That No Unauthorized Person Or Malicious Software Has Altered That Data?

Answer :

Integrity

Question 48. The Plain Text To Be Transmitted Has A Cyclic Redundancy Check (crc) Value Calculated, Which Is A Check Sum Based On The Contents Of The Text. Wep Calls This The ____ And Append It To The End Of The Text?

Answer :

Correct Answer: integrity test fee (ICV)

Question forty nine. The _____ Act Is Designed To Broaden The Surveillance Of Law Enforcement Agencies So They Can Detect And Suppress Terrorism?

Answer :

USA Patriot

Question 50. The Single Most Expensive Malicious Attack Was The 2000 ____, Which Cost An Estimated $eight.7 Billion?

Answer :

Love Bug.

Question 51. Live Migration Can Be Used For ____; If The Demand For A Service Or Application Increases, Then Network Managers Can Quickly Move This High-call for Virtual Machine To Another Physical Server With More Ram Or Cpu Resources?

Answer :

load balancing

Question 52. The ____ Are The Operating System Settings That Impose How The Policy Will Be Enforced?

Answer :

configuration baselines

Question 53. ____ Involves Using Someone's Personal Information, Such As Social Security Numbers, To Establish Bank Or Credit Card Accounts That Are Then Left Unpaid, Leaving The Victim With The Debts And Ruining Their Credit Rating?

Answer :

Identity robbery

Question fifty four. Targeted Attacks Against Financial Networks, Unauthorized Access To Information, And The Theft Of Personal Information Is Sometimes Known As ____?

Answer :

cybercrime

Question 55. The Goal Of ____ Is To Make It Harder To Predict Where The Operating System Functionality Resides In Memory?

Answer :

ASLR

Question fifty six. Instead Of The Web Server Asking The User For The Same Information Each Time She Visits That Site, The Server Can Store That User-particular Information In A File On The User's Local Computer And Then Retrieve It Later. This File Is Called A(n) ____?

Answer :

cookie

Question fifty seven. One Type Of Virtualization In Which An Entire Operating System Environment Is Simulated Is Known As ____ Virtualization?

Answer :

running gadget

Question 58. Wep Accomplishes Confidentiality By Taking Unencrypted Text And Then Encrypting Or "scrambling" It Into ____ So That It Cannot Be Viewed By Unauthorized Parties While Being Transmitted?

Answer :

ciphertext.

Question fifty nine. ____ Authentication Is Based Upon The Fact That Only Pre-authorized Wireless Devices Are Given The Shared Key?

Answer :

Shared key

Question 60. ____ Work To Protect The Entire Network And All Devices That Are Connected To It?

Answer :

NIPS

Question 61. Flash Memory Is A Type Of ____, Non Volatile Computer Memory That Can Be Electrically Erased And Rewritten Repeatedly?

Answer :

EEPROM

Question sixty two. What Is The Primary Function Of A Firewall?

Answer :

Its number one feature is to prevent accesses from untrusted (or undesired) external structures to inner structures and offerings, and to save you inner customers and systems to access outside untrusted or undesired structures and services. More usually, its pur

Question sixty three. ____ Hinges On An Attacker Being Able To Enter An Sql Database Query Into A Dynamic Web Page?

Answer :

SQL injection

Question 64. ____ Are Designed To Inspect Traffic, And Based On Their Configuration Or Security Policy, They Can Drop Malicious Traffic?

Answer :

NIPS

Question 65. An Attacker Could Alter The Mac Address In The Arp Cache So That The Corresponding Ip Address Would Point To A Different Computer, Which Is Known As ____?

Answer :

ARP poisoning.

Question sixty six. Creating And Managing Multiple Server Operating Systems Is Known As ____ Virtualization?

Answer :

server

Question sixty seven. A ____ Is A Program Advertised As Performing One Activity But Actually Does Something Else?

Answer :

Trojan

Question 68. A(n) ____ Attack Makes A Copy Of The Transmission Before Sending It To The Recipient?

Answer :

replay

Question 69. ____ Is An Image Spam That Is Divided Into Multiple Images?

Answer :

GIF layering

Question 70. A Computer ____ Is A Program That Secretly Attaches Itself To A Legitimate "carrier," Such As A Document Or Program, And Then Executes When That Document Is Opened Or Program Is Launched?

Answer :

virus

Question 71. _____ Ensures That Only Authorized Parties Can View Information?

Answer :

Confidentiality

Question 72. Coppa Requires Operators Of Online Services Or Web Sites Designed For Children Under The Age Of _____ To Obtain Parental Consent Prior To The Collection, Use, Disclosure, Or Display Of A Child's Personal Information?

Answer :

thirteen

Question seventy three. ____ Is A Process Of Ensuring That Any Inputs Are "smooth" And Will Not Corrupt The System?

Answer :

Input validation

Question 74. In Order To Avoid Detection Some Viruses Can Alter How They Appear. These Are Known As ____ Viruses?

Answer :

metamorphic

Question 75. ____ Is A Language Used To View And Manipulate Data That Is Stored In A Relational Database?

Answer :

SQL

Question seventy six. What Is The Most Secure Operating System?

Answer :

Security is a difficult and once in a while arguable thing to analyze. The simplest virtually "comfortable" running systems are those that haven't any contact with the outdoor international. The firmware on your DVD participant is a superb instance. Among all current preferred cause op.

Question 77. What Do You Do If Spybot Will Not 'immunize'?

Answer :

redownload spybot.

Question 78. The Goal Of A ____ Is To Hide The Ip Address Of Client Systems Inside The Secure Network?

Answer :

proxy server

Question 79. ____ Uses "speckling" And Different Colors So That No Two Spam E-mails Appear To Be The Same?

Answer :

Geometric variance

Question eighty. What Is Sam (safety Account Manager)?

Answer :

SAM stands for Security Account Manager and is the one who keeps the safety database, saved within the registry beneath HKLMSAM. It serves the Local Security Authority (LSA) with SIDs. The SAM maintains the consumer account database.

Question 81. Today's Computer Systems Have A(n) ____ Chip In Which The Contents Can Be Rewritten To Provide New Functionality?

Answer :

PROM

Question 82. ____ Is A Means Of Managing And Presenting Computer Resources By Function Without Regard To Their Physical Layout Or Location?

Answer :

Virtualization

Question 83. A ____ Virus Can Interrupt Almost Any Function Executed By The Computer Operating System And Alter It For Its Own Malicious Purposes?

Answer :

resident

Question 84. Why Is Wep Security Not Recommended For Wireless Networks?

Answer :

WEP safety is without difficulty compromised - commonly in 60 seconds or much less. Part of the trouble is that WEP protection become developed for backward compatibility with older gadgets and is a much less robust security measure.

Question eighty five. Besides Default Rule Sets, What Activities Are Actively Monitored By Your Ids?

Answer :

IDSs include default rule sets to look for common assaults. These rule units ought to also be customized and augmented to search for traffic and activities particular to your organization’s security coverage. For instance, in case your agency’s protection coverage prohibits peer-to-peer communications, then a rule ought to be created to look at for that sort of hobby. In addition, outbound site visitors need to be watched for capacity Trojans and backdoors.

Question 86. What Type Of Traffic Are You Denying At The Firewall?

Answer :

There ought to be a default deny rule on all firewalls to disallow something that is not explicitly accepted. This is greater comfortable than explicitly denying positive site visitors due to the fact that can create holes and oversights on a few potentially malicious visitors.

Question 87. Where Is Your Organization's Security Policy Posted And What Is In It?

Answer :

There must be an overall policy that establishes the path of the organization and its protection undertaking in addition to roles and duties. There can also be machine-unique rules to address for person structures. Most importantly, the regulations need to address an appropriate use of computing resources. In addition, policies can deal with a number of security controls from passwords and backups to proprietary facts. There must be clean procedures and tactics to follow for every coverage. These rules need to be covered inside the employee manual and published on a simply available intranet website.

Question 88. What Is Security Policy In A Distributed Network Environment?

Answer :

The safety coverage some thing surely, whatever your admin enforces. Everything from what packages you're allowed to what wallpaper you have got can be controlled via GPO's. Usually you will locate the not unusual one are that each pc has to get updates, every pc has to have an AV

Question 89. What Is Preprocessing In Ids?

Answer :

Before evaluation all of the captured records desires to be organized in a particular format or sample for the type motive this complete process of organizing statistics is known as preprocessing. In this method facts that is accrued from the IDS or IPS sensors wishes to be positioned into a few canonical layout or a based database layout based on the preprocessing. Once the data is formatted it is further broken down into classifications, which absolutely relies upon at the analysis scheme used. Once the statistics is classified, it's far concatenated and used at the side of predefined detection templates wherein the variables are changed with real-time statistics.

Question 90. What Are The Tolerable Levels Of Impact Your Systems Can Have?

Answer :

An corporation should recognize how an outage may want to effect the potential to continue operations. For example, you should determine how long structures may be down, the effect on cash waft, the effect on carrier level agreements, and the important thing assets that should be stored walking.

Question 91. How Are Subnets Used To Improve Network Security?

Answer :

Subnets improve community safety and performance with the aid of arranging hosts into extraordinary logical agencies. Subnetting is required while one community deal with needs to be allotted throughout multiple community segments. Subnetting is required while a business enterprise makes use of two or more kinds of network technology like Ethernet and Token Ring.

Question ninety two. What Does Your Network/security Architecture Diagram Look Like?

Answer :

The first element you want to recognize to protect your network and systems is what you're protective. You have to realize:

The physical topologies
Logical topologies (Ethernet, ATM, 802.Eleven, VoIP, and many others.)
Types of running systems
Perimeter safety measures (firewall and IDS placement, and many others.)
Types of devices used (routers, switches, and so on.)
Location of DMZs
IP address degrees and subnets
Use of NAT In addition, you need to recognize in which the diagram is saved and that it's far frequently updated as adjustments are made.
Question ninety three. What Security Measures Are In Place For In-residence Developed Applications?

Answer :

Any improvement that is taking place in house must encompass safety from the beginning of the improvement system. Security needs to be part of trendy requirements and testing methods. Code reviews should be conducted by a check crew to look for vulnerabilities including buffer overflows and backdoors. For security reasons, it isn't always a good idea to subcontract improvement work to 1/3 events.

Question 94. Why Is 802.11 Wireless More Of A Security Problem Than Any Other Type Of Network?

Answer :

Wireless is normally less comfy because it makes use of radio waves for transmission. In other phrases, you have got your records "floating" in airspace which makes it extra liable to being compromised (hacked). With a wired connection a person can not "scouse borrow" your records frames (packets) unless they bodily connect with the community cabling. Additionally, the extent of protection built into wi-fi technology is much less superior than that of stressed out networks. This is mainly because of the reality that 802.11 is a distinctly newer protocol trendy. Manufacturers (each hardware and software) are growing better safety for wi-fi structures and it's far viable to harden the security of a WLAN by using using the contemporary security protocols in conjunction with the usage of a few 1/3-birthday party software. For additional precise statistics study the RFC requirements for 802.Eleven.

Question ninety five. What Resources Are Located On Your Internal Network?

Answer :

In addition to inner net, mail, and DNS servers, your inner network can also consist of databases, software servers, and take a look at and development servers.

Question 96. What Is Your Backup Policy?

Answer :

VPNs have to be used for far flung get right of entry to and different sensitive verbal exchange. IPSEC is a wonderful desire for this motive. Strong encryption protocols inclusive of 3DES and AES ought to be used every time viable. Web get right of entry to to touchy or proprietary data should

Question ninety seven. You Are Working On A Router That Has Established Privilege Levels That Restrict Access To Certain Functions. You Discover That You Are Not Able To Execute The Command Show Running-configuration. How Can You View And Confirm The Access Lists That Have Been.

Answer :

display ip interface Ethernet zero The handiest command that shows which get admission to lists were implemented to an interface is show ip interface Ethernet 0. The command display get admission to-lists displays all configured get right of entry to lists, and display ip access-lists presentations all configured IP get right of entry to lists, but neither command suggests whether the displayed get entry to lists have been implemented to an interface.

Question ninety eight. What Is The Defining Difference Between Computer Security And Information Security?

Answer :

Ar 25-2

Question 99. How Are You Monitoring For Trojans And Back Doors?

Answer :

In addition to periodic vulnerability scanning, outgoing site visitors ought to be inspected before it leaves the community, searching out probably compromised structures. Organizations regularly attention on visitors and assaults coming into the network and forget about about tracking outgoing traffic. Not simplest will this stumble on compromised structures with Trojans and backdoors, but it will also discover probably malicious or inappropriate insider activity.

Question 100. What Types Of Idss Does Your Organization Use?

Answer :

To provide the best level of detection, an business enterprise need to use a mixture of both signature-based totally and anomaly-primarily based intrusion detection structures. This lets in each recognized and unknown assaults to be detected. The IDSs have to be distributed throughout the network, including areas consisting of the Internet connection, the DMZ, and internal networks.

Question a hundred and one. How Does An Encryption Help Security Of An Network?

Answer :

One of the important thing objectives of computer safety is confidentiality - records is best to be had to folks who are alleged to have access to it. Encryption facilitates guard confidentiality of statistics transmitted over a community by way of (if it works as meant) making it difficult or impossible for a person who isn't always legal to have the information to make sense of it in the event that they intercept the facts in transit. In cases of data stored on a community, if it is saved in encrypted form, it is able to make it difficult or not possible for an attacker to get anything useful from the encrypted record.

Question 102. How Can An Operating Systems Help Administrators Control A Network And Manage Security?

Answer :

To Abe capable of manipulate and manage a community well, your laptop could should have server possibilities. Server Operating Systems which includes Microsoft Server 2008 can be used for protection management over a community, however requires a truthful bit of insight to function and are in general utilized by IT specialists best. Group Policy Controls, an Advanced firewall with through the minute updates, Network Access Protection, Network Policy and access System. Windows 7 has some community protection abilties constructed in...

Question 103. How Often Are You Performing Vulnerability Scanning?

Answer :

An organisation should be performing vulnerability scanning as often as viable, relying on the size of the community. The scanning need to be scheduled to permit ok time to review the reviews, find out anything that has modified, and mitigate the vulnerability.

Question 104. Why Is Your Federal System A Double Security?

Answer :

because it incorporates pinnacle secret statistics.

Question 105. How Often Are Your Systems Patched?

Answer :

Systems should be patched each time a new patch is launched. Many companies don’t patch often and generally tend to now not patch crucial systems because they don’t want to hazard downtime. However, vital systems are the most vital to patch. You need to time table ordinary upkeep downtime to patch structures. As vulnerabilities are found, attackers regularly release exploits even before system patches are to be had. Therefore, it's miles vital to patch systems as quickly as viable.

Question 106. What Is Availability For Ia Security?

Answer :

One of the simple topics of IA is that it's far composed of 3 standards - that have the memorable acronym CIA. C = confidentiality: best folks who should be able to see the data can see it. I = integrity: the statistics is handiest changed via those authorized to change it and isn't being corrupted by chance or intentionally. A = availability: customers can access the records once they want to or need to.

Question 107. What Are The Specific Threats To Your Organization?

Answer :

In addition to figuring out the vital business systems and strategies, it is vital to pick out the viable threats to those structures in addition to the employer as an entire. You must take into account each external and inner threats and assaults the use of diverse access points (wireless, malicious code, subverting the firewall, and so forth.). Once again, this may assist in implementing the precise safety protections and developing commercial enterprise continuity and disaster restoration plans

Question 108. How Does Symmetric Key Encryption Work?

Answer :

Symmetric encryption requires that each parties (sender and receiver) recognise and have the precise equal encryption key. This key is used both for encrypting and decrypting the information. Using the identical encryption algorithm manner that best those individuals that recognize or have the identical key can be able to study any messages encrypted by using the symmetric key.

Question 109. What Is Ring Protection In Sdh?

Answer :

Ring safety is a gadget wherein multiplexers are linked in a hoop topology. If a single span fails visitors switches round the opposite side of the hoop.

Question one hundred ten. What Physical Security Controls Are In Place In Your Organization?

Answer :

Physical protection is a big vicinity that ought to be addressed by using an agency. Examples of bodily controls consists of bodily get admission to controls (symptoms, locks, safety guards, badges/PINs, bag seek/scanning, metal detectors), CCTV, movement detectors, smoke and water detectors, and backup electricity turbines.

Question 111. What Is Meant By The Term Securing Your Perimeter Network Security?

Answer :

your perimeter network is the network you use such as you've got the net and your network your community is your perimeter

Question 112. Is Stand Alone Computer Secure?

Answer :

Of path viruses may be unfold via floppy disks, usb keys or other methods so being a standalone computer not connected to any network doesn't mean the computer cannot be inflamed even though the statistics can not be leaked through the community to external individuals. However, there's additionally bodily protection of the computer itself, and that in which it gets interesting depending on who and what your looking to comfy the laptop from. If as an instance the laptop is sitting in a public area, and you aren't concerned pretty much outside threats but additionally capability employee facts theft then one ought to count on no information at the laptop is comfy despite the fact that the pc is standalone.

Question 113. Which Layer Is Done By Congestion Control?

Answer :

on the community layer, congestion manipulate mechanism takes vicinity.

Question 114. What Types Of Attacks Are You Seeing?

Answer :

Typically an corporation sees a constant move of port scan attacks. These are a everyday incidence on the Internet because of attackers and worms. An agency should not be seeing many sizable assaults which includes compromises, backdoors, or exploits on systems. This might suggest that the security defenses are susceptible, patching might not be going on, or other vulnerabilities exist.

Question a hundred and fifteen. How Can A Switch Help Reduce Network Security Problems?

Answer :

Switches use routing desk which does allow to brandband your connection requests how hubs do. It protects you from sniffing packages.

Question 116. What Is Security?

Answer :

Security is the diploma of safety to safeguard a kingdom, union of countries, individuals or individual in opposition to hazard, harm, loss, and crime. Security as a shape of safety are structures and methods that offer or improve safety as a situation. The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines protection as "a form of protection where a separation is created between the assets and the chance". This includes however isn't constrained to the removal of either the asset or the threat.

Question 117. How Are You Protecting Against Social Engineering And Phishing Attacks?

Answer :

The satisfactory manner to defend against social engineering and phishing attacks is to educate the customers. Employees must attend protection recognition education that explains these forms of attacks, what to expect, and how to reply. There ought to also be a publicly published incidents e mail deal with to file suspicious hobby.

Question 118. What Is The Need For Network Security?

Answer :

The need for network safety is pretty obvious, (no offense to the asker), however, it's miles simply consequently: There are criminal activities in each discipline, computers being no exception. People want to store private information on computers. If a crook become able to slip onto your network, they might be capable of get right of entry to any unguarded laptop, and retrieve information off of it when they have get entry to. Make certain you keep AT LEAST ONE password on every laptop you very own, multiple distinct ones if it permits it. 

Question 119. Difference Between Network And Operating System Security?

Answer :

Network security concentrates on the packets of records flowing among computer structures. Operating System protection controls access to resources on the server itself. Therefore, the 2 are searching at various things in phrases of security.

Question one hundred twenty. What Is Your Wireless Infrastructure?

Answer :

Part of knowing your network structure includes knowing the vicinity of wi-fi networks because they devise some other feasible access factor for an attacker. You ought to also verify whether or not they're being used for sensitive statistics and are they secured as first-rate as viable.

Question 121. What Desktop Protections Are Used?

Answer :

Desktops should have a mixture of anti-virus software program, non-public firewall, and host-primarily based intrusion detection. Each of those software program packages need to be frequently up to date as new signatures are deployed. They ought to also be centrally controlled and managed.

Question 122. What Is The Difference Between An Exploit And Vulnerability In Information Security?

Answer :

A vulnerability is a weak factor in a system. This implies a danger, particularly to confidential data. An make the most is a means of taking benefit of the vulnerability and using it to take benefit of a system or network. Just because something has been diagnosed as a vulnerability would not suggest that it's been used to compromise a system. The presence of the make the most way someone has effectively used that weak spot and taken advantage of it.

Question 123. What Applications And Services Are Specifically Denied By Your Organization's Security Policy?

Answer :

Your employer’s security policy have to specify programs, offerings, and sports which might be prohibited. These can include, amongst others:

Viewing inappropriate material
Spam
Peer-to-peer file sharing
Instant messaging
Unauthorized wireless gadgets
Use of unencrypted far flung connections along with Telnet and FTP
Question 124. What Is Message Control System?

Answer :

A approach for controlling messages in a software gadget. The technique activates a document-managing module while a subroutine has a message to send. The subroutine passes an identity to the record-managing module. The subroutine then passes a message and message level to the document managing module. The report-managing module then determines the message stage to be pronounced for that subroutine, the process from which that subroutine is sending messages and the message level to be reported for that procedure. If the message level of the message compares efficiently to the message degree of the subroutine and the system, the message is mentioned.

Question 125. How Do You Stop A Computer To Broadcast?

Answer :

Three simple ways: On most laptops there's a activate the front On most towers there may be a USB persist with unplug On all computer systems WIFI and Blue-teeth may be disabled from "my computer".

Question 126. How Is Your Wireless Infrastructure Secured?

Answer :

Wireless get entry to need to at least use WEP with 128-bit encryption. Although this offers some security, it isn't always very sturdy, which is why your wireless community must not be used for touchy facts. Consider moving to the 802.11i wellknown with AES encryption when it's far finalized

Question 127. How Do You Remove Network Security Keys?

Answer :

visit your router options in your computer and it should say cast off

Question 128. How Often Is Your Disaster Recovery Plan Tested?

Answer :

The plan is not any correct until it's miles examined at least as soon as a year. These assessments will iron out problems within the plan and make it more efficient and successful if/while it is wished. Testing can consist of walkthroughs, simulation, or a complete out implementation.

Question 129. Where, When, And What Type Of Encryption Is Used?

Answer :

VPNs should be used for far off get admission to and other touchy verbal exchange. IPSEC is a superb preference for this purpose. Strong encryption protocols which include 3DES and AES ought to be used whenever feasible. Web access to sensitive or proprietary data ought to be included with 128-bit SSL. Remote system management need to use SSH. Sometimes document gadget encryption is likewise used to protect saved statistics.

Question a hundred thirty. How Often Are Logs Reviewed?

Answer :

Logs must be reviewed every day. This consists of IDS logs, machine logs, control station logs, and so forth. Not reviewing the logs is one in all the largest mistakes an employer could make. Events of hobby have to be investigated each day. It may be a completely tedious mission for a single individual to try this task as their best undertaking (unless they virtually experience it). It is better to have a log evaluation rotation system amongst the safety group.

Question 131. What Is Network Security?

Answer :

Network safety[1] consists of the provisions and guidelines followed by way of a network administrator to prevent and screen unauthorized get entry to, misuse, modification, or denial of a pc network and community-on hand sources. Network protection entails the authorization of get right of entry to to records in a network, which is controlled by using the network administrator. Users choose or are assigned an ID and password or different authenticating records that lets in them access to facts and applications within their authority. Network security covers a selection of laptop networks, each public and private, that are used in ordinary jobs conducting transactions and communications amongst agencies, authorities groups and individuals. Networks may be private, consisting of inside a organization, and others which might be open to public get entry to. Network safety is worried in companies, firms, and other styles of establishments. It does as its title explains: It secures the community, in addition to defensive and overseeing operations being accomplished. The most commonplace and easy way of shielding a network aid is via assigning it a completely unique call and a corresponding password.

Question 132. How Do You Prevent Ddos Attack?

Answer :

You do no longer have a whole lot desire, best successfully configured firewall/iptables (which isn't always a trivial challenge to do) assist you to to prevent it. But there may be no 100%

Question 133. What Is Included In Your Disaster Recovery Plan?

Answer :

Your disaster recovery plan (DRP) need to include recuperation of facts centers and healing of business operations. It must also encompass healing of the accrual bodily enterprise vicinity and recovery of the enterprise tactics important to resume regular operations. In addition, the DRP must address change running websites.

Question 134. What Is Your Organization's Password Policy?

Answer :

A password coverage must require that a password:

Be as a minimum eight characters lengthy
Contain each alphanumeric and unique characters
Change each 60 days
Cannot be reused after each five cycles
Is locked out after 3 failed tries In addition, you ought to be performing everyday password auditing to check the energy of passwords; this have to also be documented within the password policy.
Question one hundred thirty five. What Resources Are Located On Your Dmz?

Answer :

Only systems which can be semi-public should be kept at the DMZ. This consists of outside web servers, outside mail servers, and outside DNS. A split-structure may be used in which internal internet, mail, and DNS are also positioned on the internal network.

Question 136. Are You Performing Content Level Inspections?

Answer :

In addition to the content material stage inspection executed through the IDS, specific content inspections ought to additionally be finished on internet server visitors and different software visitors. Some attacks steer clear of detection by means of containing themselves in the payload of packets, or by way of altering the packet in some way, such as fragmentation. Content level inspection on the web server or software server will defend in opposition to attacks including those which are tunneled in valid communications, assaults with malicious records, and unauthorized software usage.

Question 137. What Are Your Critical Business Systems And Processes?

Answer :

Identifying your important enterprise systems and processes is step one an business enterprise need to take as a way to enforce the precise protection protections. Knowing what to shield allows determine the necessary security controls. Knowing the crucial systems and procedures enables determine the commercial enterprise continuity plan and catastrophe recovery plan method. Critical business systems and approaches might also consist of an ecommerce web site, client database information, worker database records, the capability to answer smartphone calls, the capability to respond to Internet queries, and so forth.

Question 138. What Is An Ip Grabber?

Answer :

An ip grabber is a software so one can locate the ip address of another pc. Often used by hackers.

Question 139. What Is The Difference Between Network Security And Cryptography?

Answer :

Cryptography is the planned try to difficult to understand or scramble the data in order that only a licensed receiver can see the message. Network safety may employ cryptography, however has many different equipment to at ease a network, including firewalls, auditing, Intrusion Detection Systems, and so on. Cryptography might be used handiest whilst seeking to preserve messages mystery while sending them across a network or preserving statistics mystery in a report.

Question a hundred and forty. What Are The Three Legs Of Network Security?

Answer :

The 3 principal tenets of protection general location: Confidentiality Availability Integrity.

Question 141. What Type Of Remote Access Is Allowed?

Answer :

Remote get admission to should be tightly controlled, monitored, and audited. It should simplest be supplied over a cozy verbal exchange channel that makes use of encryption and strong authentication, such as an IPSEC VPN. Desktop modems (including packages together with PCAnywhere), unsecured wireless access points, and other vulnerable strategies of far off get entry to must be prohibited.

Question 142. How Do You Secure A Wireless Network?

Answer :

Most wi-fi routers let you encrypt the use of a passphrase. When you do pick out a password, make sure that it makes use of uppercase, lowercase, numbers, and special characters. You will need to stay away from any words or levels that may be determined within the dictionary. And set it for WPA2

Question 143. What Is An Arp And How Does It Work?

Answer :

ARP(ADDRESS RESOLUTION PROTOCOL) is a network layer protocol which associates the physical hardware cope with of a network node(normally called a MAC ADDRESS) to its ip address. Now an ARP creates a table called ARP CACHE/TABLE that maps ip addresses to the hardware addresses of nodes at the local community.

If based totally at the ip cope with it sees that it has the node's mac address in its ARP TABLE then transmitting to that ip cope with is performed faster due to the fact the vacation spot is thought and voila network traffic is reduced.

Question a hundred and forty four. Explain What Are Digital Signatures And Smart Cards?

Answer :

Digital signature : Information this is encrypted with an entity non-public key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The virtual signature proves that the message changed into signed by the entity that owns, or has access to, the non-public key or shared mystery symmetric key.

Smart playing cards : Smart cards help companies evolve and enlarge their products and services in a hastily converting global marketplace. In addition to the well known industrial packages (banking, bills, access control, identification, ticketing and parking or toll collection), in current years, the information age has brought an array of security and privacy problems which have called for advanced smart card safety applications (relaxed logon and authentication of users to PC and networks, garage of virtual certificate, passwords and credentials, encryption of sensitive information, wi-fi verbal exchange subscriber authentication, and so forth.)

Question a hundred forty five. Explain Difference Between Broadcast Domain And Collision Domain?

Answer :

Broadcast Domain

ship the packet to all of the Present Network

IT can be send with the aid of the man or woman

it could broadcast by means of the switch when the address now not located inside the Network.

For breaking broadcast domain We can Use Router

Collision Domain:

Switch has no collision as examine to hun (layer on Device Broadcast Domain is the region in which while one device in the network sends the statistics or packet it's going to obtained by all the gadgets gift over the network.

Question 146. What Is Kerberos Protocol?

Answer :

Kerberos is an authentication protocol, it is named after a canine who is in keeping with the Greek mythology, - is said to stand on the gates of Hades.In the phrases of pc networking it's miles a set of software utilized in huge networks to authenticate and establish a consumer's claimed identity. It is developed by using MIT and using a combination of encryption as well as allotted databases in order that the person can log in begin a consultation.

It has a few negative aspects although. As I stated Kereberos had been advanced by means of MIT underneath the undertaking Athena, - Kerberos is designed to authenticate the stop users on the servers.

Question 147. Explain How Does Trace Route Work? Now How Does Trace Route Make Sure That The Packet Follows The Same Path That A Previous (with Ttl - 1) Probe Packet Went In?

Answer :

First of all see traceroute works the use of ICMP packets. First source sends an ICMP packet with Time to Live (TTL) area as 1 to the destination deal with. Now intermediate router receives the packet and sees that TTL subject has expired, so it sends a ICMP TTL expired respond. Now the supply device once more sends the ICMP packet with TTL area as 2. This time second intermediate router replies. This procedure is repeated until vacation spot is reached. That way the source can get the entire path upto destination.

Question 148. Explain What Are All The Technical Steps Involved When The Data Transmission From Server Via Router?

Answer :

When a packet is despatched out of a server, It has source and Destination IP, supply and destination Port no and source and destination Mac ID, first it is despatched to the switch, The switch tests the packet whether the MAC ID is in the MAC-Address-Table if now not it broad casts the message if the vacation spot IP isn't within the equal section Then it ahead the packet to the gateway (commonly the router or firewall). Then the router/firewall assessments its routing desk and access lists if it has the records about the destination IP and if it has access to the destination IP it forwards it to the next hop, and if someone of the condition fails it just drops the packet.

Question 149. Explain For A Small Lan Which Class Of Addressing Is Used?

Answer :

For small lan we use magnificence-c cope with Explanation:In magnificence C ip deal with the primary three bytes out of four are for network deal with whilst the ultimate byte is for host cope with that can variety from 1-254 that is smallest lan viable while elegance B has two bytes and class A has three bytes reserved for host cope with which will increase number of hosts in the ones classes.

Qu




CFG