Interview Questions.

Q1. Explain What Is Brute Force Hack?

Brute pressure hack is a way for hacking password and get access to device and network sources, it takes a lot time, it needs a hacker to learn about JavaScripts.  For this cause, you may use tool name “Hydra”.

Q2. Explain How You Can Stop Your Website Getting Hacked?

By adapting following technique you can forestall your internet site from getting hacked

Sanitizing and Validating customers parameters: By Sanitizing and Validating consumer parameters before submitting them to the database can lessen the possibilities of being attacked through SQL injection

Using Firewall: Firewall may be used to drop visitors from suspicious IP address if attack is a simple DOS

Encrypting the Cookies: Cookie or Session poisoning can be prevented by means of encrypting the content material of the cookies, associating cookies with the patron IP cope with and timing out the cookies after a while

Validating and Verifying user input : This method is ready to save you shape tempering by using verifying and validating the user input earlier than processing it

Validating and Sanitizing headers :  This techniques is useful in opposition to cross website scripting or XSS, this approach includes validating and sanitizing headers, parameters passed thru the URL, form parameters and hidden values to reduce XSS assaults

Q3. What Is Footprinting In Ethical Hacking? What Is The Techniques Used For Footprinting?

Footprinting refers gathering and uncovering as a whole lot as records approximately the target network earlier than gaining access into any network. The technique followed by means of hackers before hacking

Open Source Footprinting : It will look for the touch records of directors a good way to be used in guessing the password in Social engineering

Network Enumeration : The hacker tries to perceive the domains and the network blocks of the target network

Scanning : Once the network is known, the second one step is to secret agent the energetic IP addresses at the community.  For identifying energetic IP addresses (ICMP) Internet Control Message Protocol is an lively IP addresses

Stack Fingerprinting : Once the hosts and port have been mapped with the aid of scanning the network, the very last footprinting step can be done.  This is called Stack fingerprinting.

Q4. Explain What Are The Types Of Hacking Stages?

The types of hacking levels are

Gaining AccessEscalating

PrivilegesExecuting

ApplicationsHiding

FilesCovering Tracks

Q5. Explain What Is Dhcp Rogue Server?

A Rogue DHCP server is DHCP server on a network which is not underneath the control of management of community group of workers. Rogue DHCP Server may be a router or modem.  It will offer customers IP addresses , default gateway, WINS servers as quickly as user’s logged in.  Rogue server can sniff into all of the site visitors sent by way of patron to all other networks.

Q6. Explain What Is Ethical Hacking?

Ethical Hacking is while a person is permitted to hacks the system with the permission of the product proprietor to find weakness in a system and later repair them.

Q7. What Is The Difference Between Ip Address And Mac Address?

IP address: To every tool IP deal with is assigned, so that tool can be located on the community.  In other phrases IP deal with is like your postal cope with, where each person who is aware of your postal address can send you a letter.

MAC (Machine Access Control) deal with: A MAC deal with is a unique serial quantity assigned to each network interface on each device.  Mac address is like your bodily mail container, best your postal service (community router) can identify it and you may change it via getting a brand new mailbox (community card) at any time and slapping your name  (IP deal with) on it.

Q8. Explain What Is Cross-website Scripting And What Are The Types Of Cross Site Scripting?

Cross website online scripting is achieved by using the use of the recognised vulnerabilities like web primarily based programs, their servers or plug-ins customers rely on.  Exploiting such a with the aid of placing malicious coding right into a link which appears to be a sincere source.  When customers click on in this hyperlink the malicious code will run as a part of the purchaser’s internet request and execute on the user’s pc, allowing attacker to steal statistics.

There are 3 styles of Cross-site scripting

Non-chronic

Persistent

Server side versus DOM based totally vulnerabilities

Q9. Explain What Is Enumeration?

The process of extracting system call, user names, community sources, stocks and offerings from a machine. Under Intranet surroundings enumeration techniques are conducted.

Q10. What Are The Types Of Ethical Hackers?

The styles of moral hackers are

Grey Box hackers or Cyberwarrior

Black Box penetration Testers

White Box penetration Testers

Certified Ethical hacker

Q11. Explain What Is Arp Spoofing Or Arp Poisoning?

ARP (Address Resolution Protocol) is a form of attack wherein an attacker modifications MAC ( Media Access Control) deal with and assaults a web LAN by changing the goal laptop’s ARP cache with a forged ARP request and reply packets.

Q12. Explain What Is Sql Injection?

SQL is one of the method used to steal facts from agencies, it's miles a fault created within the application code.  SQL injection happens whilst you inject the content material right into a SQL question string and the end result mode content material right into a SQL query string, and the result modifies the syntax of your query in approaches you probably did not intend.

Q13. Mention What Are The Types Of Password Cracking Techniques?

The varieties of password cracking technique consists of

AttackBrute Forcing

AttacksHybrid

AttackSyllable

AttackRule

Q14. Explain What Is Mib?

MIB ( Management Information Base ) is a digital database.  It includes all of the formal description about the network items that may be controlled the usage of SNMP.  The MIB database is hierarchical and in MIB every managed objects is addressed via object identifiers (OID).

Q15. Explain What Is Network Sniffing?

A community sniffer monitors statistics flowing over laptop community links. By allowing you to seize and view the packet stage statistics on your community, sniffer tool let you to find network troubles. Sniffers may be used for both stealing facts off a community and also for valid network management.

Q16. Explain What Is Pharming And Defacement?

Pharming: In this method the attacker compromises the DNS ( Domain Name System) servers or on the user laptop so that site visitors is directed to a malicious website.

Defacement: In this approach the attacker replaces the organisation website with a unique web page.  It carries the hackers call, images and can even encompass messages and history track.

Q17. How You Can Avoid Or Prevent Arp Poisoning?

ARP poisoning may be averted by using following methods

Packet Filtering : Packet filters are capable for filtering out and blockading packets with conflicting supply deal with information

Avoid believe dating : Organization need to develop protocol that rely on consider relationship as low as feasible

Use ARP spoofing detection software program : There are packages that inspects and certifies statistics earlier than it is trmitted and blocks information this is spoofed

Use cryptographic community protocols : By using cozy communications protocols like TLS, SSH, HTTP comfy prevents ARP spoofing attack by encrypting information previous to trmission and authenticating records while it's miles acquired

Q18. What Is Mac Flooding?

Mac Flooding is a way in which the security of given network switch is compromised. In Mac flooding the hacker or attacker floods the transfer with big number of frames, then what a switch can cope with. This make transfer behaving as a hub and trmits all packets at all of the ports. Taking the benefit of this the attacker will try to ship his packet inside the community to steal the touchy information.

Q19. List Out Some Of The Common Tools Used By Ethical Hackers?

Meta Sploit

Wire Shark

NMAP

John The Ripper

Maltego

Q20. Explain What Is Csrf (cross Site Request Forgery)? How You Can Prevent This?

CSRF or Cross web page request forgery is an assault from a malicious website so as to ship a request to an internet utility that a consumer is already authenticated towards from a different internet site. To save you CSRF you may append unpredictable undertaking token to each request and partner them with user’s session.  It will make certain the developer that the request acquired is from a valid supply.

Q21. Explain What Is Key-logger Trojan?

Key-logger Trojan is malicious software that may screen your keystroke, logging them to a record and sending them off to remote attackers. When the preferred behaviour is observed, it's going to file the keystroke and captures your login username and password.

Q22. Explain What Is Ntp?

To synchronize clocks of networked computers, NTP (Network Time Protocol) is used.  For its primary me of conversation UDP port 123 is used.  Over the general public internet NTP can maintain time to inside 10 milliseconds.

Q23. What Are The Types Of Computer Based Social Engineering Attacks? Explain What Is Phishing?

Computer based totally social engineering attacks are

Phishing

Baiting

On-line scams

Phishing method entails sending false e-mails, chats or internet site to impersonate real gadget with intention of stealing records from original website.

Q24. Explain What Is Burp Suite, What Are The Tools It Consist Of?

Burp suite is an integrated platform used for attacking web packages. It includes all of the Burp equipment required for attacking an application.  Burp Suite device has identical approach for attacking net applications like framework for handling HTTP request, upstream proxies, alerting, logging and so forth.

The gear that Burp Suite has

Proxy

Spider

Scanner

Intruder

Repeater

Decoder

Comparer

Sequencer

Q25. Explain What Is Dos (denial Of Service) Attack? What Are The Common Forms Of Dos Attack?

Denial of Service, is a malicious attack on network this is performed by way of flooding the community with vain site visitors.  Although, DOS does not motive any theft of information or safety breach, it may value the website owner a great deal of time and money.

Buffer Overflow Attacks

SYN Attack

Teardrop Attack

Smurf Attack

Viruses