Top 42 Computer Security Interview Questions
Q1. What Should I Think About When Using Snmp?
In other SNMP enabled machines you may configure both an write and a examine network name. On a Windows NT gadget you could simplest set one. Not having a community name does no longer disable the provider, as one may count on.
Q2. What Is Cryptoapi?
CryptoAPI is a fixed of encryption APIs that permit builders to expand packages that paintings securely over nonrelaxed networks, including the Internet. CryptoAPI is sent with NT version four and the Internet Explorer three.@Version 2.Zero of CryptoAPI comes with SP3 for NT4.
Q3. What Makes A Strong Password?
Strong passwords are longer than six characters, carries letters and numbers and even capital letters. Of direction a password is vain in case you forget about it, however remember that using your delivery date or call makes you an clean target for hackers.
Q4. Are There Any Known Problems With The Screen Saver / Screen Lock Program?
Yes. In model 3.5 and three.Fifty one, if the administrator determine to kick a user off, then the admin has a small time window to see the content material of the customers cutting-edge screen and computing device.
Q5. What Is Sam (protection Account Manager)?
SAM stands for Security Account Manager and is the one who continues the security database, stored in the registry underneath HKLMSAM. It serves the Local Security Authority (LSA) with SIDs. The SAM continues the user account database.
Q6. What Is Computer Impersonation?
Impersonation is the capacity of a thread to execute in a security context apart from from that of the manner that owns the thread. This enables a server to behave on behalf of a purchaser to access its very own objects.
Q7. Explain About User Security?
Users are prone to a number of attacks, which include dictionary password guessing. In Windows NT, one manner to guard towards those forms of attacks is to set the number of failed logins earlier than disabling the account brief or until the gadget manager manually enables it again.
Q8. What Is An Access Token?
Each manner has an related get admission to token that's used by the machine to affirm whether the method ought to be granted get entry to to a selected item or now not. The get admission to token includes a consumer SID, a listing of institution SIDs representing the organizations the consumer belongs to, and a list of user rights (privileges) the person is blessed with.
Q9. What Servers Have Tcp Ports Opened On My Nt System? Or: Is Netstat Broken?
Normally, the netstat program need to document statistics at the popularity of the networking connections, routing records, etc. With the choice A or a, it have to listing all TCP and UDP to be had connections and servers which can be accepting connection. On Windows NT, despite the fact that the documentation states in any other case, this isn't the case.
There are not any easy way to test what offerings which might be walking with TCP ports opened to accept connections. Currently the simplest manner to get a few statistics about this is to apply a port scanner software and check via every TCP port on the NT gadget. This isn't always a fool proof manner of handling the problem.
This is a extreme hassle if you plan to have NT based computers in the firewall surroundings. You can not without difficulty hardened them to become bastion hosts, since you are not assured what varieties of network services that is probably handy from the outdoor.
It is a confirmed bug in Windows NT three.5, 3.Fifty one and four.@I do now not assume Microsoft to restoration it soon enough.
Update: netstat.Exe is fixed as of NT4 SP3, however it nonetheless shows a few peculiar behavior. For example, on a reasonably loaded device, you can discover numerous duplicates of open connections.
Q10. How Can I Avoid Computer Viruses?
Most viruses travel through e mail or internet downloads. Never open attachments from unknown senders and be very careful when downloading software program from internet assets.
Q11. What Is A Firewall?
A Firewall is software program that blocks unauthorized customers from connecting to your laptop. All computers at Bank Street are included with the aid of a firewall that is monitored and up to date with the aid of CIS.
Q12. What Are The Security Issues Related To Odbc Usage?
There are numerous safety issues associated with ODBC utilization :
Add hooks
Tracing ODBC connections
Any call with indirections, along with calls to ODBC facts assets, are feasible to intercept via attaching to premade hooks. By tracing ODBC connections, which is a very legitime issue to do for the duration of software program development, you could get access to touchy information, such as consumer name for the connected database.
Q13. What Are Privileges (user Rights)?
A privilege is used to control get right of entry to to a provider or object extra strictly than is normal with discretionary get right of entry to manage.
Q14. What Is The Iis Lockdown Tool?
This device is a part of the IIS Lockdown Wizard and it really works by using turning off pointless features of the IIS server and thereby decreasing the attack floor to be had to an attacker. This tool also works along with URLscan to offer multiple layers of protection and safety. See the IIS Lockdown Tool page on TechNet describes its features and traits as well as gives steps for download and setup.
Q15. What Are Giant Packets? Or, Is Windows Nt Susceptible To The Ping Attack?
There are combined reviews whether or not or now not NT is prone to this attack. By the use of ping to send a big packet to certain structures, they could dangle or crash.
Windows NT three.51 appear to be prone to this attack. A expertise base article, Q132470, describes symptoms in Windows NT 3.51, and additionally include a pointer to a patch for this problem
Q16. Are Cgi Scripts Insecure?
CGI scripts are a major source of security holes. Although the CGI (Common Gateway Interface) protocol isn't always inherently insecure, CGI scripts ought to be written with simply as much care because the server itself. Unfortunately some scripts fall short of this standard and trusting Web administrators set up them at their sites without understanding the issues.
Q17. What Is Srm (security Reference Monitor)?
The Security Reference Monitor is the kernel mode component that does the real get admission to validation, in addition to audit era.
Q18. How Can I Avoid Spyware?
Most Spyware comes from loose internet downloads including screensavers and PeertoPeer packages (Kazaa, LimeWire, etc). The handiest way to avoid Spyware is to now not deploy any of these malicious programs.
Q19. What Is The Urlscan Security Tool?
Urlscan is a powerful IIS security device that works together with the IIS Lockdown Tool to offer IIS Web site administrators the capacity to restriction sure HTTP requests that the server will procedure, and consequently prevents probably dangerous requests from attaining the server and inflicting harm. The URLScan Security Tool page on Microsoft TechNet describes its functions and usage, presents wers to common questions, and info steps for download and set up.
Q20. Is Nt Susceptible To Syn Flood Attacks?
Yes. To my knowledge, all IP based totally structures are possible victims for the attack.
Q21. I Have Been Hearing A Lot About Firewalls, But I Am Not Sure What It Is Or If I Need It. Can You Help?
A firewall is basically a software program software that permits you complete get entry to to the Internet and/or your community, while restricting get entry to for your computer system from outside intrusions.
Internet customers are extraordinarily at risk of hackers, especially if you have cable or ADSL get right of entry to to the Internet. You genuinely want to defend your computer device.
Once you install a firewall, you’ll be amazed at what number of attempts to get right of entry to your pc are blocked through your firewall.
Hackers can at once access your laptop device with the aid of installing applications including a key logger that could examine every keystroke you are making. This facts is recorded and sent lower back to the hacker. Private statistics inclusive of passwords and credit card numbers can effortlessly be stolen.
A key logger is a small software application that quietly runs within the history.
As these packages pretty regularly run in DOS, you will mostpossibly by no means recognise it’s running. However, you may see if a key logger is running by means of urgent ‘manipulate’ – ‘alt’ – ‘delete’ on your keyboard. This will release a window that incorporates a list of all of the programs presently running in your device. Review the list and look ahead to packages you don’t recognize.
If you actually need to preserve your computer safe, I endorse the subsequent:
Purchase a very good virus software and preserve it up to date
Purchase an excellent firewall software and preserve it updated
Purchase a program like Pest Patrol and maintain it updated
Q22. What Are The Most Important Steps You Would Recommend For Securing A New Web Server? Web Application?
Web Server Security:
Update/Patch the internet server software program
Minimize the server functionality – disable extra modules
Delete default facts/scripts
Increase logging verboseness
Update Permissions/Ownership of files
Web Application Security:
Make sure Input Validation is enforced in the code – Security QA testing
Configured to display widespread mistakes messages
Implement a software safety policy
Remove or defend hidden files and directories
Q23. How Do I Get My Computer C2 Level Security, Or, What Is C2config?
On the CDROM that is covered inside the NT Resource Kit, there is a application known as c2config that may be used for tighten the security of a NT based pc.
Be conscious, that c2config will no longer work well on structures with localized environment, e.G. A german NT that uses ACLs in german, now not in english.
Q24. Is It Possible To Use Packet Filters On An Nt Machine?
NT 4 comes with constructedin support for packet filtering. It is a easy however still usable filtering characteristic that the administrator can configure to simply allow some IP packets attain the actual programs walking on the machine.
You find configuration panel for the filtering feature on “Control Panel >Network>TCP/IP>Services>Advanced>Security”
Be aware that this easy filtering mechanism is not an alternative to a actual firewall since it can't do advanced stuff like protection towards ipspoofing, etc.
Q25. Can My Page File Hold Sensitive Data?
It can. Memory pages are swapped or paged to disk whilst an application needs physical reminiscence. Even even though the web page file (see Control Panel>System >Performance>Virtual Memory) is not reachable while the gadget is running, it could be accessed by, as an instance, booting every other OS.
There is a registry key that can be created so that the reminiscence supervisor clears the web page document while the gadget goes down:
HKLMSYSTEMCurrentControlSetControlSession
ManagerMemoryManagementClearPageFileAtShutdown: 1
Note that the clearing of the page record only is executed while the system is introduced down in a controlled fashion. If the device is simply switched off or brought down in another brute manner, of route no clearing could be achieved.
Q26. What Is A Sid (security Id)?
SID stands for Security Identifier and is an internal fee used to uniquely discover a person or a set.
A SID incorporate:
User and organization security descriptors
48bit ID authority
Revision level
Variable subauthority values
Q27. What Is An Ace (get right of entry to Control Entry)?
AccessControl Entries that is used to construct AccessControl Lists (ACLs).
Each ACE carries the following information:
A SID, that identifies the trustee. A trustee may be a user account, institution account, or a logon account for a application consisting of a Windows NT service.
An get entry to mask specifying access rights managed by means of the ACE.
Flags that suggests the kind of ACE and flags that determine whether different objects or containers can inherit the ACE from the number one item to which the ACL is connected.
Q28. What Is Shutdown.Exe?
There are a worm within the application shutdown.Exe which are a part of the NT Resource Kit. That trojan horse disables the display saver on a faraway device
Q29. What Do You See As The Most Critical And Current Threats Affecting Internet Accessible Websites?
To gauge the applicant’s know-how of cutting-edge web associated threats. Topics inclusive of Denial of Service, Brute Force, Buffer Overflows, and Input Validation are all applicable topics. Hopefully they may point out facts supplied with the aid of web security agencies inclusive of the Web Application Security Consortium (WASC) or the Open Web Application Security Project (OWASP).
Q30. Use The Out Put From Any Network Security Scanner, Which Ever Network Security Scanner Is Used By The Interviewer And Ask The Interviewee To Interpret The Results.What Does The Scanner Output Say, How
This lets the interviewer determine how properly the interviewee can interpret and voice again the effects of a security experiment, and the way properly they are able to communicate. The interviewer must already have labored with the scanner, its output, and should be able to work with the interviewee to determine the finer points of the statistics offered.
Q31. What Is Authenticode?
Authenticode is a way to ensure customers that code they down load from the net has now not been tampered with and offers the code an etched in ID of the software program writer. Microsoft is pushing this as a brand new way of having higher protection into software distribution over the internet
Q32. What Is The Security Threat Level Today At The Internet Storm Center (isc)?
For the interviewer the URL is http://isc.S.Org and is commonly inexperienced. The reason for asking the question is to find out if the candidate is on pinnacle of what the internet looks as if today. You can replacement the ISS rating one through five http://www.Iss.Internet that is normally one, but maximum safety oldsters realize approximately the ISC and could spend time there.
Q33. What Are Some Examples Of You How You Would Attempt To Gain Access?
They can also try default usernames/passwords or try SQL Injection queries that offer an SQL real announcement (together with – ‘ OR 1=1#). If they offer SQL examples, then offer them the following Error document facts and ask them what this indicates.
ODBC Error Code = 37000 (Syntax error or get admission to violation)
[Microsoft][ODBC SQL Server Driver][SQL Server]Line four: Incorrect syntax close to ‘=’.
Data Source = “ECommerceTheArchSupport2”
SQL = “SELECT QuickJump_Items.ItemId FROM QuickJump_Items WHERE
QuickJump_Items.ItemId <> zero AND QuickJumpId =”
The mistakes happened while processing an element with a trendy identifier of (CFQUERY), occupying record role (1:1) to (1:forty two) in the template report K:InetPubclientsloginhttpailment.Cfm
The precise series of documents covered or processed is:
K:INETPUBCLIENTSLOGINHTTPAILMENT.CFM
This errors message shows that the goal internet software if strolling Microsoft SQL and discloses directory structures
Q34. What Is An Acl (get entry to Control List)?
An ACL is a list of ACEs.
Q35. What Do You See As Challenges To Successfully Deploying/tracking Web Intrusion Detection?
We are trying to peer if the applicant has a wide expertise of web safety monitoring and IDS problems which includes:
Limitations of NIDS for web monitoring (SSL, semantic issues with expertise HTTP)
Proper logging – growing the verboseness of logging (Mod_Security audit_log)
Remote Centralized Logging
Alerting Mechanisms
Updating Signatures/Policies
Q36. What Is The Microsoft Baseline Security Analyzer?
The Microsoft Baseline Security Analyzer (MBSA) is a graphical and commandline interface evolved with the aid of Microsoft which can carry out neighborhood or far flung sc of Windows systems, assessing any lacking hotfixes and vulnerabilities in certain Microsoft products.
Q37. How Can I Secure My Client Computers Against My Users?
One manner to make it harder for the nearby user to do any damage to the device is to have a local PC without any tough disk or floppy disk. To boot, the device will want to speak to a boot server over the community.
Q38. How Can I Protect My Home Computer?
The high-quality manner to guard your personal pc is to install AntiVirus and Firewall software. CIS does no longer guide home computer systems however under are some helpful hyperlinks to facts approximately safeguarding your pc at domestic.
Q39. How Do I Secure Windows 2000 And Iis 5.Zero?
Security is a huge situation for anybody involved in commercial enterprise approaches, control, and management. A appropriate resource of information on keeping security in Windows 2000 and IIS is the security phase of the Windows 2000 site. Also see Internet Information Services (IIS) on the Microsoft TechNet web site, wherein you could find statistics on securing IIS servers further to resources that will help you preserve a cozy device and stay present day with any releases, updates, and tools.
Q40. What Ports Must I Enable To Let Nbt (netbios Over Tcp/ip) Through My Firewall?
First of all, you ought to sincerely, truely reconsider if that is this kind of good idea to allow NBT site visitors through your firewall. Especially if the firewall is among your inner network and Internet.
The problem with NBT is that straight away you open it up thru the firewall, human beings could have potential get admission to to all NetBios services, not just a spread of them, which includes printing.
The following is a listing of the ports used by NBT:
netbiosns 137/tcp NETBIOS Name Service
netbiosns 137/udp NETBIOS Name Service
netbiosdgm 138/tcp NETBIOS Datagram Service
netbiosdgm 138/udp NETBIOS Datagram Service
netbiosssn 139/tcp NETBIOS Session Service
netbiosssn 139/udp NETBIOS Session Service
Q41. What Is Spyware?
Spyware is software that is hooked up with out your expertise. The purpose of Spyware is to reveal your computing activities and file this records returned to companies for advertising purposes. Besides being an invasion of privacy, this software can cause critical performance problems.
Q42. What Is A Null Session?
A NULL session connection, additionally referred to as Anonymous Logon, is a manner of letting a now not logged on person to retrieve facts which include person names and shares over the community. It is used by packages along with explorer.Exe to enumerate shares on far flung servers. The unhappy element is that it we could nonlegal customers to do more than that. Particularly thrilling is remote registry get entry to, where the NULL consultation consumer has the identical permissions as constructedin institution Everyone.
With SP3 for NT4.0 or a restore for NT3.Fifty one, a system administrator can restriction the NULL consultation get right of entry to, see $$$: Q14347@With this restore, a brand new properlyacknowledged SID is defined, named “Authenticated Users”, which is Everyone except NULL session related customers. Replacing Everyone in all ACLs on the gadget with this Authenticated User would be a great component.
To try this in a controlled style, you'll be able to use cacls.Exe for the document system, however ought to depend on a few 0.33 celebration product for the registry ACLs. Using explorer.Exe/winfile.Exe or regedt32.Exe will most without a doubt wreck the gadget. The motive for this is that these equipment replace the ACL as opposed to modifying it.
