Technical Questions – Cyber Security – Intake36

What is the difference between :

1 – Cable Types , connectors

2 – Virus , Worm , Trojan , Spam

3 – Router , Switch , Hub

4 – IPS , IDS

5 –confidentiality , integrity , Accountability , availability , authentication ,authorization, non-reputational?

6 – Ipv4 , Ipv6

7 –Firewall Vs Antivirus

8 – OOP & Structure programming

9 – Overload Vs Overwrite

10 – Buffer Vs Cache

11 – UTM & ASA

12 – thread & process

13 – threat , risk , vulnerabilities , exploit

14 – Fat , Fat32

15 – TCP & UDP

16 – Connection oriented & Connectionless

-------------------------------------------------------------------------------------------------------------------------------

General Questions :
1 – what are the protocols & Port numbers :
- DNS – HTTP – FTP – HTTPS – ARP – ICMP – SMTP – POP3 –

2 – where does user information password stored in windows ?

3 – What are the types of Hackers ?

4 – what are the types of Attacks ?

5 – What are the companies work in Security in EGYPT ?

6 – what are the 5 phases of attack ?

What Does this mean :
1 - Domain environment

2 – Active Directory

3 – Incident Response

4 – Rapid7

5 – File system

6 – Operating System

7 – Deadlock

8 – MacAfee

9 – CSMA/CD

10 – Digital Forensics

11 – APIPA

12 – Hijacking

13 – Proxy Server

14 – Botnet , Key logger , Rootkit , Backdoor

15 – Metric

16 – Mac address

17 – Encryption , Encoding , SSL , WPA/WPA2 , TKIP , HTTPS

18 –VPN

19 – Honeypot

20 – Vlans

21 – Routing Protocols

22 – Sub-netting

23 – OSI Layers

25 – MD5

26 – Digital signature
1.1 – Cable Types :
- Copper :
- Twisted pair ( shielded – unshielded ) – Cat5 , 5enhanced , 6 , 6e
Max speed  10 - 100 – 1000 Mbps Max Length  100 Meter ( without repeater )
Straight – cross – roll over.

- Coaxial: Thin , Thick

Speed  10 -100 Mbps Max Length  200 M (thin) - 500 M (thick )
- Fiber Optic :
- Single mode : Small core - Up to 3 Kilo Meter – Light source  Laser
- multi-mode : Large Core – up to 2 KM – Light source  LEDs
- Console
- Serial

1.2 - Connectors :
- RJ-45 – Ethernet ( UTP , STP ).
- RJ-11 – Phone cables
- BNC Connecter ( Coaxial Cable ).
- LC , ST and SC connectors ( Fiber optic )

2–
Virus : a program that self-replicates after hooking itself onto EXE files , it infects other files.
Types of viruses :

Boot Sector - Browser Hijacker - Direct Action Virus - File Infector

Macro – Multipartite – Polymorphic – Resident - Web Scripting

Worm : is a standalone program that doesn’t require user intervention to spread. Worms don’t infect existing files –
they spread copies of themselves instead. Worms generally are little programs that run in the background of your
system , Example : Mydoom worm

Trojan : software that you thought was going to be good , but it turns out to be something bad . Trojans don’t try to
spread themselves in any way, it must be manually executed by a user.

Spam : flooding the network with many copies of the same message, in an attempt to force the message on people
who would not otherwise choose to receive it.

3–
Router : A device that forwards data packets along networks. A router is connected to at least two
networks, commonly two LANs or WANs or a LAN and its ISP. Routers are located at gateways, the places
where two or more networks connect. it determines the best path for forwarding the packets.

Switch : filters and forwards packets between LAN segments – it operates at the data link layer (layer 2)
and sometimes the network layer (layer 3) of the OSI Reference Model , keeps a record of the MAC
addresses of all the devices connected to it.

Hub : connection devices in network – used to connect segments of a LAN – contain multiple ports -
When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets
4–

Intrusion Detection System (IDS) :

provides the network with a level of preventive security against any suspicious activity. The IDS achieves
this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not
designed to block attacks.

Intrusion Prevention System (IPS) :

is a device that controls access to IT networks in order to protect systems from attack and abuse. It is
designed to inspect attack data and take the corresponding action, blocking it as it is developing and
before it succeeds, creating a series of rules in the corporate firewall.

5–

confidentiality : Message confidentiality or privacy means that the sender and the receiver expect
confidentiality. The transmitted message must make sense to only the intended receiver.

integrity : the assurance that information can only be accessed or modified by those authorized to do so, it
means that the data must arrive at the receiver exactly as they were sent.

availability : the information must be available when it is needed. This means that the computing systems
used to store and process the information

authentication : the receiver needs to be sure of the sender's identity and that an imposter has not sent
the message

authorization: The process of determining that a requester is allowed to receive a service or perform an
operation. Access control is an example of authorization.

non-reputational: means that a sender mustn’t deny sending a message that the user did send

6–

IPv4
Address 32 bits (4 bytes)
Packet size 576 bytes required,
fragmentation optional
Packet header Does not identify packet
flow for QoS handling
Includes a checksum
IPv6
128 bits (16 bytes)
1280 bytes required without fragmentation
Contains Flow Label field that specifies packet flow for QoS
handling
Does not include a checksum

Address Manual or via DHCP Stateless address auto-configuration (SLAAC) using

configuration Internet Control Message Protocol version 6 (ICMPv6) or
DHCPv6
Broadcast Yes No
Multicast Yes Yes
7–

Firewall : Also known as a packet filter, it is software which monitors network traffic and connection
attempts into and out of a network or computer and determines whether or not to allow it to pass.
Depending on the sophistication.
it could be a software that work in standalone device , or a hardware that monitors the whole network.

Antivirus: a software which will find programs , files that might harm your computer, either by being
executable or by exploiting a vulnerability. It detects these kinds of harmful programs that are already
installed on your computer or about to be installed.
It can perform various protective measures (based on the security settings in the Anti-virus software) such
as quarantine, permanent removal, fix, etc.

8–

Object Oriented Programming : focuses on data. , supports inheritance, encapsulation, abstraction,

polymorphism, etc , Programs are divided into small entities called objects. can solve any complex programs. more
flexibility.

Structure programming : focuses on process/ logical structure and then data required for that process. Programs
are divided into small self-contained functions. less secure as there is no way of data hiding. can solve moderately
complex programs. less flexibility.

9–

Overload : deals with the notion of having two or more methods(functions) in the same class with the same name
but different arguments.

Override : Method overriding means having two methods with the same arguments, but different implementation.
One of them would exist in the Parent class (Base Class) while another will be in the derived class(Child Class)

10 –

Buffer: transparently stores data so that future requests for that data can be served faster

Cache: temporarily stores data while the data is the process of moving from one place to another.

11 –

UTM : Cyberoam Unified Threat Management hardware appliances offer comprehensive security to
organizations, ranging from large enterprises to small and branch offices. Multiple security features
integrated over a single, Layer 8 Identity-based platform make security simple, yet highly effective.

Enterprise Firewall - VPN - Anti-Virus and Anti Spyware Gateway - Premium Level Anti-Spam
IPS - URL Filtering.

ASA: Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution, provides enterprise-level firewall
capabilities
12 –

Thread: threads within the same process share the same address space, whereas different processes do not. could
be considered a ‘lightweight’ process , easier to create than processes since they don't require a separate address
space.

Process: is an executing instance of an application, are used for more ‘heavyweight’ tasks – basically the execution of
applications is a process BUT the path to the file is a thread. A process can consist of multiple threads.

13 –

Threat : A threat is an agent that can result in harm to the target organization. Threats include organized crime,
spyware, malware and adware companies, Worms and viruses also characterize a threat.

Vulnerabilities : is some flaw in our environment that a malicious attacker could use to cause damage in your
organization. Vulnerabilities could exist in numerous areas in our environments, including our system design,
business operations, installed soft wares, and network configurations.

Risk : is where threat and vulnerability overlap. That is, we get a risk when our systems have a vulnerability that a
given threat can attack.

Exploit: is the way or tool by which an attacker uses a vulnerability to cause damage to the target system it could
be a package of code which creates packets that overflow a buffer in software running on the target, which is also
known as buffer overflows. Alternatively, the exploit could be a social engineering scheme whereby the bad guy talks
a user, preferably an employee into revealing sensitive information, such as a password, over the phone.

14 –
15 –

TCP UDP

‫بيستخدم مع المراد التحقق من صحته ومن البيانات الموثوق فيها‬ ‫ مع البيانات الغير مرغوب التحقق من صحتها‬.. ‫العكس‬

‫بيتم فيه التحقق من تدفق الداتا بشكل سليم واكتشاف االخطاء عند ارسال الداتا المقطعه الي الطرف‬ ‫بيحصل فيه عملية تدفق البيانات او الداتا لكن بدون اكتشاف االخطاء لو حصل غلط مش مشكله‬
.‫االخر‬ ‫المهم ان الداتا اتبعتت ملوش دعوه صح وال غلط هتشتغل وال أل‬

‫بت‬02 ‫حجمه هيدر الباكت‬ ‫ بت‬8 ‫حجم الهيدر‬

‫بيترقم فيه الباكتس النه محتاج الترقيم فالتحقق من االخطاء‬ ! ‫مش بيترقم فيه الباكتس النه مبيتحققش من حاجه اساسا فهيرقم ليه‬

Connection oriented protocol Connectionless protocol

‫يعني بشكل بسيط كده اعادة االتصال بالمستلم بعد ارسال الرساله للتحقق من الوصول‬ ‫ال بيتصل وال بيعمل هو طالما بعت خالص معندوش كونكشن بعد االرسال‬

‫ بعد ارسال كل باكت‬Ack ‫بيبعت‬ ‫ و ال بتاع‬Ack ‫مش بيبعت حاجه ال‬

16 –

Connection oriented : In connection oriented service we have to establish a connection before starting the
communication. When connection is established we send the message or the information and then we release the
connection. Is a TCP protocol.

Connectionless : In connectionless the data is transferred in one direction from source to destination
without checking that destination is still there or not or if it prepared to accept the message.
Example : Connectionless service is UDP (User Datagram Protocol) protocol.

Difference between Connection oriented service and Connectionless service :

- In connection oriented service authentication is needed while connectionless service does not need any
authentication.

- Connection oriented protocol makes a connection and checks whether message is received or not and
sends again if an error occurs connectionless service protocol does not guarantees a delivery.

- Connection oriented service is more reliable than connectionless service.

- Connection oriented service interface is stream based and connectionless is message based.

-------------------------------------------------------------------------------------------------------------------------------
General Questions :
1-
Protocol Name Protocol Job Port number
SMTP : Simple Mail Transfer protocol E-mail – Send 465 , 25
POP3 : Post office Protocol E-mail – Receive 110 , 995
HTTP : Hyper Text Transfer Protocol Browsing 08
HTTPs : Hyper Text Transfer Protocol secure Browsing – Secure 444
FTP : File transfer protocol Sending Files and downloading 18 , 12
SNMP : Simple Network Management Protocol Network management and monitoring 161, 162
DNS: Domain Name system Translate web name to web ip 53
‫وبيستخدم في تحويل ايبي الموقع الي االسم والعكس‬
‫يعني انا عشان افتح موقع فيس بوك بكتب فيسبوك دوت كوم البرتوكول ده‬
‫ياخد اللي كتبته بـ لغتي ويحوله لاليبي اللي يفهمه الكومبيوتر وهكذا مع كل‬
.‫المواقع التانيه‬
DHCP : Dynamic Host Control Protocol IP management automatically 60
‫بيستخدم العطاء ايبهات لالجهزه اللي معايا فالشبكه بصوره تلقائيه مش يدويه‬
‫ اجهزه ممكن ادخل علي كل جهاز واروح‬5 ‫ نفترض ان عندي شبكه فيها‬...
‫ طيب لو عندي شبكه فيها خمسه‬... ‫اكتب عنوان ليه او ايبي ليه هتكون سهله‬
‫مليون جهاز !!!؟؟؟‬
TELNET Remote Configure without encryption 14
‫ يعني مش الزم‬.. ‫بروتوكول بيستخدم في اعداد الراوتر وتهيئته للعمل عن بعد‬
‫اكون جنب الراوتر عشان اشغله‬
SSH Remote Configure with encryption 11
‫زي التلنت لكن ده بيحقق االعداد عن بعد ولكن االتصال بيكون مشفر‬
ICMP : Internet Control Message Protocol Responsible for Echo reply Messages “ Ping “
ARP Discover MAC Addresses on the network

2 – where does user information password stored in windows ?

- it is saved in SAM File which is located in %WinDir%\system32\config\sam

3 – What are the types of Hackers ?

- Black Hat : hackers who break into networks or computers, or create computer viruses.
- White Hat : computer security experts who specialize in penetration testing.
- Grey Hat : have both White hat and Black hat hacker’s habits. They surf the internet and look for a vulnerable
computer system, network or phone system. Once they find one, they hack into it and inform the
administrator what or how they have done it.
- Script Kiddie : black hat who use borrowed programs to attack networks and deface.
- Hacktivists : are motivated by politics or religion, while others may wish to expose wrongdoing, or exact revenge,
or simply harass their target for their own entertainment.
- Spy hackers : Hired by corporations to steal trade secrets , only agenda is to serve their client’s goals and get paid.
- Cyber Terrorists: generally motivated by religious or political beliefs, attempt to create fear and chaos by disrupting
critical infrastructures
Phreaker: is a telecom network hacker who hacks a telephone system illegally to make calls without paying for
them.
4 – what are the types of Attacks ?

Passive Attack : monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can
be used in other types of attacks. It includes traffic analysis, monitoring of unprotected communications.

Active Attack : the attacker tries to bypass or break into secured systems. This can be done through stealth, viruses,
worms, or Trojan horses. Active attacks include attempts to circumvent or break protection features, to introduce
malicious code, and to steal or modify information.

Distributed Attack : requires that the adversary introduce code, such as a Trojan horse or back-door program, to a
“trusted” component or software that will later be distributed to many other companies and users , it introduce
malicious code such as a back door to a product to gain unauthorized access to information or to a system.

Insider Attack : involves someone from the inside, such as a disgruntled employee, attacking the network Insider
attacks can be malicious or no malicious.
Malicious insiders intentionally eavesdrop, steal, or damage information;
No malicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security
for such reasons as performing a task

Close-in Attack: someone attempting to get physically close to network components, data, and systems in order to
learn more about a network , One popular form of close in attack is social engineering.

Phishing Attack : the hacker creates a fake web site that looks exactly like a popular site such as the SBI bank or
PayPal. then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. When the
user attempts to log on with their account information, the hacker records the username and password and then
tries that information on the real site.

Hijack attack : a hacker takes over a session between you and another individual and disconnects the other
individual from the communication. You still believe that you are talking to the original party and may send private
information to the hacker by accident.

Spoof attack : the hacker modifies the source address of the packets he or she is sending so that they appear to be
coming from someone else

Buffer overflow : is when the attacker sends more data to an application than is expected. A buffer overflow attack
usually results in the attacker gaining administrative access to the system in a ommand prompt or shell.

Exploit attack : the attacker knows of a security problem within an operating system or a piece of software and
leverages that knowledge by exploiting the vulnerability.

Password attack : An attacker tries to crack the passwords stored in a network account database or a password-
protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a
hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is
when the attacker tries every possible combination of characters.

5 – What are the companies work in Security in EGYPT ?

vendor : net-gear cisco juniper

EgyptianCert - EMC2 - Salec - security meter
6 – what are the 5 phases of attack ?

Phase 1 – Reconnaissance:
is probably the longest phase, The black hat uses a variety of sources to learn as much as possible about the target
business , including : Internet searches - Social engineering

Phase 2 - Scanning

Begin the process of scanning perimeter and internal network devices looking for weaknesses, including :
Open ports - Open services - Vulnerable applications - Social engineering

Phase 3 - Gaining Access

the attacker must gain some level of access to one or more network devices.

Phase 4 - Maintaining Access

an attacker must maintain access long enough to accomplish his or her objectives.

Phase 5 – Covering Tracks

After achieving his or her objectives, the attacker typically takes steps to hide the intrusion and possible controls left
behind for future visits.

What Does this mean :

1 - Domain environment :
a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only
to log in to the domain to gain access to the resources, which may be located on a number of different servers in the
network.

2 – Active Directory :

(AD) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows
Server operating systems as a set of processes and services.

Is also a database that keeps track of all the user accounts and passwords in your organization. It allows you to store
your user accounts and passwords in one protected location, improving your organization's security.

Active Directory is subdivided into one or more domains. A domain is a security boundary. Each domain is hosted by
a server computer called a domain controller (DC). A domain controller manages all of the user accounts and
passwords for a domain.
3 – Incident Response :

is an organized approach to addressing and managing the aftermath of a security breach or attack .
The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

six steps to handling an incident most effectively:

Preparation - Identification - Containment - Eradication - Recovery - Lessons learned

4 – Rapid7 :
engineering better security with simple, innovative solutions for IT security's most critical challenges.

5 – File system :
is used to control how data is stored and retrieved. Without a file system, information placed in a storage area
would be one large body of data with no way to tell where one piece of information stops and the next begins.

6 – Operating System :
is system software that manages computer hardware and software resources and provides
common services for computer programs. The operating system is an essential component of
the system software in a computer system. Application programs usually require an operating
system to function.

7 – Deadlock :

A deadlock is a situation in which two computer programs sharing the same resource are effectively preventing each
other from accessing the resource, resulting in both programs ceasing to function.

8 – MacAfee Firewall :
McAfee Next Generation Firewall delivers advanced network protection across your entire enterprise, integrating
application control, an intrusion prevention system (IPS), and evasion prevention into a single security solution.

9 – CSMA/CD :
Carrier Sense Multiple Access/Collision Detection is the protocol for Ethernet networks. IF any device try
to send a frame at any time, It senses whether the line is idle and therefore available to be used. If it is, the
device begins to transmit its first frame. If another device has tried to send at the same time, a collision is
said to occur and the frames are discarded. Each device then waits a random amount of time and retries
until successful in getting its transmission sent.
10 – Digital Forensics :
is a branch of forensic science encompassing the recovery and investigation of material found in digital devices,
often in relation to computer crime.

11 – APIPA :
Automatic Private IP Addressing is a feature of Windows-based operating that enables a computer to automatically
assign itself an IP address when there is no Dynamic Host Configuration Protocol (DHCP) server available to perform
that function.

Its range is : 169.254.0.1 through 169.254.255.254

12 – Hijacking :
is a type of online fraud. Scammers use malicious software (malware) to take control of your computer's Internet
browser and change how and what it displays when you're surfing the web.

13 – Proxy Server :

Also known as "application-level gateway", it is a computer that a dedicated computer or a software system running
on a computer that acts as a gateway between a local network and a larger-scale network such as the Internet.
Proxy servers provide increased performance and security

14 –

Botnet : are networks made up of remote-controlled computers, or “bots.” These computers have been infected
with malware that allows them to be remotely controlled. “Bot” is just a short word for “robot.” Like robots,
software bots can be either good or evil.

Key logger : is a type of surveillance software (considered to be either software or spyware) that has the capability
to record every keystroke you make to a log file, usually encrypted. A keylogger recorder can record instant
messages, e-mail, and any information you type at any time using your keyboard.

Rootkit : is a collection of programs that enable administrator-level access to a computer or computer

network. may consist of spyware and other programs that: monitor traffic and keystrokes; create a
"backdoor" into the system for the hacker's use.

Backdoor : is an undocumented way of accessing a system, bypassing the normal authentication mechanisms.
Some back doors are placed in the software by the original programmer and others are placed on systems through a
system compromise, such as a virus or worm.
15 – Metric : used by a router to make routing decisions. It is typically one of many fields in a routing table. Router
metrics can contain any number of values that help the router determine the best route among multiple routes to a
destination.

16 – Mac address : A media access control address is a unique identifier assigned to network devices, and
therefore it is often referred to as hardware or physical address. MAC addresses are 6-byte (48-bits) in length, and
are written in MM:MM:MM:SS:SS:SS format. The first 3-bytes are ID number of the manufacturer, which is assigned
by an Internet standards body. The second 3-bytes are serial number assigned by the manufacturer.
MAC layer is represented in layer 2 in OSI ( data link layer ).

17 –

Encryption : the most effective way to achieve data security. To read an encrypted file, you must have access to a
secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is
referred to as cipher text.

Encoding : is the process of putting a sequence of characters into a specialized format for efficient
transmission or storage.

SSL : (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web
server and a browser. This link ensures that all data passed between the web server and browsers remain private
and integral.

WPA/WPA2 : Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and
security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.

TKIP : Temporal Key Integrity Protocol or TKIP /tiːˈkɪp/ was a stopgap security protocol used in the IEEE 802.11
wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim
solution to replace WEP without requiring the replacement of legacy hardware.

HTTPS : (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a
sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the
pages that are returned by the Web server.

18 –VPN :

virtual private network, is a secure tunnel between two devices. It is a network that is constructed by using
public wires — usually the Internet — to connect to a private network, such as a company's internal
network. is designed to provide a secure, encrypted tunnel in which to transmit the data between the
remote user and the company network.
19 – Honeypot : is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized
use of information systems. Generally, a honeypot consists of a computer, data, or a network site that
appears to be part of a network, but is actually isolated and monitored, and which seems to contain
information or a resource of value to attackers.

there are two popular reasons or goals behind setting up a Honey Pot:

 Learn how intruders probe and attempt to gain access to your systems.

 Gather forensic information required to aid in the apprehension or prosecution of intruders

20 – Vlans : is a group of devices on one or more LANs that are configured to communicate as if they were attached
to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based
on logical instead of physical connections, they are extremely flexible.

21 – Routing Protocols :
specifies how routers communicate with each other, disseminating information that enables them to select routes
between any two nodes on a computer network. Routing algorithms determine the specific choice of route. Each
router has a priori knowledge only of networks attached to it directly.

22 – Sub-netting :
(short for "subnetwork") is an identifiably separate part of an organization's network. Typically, a subnet may
represent all the machines at one geographic location, in one building, or on the same local area network (LAN).

23 – OSI Model :
(Open Systems Interconnection) is reference model for how applications can communicate over a network. A
reference model is a conceptual framework for understanding relationships.

24 – MD5 :
is an algorithm that is used to verify data integrity, it is not an encryption but is a one way hash function.
it provides a 32 digit hexadecimal number and consists of 128-Bit Hash value.

25 – Digital signature :

is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid
digital signature gives a recipient reason to believe that the message was created by a known sender, such
that the sender cannot deny having sent the message (authentication and non-repudiation) and that the
message was not altered in transit (integrity)