Level 01 - Basic questions (Not to be messed up)

1. Explain risk, vulnerability and threat?

TIP: A good way to start this answer is by explaining vulnerability, and threat and
then risk. Back this up with an easy to understand example.

Vulnerability (weakness) is a gap in the protection efforts of a system, a threat is an

attacker who exploits that weakness. Risk is the measure of potential loss when that
the vulnerability is exploited by the threat e.g. Default username and password
for a server – An attacker can easily crack into this server and compromise it.

2. What is the difference between Asymmetric and Symmetric encryption and

which one is better?
TIP: Keep the answer simple as this is a vast topic.

Symmetric encryption uses the same key for both encryption and decryption, while
Asymmetric encryption uses different keys for encryption and decryption.

Symmetric is usually much faster but the key needs to be transferred over an
unencrypted channel.

Asymmetric on the other hand is more secure but slow. Hence, a hybrid approach
should be preferred. Setting up a channel using asymmetric encryption and then
sending the data using symmetric process.

3. What is an IPS and how does it differs from IDS?

IDS is an intrusion detection system whereas an IPS is an intrusion prevention system.

IDS will just detect the intrusion and will leave the rest to the administrator for further
action whereas an IPS will detect the intrusion and will take further action to prevent
the intrusion. Another difference is the positioning of the devices in the network.
Although they work on the same basic concept but the placement is different.

4. What is XSS, how will you mitigate it?

Cross site scripting is a JavaScript vulnerability in the web applications. The easiest
way to explain this is a case when a user enters a script in the client side input fields
and that input gets processed without getting validated. This leads to untrusted data
getting saved and executed on the client side.

Countermeasures of XSS are input validation, implementing a CSP (Content security

policy) etc.
TIP: Know the different types of XSS and how the countermeasures work.

5. What is the difference between encryption and hashing?

TIP: Keep the answer short and straight.

Point 1: Encryption is reversible whereas hashing is irreversible. Hashing can be

cracked using rainbow tables and collision attacks but is not reversible.

Point 2: Encryption ensures confidentiality whereas hashing ensures Integrity.

6. Are you a coder/developer or know any coding languages?

TIP: You are not expected to be a PRO; understanding of the language will do the job.

Although this is not something an information security guy is expected to know but
the knowledge of HTML, JavaScript and Python can be of great advantage. HTML
and JavaScript can be used in web application attacks whereas python can be used to
automate tasks, exploit development etc. A little knowledge of the three can be of
great advantage - both in the interview and on the floor.

7. What is CSRF?

Cross Site Request Forgery is a web application vulnerability in which the server does
not check whether the request came from a trusted client or not. The request is just
processed directly. It can be further followed by the ways to detect this, examples and
countermeasures.

8. What is a Security Misconfiguration?

Security misconfiguration is a vulnerability when a device/application/network is

configured in a way which can be exploited by an attacker to take advantage of it.
This can be as simple as leaving the default username/password unchanged or too
simple for device accounts etc.

9. What is a Black hat, white hat and Grey hat hacker?

TIP: Keep the answer simple.

Black hat hackers are those who hack without authority. White hat hackers are
authorised to perform a hacking attempt under signed NDA. Grey hat hackers are
white hat hackers which sometimes perform unauthorised activities.

10. What is a firewall?

TIP: Be simple with the answer, as this can get complex and lead to looped questions.
A firewall is a device that allows/blocks traffic as per defined set of rules. These are
placed on the boundary of trusted and untrusted networks.

11. How do you keep yourself updated with the information security news?
TIP: Just in case you haven't followed any: the hacker news, ThreatPost, Pentest mag
etc.

Be sure to check and follow a few security forums so that you get regular updates on
what is happening in the market and about the latest trends and incidents.

12. The world has recently been hit by ……. Attack/virus etc. What have you
done to protect your organisation as a security professional?

Different organisations work in different ways, the ways to handle incident is different
for all. Some take this seriously and some not. The answer to this should be the
process to handle an incident. Align this with one you had and go on… just don’t
exaggerate.

13. CIA triangle?

 Confidentiality: Keeping the information secret.
 Integrity: Keeping the information unaltered.
 Availability: Information is available to the authorised parties at all times.

14. HIDS vs NIDS and which one is better and why?

HIDS is host intrusion detection system and NIDS is network intrusion detection
system. Both the systems work on the similar lines. It’s just that the placement in
different. HIDS is placed on each host whereas NIDS is placed in the network. For an
enterprise, NIDS is preferred as HIDS is difficult to manage, plus it consumes
processing power of the host as well.

15. What to do if Ransomware attacks your computer?

https://hackercombat.com/what-to-do-if-ransomware-attacks-your-computer/?
track=12380&af=12380&utm_source=Karthik&utm_campaign=HCblog&utm_conte
nt=01032020
Ransomware the file encrypter has already infected thousands of computers across the
globe. In May 2017, Ransomware had infected 100,000 organizations in 150 countries.
That happened three days after Ransomware was first released. Alarming isn’t it?

What’s scary about Ransomware attack is it guarantees data loss. Once it holds the file
or computer hostage, it demands a ransom ranging from $200 and up in exchange of
the decryption key. The files will never be restored until the ransom is paid.

To have a better understanding of Ransomware. Let’s discuss it briefly.

Ransomware is a type of malware that is designed to encrypt files and lock the
computer. It is installed through social engineering techniques such as phishing links
and emails. Once installed, it loads in the computer memory and deletes itself.

That doesn’t mean that Ransomware is no longer in the computer. It is still there, it does
that to remain invisible in Task Manager so that it can access the hard drive files without
being exposed. When the user opens the file, surprised! The access is denied!

So what to do if Ransomware hits your computer?

Don’t Panic

So you have found out that Ransomware has infected your files, what to do next? Stay
calm. Panicking will never solve the problem anyway. The file has been encrypted and
the computer has been locked. You need to have a sound mind to get the problem
fixed.

Try to figure out how you get Ransomware in your computer. Do you remember any
suspicious email or attachment you have downloaded recently that may have contained
the virus? This will help spread awareness.

Disconnect and Disable

To stop ransomware from infecting the other devices within the network, disconnect the
infected computer. Ransomware can spread within the network too.
Once disconnected, you can disable it in the computer to prevent it from encrypting
other files.

Go to MSCONFIG, click on start up. Look for any suspicious file with an unknown
publisher. Uncheck it, click apply then OK.

This stops Ransomware activities in the computer.

Decide whether to delete or not Ransomware

NOTE: If you decide to restore the files by paying the ransom, never delete the virus

because you may lose the encryption key. Although FBI advises not to pay the hackers
because the getting the encryption is never guaranteed.

If you have backed up your files, you may proceed with Ransomware Deletion.

Enter Safe Mode by pressing F8 before Windows loads when you restart the computer.
Go to TEMP folder and delete the files in there.

Ransomware, Trojan, Spyware, Adware, and other types of malware usually hide in the
TEMP folder. Once the files are deleted, run an anti malware software to scan the
computer. Once it’s finished scanning, it’ll display the threat detected on the computer.
Delete them and exit.

You can now restart Windows normally. That should have deleted Ransomware from
the computer.

If you don’t have backups for your files, you may try some decryption tools available
online. They can help restore your files without paying the ransom. In some cases, the
decryption key doesn’t work, but it’s worth giving it a try.

Ransomware Prevention
There’s a saying that goes “prevention is better than cure.” That is true! The best way to
avoid the hassle of decrypting your files or paying the ransom is to prevent
Ransomware from entering the computer.

How to do that?

Be cautious when you access the Internet. We have mentioned that Ransomware is
installed through some forms of social engineering. It is an art of deception. It tricks the
users into installing malware willingly by presenting it in a positive way.

One example of this is a phishing email that contains a message saying that there’s a
funny photo of you, click here to view the image. If you are unaware that this a form of
social engineering, you will install malware the moment you download the attachment.

Another example is a phishing link that redirects the user to a fake website that contains
malware. Many are unaware that the website they are logging in on is fake. To check if
the link is safe, you may use a website inspector. This scans the URL to check its
reputation.

One of the best ways to protect your computer from Ransomware and other types of
malware is install an advanced anti malware software. The anti malware combats
malware and secures the computer all the time. So you never have to worry
about Ransomware attacking your computer.