Today we are going to see top 16 interview questions on cyber attack.
1. What is SQL injection?
SQL Injection is a vulnerability base on a code system that allows an attacker to read and access sensitive data from the database. Attackers can detour security measures of apps and can allow them to view, edit, and delete tables in a database.
2. What is a Distributed Denial of Service attack (DDoS)?
DDoS attack is a malicious attempt to flood networks and systems with traffic to exhaust resources and bandwidth. When hackers use multiple systems to launch this attack, it is known as a Distributed Denial of Service (DDOS) attack.
3. Define Ransom ware
Ransom ware is a form of malware that essentially holds a computer system captive while demanding a ransom.
The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer.
4. What is Cross-Site Scripting and how it can be prevented?
Cross-Site Scripting is also known as a client-side injection attack, which aims at implementing malicious actions on the target’s web browser by injecting malicious code.
The following practices can prevent Cross-Site Scripting:
- Encoding special characters
- Using XSS HTML Filter
- Validating user inputs
- Using Anti-XSS services/tools
5. How to prevent ‘Man-in-the-Middle Attack’?
The following practices prevent the ‘Man-in-the-Middle Attacks’:
- Have stronger WAP/WEP Encryption on wireless access points avoids unauthorized users.
- Use a VPN for a secure environment to protect sensitive information. It uses key-based encryption.
- Public key pair-based authentication must be used in various layers of a stack for ensuring whether you are communicating the right things are not.
- HTTPS must be employed for securely communicating over HTTP through the public-private key exchange.
6. What are the techniques used in preventing a Brute Force Attack?
Brute Force Attack is a trial and error method that is used for web programs to decode encrypted data such as passwords using a force called brute force rather than using intellectual ways. It’s a way to identify the correct credentials by continuously trying all the possible methods.
Brute Force attacks can be avoided by the following practices:
- Adding password complexity: Include different formats of characters to make passwords stronger.
- Limit login attempts: set a limit on login failures.
- Two-factor authentication: Add this layer of security to avoid brute force attacks.
7. What is a social engineering attack?
Social engineering attacks manipulate people so that they are forced to share their confidential information. This attack has three categories:
- Phishing Attack: Here, the user opens the mail with the attachment and unknowingly downloads the virus.
- Spear Phishing Attack: Here, the attacker targets a specific individual or a group of people.
- Whaling Phishing Attack: Whaling Phishing attack is a type of attack that specifically targets wealthy, powerful, and prominent individuals.
8. What are honey pots?
Honey pots are computer systems that are used to attract attackers. It is used to cheat attackers and defend the real network from any attack.
9. What is the difference between active and passive cyber attacks?
In an active attack, the attacker attempts to disrupt a network’s normalcy, edits data, and alters the system resources. In a passive attack, the hacker intercepts the data traveling through the network.
10. What is Spoofing? Give an example
In spoofing, an attacker personates to be another person or organization and sends you an email that appears to be legitimate. The email looks almost genuine, and it is hard to spot such a fake one.
I got the message that your computer system has been adjusted. Please share the password of the system in this email to make it secure
11. What does XSS stand for?
XSS stands for Cross-site scripting. Cross-site scripting allows an attacker to copy a victim user and implement any actions that the target is capable of, as well as access any of the user’s data. If the victim user has privacy access to the application, the attacker may be able to take complete control of the app’s secrecy and data.
12. What Is Meant By Malware? Name some types of Malware
It is software used or created to interrupt a computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts and other software. Malware’ is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
Types are as follows-
- Trojan horses
13. Explain Phishing.
Phishing is a form of cybercrime in which the sender appears to be a legal entity such as PayPal, eBay, financial institutions, or friends, etc. They send an email, phone call, or text message to a target with a link to convince them to click on the link.
This link takes users to a fake website where they will be asked to enter sensitive information such as personal information, banking and credit card information, social security numbers, usernames, and passwords. By clicking the link, malware will be installed on the target machines, which allow the hackers to remotely control the sensitive information.
14. What do you mean by Domain Name System (DNS) Attack?
DNS attack is a cyber attack in which cyber attackers access negative consequences in the Domain Name System to redirect users to malicious websites and steal data.
15. What do you mean by ARP poisoning?
Address Resolution Protocol Poisoning is a kind of cyber-attack that uses a network device to convert IP addresses to physical addresses. On the network, the host sends an ARP broadcast, and the receiver machine responds with its physical address.
It is the practice of sending bogus addresses to a switch so that it can associate them with the IP address of a legitimate machine on the network and hijack traffic.
16. What form of cookie might be used in a spyware attack?
A tracking cookie, instead of a session cookie, would be used in a spyware attack because it would last through multiple sessions rather than just one.
Frequently Asked Questions-
1. What are the ways that a malicious user would crack any password?
The most common password cracking techniques are –
- Dictionary attacks
- Brute forcing attacks
- Hybrid attacks
- Syllable attacks
- Rule based attacks
- Social engineering
2. What is DNS spoofing?
DNS poisoning, also known as DNS cache poisoning or DNS spoofing, is a highly deceptive cyber attack in which hackers redirect web traffic toward fake web servers and phishing websites.
3. What is DNS Tunneling?
DNS Tunneling is a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses.
4. What are Zero Day Attacks?
If a hacker manages to exploit the vulnerability before software developers can find a fix, that exploit becomes known as a zero day attack.
Do read more interview questions on https://www.cybervie.com/