blog posts

Cyber Security Is One Of The Important Areas Of Information Technology, Which Always Creates A Good Job Market For Specialists Familiar With Information Security Issues.

30 Questions To Ask Before Hiring A Network Security Professional

Cyber ​​Security Is One Of The Important Areas Of Information Technology, Which Always Creates A Good Job Market For Specialists Familiar With Information Security Issues.

As the demand increases, so does the competition. Therefore, people must have a wide range of practical skills to get a job in cyber security.

While having the skills necessary to secure a job in the cybersecurity field is essential, one of the main parts of the story is succeeding in the job interview.

In other words, you will fail if you have the best qualifications in the field but don’t show up for the coveted job interview.

Accordingly, this article has compiled a list of cybersecurity job positions’ top questions and answers. These questions give job seekers a clear view of the sample questions they may face in job interviews.

In addition, it helps HR managers to ask targeted questions that match the information security expert job title. Let’s get straight to the questions and answers.

30 Questions to Ask Before Hiring a Network Security Professional

1. What is cryptography?

  • Cryptography refers to the methods, tools, and solutions used to secure information and communications and is primarily intended to protect data from unauthorized third-party access to sensitive data.

2. What is the difference between symmetric and asymmetric encryption?

You can see the difference between these two patterns in the table below.

3. What is the difference between IDS and IPS?

IDS, also known as Intrusion Detection System, is an intrusion detection system that only detects intrusions, so the network administrator must carefully check the warnings and prevent intrusions. IPS stands for Intrusion Prevention System and is an intrusion prevention system that takes measures to prevent intrusion.

4. Explain Confidentiality, Integrity, and Availability. 

Confidentiality, integrity, and availability are the three pillars of the security world on which information security policies are designed. Today, most security models and doctrines of organizations are designed based on these principles.

  • Confidentiality: Only authorized employees should be able to read or view the information, and unauthorized persons should not have access to the data. If someone successfully accepts the systems by infiltrating the corporate network, the data must be encrypted so the hacker cannot read their contents.
  • Integrity/Completeness: refers to the fact that an unauthorized person or persons have not edited the data. Integrity ensures that data has not been corrupted or edited by unauthorized personnel. Additionally, if an employee attempts to modify data and the process fails, the data must be rolled back to avoid unintended corruption.
  • Availability: Data should be available whenever the user needs it. Hardware maintenance, regular upgrades, data backup and recovery, and network bottlenecks are among the factors that may cause the availability principle to be violated.

5. What is a firewall, and why is it used?

  • A firewall is a network security system deployed on the edges of networks or systems and monitors and controls network traffic. Firewalls protect the system/network from viruses, worms, malware, etc. Firewalls can be used to filter content or prevent access to unauthorized sites.

6. What is the difference between Vulnerability Assessments and Penetration Testing?

Vulnerability assessment is finding flaws in the target system or network. Here, the organization knows that the system/network has problems or weaknesses and wants to find and fix these problems.

Penetration testing is finding vulnerabilities in the target system or network. In this case, the organization wants to know whether the security measures and solutions it has implemented to deal with cyber threats are correctly adjusted and whether there is a way to hack the system/network that the organization’s security experts do not see.

7. What is the three-step yield?

3-Way Handshake is used in networks based on the TCP/IP protocol to establish communication between the host and the client. This communication mechanism is called a three-step handshake because it is done in three steps as follows:

  • The client sends an SYN message to the server and checks if the server is up or has open ports.
  • The server sends a SYN-ACK message to the client if it has open ports.
  • The client acknowledges this with another message notifying the server with an ACK confirmation message.

Suggested content:

  • Free security plus training

8. What response codes can be received from a web application?

Typically, when you try to communicate with a website or web application, you may receive the following responses:

  • 1xx: Information reactions.
  • 2xx: The operation was successful.
  • 3xx: Redirect.
  • 4xx: Client-side error.
  • 5xx: Server-side error.

Now let’s explore more specialized security-focused networking questions:

9. What is traceroute, and why is it used?

  • Traceroute is a tool that shows the status of a packet’s route. More precisely, it lists all the points (mainly routers) the box passes through. Traceroute is used to investigate where a connection is stopped or disconnected to identify the point of failure. The above tool is used when the package does not reach the destination.

10. What is the difference between HIDS and NIDS?

  • HIDS, known as Host IDS, and NIDS, known as Network IDS, are intrusion detection systems with similar functions to detect intrusions. The only difference is that HIDS is set to a specific host/device and monitors the traffic of a particular machine and suspicious activities on the system. In contrast, NIDS is deployed on a network and monitors the traffic of all devices.

11. In what order are the steps for setting up firewalls under the network?

In general, security and network experts perform the following steps:

  • Username/Password: Change the default password of the firewall device.
  • Remote management: disable remote control; If you have a full-time on-site presence and don’t need to do remote configurations.
  • Port Forwarding: Preparing the appropriate port for applications to run smoothly. For example, you set the correct ports for the web server or FTP server applications.
  • DHCP server: Installing a firewall on a network with an existing DHCP server will cause interference unless the firewall’s DHCP is disabled.
  • Policies: You should have strong security policies and ensure your firewall is configured correctly to enforce those policies.

 13. Explain SSL encryption

The above approach protects confidential data and information exchanged in online transactions. Secure Sockets Layer (SSL) is a standard security technology that creates encrypted connections between a web server and a browser.

  • A browser tries to connect to an SSL-protected web server.
  • The web server sends a copy of its SSL certificate to the browser. The steps to make an SSL connection are as follows:
  • The browser checks if the SSL certificate is trusted. If charged, the browser sends a message to the webserver to establish an encrypted connection.
  • The web server sends an acknowledgment to initiate an SSL-encrypted connection.
  • An SSL-encrypted connection is established between the browser and the web server.

14. What measures should be taken to secure the server?

Secure servers use the Secure Sockets Layer (SSL) protocol to encrypt and decrypt data and protect data from eavesdropping. There are different ways to secure servers, as follows:

  • Step 1: Make sure you have set a secure password for Root and Administrator users.
  • Step 2: Define new users in the system. These users are responsible for managing the system.
  • Step 3: Remove remote access from the default root/administrator accounts.
  • Step 4: Configure firewall rules for remote access. The

15. Explain data leakage

Disclosure of confidential information is illegal in all countries, and a person or organization faces many legal problems. Data leakage is the intentional or unintentional transfer of data from within the organization to an unauthorized external destination. Data leakage can be divided into the following three categories based on the occurrence model:

  • Accidental Breach: An organization inadvertently sends data to an unauthorized person due to an error or mistake.
  • Intentional breach: An organization intentionally provides data to another organization and receives money in return.
  • System hacking: Hackers break into the system by identifying unpatched vulnerabilities and extracting information.

Data leakage can be prevented using tools, software, and strategies known as Data Leakage Prevention (DLP).

16. Name some common cyber attacks

  • Among the most critical cyber-attacks that can negatively affect the performance of a system or network are Malware, Phishing, Password Attacks, Distributed Denial of Service ( DDoS ), and Man in Middle attacks. ), drive-by downloads, malicious advertisements (Malvertising), and rogue software (Rogue Software).

17. What is a Brute Force attack, and how can you prevent its implementation? 

An exhaustive search attack refers to a set of repeated actions and tests and possible combinations used to discover passwords or credentials. In most cases, crawling attacks occur where software or web forms attempt to allow users to log in by authenticating and verifying credentials. There are several ways to prevent spam attacks, some of which are as follows:

  • Password length: You can set a minimum size for the password. The longer the password, the harder it is to find.
  • Password complexity: If you use a variety of characters in your password, it becomes harder to implement wildcard attacks. Using numeric passwords, memorable characters, and upper and lower case letters makes passwords more complex, making them difficult to crack.
  • Limit Login Attempts: Specify a limit for failed logins. Since this attack is automated, limited login attempts will prevent this attack from succeeding. For example, you can set the login failure limits to 3. So, when there are three login failures in a row, restrict the user from logging in for a while or send an email to use that email to log in next time.

18. What is port scanning?

Port scanning is a technique to identify open ports and services on a host. Hackers use port scanning to find information that is useful for exploiting vulnerabilities. However, network administrators also use the port scanning mechanism to verify network security policies. Among the standard techniques of port scanning, the following should be mentioned:

Ping Scan

TCP Half-Open

TCP Connect

DP

Stealth Scanning

19. Name the different layers of the OSI model

OSI is a reference model that specifies how applications and services in a network communicate. The mentioned model is a general guide so sellers and developers building hardware and software under the web have a clear vision of communication mechanisms. Figure 1 shows the layers of the OSI model.

The function of each of these layers is as follows:

  • Physical layer: responsible for transferring digital data from sender to receiver through communication media.
  • Data Link Layer: Controls data transfer to/from the physical layer. It is also responsible for encoding and decoding data bits.
  • Network layer: responsible for forwarding packets and providing routing paths for network communications.
  • Transmission layer: responsible for network communication. In addition, it receives data from the upper layer and transmits it to the network layer, ensuring that the data has been successfully delivered to the receiver.
  • Session layer: It controls the communication between sender and receiver. It is responsible for starting, ending, and managing the session and establishing, maintaining, and synchronizing the interaction between the sender and receiver.
  • Presentation layer: formats the data and gives them a proper structure; Instead of sending data in the form of datagrams or raw packets.
  • Application layer: Provides the interface between applications and the network, focuses on process-to-process communication, and creates a communication interface.

figure 1

20. How well do you know the network’s risks, vulnerabilities, and threats?

A brief explanation of each of the above concepts is as follows:

  • Threat: Refers to a person who can harm a system or organization.
  • Vulnerability: A weakness in a system that a potential hacker can exploit.
  • Risk: It means the possibility of a vulnerability in the infrastructure, so a hacker may identify and use it to penetrate it.

21. How to prevent identity theft?

In general, several steps can be taken to prevent identity theft. These actions are as follows:

  • Use a strong and unique password.
  • Avoid sharing confidential information online, especially on social media.
  • Buy from well-known and trusted websites.
  • Use the latest version of browsers.
  • Beware of unwanted installation of malicious software and advanced spyware.
  • Use specialized security solutions to protect financial data.
  • Constantly update your system and software.

22. What are the differences between black, white, and gray hat hackers? 

  • Black hat hackers are known for having extensive knowledge about breaking into computer networks. They can write malware that can be used to access these systems. These hackers abuse their skills to steal information or use the hacked system for malicious purposes.
  • White hat hackers use their knowledge for good purposes, which is why they are also called ethical hackers. Companies mostly employ them as security experts, trying to find and fix system vulnerabilities and security holes.
  • Gray hat hackers are between white and black hat hackers. They look for network vulnerabilities without knowledge or permission and report any vulnerabilities to the owner. Unlike black hat hackers, they do not exploit the vulnerabilities found.

23. How often should we perform Patch Management?

  • Patch management should be done as soon as it is released. For Windows, a patch should be applied to all machines within one month after release. This rule also applies to network devices, which must be installed when the patches are released.

24. How to reset password-protected BIOS configuration?

  • Since the BIOS starts before the operating system, it uses its mechanisms to store the settings. A simple way to reset is to remove the CMOS battery to power off the memory that holds the settings and reset everything to factory defaults.

25. Explain the MITM attack and how to prevent it

Man-In-The-Middle (MITM) is an attack vector in which a hacker places himself between the source and destination communication channel and steals information. Suppose two parties, A and B, are connected, and the hacker enters this connection.

While the two parties think they are communicating directly with each other, it is the hacker who establishes the connection between the two parties. He impersonates B to A and A to B to eavesdrop. Further, it can send each party’s data to the other and steal information simultaneously.

To combat this attack vector, you should use virtual private networking, strong WEP/WPA encryption to secure communications, intrusion detection systems to identify suspicious items and public key pair-based authentication.

26. Explain the DDOS attack and how to prevent it

Distributed Denial of Service (DDoS) is a cyber attack that prevents servers from serving users. It is one of the constant questions of employment interviews. DDOS attacks can be classified into the following two groups:

  • Flooding attacks: The hacker sends a massive volume of traffic to the server so that the server cannot manage this volume of requests. Therefore, it stops providing services. This type of attack is usually executed using automated programs that continuously send packets to the server.
  • Crash attacks: Hackers use a bug in the server to disable the system.

The following solutions can be used to deal with DDoS attacks:

Use content delivery networks that are equipped with Anti-DDOS tools.

  • Set detailed policies for firewalls and routers.
  • Use intrusion detection and prevention tools and ensure they are installed in the right places on the network.
  • Use a load-balancing mechanism.

27. Explain the XSS attack and how to prevent it

XSS, also known as Cross-Site Scripting, is a cyber attack that enables hackers to inject malicious client-side scripts into web pages. XSS can hijack sessions and steal cookies, alter the DOM, execute remote code, crash the server, and more. To deal with the above attacks, the following solutions should be used:

  • Validation of user inputs.
  • We are implementing policies not to receive any information from the user.
  • Encode special characters.
  • Use of Anti-XSS services/tools.
  • Apply HTML XSS filter.

28. What is ARP, and how does it work?

  • ARP Address Resolution Protocol is a protocol for mapping an IP address to a physical address to identify a machine on a local network. When an incoming packet destined for a host machine on a specific local network arrives at a gateway, the gateway requests the ARP protocol to find a physical host address (IP address) that matches the MAC address.
  • In this case, the ARP cache is searched, and if an address is found, it is provided to be converted to the appropriate length and format and sent to the destination device. If no entry for an IP address is found, ARP sends a request message in a particular form to all machines on the LAN to see if a device has the associated IP address.

29. What is port blocking in LAN?

  • Port blocking restricts users’ access to services in the local network. This is done to avoid accessing resources by a specific node.

30. What is a botnet?

  •  Botnet consists of two words, Ro(bot) and (Net)work, which means robot, and network, which in common terms refers to a vast network of robots. The person who manages this network is the leading bot (botMaster), which most sources use the term botmaster to describe. With this description, we must say that a botnet refers to several devices connected to the Internet that have malware installed on them and do malicious work without the knowledge of the device owner. Some of these actions are sending spam, running a DDOS attack, or mining cryptocurrency.