Below is a list of common interview questions related to attack techniques and mitigation strategies in cybersecurity, along with brief answers to help you prepare:
1. What is a SQL Injection, and how do you prevent it?
• Answer: SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database. It is exploited by injecting malicious SQL code.
o Mitigation:
Use prepared statements or parameterized queries.
Validate and sanitize user inputs.
Use stored procedures.
Employ web application firewalls (WAF).
2. What is Cross-Site Scripting (XSS), and how can it be prevented?
• Answer: XSS is an attack that injects malicious scripts into a trusted website viewed by other users. The script can be used to steal cookies, session tokens, or other sensitive data.
o Mitigation:
Use proper output encoding.
Implement Content Security Policy (CSP).
Validate and sanitize user inputs.
Use secure libraries to escape untrusted data.
3. What is a Man-in-the-Middle (MITM) attack, and how do you protect against it?
• Answer: A MITM attack occurs when an attacker intercepts communication between two parties to steal or manipulate data.
o Mitigation:
Use HTTPS/TLS to encrypt data.
Employ strong authentication mechanisms.
Use VPNs for secure connections.
Enable certificate pinning.
4. What is Phishing, and how do you mitigate it?
• Answer: Phishing is a social engineering attack where an attacker impersonates a legitimate entity to trick users into divulging sensitive information like passwords or credit card numbers.
o Mitigation:
Conduct regular awareness training for employees.
Use email filtering solutions.
Enable multi-factor authentication (MFA).
Monitor and block malicious domains.
5. What is a Distributed Denial of Service (DDoS) attack, and how do you defend against it?
• Answer: A DDoS attack involves overwhelming a target's resources with a flood of traffic from multiple sources to render it unavailable.
o Mitigation:
Use a content delivery network (CDN) or DDoS mitigation services.
Deploy rate-limiting and traffic filtering.
Monitor network traffic for unusual patterns.
Scale infrastructure to absorb attacks.
6. How does a Buffer Overflow attack work, and how can it be mitigated?
• Answer: A Buffer Overflow occurs when more data is written to a buffer than it can hold, potentially allowing an attacker to execute arbitrary code.
o Mitigation:
Use bounds checking in code.
Implement stack canaries.
Employ Address Space Layout Randomization (ASLR).
Use memory-safe programming languages like Rust or Python.
7. What is Ransomware, and how can organizations defend against it?
• Answer: Ransomware is malware that encrypts files and demands payment to unlock them.
o Mitigation:
Regularly back up data and test restorations.
Keep systems and software updated.
Use endpoint protection tools.
Train users to recognize phishing attempts.
8. What are the differences between Symmetric and Asymmetric Encryption?
• Answer:
o Symmetric Encryption: Uses the same key for encryption and decryption (e.g., AES).
o Asymmetric Encryption: Uses a public key for encryption and a private key for decryption (e.g., RSA).
o Use Cases:
Symmetric for bulk data encryption.
Asymmetric for secure key exchange and digital signatures.
9. What is a Zero-Day Exploit, and how do you protect against it?
• Answer: A Zero-Day Exploit takes advantage of a software vulnerability that is unknown to the vendor.
o Mitigation:
Use intrusion detection and prevention systems (IDS/IPS).
Regularly apply patches and updates.
Employ threat intelligence to detect emerging threats.
Use behavior-based monitoring tools.
10. How would you secure a server against brute force attacks?
• Answer:
o Use account lockout policies.
o Enable multi-factor authentication (MFA).
o Configure rate-limiting for login attempts.
o Use strong, unique passwords.
o Monitor and block suspicious IP addresses.
11. What is ARP Spoofing, and how can it be mitigated?
• Answer: ARP Spoofing involves an attacker sending falsified ARP messages to associate their MAC address with the IP address of another device, intercepting or modifying traffic.
o Mitigation:
Use static ARP entries for critical devices.
Enable ARP inspection in network switches.
Use encryption protocols like HTTPS or VPNs.
12. How does a DNS Spoofing attack work, and what are the defenses?
• Answer: DNS Spoofing involves an attacker altering DNS records to redirect users to malicious websites.
o Mitigation:
Use DNSSEC to ensure DNS integrity.
Regularly monitor DNS records for tampering.
Employ secure resolvers and encrypted DNS protocols like DoH or DoT.
13. What is a Privilege Escalation attack, and how do you prevent it?
• Answer: Privilege escalation occurs when an attacker gains higher access levels than initially intended, often through misconfigurations or software vulnerabilities.
o Mitigation:
Enforce the principle of least privilege.
Regularly patch vulnerabilities.
Use privilege management tools.
Monitor user activities for anomalies.
14. What is the difference between Active and Passive Reconnaissance?
• Answer:
o Active Reconnaissance: Directly interacting with the target to gather information (e.g., port scans).
o Passive Reconnaissance: Collecting information without interacting with the target (e.g., using public records or OSINT).
15. Explain the concept of Defense in Depth.
• Answer: Defense in Depth is a multi-layered security approach to protect systems. Each layer acts as a barrier to deter attackers, making it harder for them to breach the system.
o Layers may include: Firewalls, IDS/IPS, endpoint security, access controls, encryption, and user training.
No comments:
Post a Comment