CCNA security Interview Questions
A: Network security should:
A: A risk is defined as the result of a system being secure but not secured sufficiently, thereby increasing the likelihood of a threat. A vulnerability is a weakness or breach in your network or equipment (e.g. modems, routers, access points). A threat is the actual means of causing an incident; for instance, a virus attack is deemed a threat.
A: Possible results include:
A: An interviewer will want to know what sort of security measures you use on your own home devices. After all, if you’re a hotshot network security expert, clearly that must be reflected in the network that means the most to you; your personal system! An employer can tell a lot about your network savviness by analyzing what measures you use for your devices.
A: There are many methods of protecting a WAP, but the three most popular are: employing MAC address filtering, using WPA2, and not broadcasting the SSID. This is yet another attempt by an employer to see what matters to you personally in terms of security. After all, people tend to prefer the best things for themselves!
A: Network security incidents are big news today, and there have been many high-profile news stories about data breaches and hackers in the past few years. An employer is going to want to know how well-informed you are on the latest security news and incidents. HINT: If you don’t make it a practice of keeping abreast of the latest network security-related news, you better start now!
In terms of news sources, your best bets are Team Cymru, Twitter, or Reddit. Make sure to check the sources of accuracy, though.
A: There are three major measures you can take to defend against a brute force login attack. For starters, there’s an account lockout. Offending accounts are locked out until such time as the administrator decides to open it again. Next comes the progressive delay defense. Here, the account stays locked for a given number of days after a few unsuccessful login attempts are made. Finally, there’s the challenge-response test, which heads off automatic submissions employed on the login page.
A: Long story short, symmetric encryption uses the same key for both encryption and decryption, whereas asymmetric encryption employs different keys for the two processes. Symmetric is faster for obvious reasons but requires sending the key through an unencrypted channel, which is a risk.
A: Black and white hat hackers are different sides of the same coin. Both groups are skilled and talented in gaining entry into networks and accessing otherwise protected data. However, black hats are motivated by political agendas, personal greed, or malice, whereas white hats strive to foil the former. Many white hats also conduct tests and practice runs on network systems, to ascertain the effectiveness of security.
A: Salting is the process wherein you add special characters to a password in order to make it stronger. This increases password strength in two ways: it makes it longer and it adds another set of characters that a hacker would have to guess from. It’s a good measure to take for users who tend to habitually make weak passwords, but overall it’s a low-level defense since many experienced hackers are already familiar with the process and take it into account.
A: A Man in the Middle attack happens when there is a third party that’s monitoring and controlling a conversation between two parties, with the latter completely unaware of the situation. There are two ways of dealing with this attack. First of all, stay off of open Wi-Fi networks. Second, both parties should employ end-to-end encryption.
A: HTTPS (Hypertext Transfer Protocol Secure) is HTTP combined with SSL, encrypting a user’s browsing activity and making it safer. SSL (Secure Sockets Layer) is a protocol that protects Internet conversations between two or more parties. Though it’s close, SSL wins out in terms of sheer security, though any of these are valuable things to know for the purposes of web development.
A: There is biometrics (e.g. a thumbprint, iris scan), a token, or a password. There is also two-level authentication, which employs two of those methods.
A: This is a trick question; don’t be fooled! A project’s security is determined by the quality of security measures used to protect it, the number of users/developers with access, and the overall size of the project. The kind of project is irrelevant.
A: In order to secure your Linux server, you must do the following, in order:
A: While the first impulse may be to immediately fix the problem, you need to go through the proper channels. Things may be as they are for a reason. Use e-mail to notify the person in charge of that department, expressing your concerns, and asking for clarification. Make sure your boss is CC’ed into the email chain, and make sure that you save a copy for yourself, in case you need to refer to it later.
A: A Cross-Site Request Forgery (CSRF) attack causes a currently authenticated end-user to execute unauthorized commands on a web application. There are two effective defensive measures. First of all, use different names for each field of a form, as it increases user anonymity. Second, include a random token with each request.
A: This is another case of letting someone higher than you make the decision. Send the question/request up to your manager and let them sort it out. This is far outside of your realm. Let your boss deal with the higher-up.
A: A false negative is worse by far. A false positive is simply a legitimate result that just got incorrectly flagged. While it’s irksome, it’s by no means fatal or difficult to correct. But a false negative means that something bad has slipped through the firewall undetected, and that means a host of problems down the road.
A: It all comes down to a question of physical location. A disgruntled soon to be ex-employee, a hacker posing as a deliveryman, even just a careless curious user, all end up having better access to the system due to them being on-site. Being “inside” physically makes it easier to get inside virtually.
Comments
Post a Comment