FAQ

Fairly common questions

What do each of these commands mean? (mkdir,ls,mv,passwd,grep)

mkdir: Creates a new directory. ls: Prints list of current working directory. mv: Moves a file from one location to another. passwd: Used to change users password. grep: Used to search text strings in files.

What is the difference between an IPS and an IDS?

IPS: Intrusion Protection System IDS: Intrusion Detection System

How do you stay up-to-date with cybersecurity news?

ThreatPost HackerNews DarkReading CyberSecurity Insider

What is the difference between SHA-256 and AES-256?

SHA is not encryption, rather a one-way hash function. AES (Advanced_Encryption_Standard) is a symmetric encryption standard.

What is the difference between asymmetric and symmetric encryption?

Asymmetric encryption uses two different keys ( public and secret ) which only one party should hold the secret key. Symmetric encryption uses one ( same ) key to encrypt data.

What is the difference between an incident and a problem?

Problem: is the discovery of an issue. Incident: is the act of an issue occurring.

Describe a typical major incident process.

  • Stage 1: Identification. Declaring the major incident

  • Stage 2: Containment. Assembling the major incident team.

  • Stage 3: Resolution. Implementing the resolution plan as a change.

  • Stage 4: Maintenance. Performing a post-implementation review.

Explain the concepts behind Confidentiality, Integrity and Availability.

Also know as the C.I.A. Triad: Confidentiality measures protect information from unauthorized access and misuse. Integrity measures protect information from unauthorized alteration.In order for an information system to be useful it must be available to authorized users. Availability measures protect timely and uninterrupted access to the system.

How do organizations get compromised and what the most common vectors of attack?

Organizations are most commonly compromised by their own internal staff. The most common attack vectors are:

  • Social Engineering

  • Later Phishing

  • Ransomware

  • Credential Compromising

A colleague has just finished deploying a new web-server. What steps would you take to secure it after the initial install?

  • Set up and correctly configure the correct Firewall for the server

  • Scan for particular vulnerabilities

  • Remove unnecessary functionality

  • Create a separation of environments

  • Keep software up to date

  • Set IAM / Access and Privilege rules

What is defense-in-depth?

The strategy of creating multiple redundant layers of security to delay / mitigate a vulnerability or exploit

What does a 'layered approach to security' mean?

Creating overlapping layers of security to build a redundant security system.

What protocols (other than basic communication protocols) would you expect to see on a managed network?

  • SMTP

  • DNS

  • SSL

  • SSH

What services would you expect to run on the following ports (80,443,53,22,21,123).

  • 80: HTTP Traffic

  • 443: HTTPS ( SSL ) Traffic

  • 53: DNS

  • 22: sFTP/SSH

  • 21: FTP

  • 123: TCP/UDP

Can you describe the difference between UDP and TCP? (if so what is a TCP handshake?)

TCP is a connection oriented protocol UDP is a connection-less protocol

What is MAC/IP address? What is the difference between the two?

MAC is a physical address of the computer IP is an address that's used to identify a system on a network

What steps would your web browser have to take in order to resolve google.com?

  1. Your browser checks it's local cache to determine if it has stored the known location of the requested host.

  2. If the host does not exist in cache, the request goes to the Recursive DNS Servers provided most likely by your ISP.

  3. If the host does not exist in the Recursive DNS Servers, the request then goes to the Root DNS Server to determine where the Top Level DNS Server is.

  4. We finally get the location from the Top Level DNS Server for the .com Top Level Domain.

  5. The Top Level DNS Server gives us the address of the Authoritative Name Servers who handles the domain name. This gives us the final record to where the host is.

What is the purpose of sub-netting and why is it used?

Sub-netting is the practice of splitting bigger monolith network into smaller threads to better manage scalability as well as tighten security for a smaller pool.

What steps would you take to troubleshoot network connectivity to a remote host?

  • Ping the IP or host to determine if a connection can be made.

  • Use TraceRoute to determine if there is a broken step in the connection process.

  • If you're using linux the mtr command would handle the trace route.

How would you approach a problem you had never seen before?

  • Familiarize yourself with the outline of the problem

  • Gather information and resources about the problem

  • If possible break the problem into smaller, more comprehensive problems

What would you do once the problem had been solved?

  • Document the steps involved and resources used in solving the problem

  • Create measures to ensure that the problem has little possibility of occurring again.

How does a computer tell the difference between a word document and a music file? Is the process the same for both Windows and Unix?

  • Windows

    • Windows classifies file types by their extensions ( .word, .docx, .mp4, etc.. ). Which is extremely dangerous as these extensions mean nothing to what the file can contain.

  • Linux

    • For executable files Linux uses the shebang #! to determine file type

    • In more modern environment the mime type associated with the file is used.

If you’re on a Windows computer and you needed to assign a new IP address, how would you go about doing this if you only had access to command line?

Windows

Start terminal by opening the start menu and typing run then cmd

ipconfig /release
ipconfig /renew

Linux

Open a new terminal window

ifconfig <interface_name> <ip_address> netmask <netmask_address>

How would you go about terminating a non-responsive program in a Windows environment, and is this process the same for Unix?

Windows

Start terminal by opening the start menu and typing run then cmd

tasklist | more # Use tasklist to find the process and the Process ID ( PID )
taskkill /F /PID {PID}

Linux

Open a new terminal window

top # Use top to find the process and the Process ID ( PID )
kill {PID}

What is a LAN / WAN / WLAN / VLAN?

LAN has networking equipment or computers in close proximity to each other. WAN is a collection of computers and network resources connected via a network over a geographic area. WLAN is a type local network that utilizes radio waves, rather than wires, to transmit data. VLAN is a virtual LAN that allows a network administrator to setup separate networks by configuring a network device, such as a router, and not through cabling.

PreviousWifi Cracking

Last updated