Top 25 Cybersecurity Interview Questions With Answers

Here are some of the top questions with answers that have been asked in a cybersecurity job interview

Top 25 Cybersecurity Interview Questions With Answers

Cyber Security Interview Questions and Answers

Here are some of the top questions with answers that have been asked in a cybersecurity job interview

Q1) What are IP address and Mac address?

IP address: To every device an IP address is assigned so that the device can be located on the network.

MAC (Machine Access Control) address: A MAC address is the unique serial number assigned to every network interface on every device.

Q2) List out some of the common tools used by Ethical hackers?

John The Ripper

Q3 What are the types of ethical hackers?

The types of ethical hackers :

Grey Box hackers
Black Box penetration Testers
White BoxpenetrationTesters

Q4) Explain what is Brute Force Hack?

The brute force hack is a technique for hacking passwords and getting access to the system and network resources,
it takes a lot of time, and it needs a hacker to learn about JavaScript. For this purpose, one can use of tool named “Hydra”.

Q5) What are the common forms of the DOS attack?

Buffer Overflow Attacks
SYN Attacks
Teardrop Attacks
Smurf Attacks

Q6) What are the types of computers based on social engineering attacks?

Computer-based social engineering attacks is, Phishing
Online scams

Q7) what is Phishing?

The phishing technique involves sending false emails, chats, or websites to the impersonated
the real system with the aim of stealing information from the original website.

Q8) Explain what is the Network Sniffing?

Underground sniffers are malicious programs used by hackers to capture information over a network. when an underground sniffer is installed on the router,
it can breach the security of any network that passes through the router. It can capture Confidential messages like email.

Q10) What is an ARP poisoning attack and how does it work?

An ARP spoofing, also known as ARP poisoning, is a Man in the Middle (MitM) attack that allows attackers to intercept communication between network devices.
The attack works as follows: The attacker must have access to the network. … The attacker is now secretly in the middle of all communications.

Q11)What is the Mac Flooding?

Mac Flooding is a technique where the security given to the network switch is compromised. In Mac flooding, the hacker or attacker floods the switch with a larger number of frames,
than what a switch can handle. This makes the switch to behaving as a hub and transmits all the packets at all the ports. Taking advantage of this attacker will try to send his packet inside the network to steal the sensitive information.

Q12) Explain what is the DHCP Rogue Server?

A Rogue DHCP server is a DHCP server on the network that is not under the control of the administration of the network staff. A rogue DHCP Server can be a router or modem. It will offer users IP addresses, default gateway, and WINS servers as soon as the user’s logged in.
The rogue server can be sniffed into all the traffic sent by a client to all other networks.

Q13) Explain what is the Burp Suite?

Burp Suite is an integrated platform used for attacking web applications. It consists of all the Burp tools required for attacking an application. Burp Suite tool has the same approach for attacking web applications like a framework for handling HTTP requests,
upstream proxies, alerting, logging, and so on.

Q14) Explain how you can stop your website from getting hacked?

By adopting the following method you can stop your website from getting hacked, Sanitizing and Validating user’s parameters: Sanitizing and Validating users the parameters before submitting them to the database can reduce the chances of being attacked by SQL injection
Using Firewall: A firewall can be used to drop traffic from a suspicious IP address if the attack is a simple DOS
Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of cookies, associating cookies with a client IP address, and timing out the cookies after some time
Validating and Verifying user input: This approach is ready to prevent tampering by verifying and validating the user input before processing it.
Validating and Sanitizing headers: These techniques are useful against cross-site scripting or XSS, this technique includes validating and sanitizing headers, parameters passed via to URL, form parameters, and hidden values to reduce XSS attacks

Q15) Explain what is the NTP?

To synchronize the clocks of the networked computers, NTP (Network Time Protocol) is used. For its primary means of communication UDP port, 123 is used. Over the public, in internet NTP can maintain time to within 10 milliseconds.

Q16) Explain what is the MIB?
MIB ( Management Information Base ) is the virtual database. It contains all the formal descriptions of the network objects that can be managed using the SNMP. The MIB database is hierarchical and in MIB each managed object is addressed through object identifiers (OID).

Q17) Explain the difference between bind shell and reverse shell in Metasploit.

Bind and reverse shell are two different payloads that are used in Metasploit.

The basic difference between bind and reverse shell is that bind shell is used when payload is sent in intranet for example, If an attacker is there in the same network, can send payload to anyone who has connected in the same network and get access of their system, but Reverse shell payload used to access the system which has public IP and is there in internet and it is used to bypass firewall, get entered into any network and access the systems inside the particular network.


Q18) Explain Heartbleed attack.

Heartbleed is a vulnerability in the OpenSSL library, Heartbeat is a component of the TSL/SSL protocol when any system sends an encrypted piece of data called a heartbeat request to another system, the other system will also send an exact same encrypted piece of data to maintain the connection. Now the system that receives the data never checked the size of the data that was claimed, so the attacker increases the size of the data lets say 64kb but the actual size of the data is 40kb, now the receiving system will send back the data of 64kb in which 24kb is plus size taking form memory buffer whatever happens in next 24kb memory. This extra 24kb data an attacker can extract from a web server. So this is the way we can exploit heartbleed attacks.

Q19) What is Cross-site scripting attack?

Cross-site scripting (XSS) attack is a type of client-side injection attack in which an attacker tries to inject malicious scripts into a legitimate web application. This attack will lead to disclosing cookie information, website defacement, etc.

There are 3 types of Cross-site scripting:

  • Reflected XSS – In this type of XSS, the request with malicious scripts is sent to the server and reflected on the client side.
  • Stored XSS – In this type of XSS, malicious scripts are stored permanently in the server and whenever any user accesses that particular application, malicious script executes.
  • DOM-based XSS – In this type of XSS, the request of the malicious script is not sent to the server, it executes on the client side itself.
Q20) What do you mean by Cyberextortionist?

It’s cybercrime where the exploit is performed for demanding money. For example- Ransomware.

Q21) Who are known as black hat, white hat, or grey hat hackers?
  • Black hat- One who performs hacking(penetration or exploitation) without authority and with malicious intent.
  • White hat- Authorised penetration tester.
  • Grey hat- One who performs hacking(penetration or exploitation) without authority but without malicious intent. They perform the activity for bounty programs or security testing without getting authorized to do so.
Q22) What is Cyber Kill Chain?

The cyber kill chain is a process that defines the primary steps of a cyber attack. Below are the 7 stages of the cyber kill chain.

  • Reconnaissance- Passively( searching information on various search engines like Google Dork, shodan, etc) gathering information about target.
  • Weaponization – Preparing remote access malware with an exploit into a deliverable payload.
  • Delivery – Transferring payload(any malicious application or script) to victims’ devices by social engineering or by some other method.
  • Exploitation – Exploit vulnerable applications to make use of the delivered payload.
  • Installation – Installation of backdoor using payload for remote access.
  • Command & Control – After the successful installation of a backdoor device can be controlled remotely and various actions can be performed.( DDOS is the most common attack performed using CnC servers).
  • Actions on Objective – The attacker will work to achieve the objective for which the attack is performed, which can include data exfiltration or destruction of data or attacking some other device.
Q23) What is email spoofing?

It’s a way to copy someone’s identity and send an email from a copied ID. The receiver won’t be able to understand whether this is coming from the right source or the wrong source.

Q24) What is Phishing

This is the fraud attempt usually made via SMS, calls, emails, etc, just to collect the credentials of the users.

Q25) What is HSTS??

To force the sire to run in only HTTPS


Leave your thought here

Your email address will not be published. Required fields are marked *

Book a Trial Demo Class

Training Available 24*7 Call at +91 9513805401

Enroll Now!

Craw Cyber Security Private Limited


with Cyber Security Diploma

Book a Trial Demo Class

Training Available 24*7 Call at +91 9513805401