Scenario Based Cyber Security Interview Questions

Scenario Based Cyber Security Interview Questions

Question 1: What is the cyber kill chain?
It is a framework that outlines the stages of a cyber-attack, including reconnaissance, weaponization, delivery, exploitation, installation, command & control, and actions on objectives.

Question 2: How can you identify an infected Windows PC in your network?
Monitor Windows Event IDs for anomalies (e.g., repeated login failures)
Analyze proxy and antivirus logs
Identify suspicious network traffic

Question 3: What is SSRF, and how is it different from CSRF?
Server-Side Request Forgery (SSRF) occurs when an attacker tricks the server into making unauthorized requests. Unlike CSRF, which exploits the user, SSRF targets the server itself.
Prevention: Restrict outgoing requests, validate user input, and implement a whitelist of allowed destinations.

Question 4:What are the types of XSS?
Reflected XSS: Executes malicious scripts when the victim clicks on a crafted link.
Stored XSS: Malicious scripts are stored on the server and executed when the user accesses the resource.
DOM-Based XSS: Occurs when the client-side script executes malicious code.

Question 5: How can XSS be prevented?
1. Disable inline JavaScript.
2. Use content security policies.
3. Validate and escape user inputs.
4. Implement HTTP headers to prevent XSS (e.g., X-XSS-Protection, Content-Security-Policy).

Question 6: What is a buffer overflow, and how does it work?
Buffer Overflow occurs when more data is written to a buffer than it can hold, leading to memory corruption. This can be exploited to execute arbitrary code.

Question 7: What is the purpose of SPF, DKIM, and DMARC?
SPF: Ensures emails are sent from authorized servers.
DKIM: Validates email integrity and authenticity using cryptographic signatures.
DMARC: Verifies that SPF and DKIM align and provides reporting for email authentication.