300+ TOP Network Security Interview Questions and Answers

Network Security Interview Questions for freshers experienced :-

1. How to you keep yourself updated on network security -or- Where do you get updates on security?
This type of question is meant to see the interest of the candidate in keeping abreast in the field of network security. If the candidate puts up a blank face, it is time to call next candidate. One can specify “news alerts” or any website(s) s/he checks out for latest information about security.

2. If you need to encrypt and compress data for transmission, how would you achieve it?
The candidate may start explaining what is data encryption, how s/he would encrypt the data and then compress it for transmission. However, the actual answer would be to explain how to compress and then talk about encryption. Encrypting compressed data often leads to loss of data.

3. What factors would you consider before deploying a web intrusion detection system?
An open question, the interviewer is trying to assess the knowledge of candidate in different fields associated with web intrusion. These include: SSL; HTTP protocol; logging; alert mechanism; and signature update policies.

4. What is Cross site scripting?
Though the answer is straightforward, most candidates are unaware of the term. One of the most important security issues, cross scripting refers to phishing attempts by a website that employs a java script that leads to deploying a malware without the knowledge of user.

5. How does the HTTP handle state?
The answer is that HTTP cannot handle states. However, there is a hack. It employs use of cookies to handle the state.

6. In context of public key encryption, if you are using both signature and encryption features, what key will you use for encryption and which one will you use for signing?
Answer is simple. One would always sign using their key so the public key is used for encryption. Most of the candidates tend to name public key for both signing and encryption. They miss out the point that public key encryption also includes a private key.

7. What type of network do you use at home?
Again, this question is employed to assess the skills and networking background of candidates. “I don’t have a network at home but I have handled networks at so and so places” is better than saying “sorry, I don’t have a network at home”. The latter would send out a signal that the candidate never had exposure to networks.

8. What is Cross Site Request Forgery and how to defend against it?
The question can also be in two parts, in which case, candidates without knowledge of CSRF would get lost. If asked combined, candidates can guess that cross site request forgery is something that relates to malicious scripting with phishing intentions. The question may also be framed as “what is cross site request”. In this case, candidates cannot even guess that it is something malicious as the word ‘forgery’ is not there.

9. Name the port used by PING.
Always remember that PING does not use any port. As PING is based upon layer 3 protocol, it never uses any computer port. A simple variation of the question could be: Does PING use UDP? Or Does PING use TCP? Again remember that UDP and TCP are layer 4 protocols and PING has nothing to do with them.

10. Security Life Cycle.
It can be phrased in many ways: what comes first – vulnerability or threat? How do you design a system with some options given? The candidate needs to answer these questions using his/her own experience and opinions. The objective is how best the candidate can explain what you asked.

These are just some of the network security interview questions that are meant to give you an idea of how a security interview goes. If you wish to share your experience or wish to add anything, please feel free to share using comments box.

Network Security Interview Questions
Network Security Interview Questions

11. Define the meaning of an Authentication.
Well sir, an Authentication factor is a piece of information and process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. In other word, it is a process of proving the identity of a computer or computer user. For users, it generally involves a user name and password. Computers usually pass a code that identifies that they are part of a network.

12. What is the sense of a fingerprint?
A fingerprint is an impression of the friction ridges on all parts of the finger. A friction ridge is a raised portion of the epidermis on the palmer (palm) or digits i.e. fingers and toes or plantar or sole skin, consisting of one or more connected ridge units of friction ridge skin. This is also known as Epidermal Ridges which is originated by the underlying interface between the dermal papillae of the dermis and the interpapillary (rete) pegs of the epidermis.

13. What a security mean in your sense?
A security is a fungible, negotiable instrument representing financial value. Securities are generally sorted out into debt securities such as banknotes, bonds and debentures and equity securities. For example: common stocks and derivative contracts such as forwards, futures, options and swaps.

14. What is a Password?
A password is a secret word or string of characters that is used for authentication to prove identity or gain access to a resource. The password must be kept secret from those not allowed access.

For example: An access code is a type of password.

15. What is a Smart Card or Chip Card or Integrated Circuit Card (ICC)?
A Smart Card or Chip Card or Integrated Circuit Card (ICC) is any pocket-sized card with embedded integrated circuits which can process data. This implies that it can receive input which is processed by the way of the ICC applications and delivered as an output.

16. Finally, who is a hacker?
A hacker is a person who breaks into computers usually by gaining access to administrative controls. He uses to access the user id and password without taking the permission.

As a result of this article, you will definitely going to show best performance in the interview.

17. What are the types of LAN cables used? What is a cross cable?
Types of LAN cables that are in use are “Cat 5” and “Cat 6”. “Cat 5” can support 100 Mbps of speed and “CAT 6” can support 1Gbps of speed.

Cross cable: Its used to connect same type of devices without using a switch/hub so that they can communicate.

18. What is IPCONFIG command? Why it is used?
IPCONFIG command is used to display the IP information assigned to a computer. Fromthe output we can find out the IP address, DNS IP address, gateway IP address assigned to that computer.

19. What is BSOD? What do you do when you get blue screen in a computer? How do you troubleshoot it?
BSOD stands for blue screen of Death. when there is a hardware or OS fault due to which the windows OS can run it give a blue screen with a code. Best way to resolve it is to boot the computer is “LAst known good configuration”. If this doesn’t work than boot the computer in safe mode. If it boots up than the problemis with one of the devices or drivers.

20. What is RIS? What is Imaging/ghosting?
RIS stands for remote installation services. You save the installed image on a windows server and then we use RIS to install the configured on in the new hardware. We can use it to deploy both server and client OS. Imaging or ghosting also does the same job of capturing an installed image and then install it on a new hardware when there is a need. We go for RIS or iamging/ghosting because installing OS everytime using a CD can be a very time consuming task. So to save that time we can go for RIS/Ghosting/imaging.

21. What is the difference between a switch and a hub?
Switch sends the traffic to the port to which its meant for. Hub sends the traffic to all the ports.

22. What are manageable and non manageable switches?
Switches which can be administered are calledmanageable switches. For example we can create VLAN for on such switch. On no manageable swiches we can’t do so.

23. What is a DNS resource record
A resource record is an entry in a name server’s database. There are several types of resource records used, including name-to-address resolution information. Resource records are maintained as ASCII files.

24. What protocol is used by DNS name servers
DNS uses UDP for communication between servers. It is a better choice than TCP because of the improved speed a connectionless protocol offers. Of course, transmission reliability suffers with UDP.

25. What is the difference between TFTP and FTP application layer protocols
The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but does not provide reliability or security. It uses the fundamental packet delivery services offered by UDP. The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file from one host to another. It uses the services offered by TCP and so is reliable and secure. It establishes two connections (virtual circuits) between the hosts, one for data transfer and another for control information.

Network Security Questions and Answers Pdf Download

300+ TOP Network Security Interview Questions and Answers

Q1. The Plain Text To Be Trmitted Has A Cyclic Redundancy Check (crc) Value Calculated, Which Is A Check Sum Based On The Contents Of The Text. Wep Calls This The ____ And Append It To The End Of The Text

Correct Answer: integrity check value (ICV)

Q2. What Is Another Name For Unsolicited E-mail Messages?

spam

Q3. What Is Kerberos Protocol?

Kerberos is an authentication protocol, it is named after a dog who is according to the Greek mythology, – is said to stand at the gates of Hades.In the terms of computer networking it is a collection of software used in large networks to authenticate and establish a user’s claimed identity. It is developed by MIT and using a combination of encryption as well as distributed databases so that the user can log in start a session.

It has some disadvantages though. As I said Kereberos had been developed by MIT under the project Athena, – Kerberos is designed to authenticate the end users on the servers.

Q4. Why Does Active Ftp Not Work With Network Firewalls?

When a user initiates a connection with the FTP server, two TCP connections are established. The second TCP connection (FTP data connection) is initiated and established from the FTP server. When a firewall is between the FTP client and server, the firewall would block the connection initiated from the FTP server since it is a connection initiated from outside. To resolve this, Passive FTP can be used or the firewall rule can be modified to add the FTP server as trusted.

Q5. How Often Are Logs Reviewed?

Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, etc. Not reviewing the logs is one of the biggest mistakes an organization can make. Events of interest should be investigated daily. It can be a very tedious task for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team.

Q6. What Is An Ip Grabber?

An ip grabber is a program that will find the ip address of another computer. Often used by hackers.

Q7. Where Is Your Organization’s Security Policy Posted And What Is In It?

There should be an overall policy that establishes the direction of the organization and its security mission as well as roles and responsibilities. There can also be system-specific policies to address for individual systems. Most importantly, the policies should address the appropriate use of computing resources. In addition, policies can address a number of security controls from passwords and backups to proprietary information. There should be clear procedures and processes to follow for each policy. These policies should be included in the employee handbook and posted on a readily accessible intranet site.

Q8. How Does Symmetric Key Encryption Work?

Symmetric encryption requires that both parties (sender and receiver) know and have the exact same encryption key. This key is used both for encrypting and decrypting the data. Using the same encryption algorithm me that only those individuals that know or have the same key will be able to read any messages encrypted by the symmetric key.

Q9. A(n) ____ Finds Malicious Traffic And Deals With It Immediately?

IPS

Q10. What Is The Difference Between Network Security And Cryptography?

Cryptography is the deliberate attempt to obscure or scramble the information so that only an authorized receiver can see the message. Network security may employ cryptography, but has many other tools to secure a network, including firewalls, auditing, Intrusion Detection Systems, and so forth. Cryptography would be used only when trying to keep messages secret when sending them across a network or keeping information secret in a file.

Q11. What Is Your Organization’s Password Policy?

A password policy should require that a password:

  • Be at least 8 characters long
  • Contain both alphanumeric and special characters
  • Change every 60 days
  • Cannot be reused after every five cycles
  • Is locked out after 3 failed attempts In addition, you should be performing regular password auditing to check the strength of passwords; this should also be documented in the password policy.

Q12. A ____ Is A Cumulative Package Of All Security Updates Plus Additional Features.

service pack

Q13. What Are The Tolerable Levels Of Impact Your Systems Can Have?

An organization must understand how an outage could impact the ability to continue operations. For example, you must determine how long systems can be down, the impact on cash flow, the impact on service level agreements, and the key resources that must be kept running.

Q14. A ____ Is A Single, Dedicated Hard Disk-based File Storage Device That Provides Centralized And Consolidated Disk Storage Available To Lan Users Through A Standard Network Connection?

NAS

Q15. A ____ Virus Can Interrupt Almost Any Function Executed By The Computer Operating System And Alter It For Its Own Malicious Purposes?

resident

Q16. What Applications And Services Are Specifically Denied By Your Organization’s Security Policy?

Your organization’s security policy should specify applications, services, and activities that are prohibited. These can include, among others:

  • Viewing inappropriate material
  • Spam
  • Peer-to-peer file sharing
  • Instant messaging
  • Unauthorized wireless devices
  • Use of unencrypted remote connections such as Telnet and FTP

Q17. A(n) ____ Is A Computer Programming Language That Is Typically Interpreted Into A Language The Computer Can Understand?

scripting language

Q18. How Did Early Computer Security Work?

It was pretty simple- just passwords to protect one’s computer. With the innovation of the internet, however, computers have increased security with firewalls and hundreds of anti-virus programs.

Q19. Which Protocol Does Https Uses At The Trport Layer For Sending And Receiving Data?

TCP

Q20. A(n) ____ Attack Makes A Copy Of The Trmission Before Sending It To The Recipient?

replay

Q21. A ____ Virus Infects The Master Boot Record Of A Hard Disk Drive?

boot

Q22. Targeted Attacks Against Financial Networks, Unauthorized Access To Information, And The Theft Of Personal Information Is Sometimes Known As ____?

cybercrime

Q23. ____ Typically Involves Using Client-side Scripts Written In Javascript That Are Designed To Extract Information From The Victim And Then Pass The Information To The Attacker?

Correct Answer: Cross site scripting (XSS)

Q24. ____ Enables The Attacker’s Computer To Forward Any Network Traffic It Receives From Computer A To The Actual Router?

IP forwarding.

Q25. How Are Subnets Used To Improve Network Security?

Subnets improve network security and performance by arranging hosts into different logical groups. Subnetting is required when one network address needs to be distributed across multiple network segments. Subnetting is required when a company uses two or more types of network technologies like Ethernet and Token Ring.

Q26. Difference Between Network And Operating System Security?

Network security concentrates on the packets of information flowing between computer systems. Operating System security controls access to resources on the server itself. Therefore, the two are looking at different things in terms of security.

Q27. Encryption Under The Wpa2 Personal Security Model Is Accomplished By ____?

AES-CCMP

Q28. Explain In Mobile And Computer And Home Is It Possible That We See And Listen Person Voice And Activity Carefully For Destroying Their Privacy?

Yes, it can be possible by third party software in computer and 3g in mobile.In computer third software like skype can be better media of communication method.

Q29. How Does An Encryption Help Security Of An Network?

One of the key objectives of computer security is confidentiality – information is only available to those who are supposed to have access to it. Encryption helps protect confidentiality of information trmitted over a network by (if it works as intended) making it difficult or impossible for someone who is not authorized to have the information to make sense of it if they intercept the information in trit. In cases of data stored on a network, if it is stored in encrypted form, it can make it difficult or impossible for an attacker to get anything useful from the encrypted file.

Q30. What Is The Difference Between An Exploit And Vulnerability In Information Security?

A vulnerability is a weak point in a system. This implies a risk, especially to confidential information. An exploit is a me of taking advantage of the vulnerability and using it to take advantage of a system or network. Just because something has been identified as a vulnerability doesn’t mean that it has been used to compromise a system. The presence of the exploit me someone has successfully used that weakness and taken advantage of it.

Q31. With Operating System Virtualization, A Virtual Machine Is Simulated As A Self-contained Software Environment By The ____ System (the Native Operating System To The Hardware)?

host

Q32. What Does Your Network/security Architecture Diagram Look Like?

The first thing you need to know to protect your network and systems is what you are protecting. You must know:

  • The physical topologies
  • Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.)
  • Types of operating systems
  • Perimeter protection measures (firewall and IDS placement, etc.)
  • Types of devices used (routers, switches, etc.)
  • Location of DMZs
  • IP address ranges and subnets
  • Use of NAT In addition, you must know where the diagram is stored and that it is regularly updated as changes are made.

Q33. Under The _____ , Healthcare Enterprises Must Guard Protected Health Information And Implement Policies And Procedures To Safeguard It, Whether It Be In Paper Or Electronic Format?

HIPAA.

Q34. A Computer ____ Is A Program That Secretly Attaches Itself To A Legitimate “carrier,” Such As A Document Or Program, And Then Executes When That Document Is Opened Or Program Is Launched?

virus

Q35. What Resources Are Located On Your Dmz?

Only systems that are semi-public should be kept on the DMZ. This includes external web servers, external mail servers, and external DNS. A split-architecture may be used where internal web, mail, and DNS are also located on the internal network.

Q36. What Are The Three Legs Of Network Security?

The three main tenets of security overall area: Confidentiality Availability Integrity.

Q37. Which Feature On A Cisco Ios Firewall Can Be Used To Block Incoming Traffic On A Ftp Server?

Extended ACL.

Q38. What Is Srm (security Reference Monitor)?

The Security Reference Monitor is the kernel mode component that does the actual access validation, as well as audit generation

Q39. What Is Sam (security Account Manager)?

SAM stands for Security Account Manager and is the one who maintains the security database, stored in the registry under HKLMSAM. It serves the Local Security Authority (LSA) with SIDs. The SAM maintains the user account database.

Q40. How Is Your Wireless Infrastructure Secured?

Wireless access must at least use WEP with 128-bit encryption. Although this provides some security, it is not very robust, which is why your wireless network should not be used for sensitive data. Consider moving to the 802.11i standard with AES encryption when it is finalized

Q41. Explain How Does Trace Route Work? Now How Does Trace Route Make Sure That The Packet Follows The Same Path That A Previous (with Ttl – 1) Probe Packet Went In?

First of all see traceroute works using ICMP packets. First source sends an ICMP packet with Time to Live (TTL) field as 1 to the destination address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as @This time second intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination.

Q42. ____, Also Called Add-ons, Represent A Specific Way Of Implementing Activex And Are Sometimes Called Activex Applications?

ActiveX controls.

Q43. The ____ Is The Link Between The Cellular Network And The Wired Telephone World And Controls All Trmitters And Base Stations In The Cellular Network?

MTSO

Q44. Instead Of The Web Server Asking The User For The Same Information Each Time She Visits That Site, The Server Can Store That User-specific Information In A File On The User’s Local Computer And Then R

cookie

Q45. How Do You Prevent Ddos Attack?

You do not have much choice, only correctly configured firewall/iptables (which is not a trivial task to do) can help you to prevent it. But there is no 100%

Q46. ____ Work To Protect The Entire Network And All Devices That Are Connected To It?

NIPS

Q47. An Attacker Could Alter The Mac Address In The Arp Cache So That The Corresponding Ip Address Would Point To A Different Computer, Which Is Known As ____?

ARP poisoning.

Q48. Are You Performing Content Level Inspections?

In addition to the content level inspection performed by the IDS, specific content inspections should also be performed on web server traffic and other application traffic. Some attacks evade detection by containing themselves in the payload of packets, or by altering the packet in some way, such as fragmentation. Content level inspection at the web server or application server will protect against attacks such as those that are tunneled in legitimate communications, attacks with malicious data, and unauthorized application usage.

Q49. What Is Included In Your Disaster Recovery Plan?

Your disaster recovery plan (DRP) should include recovery of data centers and recovery of business operations. It should also include recovery of the accrual physical business location and recovery of the business processes necessary to resume normal operations. In addition, the DRP should address alternate operating sites.

Q50. How Often Is Your Disaster Recovery Plan Tested?

The plan is no good unless it is tested at least once a year. These tests will iron out problems in the plan and make it more efficient and successful if/when it is needed. Testing can include walkthroughs, simulation, or a full out implementation.