Ethical Hacking Interview Questions and Answers
In this 2019 Ethical Hacking Interview Questions article, we
shall present 10 most essential and frequently used Ethical Hacking interview
questions and answers. These interview questions are divided into two parts are
as follows:
Part 1 – Ethical
Hacking Interview Questions (Basic)
This first part covers basic Ethical Hacking Interview
Questions and Answers.
Q1. Explain all
hacking stages in detail.
Answer:
Whenever the process of hacking or targeting a machine takes
place it goes through below five stages:
Reconnaissance-
This is the initial step where the hacker acquires all information about the
target.
Scanning- This
stage involves going through and scrutinizing all gathered information during
the reconnaissance phase. It can be used to examine who is the victim. The
hacker can choose automated tools in the scanning phase which may involve port
scanners, mappers and vulnerability scanners.
Gaining access-
This is the step where the actual hacking takes place. The hacker can now
attempt upon exploiting different vulnerabilities that are found during the
above two phases.
Maintaining access-
Once the access is gained hackers can keep the access as it is. This will help
in further scrutinizing of data and all attacks will be secure through
exclusive access to backdoors, rootkits, and Trojans.
Covering tracks-
Once all information is obtained and the access is maintained then the hacker
can cover their tracks and traces to avoid detection. This also enables them to
continue the use of a hacked system and also helps in avoiding any legal
actions.
Q2. Explain the
concept of footprinting and further explain the techniques used for the same.
Answer:
This is the common Ethical Hacking Interview Question asked
in an interview. Footprinting is usually referred to as accumulating and
discovering information about the target network before a user attempts to gain
access. The techniques used in footprinting are as below:
Open source
footprinting- This technique helps the user to search for all the information
related to administrator contact. This information can later be used to guess
the correct password when being used in social engineering.
Network enumeration:
This technique is used when the hacker tries to identify and get the names of
domain names and tries to look for network blocks that are supposedly targeted.
Scanning: Once
the hacker is able to identify the network, the next step is to investigate
active IP addresses on the network.
Stack fingerprinting:
This would be the last step or technique which should be used once the port and
host intended are mapped.
Q3. What is network
sniffing?
Answer:
Network sniffing term is used when a user wants to enable
real-time monitoring and also analyze data packets that are flowing over
computer networks. Hackers can make use of sniffing tools and is used for
ethical and unethical purposes. These can be used to steal information or
manager different networks. Sniffers are used by network administrators as a
network monitoring and analysis tool. In an unethical way, it can be used by
cybercriminals for wrong purposes like identity usurpation, email, sensitive
data hijacking and more.
Let us move to the next Ethical Hacking Interview Questions.
Q4. What is a DOS
attack and what are the common forms of DOC attack?
Answer:
Denial of Service can be considered as a malicious attack on
a network which can be done by
flooding the network with traffic which is of no
use. Although it is not a threat to information or security breach it can cost
the website owner a large amount of money and time. These attacks can be as
below:
- Buffer Overflow Attacks
- SYN Attack
- Teardrop Attack
- Smurf Attack
- Viruses
Q5. What are the ways
of avoiding or preventing ARP poisoning?
Answer:
ARP poisoning is a type of network attack and it can be
avoided in the following way.
Use packet filtering:
When you use packet filters you can filter out and block packets with a
different or conflicting source address information.
Avoiding trust relationships: Organizations
should follow protocols much and avoid relying on trust relationships as little
as possible.
Make use of ARP
spoofing detection software: There are some programs or applications which
inspect and certify data before it gets transmitted and this helps in blocking
the data that is spoofed.
Use cryptographic
network protocols: ARP spoofing attacks can be avoided by making use of
protocols like SSH, TLS, and HTTPS which ensure that data is sent in the
encrypted format before transmission and after the reception.
Part 2 – Ethical
Hacking Interview Questions (Advanced)
Let us now have a look at the advanced Ethical Hacking
Interview Questions and Answers.
Q6. What is the
difference between phishing and spoofing?
Answer:
Phishing and Spoofing are two different things. Phishing
downloads malware to your system or network and spoofing, on the other hand,
tricks your system into surrendering sensitive data to cybercriminals. Phishing
can be said as a technique for recovery while spoofing is the one used for
delivery.
Q7. What is the burp
suite and what are the tools that it contains?
Answer:
This is the most popular Ethical Hacking Interview Question
asked in an interview. Burp suite can be said as a platform which can be used
for attacking different network applications. It contains different tools that
a hacker would need for attacking any system. The functionalities that are used
in Burp suite are:
- Proxy Repeater
- Spider Decoder
- Scanner Comparer
- Intruder Sequencer
Q8. What is MIB?
Answer:
Management Information Base is a virtual database which
contains all formal description of network objects and the details about how
they can be managed using SNMP. The MIB database is hierarchical and in each of
these managed objects are addressed through the different object identifiers
which are known as OIDs.
Q9. Name the
different types of ethical hackers.
Answer:
There are four different types of ethical hackers. They are
as below:
- Certified ethical hacker
- A white box penetration tester
- A black box penetration tester
- Cyber warrior or the Grey box hacker
Q10. Name some
standard tools which are used by ethical hackers.
Answer:
To facilitate the task of hacking and speed up the process
hackers have created tools which make their task easy. These are:
- Metasploit
- Wireshark
- NMAP
- Burp Suite
- OWASP ZAP
- Nikto
- SQLmap
No comments:
Post a Comment