diff --git "a/interview QnA.json" "b/interview QnA.json" new file mode 100644--- /dev/null +++ "b/interview QnA.json" @@ -0,0 +1,6159 @@ +[ + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is the primary goal of a penetration test?", + "answer": "To identify vulnerabilities in a system or network." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What does SOC stand for in the context of cybersecurity?", + "answer": "Security Operations Center." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the first step in incident response?", + "answer": "Identification." + }, + { + "domain": "Compliance basics", + "difficulty": "Easy", + "question": "What is GDPR?", + "answer": "General Data Protection Regulation, a data privacy regulation in the EU." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the purpose of digital forensics?", + "answer": "To collect and analyze digital evidence in a legally admissible manner." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is an IP address?", + "answer": "A unique numerical label assigned to each device on a network." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a firewall?", + "answer": "A security device or software that filters network traffic." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "Is it ethical to hack into a system without permission?", + "answer": "No, it's illegal and unethical." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "What is 2 + 2?", + "answer": "4." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between black-box and white-box penetration testing?", + "answer": "Black-box testing is performed with no prior knowledge of the system, while white-box testing has full knowledge." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is a SIEM system used for?", + "answer": "Security Information and Event Management, used for real-time monitoring and analysis of security events." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the purpose of a playbook in incident response?", + "answer": "To provide step-by-step instructions for responding to specific incidents." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key principles of HIPAA compliance?", + "answer": "Privacy, security, and breach notification rules." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is steganography in digital forensics?", + "answer": "The practice of hiding data within other data." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the OSI model, and how many layers does it have?", + "answer": "The OSI model is a conceptual framework with 7 layers." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is a DDoS attack?", + "answer": "Distributed Denial of Service attack, which floods a network or service to make it unavailable." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "Under what circumstances might ethical hacking be permissible?", + "answer": "Ethical hacking is usually permissible with proper authorization for security or penetration testing." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "What is the square root of 16?", + "answer": "4." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the difference between SQL injection and Cross-Site Scripting (XSS) attacks.", + "answer": "SQL injection manipulates a database, while XSS attacks manipulate web page content." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is threat hunting, and why is it important in a SOC?", + "answer": "Threat hunting is proactive searching for threats in an environment to identify and mitigate them early." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key steps in eradicating a malware infection during incident response?", + "answer": "Isolate, identify, contain, eradicate, and recover." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "Explain the concept of 'data minimization' in data privacy compliance.", + "answer": "Data minimization is the practice of collecting only the data necessary for a specific purpose." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What are the challenges of digital forensics in a cloud computing environment?", + "answer": "Lack of physical access to hardware, data dispersion, and data encryption." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is BGP hijacking, and how can it be mitigated?", + "answer": "BGP hijacking is a route hijacking attack on the internet. Mitigation involves using RPKI and monitoring." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain the concept of 'zero trust' security architecture.", + "answer": "Zero trust assumes no trust, even inside a network, and requires verification for every user and device." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical dilemmas may arise in the field of cybersecurity?", + "answer": "Dilemmas may include balancing security and privacy, disclosing vulnerabilities, and nation-state hacking." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "What is the cube of 3?", + "answer": "27." + }, + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is the primary goal of a penetration test?", + "answer": "To identify vulnerabilities in a system or network." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What does SOC stand for in the context of cybersecurity?", + "answer": "Security Operations Center." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the first step in incident response?", + "answer": "Identification." + }, + { + "domain": "Compliance basics", + "difficulty": "Easy", + "question": "What is GDPR?", + "answer": "General Data Protection Regulation, a data privacy regulation in the EU." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the purpose of digital forensics?", + "answer": "To collect and analyze digital evidence in a legally admissible manner." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is an IP address?", + "answer": "A unique numerical label assigned to each device on a network." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a firewall?", + "answer": "A security device or software that filters network traffic." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "Is it ethical to hack into a system without permission?", + "answer": "No, it's illegal and unethical." + }, + { + "domain": "Basic aptitude", + "difficulty": "Easy", + "question": "What is 2 + 2?", + "answer": "4." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between black-box and white-box penetration testing?", + "answer": "Black-box testing is performed with no prior knowledge of the system, while white-box testing has full knowledge." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is a SIEM system used for?", + "answer": "Security Information and Event Management, used for real-time monitoring and analysis of security events." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the purpose of a playbook in incident response?", + "answer": "To provide step-by-step instructions for responding to specific incidents." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key principles of HIPAA compliance?", + "answer": "Privacy, security, and breach notification rules." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is steganography in digital forensics?", + "answer": "The practice of hiding data within other data." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the OSI model, and how many layers does it have?", + "answer": "The OSI model is a conceptual framework with 7 layers." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is a DDoS attack?", + "answer": "Distributed Denial of Service attack, which floods a network or service to make it unavailable." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "Under what circumstances might ethical hacking be permissible?", + "answer": "Ethical hacking is usually permissible with proper authorization for security testing." + }, + { + "domain": "Basic aptitude", + "difficulty": "Easy", + "question": "What is 10 divided by 2?", + "answer": "5." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the difference between SQL injection and Cross-Site Scripting (XSS) attacks.", + "answer": "SQL injection manipulates a database, while XSS attacks manipulate web page content." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is threat hunting, and why is it important in a SOC?", + "answer": "Threat hunting is proactive searching for threats in an environment to identify and mitigate them early." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key steps in eradicating a malware infection during incident response?", + "answer": "Isolate, identify, contain, eradicate, and recover." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "Explain the concept of 'data minimization' in data privacy compliance.", + "answer": "Data minimization is the practice of collecting only the data necessary for a specific purpose." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What are the challenges of digital forensics in a cloud computing environment?", + "answer": "Lack of physical access to hardware, data dispersion, and data encryption." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is BGP hijacking, and how can it be mitigated?", + "answer": "BGP hijacking is a route hijacking attack on the internet. Mitigation involves using RPKI and monitoring." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain the concept of 'zero trust' security architecture.", + "answer": "Zero trust assumes no trust, even inside a network, and requires verification for every user and device." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical dilemmas may arise in the field of cybersecurity?", + "answer": "Dilemmas may include balancing security and privacy, disclosing vulnerabilities, and nation-state hacking." + }, + { + "domain": "Basic aptitude", + "difficulty": "Easy", + "question": "What is the result of 5 multiplied by 3?", + "answer": "15." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is the purpose of a vulnerability assessment?", + "answer": "To identify and assess vulnerabilities in a system or network." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the role of a Security Operations Center (SOC) analyst?", + "answer": "To monitor and analyze security events and incidents." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the primary goal of incident response?", + "answer": "To minimize the impact of security incidents and restore normal operations." + }, + { + "domain": "Compliance basics", + "difficulty": "Easy", + "question": "What is the Payment Card Industry Data Security Standard (PCI DSS)?", + "answer": "A set of security standards for protecting payment card data." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the first step in the digital forensics process?", + "answer": "Identification and preservation of evidence." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a MAC address?", + "answer": "A hardware address that uniquely identifies a device on a network." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is a security policy?", + "answer": "A set of rules and guidelines that define acceptable security practices." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "Is it ethical to disclose a security vulnerability to the public without notifying the vendor?", + "answer": "It depends on responsible disclosure practices, but generally, no." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Difficult", + "question": "If all A's are B's and all B's are C's, what can you conclude about A's and C's?", + "answer": "All A's are C's." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between black-box and white-box penetration testing?", + "answer": "Black-box testing is performed with no prior knowledge of the system, while white-box testing has full knowledge." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is threat intelligence, and how is it used in a SOC?", + "answer": "Threat intelligence is information about current threats, used to detect and respond to security incidents." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key phases of the incident response lifecycle?", + "answer": "Preparation, identification, containment, eradication, recovery, and lessons learned." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the role of a Data Protection Officer (DPO) in GDPR compliance?", + "answer": "To oversee data protection and compliance efforts within an organization." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is chain of custody in digital forensics, and why is it important?", + "answer": "Chain of custody is a documented record of evidence handling to ensure its integrity and admissibility in court." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the purpose of a subnet mask in networking?", + "answer": "To determine which portion of an IP address is the network and which is the host." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is multi-factor authentication (MFA), and why is it important for security?", + "answer": "MFA requires multiple forms of verification and adds an extra layer of security to protect accounts." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "Under what circumstances might ethical hacking be permissible?", + "answer": "Ethical hacking is usually permissible with proper authorization for security testing." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all cats have tails, and Fluffy is a cat, does Fluffy have a tail?", + "answer": "Yes, Fluffy has a tail." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the difference between SQL injection and Cross-Site Scripting (XSS) attacks.", + "answer": "SQL injection manipulates a database, while XSS attacks manipulate web page content." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is the difference between an IDS and an IPS in network security?", + "answer": "An IDS detects threats and alerts, while an IPS actively blocks and prevents them." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What are the legal and regulatory implications of a data breach during incident response?", + "answer": "Depending on the jurisdiction, breach notification and compliance fines may apply." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key requirements of the California Consumer Privacy Act (CCPA)?", + "answer": "Rights for consumers to access, delete, and opt-out of the sale of personal information." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What challenges can arise when conducting digital forensics on mobile devices?", + "answer": "Encryption, locked devices, and volatile data." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Explain the concept of a VLAN (Virtual LAN) in network architecture.", + "answer": "A VLAN is a logical grouping of devices within a physical network, providing segmentation and security." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is social engineering in the context of penetration testing?", + "answer": "Social engineering is the manipulation of individuals to gain unauthorized access or information." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the purpose of a SIEM (Security Information and Event Management) system?", + "answer": "SIEM is used for real-time monitoring, correlation, and analysis of security events." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the difference between an incident and an event in incident response?", + "answer": "An event is any observable occurrence, while an incident is an event with potential or actual harm." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the role of a Chief Privacy Officer (CPO) in compliance with privacy regulations?", + "answer": "To oversee an organization's privacy compliance efforts and ensure alignment with regulations." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is RAM (Random Access Memory) in digital forensics, and why is it important?", + "answer": "RAM contains live or recents and volatile data that can be crucial for digital investigations." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is a MAC flooding attack in network security?", + "answer": "MAC flooding floods a switch's MAC address table, causing it to operate like a hub and potentially exposing traffic." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the CIA triad in cybersecurity?", + "answer": "CIA stands for Confidentiality, Integrity, and Availability, the core principles of information security." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What is the difference between black hat hackers and white hat hackers?", + "answer": "Black hat hackers are malicious, while white hat hackers are ethical and work to improve security." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Difficult", + "question": "If all A's are B's and some B's are C's, can you conclude that some A's are C's?", + "answer": "Yes, some A's are C's." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is a zero-day vulnerability in the context of penetration testing?", + "answer": "A zero-day vulnerability is a security flaw that is unknown to the vendor and has no patch available." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain the concept of threat hunting in a Security Operations Center (SOC).", + "answer": "Threat hunting involves actively searching for signs of compromise within an organization's network." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What is the role of a Computer Security Incident Response Team (CSIRT) in incident response?", + "answer": "A CSIRT is responsible for coordinating and responding to cybersecurity incidents." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key requirements of the European Union's GDPR (General Data Protection Regulation)?", + "answer": "GDPR includes requirements for consent, data subject rights, and data breach notifications." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is file carving in digital forensics, and when is it used?", + "answer": "File carving is the process of recovering files from raw data and is used when file system metadata is missing." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the purpose of a proxy server in network architecture?", + "answer": "A proxy server acts as an intermediary between clients and servers, providing security and caching." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Explain the principle of least privilege in cybersecurity.", + "answer": "The principle of least privilege means giving users or systems only the minimum access rights needed to perform their tasks." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What is responsible disclosure, and why is it important in cybersecurity?", + "answer": "Responsible disclosure is the ethical practice of reporting vulnerabilities to vendors before public disclosure." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If some cats have tails and some dogs don't have tails, can you conclude that all cats have tails?", + "answer": "No, you cannot conclude that all cats have tails." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is privilege escalation in the context of penetration testing?", + "answer": "Privilege escalation is the process of gaining higher-level access privileges than originally intended." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Explain the concept of threat intelligence sharing among different organizations.", + "answer": "Threat intelligence sharing helps organizations collaborate to identify and mitigate cyber threats." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the legal and regulatory implications of a data breach during incident response?", + "answer": "Depending on the jurisdiction, breach notification and compliance fines may apply." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key requirements of the Health Insurance Portability and Accountability Act (HIPAA)?", + "answer": "HIPAA includes requirements for protecting health information privacy and security." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "Explain the concept of volatility in digital forensics.", + "answer": "Volatility refers to the temporary nature of data in computer memory (RAM)." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is a DNS cache poisoning attack, and how can it be mitigated?", + "answer": "DNS cache poisoning can redirect traffic; mitigation involves using DNSSEC and monitoring." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is a penetration testing report, and why is it important?", + "answer": "A penetration testing report details the findings, vulnerabilities, and recommendations for improving security." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the role of a Security Information and Event Management (SIEM) system in a SOC?", + "answer": "SIEM systems collect, correlate, and analyze logs and security event data to detect threats." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the difference between an incident and a breach in incident response?", + "answer": "An incident is a security event, while a breach is an unauthorized access or disclosure." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the purpose of a Data Protection Impact Assessment (DPIA) in compliance?", + "answer": "A DPIA assesses and mitigates risks to individuals' privacy in data processing activities." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is hashing in digital forensics, and why is it used?", + "answer": "Hashing is the process of generating a fixed-size hash value from data, used for data integrity verification." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a router, and what is its role in computer networks?", + "answer": "A router routes or forwards data packets between different networks and determines the best path." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the principle of defense-in-depth in cybersecurity?", + "answer": "Defense-in-depth involves implementing multiple layers of security to protect against various threats." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What is the responsibility of a Certified Ethical Hacker (CEH) in the cybersecurity field?", + "answer": "A CEH is trained to identify vulnerabilities and weaknesses in systems ethically." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If some birds can fly and penguins are birds, can penguins fly?", + "answer": "No, penguins are flightless birds." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between a vulnerability assessment and a penetration test?", + "answer": "A vulnerability assessment identifies vulnerabilities, while a penetration test exploits them." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain the concept of threat hunting and its importance in a SOC.", + "answer": "Threat hunting involves proactive searching for threats that may have evaded detection, enhancing security." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key steps in an incident response plan, and why is planning important?", + "answer": "Planning ensures a coordinated and effective response, including preparation, detection, containment, and recovery." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key principles of the Family Educational Rights and Privacy Act (FERPA)?", + "answer": "FERPA protects the privacy of student education records and grants rights to parents and eligible students." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What is anti-forensics, and how does it impact digital investigations?", + "answer": "Anti-forensics is the practice of erasing or obfuscating digital traces to hinder investigations." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is a VLAN trunk, and why is it used in network design?", + "answer": "A VLAN trunk allows multiple VLANs to traverse a single network link, facilitating network segmentation." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "Explain the concept of security through obscurity in cybersecurity.", + "answer": "Security through obscurity relies on secrecy rather than sound security practices and is generally discouraged." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "What ethical considerations should a cybersecurity professional take into account when conducting investigations?", + "answer": "Ethical considerations include respecting privacy, legal requirements, and informed consent." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all dogs have tails, and Fido is a dog, does Fido have a tail?", + "answer": "Yes, Fido has a tail." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is privilege escalation in the context of penetration testing?", + "answer": "Privilege escalation is the process of gaining higher-level access privileges than originally intended." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Explain the concept of threat intelligence sharing among different organizations.", + "answer": "Threat intelligence sharing helps organizations collaborate to identify and mitigate cyber threats." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the legal and regulatory implications of a data breach during incident response?", + "answer": "Depending on the jurisdiction, breach notification and compliance fines may apply." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key requirements of the Health Insurance Portability and Accountability Act (HIPAA)?", + "answer": "HIPAA includes requirements for protecting health information privacy and security." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "Explain the concept of volatility in digital forensics.", + "answer": "Volatility refers to the temporary nature of data in computer memory (RAM)." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is a DNS cache poisoning attack, and how can it be mitigated?", + "answer": "DNS cache poisoning can redirect traffic; mitigation involves using DNSSEC and monitoring." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is the difference between a vulnerability and an exploit?", + "answer": "A vulnerability is a weakness, while an exploit is a piece of code that takes advantage of that weakness." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the primary goal of threat detection in a SOC?", + "answer": "The primary goal is to identify and respond to security threats and incidents." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the purpose of a tabletop exercise in incident response planning?", + "answer": "Tabletop exercises help organizations simulate and practice their response to various security scenarios." + }, + { + "domain": "Compliance basics", + "difficulty": "Easy", + "question": "What is the difference between data protection and data privacy?", + "answer": "Data protection focuses on securing data, while data privacy is about protecting individuals' rights to control their data." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is a write blocker in digital forensics, and why is it used?", + "answer": "A write blocker prevents data from being modified on the original storage device during forensic analysis." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the purpose of an Intrusion Detection System (IDS) in network security?", + "answer": "An IDS monitors network traffic for signs of suspicious activity or potential threats." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a security incident, and how does it differ from a security event?", + "answer": "A security event is any observable occurrence, while a security incident is an event with actual or potential harm." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What are the ethical considerations when conducting red teaming exercises?", + "answer": "Ethical considerations include obtaining proper authorization, minimizing disruption, and respecting privacy." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all birds can fly, and penguins are birds, can penguins fly?", + "answer": "Not all birds can fly, and penguins are flightless." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is a privilege escalation vulnerability, and why is it dangerous?", + "answer": "Privilege escalation vulnerabilities allow attackers to gain higher-level access, potentially compromising the system." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain the concept of Security Orchestration, Automation, and Response (SOAR) in a SOC.", + "answer": "SOAR involves using automation and orchestration to improve incident response and reduce manual tasks." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key components of a well-defined incident response plan?", + "answer": "Components include roles and responsibilities, communication procedures, and incident categorization." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the European Union's ePrivacy Directive, and how does it relate to GDPR?", + "answer": "The ePrivacy Directive covers electronic communications and complements GDPR by addressing privacy in digital services." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What are the challenges of recovering deleted files in digital forensics?", + "answer": "Challenges include data fragmentation, overwriting, and file system corruption." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the difference between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)?", + "answer": "TCP provides reliable, connection-oriented communication, while UDP is connectionless and faster but less reliable." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Explain the concept of risk assessment in cybersecurity.", + "answer": "Risk assessment involves identifying, evaluating, and prioritizing security risks to make informed decisions." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "What ethical challenges may arise when conducting penetration testing?", + "answer": "Challenges include distinguishing between authorized and unauthorized access and ensuring no harm is done." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all Xs are Ys, and some Ys are Zs, can you conclude that some Xs are Zs?", + "answer": "Yes, you can conclude that some Xs are Zs." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between a zero-day vulnerability and a N-day vulnerability?", + "answer": "A zero-day vulnerability is unknown to the vendor, while an N-day vulnerability has been known for N days." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Explain the role of threat intelligence feeds in a SOC environment.", + "answer": "Threat intelligence feeds provide real-time information on emerging threats, enhancing SOC detection capabilities." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What legal obligations does an organization have when experiencing a data breach during incident response?", + "answer": "Legal obligations may include breach notification to affected individuals and regulatory authorities." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key requirements of the California Consumer Privacy Act (CCPA)?", + "answer": "CCPA grants California residents rights over their personal information, including access and deletion." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "Explain the concept of anti-forensics techniques and their impact on investigations.", + "answer": "Anti-forensics techniques aim to erase or obfuscate digital traces, making investigations more challenging." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is BGP hijacking, and how can it be mitigated?", + "answer": "BGP hijacking is a route hijacking attack on the internet; mitigation involves BGP monitoring and validation." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is a vulnerability scanner, and how does it help in penetration testing?", + "answer": "A vulnerability scanner identifies weaknesses and vulnerabilities in a system or network." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is a false positive in the context of security alerts, and why is it important to reduce them?", + "answer": "A false positive is a security alert that incorrectly identifies benign activity as a threat, and reducing them helps focus resources on real threats." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the role of a chain of custody in digital evidence handling during incident response?", + "answer": "A chain of custody ensures the integrity and admissibility of digital evidence in legal proceedings." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the role of a Chief Information Security Officer (CISO) in compliance efforts?", + "answer": "A CISO oversees and manages an organization's information security and compliance programs." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the forensic analysis process, and why is it crucial in investigations?", + "answer": "Forensic analysis involves collecting, preserving, and analyzing digital evidence to establish facts in an investigation." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a firewall, and why is it used in network security?", + "answer": "A firewall is a network security device that filters incoming and outgoing traffic to prevent unauthorized access and attacks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a security incident response plan, and why should organizations have one?", + "answer": "A security incident response plan outlines how an organization will respond to and recover from security incidents, ensuring a coordinated and effective response." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What is the role of an ethical hacker in enhancing cybersecurity?", + "answer": "An ethical hacker helps identify vulnerabilities and weaknesses in systems to improve security." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all Xs are Ys, and no Ys are Zs, can you conclude that no Xs are Zs?", + "answer": "Yes, you can conclude that no Xs are Zs." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is privilege escalation, and how does it relate to penetration testing?", + "answer": "Privilege escalation is the process of gaining higher-level access within a system, and it is often a goal in penetration testing." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Explain the concept of Security Information Sharing and Analysis Centers (ISACs) in threat intelligence.", + "answer": "ISACs are industry-specific organizations that facilitate the sharing of cybersecurity threat information among members." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the importance of legal and regulatory compliance during incident response?", + "answer": "Compliance ensures that an organization follows legal and regulatory requirements during incident handling, reducing legal risks." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the role of data encryption in achieving compliance with data protection regulations?", + "answer": "Data encryption helps protect sensitive information, aligning with data protection requirements in many regulations." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "Explain the term 'forensic duplication' in digital forensics and why it is necessary.", + "answer": "Forensic duplication is the process of creating a bit-for-bit copy of digital evidence to ensure its preservation and prevent alteration." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the purpose of a Virtual Private Network (VPN) in network security?", + "answer": "A VPN creates a secure, encrypted tunnel over a public network to protect data communication." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Explain the concept of security policies and procedures in an organization.", + "answer": "Security policies and procedures are guidelines and rules that define acceptable security practices and behavior within an organization." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical considerations should guide the responsible disclosure of security vulnerabilities?", + "answer": "Responsible disclosure should consider minimizing harm, vendor notification, and adherence to ethical standards." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Difficult", + "question": "If no Xs are Ys, and some Ys are Zs, can you conclude that no Xs are Zs?", + "answer": "No, you cannot conclude that no Xs are Zs." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What are the key differences between white-box and black-box penetration testing?", + "answer": "White-box testing has full knowledge of the system, while black-box testing has no prior knowledge." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Explain the concept of Threat Intelligence Platforms (TIPs) and their role in SOC operations.", + "answer": "TIPs collect, analyze, and disseminate threat intelligence to enhance the SOC's ability to detect and respond to threats." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What are the legal implications of failing to notify affected individuals promptly after a data breach?", + "answer": "Failure to notify affected individuals can result in legal penalties and damage to an organization's reputation." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key requirements of the European Union's NIS Directive, and how does it impact critical infrastructure?", + "answer": "The NIS Directive mandates cybersecurity measures for operators of essential services and digital service providers." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What challenges can arise when performing digital forensics on cloud-based systems?", + "answer": "Challenges include data jurisdiction issues, access limitations, and the dynamic nature of cloud environments." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "Explain the concept of a zero-day vulnerability in the context of network security.", + "answer": "A zero-day vulnerability is a security flaw that is unknown to the vendor and has no available patch." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is the primary goal of penetration testing?", + "answer": "The primary goal of penetration testing is to identify security vulnerabilities and weaknesses." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the role of a Security Operations Center (SOC) analyst in monitoring network traffic?", + "answer": "SOC analysts monitor network traffic for signs of suspicious activity and security threats." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the purpose of an incident response plan?", + "answer": "An incident response plan outlines how to detect, respond to, and recover from security incidents." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the significance of data classification in compliance with data protection regulations?", + "answer": "Data classification helps organizations categorize data based on sensitivity, aiding in compliance efforts." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is file system metadata in digital forensics, and why is it important?", + "answer": "File system metadata contains information about files and their attributes, aiding in investigations." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a DMZ (Demilitarized Zone) in network security, and why is it used?", + "answer": "A DMZ is a network segment that separates a trusted network from an untrusted one to enhance security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is two-factor authentication (2FA) in cybersecurity?", + "answer": "2FA is an authentication method that requires users to provide two separate forms of identification." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What ethical principles guide the conduct of cybersecurity professionals?", + "answer": "Ethical principles include integrity, confidentiality, and respect for privacy and the law." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all A's are B's, and some B's are C's, can you conclude that some A's are C's?", + "answer": "Yes, you can conclude that some A's are C's." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between a black-box test and a gray-box test in penetration testing?", + "answer": "A black-box test has no prior knowledge, while a gray-box test has partial knowledge of the system." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain the concept of threat hunting and its benefits in a SOC.", + "answer": "Threat hunting involves proactive searching for threats, enhancing detection and response capabilities." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What is the role of a Computer Emergency Response Team (CERT) in incident response?", + "answer": "A CERT is responsible for coordinating responses to cybersecurity incidents, providing expertise and support." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key requirements of the Payment Card Industry Data Security Standard (PCI DSS)?", + "answer": "PCI DSS sets requirements for securing payment card data and transactions." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "Explain the concept of data carving in digital forensics.", + "answer": "Data carving is the process of extracting files or data from unstructured or corrupted storage media." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the OSI model, and how does it relate to network communication?", + "answer": "The OSI model is a conceptual framework that standardizes network communication into seven layers." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the role of a security policy in an organization's cybersecurity strategy?", + "answer": "A security policy provides guidelines and rules for safeguarding an organization's assets and data." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "What are the potential ethical challenges when conducting penetration testing on a client's network?", + "answer": "Challenges include obtaining proper authorization, avoiding harm, and maintaining client confidentiality." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If no Xs are Ys, and some Ys are Zs, can you conclude that some Xs are Zs?", + "answer": "No, you cannot conclude that some Xs are Zs." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "What is a pivot in the context of penetration testing, and why is it used?", + "answer": "Pivoting involves using compromised systems as stepping stones to gain further access within a network." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Explain the concept of threat feed integration in a SOC environment.", + "answer": "Threat feed integration involves aggregating external threat intelligence sources to enhance detection capabilities." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the legal considerations when preserving and handling digital evidence during an incident response?", + "answer": "Legal considerations include chain of custody, data privacy laws, and admissibility in court." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key requirements of the Federal Information Security Management Act (FISMA) in the United States?", + "answer": "FISMA mandates information security standards and practices for federal agencies." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What challenges can arise when conducting digital forensics on mobile devices?", + "answer": "Challenges include encryption, multiple device types, and volatile data." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a man-in-the-middle (MitM) attack, and how can it be prevented?", + "answer": "A MitM attack intercepts and possibly alters communication between two parties; prevention includes encryption and certificate validation." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is a vulnerability assessment, and how does it differ from a penetration test?", + "answer": "A vulnerability assessment identifies and ranks vulnerabilities, while a penetration test simulates attacks to exploit them." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the role of a Security Information and Event Management (SIEM) system in a SOC?", + "answer": "A SIEM system collects and analyzes security event data to detect and respond to threats." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is an incident handler's primary responsibility during an incident?", + "answer": "An incident handler's primary responsibility is to coordinate and guide the response efforts to contain and mitigate the incident." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the purpose of the General Data Protection Regulation (GDPR), and who does it apply to?", + "answer": "GDPR aims to protect the privacy of individuals' data and applies to organizations that process personal data of EU residents." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the significance of a digital chain of custody in forensic investigations?", + "answer": "A digital chain of custody ensures the integrity and admissibility of digital evidence in court." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the primary function of a proxy server in network architecture?", + "answer": "A proxy server acts as an intermediary between clients and servers, forwarding requests and responses." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the 'Principle of Least Privilege' in cybersecurity?", + "answer": "The Principle of Least Privilege restricts users and systems to the minimum level of access necessary to perform their tasks." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What are some ethical considerations when disclosing security vulnerabilities to the public?", + "answer": "Ethical considerations include responsible disclosure, protecting user data, and not causing harm." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all mammals are animals, and all dogs are mammals, can you conclude that all dogs are animals?", + "answer": "Yes, you can conclude that all dogs are animals." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "What is a buffer overflow vulnerability, and why is it a common target in penetration testing?", + "answer": "A buffer overflow vulnerability occurs when a program writes more data to a buffer than it can hold, potentially leading to code execution." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain the concept of Threat Intelligence in the context of a Security Operations Center (SOC).", + "answer": "Threat Intelligence involves collecting, analyzing, and using information about potential threats to enhance security measures." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the role of a public relations team during a cybersecurity incident?", + "answer": "The public relations team manages communication with the media, stakeholders, and the public to protect the organization's reputation." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What is the difference between ISO 27001 and SOC 2 compliance standards?", + "answer": "ISO 27001 is a globally recognized information security management system standard, while SOC 2 focuses on service organization controls." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "Explain the concept of file carving in digital forensics and its use cases.", + "answer": "File carving is the process of recovering files from storage media without metadata, useful when file system structures are damaged." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is a Distributed Denial of Service (DDoS) attack, and how can it be mitigated?", + "answer": "A DDoS attack floods a network or service with traffic; mitigation involves traffic filtering and load balancing." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the concept of Zero Trust security architecture?", + "answer": "Zero Trust assumes no trust within a network and requires strict access controls and authentication for all users and devices." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical dilemmas can arise when conducting social engineering tests in a penetration test?", + "answer": "Ethical dilemmas include obtaining informed consent and avoiding causing undue harm or psychological distress." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If some birds can swim, and penguins are birds, can penguins swim?", + "answer": "No, penguins are flightless birds." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the concept of post-exploitation in penetration testing.", + "answer": "Post-exploitation refers to the actions taken by an attacker after gaining initial access to a system to maintain control or gather data." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of Threat Intelligence Feeds and Threat Intelligence Platforms (TIPs) in a SOC?", + "answer": "Threat Intelligence Feeds provide real-time threat data, while TIPs help analyze and disseminate that intelligence for improved security." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What legal obligations does an organization have to its customers in the event of a data breach?", + "answer": "Legal obligations may include notifying affected customers about the breach and taking steps to mitigate harm." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key provisions of the California Privacy Rights Act (CPRA), and how does it differ from the California Consumer Privacy Act (CCPA)?", + "answer": "CPRA enhances consumer privacy rights and introduces new requirements compared to CCPA." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What are some challenges faced in the analysis of encrypted data in digital forensics?", + "answer": "Challenges include decrypting data without access to keys and maintaining chain of custody while handling encrypted evidence." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is ARP spoofing, and how can it be detected and prevented in a network?", + "answer": "ARP spoofing involves falsifying ARP messages; detection methods include ARP inspection and network segmentation." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is a payload in the context of a penetration test?", + "answer": "A payload is a piece of code or script that is delivered to a target system to exploit vulnerabilities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is a Security Incident and Event Management (SIEM) system used for?", + "answer": "A SIEM system is used to collect, correlate, and analyze security events and incidents in real-time." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the purpose of a root cause analysis in incident response?", + "answer": "Root cause analysis helps identify the underlying causes of security incidents to prevent future occurrences." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the role of a Data Protection Impact Assessment (DPIA) in compliance with data protection regulations?", + "answer": "A DPIA assesses the impact of data processing activities on individuals' privacy and helps organizations comply with regulations." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is the significance of a forensic image in digital forensics?", + "answer": "A forensic image is a bit-by-bit copy of a storage device, preserving evidence integrity during analysis." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a VLAN (Virtual Local Area Network), and why is it used in network design?", + "answer": "A VLAN partitions a physical network into logical segments, improving network efficiency and security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a firewall rule, and how does it control network traffic?", + "answer": "A firewall rule specifies what traffic is allowed or blocked based on criteria like source, destination, and port." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What ethical responsibilities do cybersecurity professionals have when dealing with sensitive data?", + "answer": "Responsibilities include confidentiality, integrity, and compliance with laws and regulations." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all humans are mortal, and Socrates is a human, can you conclude that Socrates is mortal?", + "answer": "Yes, you can conclude that Socrates is mortal." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is a reverse shell in the context of penetration testing, and why is it used?", + "answer": "A reverse shell allows an attacker to establish a connection from a compromised system to an external one, gaining control." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain the concept of threat modeling in a Security Operations Center (SOC).", + "answer": "Threat modeling involves identifying potential threats and vulnerabilities to prioritize defense measures. example : STRIDE Threat Modelling Framework." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the role of a public affairs team in incident response management?", + "answer": "A public affairs team manages external communication during an incident, including press releases and public statements." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key differences between the Health Insurance Portability and Accountability Act (HIPAA) and the GDPR?", + "answer": "HIPAA focuses on healthcare data privacy in the U.S., while GDPR applies to personal data protection in the EU." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "Explain the concept of volatile data in digital forensics, and why is it important?", + "answer": "Volatile data resides in a system's memory and is temporary; it can provide crucial evidence during live analysis." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the difference between a stateful firewall and a stateless firewall?", + "answer": "A stateful firewall tracks the state of active connections, while a stateless firewall filters packets based on rules without connection tracking." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the concept of a threat vector in cybersecurity, and how does it relate to attack vectors?", + "answer": "A threat vector is a method or path attackers use to deliver attacks, while an attack vector is the specific attack mechanism." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical considerations should guide the development and deployment of autonomous cybersecurity tools?", + "answer": "Considerations include transparency, accountability, and minimizing unintended consequences." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If some cars are blue, and this car is blue, can you conclude that it's a car?", + "answer": "Yes, you can conclude that it's a car." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the concept of privilege escalation in the context of penetration testing, and why is it a critical finding?", + "answer": "Privilege escalation is the process of gaining higher-level access rights; it's critical because it can lead to full system compromise." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of threat hunting in a proactive SOC strategy, and what tools or techniques are used for it?", + "answer": "Threat hunting aims to identify hidden threats; techniques include anomaly detection and use of tools like Caldera, Maltego, Recon-ng." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What legal and regulatory considerations must organizations address when conducting forensic investigations during an incident response?", + "answer": "Considerations include data privacy laws, chain of custody, and evidentiary rules." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key components of the Gramm-Leach-Bliley Act (GLBA) in financial services compliance, and how does it protect consumer information?", + "answer": "GLBA requires financial institutions to safeguard consumer financial information through privacy notices and security measures." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What challenges can arise when conducting digital forensics on IoT (Internet of Things) devices?", + "answer": "Challenges include device diversity, data encryption, and integration into existing forensic tools." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the concept of a Honeypot in network security, and how is it used to detect and mitigate threats?", + "answer": "A Honeypot is a deceptive system designed to lure attackers; it helps identify and analyze threats without risking real systems." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is a vulnerability scanner, and why is it used in penetration testing?", + "answer": "A vulnerability scanner is a tool that identifies security weaknesses in a system or network. It is used in penetration testing to discover potential entry points for attackers." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the purpose of Security Information and Event Management (SIEM) in a Security Operations Center (SOC)?", + "answer": "SIEM systems are used to collect, analyze, and correlate security event data from various sources, helping SOC analysts detect and respond to security incidents." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the main goal of incident containment during an incident response process?", + "answer": "The main goal of incident containment is to prevent the incident from spreading or causing further damage, minimizing its impact on the organization." + }, + { + "domain": "Compliance basics", + "difficulty": "Easy", + "question": "What is the significance of Personally Identifiable Information (PII) in compliance with data protection regulations?", + "answer": "PII refers to information that can identify an individual, and its protection is a key aspect of data protection regulations to ensure privacy." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the difference between static and dynamic analysis in digital forensics?", + "answer": "Static analysis examines digital evidence without execution, while dynamic analysis involves running and observing software to gather evidence." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a Demilitarized Zone (DMZ) in network security, and why is it implemented?", + "answer": "A DMZ is a network segment that separates an internal network from an external one, typically hosting public-facing services to enhance security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the concept of 'Least Privilege' in cybersecurity, and why is it important?", + "answer": "Least Privilege means granting users and processes the minimum access necessary to perform their tasks, reducing the risk of unauthorized actions." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "What ethical principles guide responsible disclosure in cybersecurity?", + "answer": "Ethical principles include transparency, responsible reporting, and minimizing harm to users and organizations." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all Xs are Ys, and some Ys are Zs, can you conclude that some Xs are Zs?", + "answer": "Yes, you can conclude that some Xs are Zs." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between vulnerability assessment and penetration testing?", + "answer": "Vulnerability assessment focuses on identifying and prioritizing vulnerabilities, while penetration testing simulates attacks to exploit vulnerabilities and assess security." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Explain the role of Threat Intelligence Feeds in a Security Operations Center (SOC).", + "answer": "Threat Intelligence Feeds provide real-time information about emerging threats and vulnerabilities, enhancing the SOC's ability to detect and respond effectively." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What legal and regulatory requirements often apply to incident response processes, and why are they important?", + "answer": "Legal and regulatory requirements ensure that organizations handle security incidents in compliance with the law, protecting both customers and the organization." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key components of the European Union's General Data Protection Regulation (GDPR) and how do they impact organizations?", + "answer": "GDPR includes requirements for data protection officers, data subject rights, breach notification, and substantial fines for non-compliance, affecting organizations handling EU citizens' data." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "Explain the concept of volatile data in digital forensics, and why is it essential to capture it quickly?", + "answer": "Volatile data is temporary and resides in a computer's memory. It can change or disappear quickly, making its rapid capture critical for investigations." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is Network Address Translation (NAT), and how does it contribute to network security?", + "answer": "NAT allows multiple devices on a private network to share a single public IP address, enhancing security by hiding internal network structure." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What are the key principles of the CIA Triad in information security, and why are they important?", + "answer": "The CIA Triad consists of Confidentiality, Integrity, and Availability, serving as the foundation for information security by protecting data from unauthorized access, ensuring data accuracy, and ensuring data availability when needed." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "What ethical dilemmas may arise when conducting vulnerability research, and how can they be addressed?", + "answer": "Ethical dilemmas include responsible disclosure, avoiding harm, and respecting intellectual property. They can be addressed through coordinated disclosure processes and ethical guidelines." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If some birds can fly, and penguins are birds, can you conclude that penguins can fly?", + "answer": "No, you cannot conclude that penguins can fly because not all birds have the ability to fly." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the concept of privilege escalation in penetration testing, and how can it be exploited by attackers?", + "answer": "Privilege escalation involves gaining higher-level access rights than originally granted. Attackers can exploit it to gain unauthorized control over a system." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of a Security Orchestration, Automation, and Response (SOAR) platform in a Security Operations Center (SOC)?", + "answer": "A SOAR platform automates and orchestrates security tasks, allowing the SOC to respond to incidents more efficiently and effectively." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What legal obligations does an organization have regarding data breach notification to affected individuals?", + "answer": "Legal obligations often require organizations to notify affected individuals promptly, providing information about the breach and steps to protect themselves." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key provisions of the Sarbanes-Oxley Act (SOX) and how do they impact financial reporting and compliance?", + "answer": "SOX mandates stricter financial reporting and auditing standards for public companies, aiming to enhance transparency and protect investors." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What challenges can arise when conducting digital forensics on cloud-based data storage and services?", + "answer": "Challenges include data jurisdiction, access to cloud data, and preserving evidence in a dynamic cloud environment." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "Explain the concept of a Software-Defined Network (SDN) and its potential security implications.", + "answer": "SDN separates network control and data plane, offering flexibility but introducing security challenges like centralized control plane attacks." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is the primary goal of a penetration test?", + "answer": "The primary goal of a penetration test is to identify and assess vulnerabilities in a system or network before malicious actors can exploit them." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the purpose of a Security Operations Center (SOC)?", + "answer": "A Security Operations Center (SOC) is a centralized unit responsible for monitoring and responding to security threats and incidents." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What is an Incident Response Plan (IRP), and why is it essential for organizations?", + "answer": "An Incident Response Plan (IRP) is a structured approach to addressing and managing security incidents. It is essential for minimizing damage and recovery time." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the role of a Chief Information Security Officer (CISO) in compliance management?", + "answer": "A CISO is responsible for overseeing an organization's compliance with security regulations and ensuring the protection of sensitive information." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the difference between live forensics and dead forensics in digital investigations?", + "answer": "Live forensics involves analyzing a system while it is running, while dead forensics analyzes a system that is powered off or offline." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a Man-in-the-Middle (MitM) attack, and how does it work?", + "answer": "A MitM attack intercepts communication between two parties, allowing the attacker to eavesdrop, modify, or inject data." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the concept of 'Defense in Depth' in cybersecurity, and why is it important?", + "answer": "Defense in Depth involves implementing multiple layers of security controls to protect against a variety of threats. It is important because it increases overall security resilience." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What ethical considerations should be taken into account when conducting social engineering tests in a cybersecurity assessment?", + "answer": "Ethical considerations include obtaining informed consent, minimizing harm, and ensuring responsible testing practices." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all A is B, and all B is C, can you conclude that all A is C?", + "answer": "Yes, you can conclude that all A is C." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between black-box and white-box penetration testing?", + "answer": "Black-box testing is conducted with no prior knowledge of the system, while white-box testing has full knowledge of the system's internals." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is the purpose of Security Orchestration, Automation, and Response (SOAR) in a SOC?", + "answer": "SOAR integrates security technologies, automates processes, and orchestrates responses to improve the efficiency of a SOC." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the role of a digital forensic investigator in an incident response team?", + "answer": "A digital forensic investigator collects, preserves, and analyzes digital evidence to determine the scope and impact of an incident." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "Explain the concept of data minimization in the context of data protection regulations.", + "answer": "Data minimization involves collecting and retaining only the data that is necessary for a specific purpose, reducing privacy risks." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What are some challenges faced in the acquisition of volatile data in digital forensics?", + "answer": "Challenges include rapid data changes, volatility of RAM, and the risk of altering or contaminating evidence during collection." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "Explain the concept of Quality of Service (QoS) in network management, and why is it important?", + "answer": "QoS ensures that network resources are allocated to prioritize certain types of traffic, improving performance and user experience." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the role of a Security Information and Event Management (SIEM) system in cybersecurity monitoring?", + "answer": "A SIEM system collects and analyzes log data from various sources to detect and investigate security incidents." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical considerations should guide the development and deployment of autonomous cybersecurity AI?", + "answer": "Ethical considerations include transparency, accountability, and avoiding biased decision-making in AI systems." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If some athletes are dancers, and some dancers are musicians, can you conclude that some athletes are musicians?", + "answer": "Yes, you can conclude that some athletes are musicians." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "Explain the concept of 'pivot' in penetration testing, and how does it help in lateral movement?", + "answer": "Pivoting involves using a compromised system as a stepping stone to access other parts of a network, aiding lateral movement." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of Threat Intelligence Platforms (TIPs) in a SOC, and how do they enhance threat detection?", + "answer": "TIPs aggregate and analyze threat data, providing context and actionable intelligence to SOC analysts for more effective threat detection and response." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What legal considerations should organizations keep in mind when conducting forensic analysis on data involved in an incident?", + "answer": "Legal considerations include data privacy laws, chain of custody, and admissibility of digital evidence in court." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key requirements of the Payment Card Industry Data Security Standard (PCI DSS), and how do they protect credit card data?", + "answer": "PCI DSS mandates security controls to protect credit card data, including encryption, access controls, and regular security assessments." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What challenges can arise when conducting digital forensics on encrypted storage devices, and how can they be overcome?", + "answer": "Challenges include decryption and access to encryption keys; overcoming them may require specialized tools or cooperation with the device manufacturer." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "Explain the concept of a Zero Trust Network and its implications for network security.", + "answer": "Zero Trust Network assumes no trust within a network and requires continuous verification of user and device identity, enhancing security in an increasingly perimeterless environment." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is social engineering in the context of penetration testing?", + "answer": "Social engineering involves manipulating people to reveal confidential information or perform actions that can compromise security." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the primary purpose of a Security Incident and Event Management (SIEM) system in a SOC?", + "answer": "The primary purpose of a SIEM system is to centralize and analyze security logs and events to detect and respond to potential threats." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the first step an organization should take when a security incident is detected?", + "answer": "The first step is to initiate the incident response process, which typically involves identifying and classifying the incident." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the role of a Data Protection Officer (DPO) in compliance with data protection regulations?", + "answer": "A DPO is responsible for ensuring an organization's compliance with data protection laws, including GDPR, and acts as a point of contact for data subjects." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is the purpose of a write blocker in digital forensics, and why is it important?", + "answer": "A write blocker prevents any write operations to a storage device, ensuring the integrity of the evidence during forensic analysis." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the difference between a router and a switch in a computer network?", + "answer": "A router connects different networks and directs traffic between them, while a switch connects devices within the same network and forwards data between them." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the concept of multi-factor authentication (MFA) in cybersecurity, and why is it important?", + "answer": "MFA requires users to provide two or more forms of authentication before granting access, adding an extra layer of security." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "What is the ethical responsibility of cybersecurity professionals regarding responsible disclosure of vulnerabilities?", + "answer": "Cybersecurity professionals should responsibly disclose vulnerabilities to vendors or organizations to help them patch and protect users." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all cats have tails, and some animals have tails, can you conclude that some animals are cats?", + "answer": "yes, you can conclude that some animals are cats based on the given information." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the concept of 'buffer overflow' in the context of penetration testing.", + "answer": "A buffer overflow occurs when a program writes data beyond the bounds of a buffer, potentially allowing an attacker to execute malicious code." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is the role of a Threat Hunting team in a SOC, and how does it complement automated security measures?", + "answer": "A Threat Hunting team proactively seeks out hidden threats and anomalies that automated security measures may miss, enhancing overall security." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key steps involved in evidence preservation during an incident response process?", + "answer": "Key steps include documenting the scene, collecting and labeling evidence, and maintaining a chain of custody to ensure evidence integrity." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key requirements of the California Consumer Privacy Act (CCPA) in terms of consumer data rights?", + "answer": "CCPA grants consumers rights such as the right to know, the right to delete, and the right to opt-out of the sale of their personal information." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "Explain the concept of steganography in digital forensics, and how is it used to hide information?", + "answer": "Steganography is the practice of concealing data within other data, often by altering the least significant bits of an image or file." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is a Distributed Denial of Service (DDoS) attack, and what measures can be taken to mitigate its impact?", + "answer": "A DDoS attack floods a target system with traffic to overwhelm it; mitigation measures include traffic filtering and load balancing." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the concept of 'Zero Trust' security architecture, and how does it change the traditional network security model?", + "answer": "Zero Trust assumes no trust, verifying every user and device attempting to access resources, even those within the network perimeter." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical challenges may arise when using artificial intelligence in cybersecurity, and how can they be addressed?", + "answer": "Challenges include bias in AI algorithms and potential misuse; they can be addressed through ethical AI development and oversight." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all lawyers are intelligent, and some intelligent people are wealthy, can you conclude that some lawyers are wealthy?", + "answer": "Yes, you can conclude that some lawyers are wealthy based on the given information." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is privilege escalation in the context of penetration testing, and how can it be prevented?", + "answer": "Privilege escalation is the process of gaining higher-level access; prevention involves strong access controls and patching vulnerabilities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of a Threat Intelligence Sharing platform in enhancing collective cybersecurity defense?", + "answer": "A Threat Intelligence Sharing platform facilitates the exchange of threat information among organizations to improve overall cybersecurity." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What legal considerations should organizations be aware of when conducting digital forensics on cloud-based data storage services?", + "answer": "Legal considerations include jurisdictional issues, data ownership, and compliance with service provider terms." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the primary requirements of the Health Insurance Portability and Accountability Act (HIPAA) related to healthcare data security?", + "answer": "HIPAA mandates the protection of patient health information through security controls, privacy rules, and breach notification requirements." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What challenges can arise when conducting digital forensics on embedded systems, such as IoT devices?", + "answer": "Challenges include limited resources, proprietary software, and the need for specialized tools to analyze embedded systems." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "Explain the concept of Software-Defined Perimeter (SDP) in network security, and how does it enhance security for remote access?", + "answer": "SDP dynamically creates secure, micro-segmented access controls for users and devices, reducing the attack surface for remote access." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between a vulnerability assessment and a penetration test?", + "answer": "A vulnerability assessment identifies and prioritizes vulnerabilities, while a penetration test simulates attacks to exploit vulnerabilities and assess security." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the primary goal of a Security Information and Event Management (SIEM) system in a SOC?", + "answer": "The primary goal of a SIEM system is to collect, correlate, and analyze security event data to detect and respond to threats." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the role of an Incident Response Plan (IRP) in cybersecurity, and why is it important?", + "answer": "An IRP provides a structured approach for responding to security incidents, ensuring a coordinated and effective response." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the key principles of the European Union's General Data Protection Regulation (GDPR), and how do they impact data handling?", + "answer": "GDPR emphasizes principles like data minimization, consent, and transparency, influencing how organizations handle personal data." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is the primary objective of preserving digital evidence during a forensic investigation?", + "answer": "The primary objective is to maintain the integrity and admissibility of evidence in legal proceedings." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a firewall in network security, and how does it protect against unauthorized access?", + "answer": "A firewall filters network traffic, allowing or blocking data based on predefined security rules to prevent unauthorized access." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the concept of 'Least Privilege' in access control, and why is it a fundamental security principle?", + "answer": "Least Privilege means granting users the minimum access rights necessary for their tasks, reducing the risk of unauthorized actions." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical considerations should guide the disclosure of security vulnerabilities to vendors or the public?", + "answer": "Ethical considerations include responsible disclosure, minimizing harm, and respecting the interests of users and organizations." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all dogs bark, and Max is a dog, can you conclude that Max barks?", + "answer": "Yes, you can conclude that Max barks." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain the concept of 'payload' in penetration testing, and how is it used in exploiting vulnerabilities?", + "answer": "A payload is a piece of code or data that is delivered to exploit a vulnerability, often leading to unauthorized access or control of a system." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is the role of a Threat Intelligence Analyst in a Security Operations Center (SOC), and how does it contribute to threat detection?", + "answer": "A Threat Intelligence Analyst collects and analyzes threat data to provide insights and context that help SOC analysts detect and respond to threats." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key elements of a chain of custody in digital forensics, and why is it crucial?", + "answer": "A chain of custody documents the handling and custody of digital evidence, ensuring its admissibility in court by demonstrating its integrity and reliability." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "Explain the role of a Data Processing Impact Assessment (DPIA) in compliance with data protection regulations.", + "answer": "A DPIA assesses the risks and impacts of data processing activities, helping organizations identify and mitigate privacy and compliance risks." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What challenges can arise when conducting digital forensics on solid-state drives (SSDs) compared to traditional hard drives?", + "answer": "Challenges include wear-leveling, encryption, and TRIM commands, which can impact data recovery and analysis on SSDs." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "Explain the concept of Virtual Private Network (VPN) and its role in securing network communications.", + "answer": "A VPN creates a secure, encrypted connection over an untrusted network, protecting data in transit and providing remote access security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the principle of 'Security by Design' in software development, and why is it important for cybersecurity?", + "answer": "Security by Design involves integrating security measures throughout the software development lifecycle, reducing vulnerabilities and enhancing overall security." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical dilemmas may arise when using artificial intelligence for cybersecurity threat detection, and how can they be resolved?", + "answer": "Dilemmas include false positives, bias, and privacy concerns; resolution involves refining AI algorithms and adhering to ethical guidelines." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all scientists are curious, and some curious people are inventors, can you conclude that some scientists are inventors?", + "answer": "Yes, you can conclude that some scientists are inventors based on the given information." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "What is privilege escalation in penetration testing, and what are the common techniques used to achieve it?", + "answer": "Privilege escalation is the process of gaining higher-level access rights; techniques include exploiting misconfigurations and vulnerabilities in software or systems." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is the role of a Threat Hunting team in a SOC, and how does it contribute to proactive threat detection?", + "answer": "A Threat Hunting team actively searches for hidden threats and anomalies that may evade automated detection, enhancing the SOC's ability to detect and respond proactively." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What legal considerations should organizations be aware of when conducting cross-border investigations during an incident response?", + "answer": "Legal considerations include data privacy laws, jurisdictional issues, and international treaties that govern data sharing and investigations." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "What are the key requirements of the Federal Information Security Management Act (FISMA) and its impact on federal agency cybersecurity?", + "answer": "FISMA mandates security controls, risk assessments, and reporting for federal agencies to strengthen information security and protect federal systems." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What challenges can arise when conducting digital forensics on IoT devices with limited processing power and storage?", + "answer": "Challenges include limited resources for data capture and analysis, as well as potential proprietary protocols and encryption." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Explain the concept of Network Access Control (NAC) and its role in ensuring device security and compliance on a network.", + "answer": "NAC enforces security policies by controlling access to a network based on device health and compliance with security standards." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is the primary objective of a penetration test report?", + "answer": "The primary objective of a penetration test report is to provide a detailed account of vulnerabilities found, their impact, and recommendations for mitigation." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is the difference between a security incident and a security event in the context of a Security Operations Center (SOC)?", + "answer": "A security event is any observable occurrence that may have security implications, while a security incident is an event that has been confirmed as a security breach or violation." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What are the key responsibilities of an Incident Response Team (IRT) during a cybersecurity incident?", + "answer": "IRT responsibilities include identification, containment, eradication, recovery, and reporting of security incidents." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What is the purpose of a Data Protection Impact Assessment (DPIA) in compliance with data protection regulations?", + "answer": "A DPIA helps organizations assess and mitigate risks to data subjects' privacy, ensuring compliance with data protection laws." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What is anti-forensics, and how does it impact digital investigations?", + "answer": "Anti-forensics refers to techniques used to thwart digital forensic investigations, making it more challenging to recover and analyze digital evidence." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the role of a Network Address Translation (NAT) device in network security, and how does it work?", + "answer": "NAT translates private IP addresses into a single public IP address, masking internal network structure and enhancing security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the 'principle of least privilege' in cybersecurity, and why is it important for user access control?", + "answer": "The principle of least privilege restricts users and systems to the minimum access rights necessary to perform their tasks, reducing the risk of unauthorized actions." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What ethical considerations should cybersecurity professionals keep in mind when handling sensitive data?", + "answer": "Ethical considerations include data privacy, confidentiality, and integrity, as well as compliance with relevant laws and regulations." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "If all software developers write code, and some code writers are hackers, can you conclude that some software developers are hackers?", + "answer": "Yes, you can conclude that some software developers are hackers based on the given information." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between automated vulnerability scanning and manual penetration testing?", + "answer": "Automated vulnerability scanning uses tools to identify known vulnerabilities, while manual penetration testing involves simulating real-world attacks and exploring complex issues." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain the concept of Threat Intelligence and its role in enhancing a SOC's cybersecurity capabilities.", + "answer": "Threat Intelligence provides actionable information about threats, enabling a SOC to make informed decisions and proactively defend against cyberattacks." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What are the key elements of a Cyber Incident Response Plan (CIRP), and why is it important to have one?", + "answer": "A CIRP includes roles, responsibilities, communication plans, and incident handling procedures, ensuring a coordinated response to cyber incidents." + }, + { + "domain": "Compliance basics", + "difficulty": "Difficult", + "question": "Explain the role of a Data Protection Officer (DPO) in overseeing compliance with the California Consumer Privacy Act (CCPA).", + "answer": "A DPO ensures an organization's compliance with CCPA, including handling data subject requests, conducting assessments, and acting as a point of contact." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What challenges can arise when conducting digital forensics on mobile devices, and how can they be addressed?", + "answer": "Challenges include encryption, device diversity, and volatile data; addressing them may require specialized mobile forensics tools and expertise." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the role of an Intrusion Detection System (IDS) in network security, and how does it differ from a firewall?", + "answer": "An IDS monitors network traffic for suspicious activity and alerts administrators, whereas a firewall filters traffic based on predefined rules to block or allow it." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain the concept of 'Security Awareness Training' for employees and its significance in cybersecurity.", + "answer": "Security Awareness Training educates employees about security threats and best practices, reducing the risk of human errors and social engineering attacks." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "What ethical dilemmas may arise when developing and deploying autonomous cybersecurity systems, and how can they be mitigated?", + "answer": "Dilemmas include accountability and decision-making; mitigation involves transparency, oversight, and adherence to ethical guidelines." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Intermediate", + "question": "If all insects can fly, and some birds are insects, can you conclude that some birds can fly?", + "answer": "Yes, you can conclude that some birds can fly based on the given information." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is 'shellcode' in the context of penetration testing, and how is it used in exploiting vulnerabilities?", + "answer": "Shellcode is a small piece of code injected into a target system after an exploit; it provides an attacker with command-line access to the system." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of Threat Intelligence Sharing communities in enhancing collective cybersecurity defense, and what are the challenges they may face?", + "answer": "Threat Intelligence Sharing communities facilitate information exchange among organizations, but they may face trust issues and data confidentiality concerns." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What legal considerations should organizations be aware of when responding to a cybersecurity incident that involves cross-border data transfer?", + "answer": "Legal considerations include data protection laws, international treaties, and ensuring compliance with data transfer regulations." + }, + { + "domain": "Compliance basics", + "difficulty": "Intermediate", + "question": "What are the primary requirements of the Payment Card Industry Data Security Standard (PCI DSS), and how do they protect credit card data?", + "answer": "PCI DSS mandates security controls to protect credit card data, including encryption, access controls, and regular security assessments." + }, + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What challenges can arise when conducting digital forensics on encrypted storage devices, and how can they be overcome?", + "answer": "Challenges include decryption and access to encryption keys; overcoming them may require specialized tools or cooperation with the device manufacturer." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Explain the concept of a Zero Trust Network and its implications for network security.", + "answer": "Zero Trust Network assumes no trust within a network and requires continuous verification of user and device identity, enhancing security in an increasingly perimeterless environment." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Do You Mean by Cybersecurity?", + "answer": "Cybersecurity refers to the practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access. It encompasses various technologies, processes, and best practices aimed at safeguarding digital assets." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Does a Cybersecurity Analyst Do?", + "answer": "A cybersecurity analyst is responsible for monitoring, analyzing, and defending an organization's IT infrastructure against security threats. They assess vulnerabilities, implement security measures, and respond to security incidents." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What do you think Are the Most Required Cybersecurity Skills?", + "answer": "Key cybersecurity skills include knowledge of network security, cryptography, threat detection, incident response, and familiarity with security tools and compliance frameworks. Effective communication and problem-solving skills are also essential." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Is the Difference Between a Threat, a Vulnerability, and a Risk?", + "answer": "In cybersecurity, a threat is a potential danger or harmful event, a vulnerability is a weakness that can be exploited, and a risk is the likelihood and impact of a threat exploiting a vulnerability. Risks are managed by mitigating vulnerabilities to reduce threats." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What Is Cryptography?", + "answer": "Cryptography is the science of secure communication. It involves encoding data (encryption) to make it unreadable without the proper key and decoding it (decryption) to restore its original form. Cryptography plays a crucial role in data protection and secure communication." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Is a Firewall? How Do You Set It Up?", + "answer": "A firewall is a network security device or software that filters and controls incoming and outgoing network traffic based on predetermined security rules. Setting up a firewall involves defining these rules to allow or block specific traffic, depending on security requirements." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What Is Shoulder Surfing?", + "answer": "Shoulder surfing is a method of unauthorized information gathering in which an attacker observes a person's screen or keyboard inputs, typically in a public place, to steal sensitive information like passwords, PINs, or account numbers." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Do You Mean by XSS?", + "answer": "XSS, or Cross-Site Scripting, is a common web application vulnerability. It allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal data, hijack sessions, or perform other malicious actions." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Is Encryption Different From Hashing?", + "answer": "Yes, encryption and hashing are different. Encryption is a reversible process that converts data into an unreadable format and can be reversed with a decryption key. Hashing is a one-way process that transforms data into a fixed-length string (hash) that cannot be reversed." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Do You Mean by a VPN?", + "answer": "A VPN, or Virtual Private Network, is a technology that creates a secure, encrypted connection over a public network (usually the internet). It allows users to access private networks and browse the internet with enhanced privacy and security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Define Botnet.", + "answer": "A botnet is a network of compromised computers (bots) that are controlled by a single entity, often an attacker. Botnets are used for various malicious activities, including sending spam, conducting DDoS attacks, and spreading malware." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain a Three-Way Handshake.", + "answer": "A Three-Way Handshake is a process used to establish a TCP (Transmission Control Protocol) connection between two devices on a network. It involves three steps: SYN (synchronize), SYN-ACK (synchronize-acknowledge), and ACK (acknowledge), ensuring reliable and synchronized communication." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What Are the Response Codes That Can Be Received From a Web Application?", + "answer": "Web applications often return HTTP response codes to indicate the status of a request. Common codes include 200 (OK), 404 (Not Found), 500 (Internal Server Error), and 302 (Found, used for redirection), among others." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Define Traceroute.", + "answer": "Traceroute is a network diagnostic tool used to trace the route that packets take from one computer to another. It shows the IP addresses of routers (hops) along the path and helps identify network connectivity issues." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Is Referred to as a Man-in-the-Middle Attack?", + "answer": "A Man-in-the-Middle (MitM) attack is a cybersecurity threat in which an attacker intercepts and potentially alters communication between two parties without their knowledge. The attacker can eavesdrop, steal data, or manipulate messages." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Is Data Leakage?", + "answer": "Data leakage, also known as data leakage or data loss, occurs when sensitive or confidential data is unintentionally or maliciously exposed to unauthorized parties. This can happen through various means, such as leaks, breaches, or accidental disclosures." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Are Cyberattacks? Name the Most Common Ones.", + "answer": "Cyberattacks are malicious activities carried out in the digital realm to compromise, damage, or steal information. Common cyberattacks include malware infections, phishing, DDoS attacks, ransomware, and SQL injection, among others." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What Is the Difference Between Symmetric and Asymmetric Encryption in Cybersecurity?", + "answer": "Symmetric encryption uses a single shared key for both encryption and decryption, while asymmetric encryption uses a pair of public and private keys. Symmetric encryption is faster but requires secure key exchange, whereas asymmetric encryption provides key security but is slower." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Can You Explain What a Brute Force Attack Is and How It Can Be Prevented?", + "answer": "A brute force attack is an attempt to guess a password or encryption key by systematically trying all possible combinations. It can be prevented by using strong, complex passwords, implementing account lockout policies, and using multi-factor authentication (MFA)." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Is the Purpose of a Vulnerability Assessment in Cybersecurity?", + "answer": "The purpose of a vulnerability assessment is to identify and prioritize weaknesses (vulnerabilities) in an organization's IT systems and network. It helps organizations proactively address security issues and reduce the risk of exploitation by attackers." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "How Does a Firewall Device Contribute to Network Security?", + "answer": "A firewall device enhances network security by monitoring and controlling incoming and outgoing network traffic based on predefined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, preventing unauthorized access and threats." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Is the Purpose of Penetration Testing in Cybersecurity?", + "answer": "Penetration testing, often referred to as ethical hacking, is conducted to simulate real-world cyberattacks on an organization's systems and networks. Its purpose is to identify vulnerabilities and weaknesses that could be exploited by malicious actors, allowing organizations to strengthen their security measures." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How Do You Ensure That a Server Is Secure?", + "answer": "Ensuring server security involves several steps, including regularly patching and updating the server's software, configuring strong access controls, implementing firewall rules, monitoring for unusual activity, conducting security audits, and employing intrusion detection and prevention systems (IDS/IPS). A robust security policy and timely response to vulnerabilities are also critical." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "IDS vs IPS: What Is the Difference?", + "answer": "An Intrusion Detection System (IDS) monitors network traffic for suspicious activities and generates alerts. An Intrusion Prevention System (IPS) goes a step further by not only detecting threats but also taking automated actions to block or prevent them. While IDS is passive, IPS is active in defending against intrusions." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "HIDS vs NIDS: Are They the Same?", + "answer": "Host-based Intrusion Detection Systems (HIDS) monitor activity on individual hosts or devices. Network-based Intrusion Detection Systems (NIDS) monitor network traffic for signs of malicious activity. They are not the same; HIDS focus on host-level events, while NIDS monitor the entire network." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What Is SSL Encryption?", + "answer": "SSL, or Secure Sockets Layer, is a cryptographic protocol that ensures secure data transmission over the internet. It encrypts data exchanged between a user's web browser and a web server, safeguarding it from eavesdropping and tampering. SSL is commonly used to secure online transactions and sensitive data." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain a Brute Force Attack Along With the Steps To Prevent It.", + "answer": "A brute force attack is an attempt to gain unauthorized access by systematically trying all possible combinations of passwords or encryption keys. Prevention steps include enforcing strong password policies, implementing account lockout after multiple failed login attempts, using multi-factor authentication (MFA), and monitoring for unusual login patterns." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Do You Mean by Port Scanning?", + "answer": "Port scanning is the process of systematically scanning a computer or network for open ports, which are entry points for network services. It can be used for both legitimate purposes (e.g., network diagnostics) and malicious activities (e.g., identifying vulnerable services). Port scanning helps assess network security and detect vulnerabilities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain the OSI Model.", + "answer": "The OSI (Open Systems Interconnection) Model is a conceptual framework used to understand and standardize network communication. It consists of seven layers, each responsible for specific functions. The layers, from bottom to top, are Physical, Data Link, Network, Transport, Session, Presentation, and Application. Understanding the OSI Model helps in troubleshooting and designing networks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What Is Identity Theft? Can You Prevent It?", + "answer": "Identity theft is the unauthorized use of someone's personal information, such as their name, Social Security number, or financial details, for fraudulent purposes. Preventing identity theft involves safeguarding personal information, using strong passwords, monitoring financial accounts, and being cautious with sharing personal data online." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain Social Media Phishing.", + "answer": "Social media phishing is a cyberattack that targets users on social networking platforms. Attackers create fake profiles or messages to trick users into revealing personal information, passwords, or financial details. To prevent social media phishing, users should verify the authenticity of messages, avoid clicking on suspicious links, and report suspicious activity." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Black Hat Hackers vs White Hat Hackers vs Grey Hat Hackers", + "answer": "Black hat hackers are malicious hackers who engage in unauthorized and illegal activities for personal gain or harm. White hat hackers are ethical hackers who use their skills to identify and fix security vulnerabilities. Grey hat hackers fall in between, sometimes engaging in unauthorized activities but without malicious intent." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What Is the Difference Between Black Box Testing and White Box Testing?", + "answer": "Black box testing focuses on testing the functionality of a system without knowledge of its internal code or structure. White box testing, on the other hand, involves testing with full knowledge of the system's internal code and logic. Black box testing simulates how an external attacker might test a system, while white box testing is more detailed and akin to an insider's view." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Do You Mean by Phishing? How Many Types of Phishing Are There?", + "answer": "Phishing is a cyberattack technique where attackers impersonate trustworthy entities to trick individuals into revealing sensitive information or performing actions like clicking malicious links. There are several types of phishing, including email phishing, spear phishing (targeted attacks), vishing (voice-based phishing), and smishing (SMS-based phishing), among others." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What Is Forward Secrecy?", + "answer": "Forward secrecy is a cryptographic property that ensures that even if an attacker obtains the private key of a communication session, they cannot decrypt past or future sessions. It enhances security by preventing the compromise of one session from affecting the confidentiality of others." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Are Spyware Attacks?", + "answer": "Spyware attacks involve the installation of malicious software (spyware) on a victim's device to secretly collect information, such as keystrokes, browsing habits, or personal data. Spyware can be used for espionage, identity theft, or other malicious purposes. Detecting and removing spyware is crucial for maintaining privacy and security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What Is ARP Poisoning? Can You Explain With an Example?", + "answer": "ARP (Address Resolution Protocol) poisoning is a network attack where an attacker associates their MAC address with the IP address of another device on the network, causing traffic intended for that device to be intercepted. For example, if an attacker associates their MAC address with the router's IP, they can intercept all network traffic, enabling eavesdropping or other malicious activities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What Do You Mean by SQL Injection?", + "answer": "SQL injection is a type of cyberattack where attackers exploit vulnerabilities in web applications that use SQL databases. By injecting malicious SQL code into input fields, attackers can manipulate the database queries, potentially gaining unauthorized access to the database or even the entire application. Preventing SQL injection requires input validation and using parameterized queries." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How Do You Differentiate Between Viruses and Worms?", + "answer": "Viruses and worms are both types of malware, but they differ in how they spread. Viruses attach themselves to legitimate files and require user interaction to spread (e.g., opening an infected file). Worms, however, are standalone programs that can spread independently across networks and systems without user interaction. Worms are more self-propagating and can rapidly infect multiple devices." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain Active Reconnaissance.", + "answer": "Active reconnaissance is a phase of cyber reconnaissance where attackers actively probe a target network or system to gather information. This may include scanning for open ports, enumerating services, and identifying vulnerabilities. Active reconnaissance is often a precursor to more targeted attacks and can be detected by intrusion detection systems." + }, + + + + { + "question": "What is the concept of 'two-factor authentication (2FA),' and how does it enhance security?", + "answer": "2FA is an authentication method that requires users to provide two separate forms of identification to access an account. It enhances security by adding an extra layer of protection, typically something the user knows (password) and something the user has (a smartphone or token).", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "Explain the 'Principle of Separation of Duties' in access control and its significance in cybersecurity.", + "answer": "The Principle of Separation of Duties enforces that no single user or entity should have complete control over a critical function or resource. It's crucial in cybersecurity to prevent misuse or unauthorized access by ensuring multiple parties are required for certain actions.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult" + }, + { + "question": "What is 'patch management,' and why is it essential in cybersecurity?", + "answer": "Patch management is the process of identifying, testing, and applying software updates or patches to systems and applications. It is essential in cybersecurity to address known vulnerabilities promptly and reduce the risk of exploitation.", + "domain": "SOC Analyst", + "difficulty": "Intermediate" + }, + { + "question": "What is a 'security incident response plan,' and how does it help organizations?", + "answer": "A security incident response plan is a structured set of procedures that guide an organization's response to security incidents. It helps organizations minimize damage, ensure a coordinated response, and recover quickly from cybersecurity breaches.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "Explain the 'principle of defense in depth' in network security and its benefits.", + "answer": "Defense in depth involves layering multiple security measures and controls to protect an organization's assets. It offers redundancy and resilience, making it difficult for attackers to breach all layers and ensuring robust security.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is 'secure coding,' and why is it important in software development?", + "answer": "Secure coding involves writing code with built-in security measures to prevent vulnerabilities and exploitation. It is important in software development to reduce the risk of security flaws and protect systems from potential threats.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'malware sandboxing' and its role in cybersecurity.", + "answer": "Malware sandboxing involves running suspicious files or programs in an isolated environment to analyze their behavior safely. It is crucial in cybersecurity for understanding and mitigating the effects of malware without risking the host system.", + "domain": "SOC Analyst", + "difficulty": "Intermediate" + }, + { + "question": "What is a 'security information and event management (SIEM) system,' and why is it valuable in cybersecurity?", + "answer": "A SIEM system collects and analyzes security data from various sources to provide real-time threat detection and monitoring. It is valuable in cybersecurity for centralizing security information, correlating events, and facilitating proactive threat response.", + "domain": "SOC Analyst", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'threat modeling' and its role in secure software development.", + "answer": "Threat modeling is a process that identifies and analyzes potential security threats and vulnerabilities in software applications. It plays a crucial role in secure software development by helping developers design and build security into their applications from the start.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security awareness' training, and how does it benefit organizations?", + "answer": "Security awareness training educates employees and users about security risks, policies, and best practices. It benefits organizations by reducing human-related security vulnerabilities, improving security hygiene, and fostering a culture of cybersecurity awareness.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is a 'security incident classification' and how does it help in incident response?", + "answer": "Security incident classification categorizes incidents based on their severity and impact. It helps in incident response by allowing organizations to prioritize and allocate resources efficiently, ensuring a swift and appropriate response to security incidents.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security architecture' in the context of cybersecurity, and how does it relate to secure system design?", + "answer": "Security architecture refers to the design and structure of security controls and mechanisms within an organization's IT environment. It relates to secure system design by ensuring that security measures are integrated effectively to protect systems and data.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What are 'honeynets' and 'honeypots,' and how are they used in cybersecurity?", + "answer": "Honeynets are networks designed to mimic real systems to attract attackers for monitoring and analysis. Honeypots are individual systems or components used similarly. They are used in cybersecurity for detecting and studying attacks while protecting production systems.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is the concept of 'secure boot,' and why is it important for device security?", + "answer": "Secure boot is a process that ensures the integrity and authenticity of the firmware and operating system during the device's startup. It is important for device security as it prevents unauthorized or malicious software from running on the device.", + "domain": "Digital Forensics", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'security information sharing (Threat Intel Sharing)' and its role in cybersecurity.", + "answer": "Security information sharing involves sharing threat intelligence and security data with trusted partners or organizations to enhance collective cybersecurity defenses. It plays a crucial role in staying informed about emerging threats and vulnerabilities.", + "domain": "Compliance basics", + "difficulty": "Intermediate" + }, + { + "question": "What is 'incident containment' in incident response, and why is it important?", + "answer": "Incident containment involves taking immediate actions to limit the scope and impact of a security incident. It is important in incident response to prevent further damage, protect critical assets, and isolate the incident for investigation and resolution.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "Define 'security by design' and its principles in software development.", + "answer": "Security by design is an approach that integrates security principles into the entire software development lifecycle. Principles include identifying and mitigating vulnerabilities early, secure coding practices, and continuous security testing.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is 'encryption at rest,' and why is it important for data security?", + "answer": "Encryption at rest involves encrypting data stored on storage devices or databases. It is important for data security as it protects sensitive information even if physical access to storage devices is gained by unauthorized individuals.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What are 'security policies,' and how do they guide security practices in organizations?", + "answer": "Security policies are documents that outline an organization's security objectives, rules, and procedures. They guide security practices by setting expectations, defining compliance requirements, and providing a framework for managing security risks.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security culture' in an organization, and how does it impact cybersecurity?", + "answer": "Security culture refers to the collective mindset and behaviors of employees regarding security practices. It impacts cybersecurity by influencing how well security policies are followed, how vulnerabilities are reported, and how threats are addressed within an organization.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is 'incident detection' in incident response, and how is it accomplished?", + "answer": "Incident detection involves identifying and recognizing security incidents within an organization's network or systems. It is accomplished through the use of security monitoring tools, intrusion detection systems (IDS), and the analysis of unusual or suspicious activities.", + "domain": "Incident Response", + "difficulty": "Easy" + }, + { + "question": "What is the concept of 'zero-trust security,' and why is it gaining prominence in cybersecurity?", + "answer": "Zero-trust security is an approach that distrusts all users and devices, requiring continuous verification for access. It is gaining prominence due to the increasing sophistication of cyber threats, remote work, and the need for granular security controls.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is 'data classification,' and why is it important for data protection?", + "answer": "Data classification involves categorizing data based on its sensitivity and importance. It is important for data protection as it helps organizations apply appropriate security measures to safeguard critical information and ensure regulatory compliance.", + "domain": "Digital Forensics", + "difficulty": "Intermediate" + }, + { + "question": "What is a 'security incident response team (SIRT),' and what are its primary responsibilities?", + "answer": "A SIRT is a group of individuals responsible for managing and responding to cybersecurity incidents. Its primary responsibilities include incident identification, containment, eradication, recovery, and communication with stakeholders.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'least privilege' in access control, and how is it implemented?", + "answer": "Least privilege ensures that users and processes have only the minimum access or permissions required to perform their tasks. It is implemented by defining and enforcing access controls, role-based access control (RBAC), and access policies.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is 'security by obscurity,' and why is it generally discouraged in cybersecurity?", + "answer": "Security by obscurity relies on keeping security mechanisms or details secret to protect a system. It is discouraged in cybersecurity because it does not provide robust security, and once the obscurity is breached, the system becomes vulnerable.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult" + }, + { + "question": "What is a 'Security Operations Center (SOC),' and how does it contribute to cybersecurity?", + "answer": "A SOC is a centralized facility responsible for monitoring, detecting, and responding to security threats in an organization's network and systems. It contributes to cybersecurity by providing real-time threat intelligence and incident management capabilities.", + "domain": "SOC Analyst", + "difficulty": "Easy" + }, + { + "question": "What is 'phishing,' and how do organizations educate users to prevent falling victim to it?", + "answer": "Phishing is a cyberattack method that involves deceiving individuals into revealing sensitive information. Organizations educate users to prevent phishing by conducting security awareness training, teaching them to recognize phishing attempts, and emphasizing the importance of verifying requests for sensitive data.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "Explain the concept of 'security risk assessment,' and why is it crucial for organizations?", + "answer": "A security risk assessment identifies potential security risks, assesses their likelihood and impact, and provides recommendations for mitigation. It is crucial for organizations to understand their security posture, prioritize security investments, and reduce exposure to threats.", + "domain": "Compliance basics", + "difficulty": "Intermediate" + }, + { + "question": "What is 'access control lists (ACLs),' and how are they used in network security?", + "answer": "Access control lists (ACLs) are sets of rules or configurations that specify which users or systems are allowed or denied access to resources on a network. They are used in network security to define and enforce access policies and restrictions.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is 'application security,' and why is it important in cybersecurity?", + "answer": "Application security focuses on securing software applications against security threats and vulnerabilities. It is important in cybersecurity because many attacks target vulnerabilities in applications, and secure coding practices are crucial to protect against these threats.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is 'incident recovery' in incident response, and why is it a critical phase?", + "answer": "Incident recovery involves restoring affected systems and data to their normal operation after a security incident. It is a critical phase as it ensures business continuity, minimizes downtime, and prevents further disruption to operations.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'threat intelligence sharing' among organizations, and why is it beneficial?", + "answer": "Threat intelligence sharing involves exchanging information about cybersecurity threats and vulnerabilities among organizations or industry groups. It is beneficial because it helps organizations stay informed, identify common threats, and enhance their collective defenses.", + "domain": "SOC Analyst", + "difficulty": "Difficult" + }, + { + "question": "What is 'port scanning,' and why is it a common reconnaissance technique used by attackers?", + "answer": "Port scanning is the process of sending requests to a range of network ports on a target system to identify open ports and services. Attackers use it for reconnaissance to discover potential entry points and vulnerabilities in a target's network.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is a 'security certificate authority (CA),' and how does it work in establishing trust on the internet?", + "answer": "A security certificate authority (CA) is an entity that issues digital certificates, verifying the identity of entities on the internet. It works by digitally signing certificates, creating a trust chain that allows users to validate the authenticity of websites and services.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is 'vulnerability management,' and how does it help organizations safeguard their systems?", + "answer": "Vulnerability management is the process of identifying, assessing, and mitigating security vulnerabilities in an organization's systems and software. It helps organizations safeguard their systems by addressing weaknesses before they can be exploited by attackers.", + "domain": "Penetration Testing", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'data loss prevention (DLP),' and why is it important in protecting sensitive data?", + "answer": "Data loss prevention (DLP) involves strategies and technologies to prevent the unauthorized disclosure of sensitive data. It is important in protecting sensitive data from accidental or malicious leaks, ensuring compliance with data protection regulations.", + "domain": "Digital Forensics", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security assessment,' and how is it used to evaluate an organization's security posture?", + "answer": "Security assessment involves evaluating an organization's security controls, policies, and procedures to identify vulnerabilities and weaknesses. It is used to measure an organization's security posture and make improvements to enhance security.", + "domain": "Compliance basics", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security incident handling,' and why is it crucial for minimizing the impact of security breaches?", + "answer": "Security incident handling involves the process of responding to and mitigating the impact of security incidents. It is crucial for minimizing the impact by containing the incident, eradicating the threat, and recovering affected systems to normal operation.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "What is 'network segmentation,' and why is it a recommended practice in network security?", + "answer": "Network segmentation involves dividing a network into smaller, isolated segments to restrict lateral movement of attackers. It is a recommended practice in network security to contain and isolate security incidents, limiting their impact on the entire network.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "Explain the concept of 'threat hunting' in cybersecurity, and how does it proactively identify threats?", + "answer": "Threat hunting is a proactive approach to identifying and mitigating security threats before they cause harm. It involves actively searching for signs of malicious activities or anomalies within an organization's network and systems.", + "domain": "SOC Analyst", + "difficulty": "Easy" + }, + { + "question": "What is 'security information sharing and analysis center (ISAC),' and how does it enhance cybersecurity?", + "answer": "A security ISAC is an organization or platform that facilitates the sharing of cybersecurity threat intelligence and best practices among its members. It enhances cybersecurity by promoting collaboration, threat awareness, and rapid incident response among organizations in the same sector.", + "domain": "SOC Analyst", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security through encryption,' and how does it protect data in transit?", + "answer": "Security through encryption involves using encryption algorithms to protect data during transmission over networks. It ensures data confidentiality by encoding the data, making it unreadable to unauthorized parties while in transit.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "Explain the concept of 'incident triage' in incident response, and why is it essential?", + "answer": "Incident triage involves initial assessment and prioritization of security incidents based on their severity and impact. It is essential in incident response to allocate resources efficiently, ensuring that critical incidents are addressed promptly.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security architecture review,' and how does it improve an organization's security posture?", + "answer": "A security architecture review evaluates an organization's security infrastructure, policies, and practices to identify vulnerabilities and areas for improvement. It improves an organization's security posture by recommending changes and enhancements to mitigate risks effectively.", + "domain": "Compliance basics", + "difficulty": "Intermediate" + }, + { + "question": "What are 'security tokens' and 'smart cards,' and how are they used for authentication?", + "answer": "Security tokens and smart cards are physical or virtual devices used for authentication. Security tokens generate one-time passwords, while smart cards store authentication credentials. They enhance authentication security by adding an additional layer of verification beyond traditional passwords.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult" + }, + { + "question": "Explain the concept of 'supply chain security' and its importance in cybersecurity.", + "answer": "Supply chain security involves securing the products, components, and services that an organization acquires from external vendors or suppliers. It is important in cybersecurity to prevent the introduction of malicious or vulnerable elements into an organization's infrastructure.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security by default,' and why is it a recommended practice in cybersecurity?", + "answer": "Security by default ensures that systems, applications, and devices are configured with the most secure settings by default. It is a recommended practice in cybersecurity to reduce the risk of misconfigurations and vulnerabilities that may be introduced during deployment.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is the CIA Triad in cybersecurity, and why is it important?", + "answer": "The CIA Triad stands for Confidentiality, Integrity, and Availability. It represents the core principles of information security. Confidentiality ensures data is protected from unauthorized access, integrity guarantees data accuracy and reliability, and availability ensures data is accessible when needed. It is important for designing comprehensive security measures.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is a security token, and how does it enhance authentication?", + "answer": "A security token is a physical or virtual device that generates one-time passwords or authentication codes. It enhances authentication by adding an additional layer of security beyond traditional passwords, making it harder for attackers to gain unauthorized access.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'security by design' and its significance in software development.", + "answer": "Security by design is an approach that incorporates security considerations throughout the entire software development lifecycle. It aims to identify and address security vulnerabilities early in the development process, reducing the risk of security breaches and costly post-release fixes.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult" + }, + { + "question": "What is a Security Information Sharing and Analysis Center (ISAC), and why do organizations participate in them?", + "answer": "An ISAC is an organization that facilitates the sharing of cybersecurity threat intelligence and best practices among its members. Organizations participate in ISACs to enhance their cybersecurity defenses, stay informed about emerging threats, and collaborate with peers to strengthen overall security.", + "domain": "SOC Analyst", + "difficulty": "Intermediate" + }, + { + "question": "Define 'denial of service (DoS)' and 'distributed denial of service (DDoS)' attacks, and explain how they differ.", + "answer": "A DoS attack aims to disrupt the availability of a service or network by overwhelming it with a high volume of traffic or requests from a single source. A DDoS attack involves multiple compromised devices coordinated to flood the target, making it more challenging to mitigate.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is the importance of security awareness training for employees?", + "answer": "Security awareness training educates employees about security risks, policies, and best practices. It is crucial for reducing human-related security vulnerabilities, such as falling victim to phishing attacks or mishandling sensitive data.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is a digital certificate, and how does it contribute to secure communication?", + "answer": "A digital certificate is a digital document that verifies the identity of the certificate holder. It contributes to secure communication by facilitating encrypted connections, authenticating websites, and ensuring data integrity during transmission.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "Explain the concept of 'vulnerability assessment' and its role in cybersecurity.", + "answer": "A vulnerability assessment is the process of identifying and evaluating security weaknesses in a system or network. It plays a crucial role in cybersecurity by helping organizations prioritize remediation efforts, reducing the risk of exploitation by attackers.", + "domain": "Penetration Testing", + "difficulty": "Easy" + }, + { + "question": "What is the 'principle of least privilege,' and why is it essential in access control?", + "answer": "The principle of least privilege restricts users and processes to the minimum access or permissions necessary to perform their tasks. It is essential in access control to limit the potential damage from unauthorized access and minimize the attack surface.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is 'end-to-end encryption,' and why is it crucial for secure messaging applications?", + "answer": "End-to-end encryption ensures that only the sender and intended recipient can read the messages exchanged. It is crucial for secure messaging apps as it protects user privacy and prevents unauthorized interception of messages.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is 'security through obscurity,' and why is it generally discouraged in cybersecurity?", + "answer": "Security through obscurity relies on keeping security mechanisms secret to protect a system. It is generally discouraged in cybersecurity because it does not provide robust security, and once the obscurity is breached, the system becomes vulnerable.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult" + }, + { + "question": "What is the role of an Intrusion Prevention System (IPS) in network security?", + "answer": "An IPS is a security tool that actively monitors network traffic to detect and block potential threats in real time. It goes beyond detection, taking proactive measures to prevent malicious activities, such as unauthorized access and attacks.", + "domain": "SOC Analyst", + "difficulty": "Easy" + }, + { + "question": "Explain the concept of 'security incident classification' and its importance in incident response.", + "answer": "Security incident classification categorizes incidents based on their severity and impact. It is essential in incident response for prioritizing and allocating resources to manage incidents effectively, ensuring a timely and appropriate response.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "What is a 'security risk assessment,' and how does it help organizations manage risk?", + "answer": "A security risk assessment identifies potential security risks, evaluates their likelihood and impact, and provides recommendations for mitigating or managing those risks. It helps organizations make informed decisions to protect their assets and data.", + "domain": "Compliance basics", + "difficulty": "Intermediate" + }, + { + "question": "What is 'security policy enforcement,' and why is it important in network security?", + "answer": "Security policy enforcement involves implementing and monitoring security policies to ensure compliance. It is important in network security to maintain a consistent and secure environment by preventing unauthorized actions and maintaining data integrity.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'digital forensics' and its role in cybersecurity investigations.", + "answer": "Digital forensics involves the collection, analysis, and preservation of digital evidence in legal or cybersecurity investigations. It plays a vital role in determining the cause of security incidents, identifying attackers, and providing evidence for legal actions.", + "domain": "Digital Forensics", + "difficulty": "Easy" + }, + { + "question": "What is 'security by default,' and why is it a best practice in cybersecurity?", + "answer": "Security by default ensures that systems, applications, and devices are configured with the most secure settings by default. It is a best practice in cybersecurity to reduce the risk of misconfigurations and vulnerabilities introduced during deployment.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "What is a man-in-the-middle (MitM) attack, and how can it be prevented?", + "answer": "A MitM attack involves intercepting communication between two parties without their knowledge. Prevention measures include using encryption, digital certificates, and secure communication channels to protect against eavesdropping and tampering.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is the role of an Intrusion Detection System (IDS) in cybersecurity?", + "answer": "An IDS is a security tool that monitors network traffic for suspicious activity or signs of security threats. It alerts security personnel when potential threats are detected, allowing for timely response and mitigation.", + "domain": "SOC Analyst", + "difficulty": "Easy" + }, + { + "question": "Define 'security patches' and explain their significance in cybersecurity.", + "answer": "Security patches are updates or fixes released by software vendors to address known vulnerabilities. Applying patches regularly is crucial to protect systems from exploitation and keep them secure.", + "domain": "Penetration Testing", + "difficulty": "Easy" + }, + { + "question": "What is the purpose of a security audit, and how is it conducted?", + "answer": "A security audit evaluates an organization's security policies, procedures, and controls to identify weaknesses and areas for improvement. It is conducted through a systematic review of systems, processes, and documentation.", + "domain": "Compliance basics", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'sandboxing' in the context of malware analysis.", + "answer": "Sandboxing involves running and reverse engineering suspicious files or programs using tools like Ghidra in a virtual or controlled environment to analyze their behavior without risking damage to the host system. It is a common technique used to investigate and understand malware. ", + "domain": "SOC Analyst", + "difficulty": "Intermediate" + }, + { + "question": "What is a security policy framework, and how does it help organizations?", + "answer": "A security policy framework is a structured set of policies, standards, and guidelines that govern an organization's security practices. It provides a consistent and well-defined approach to security management.", + "domain": "Logical Aptitude", + "difficulty": "Intermediate" + }, + { + "question": "What is a virtual private network (VPN), and why is it used in cybersecurity?", + "answer": "A VPN is a technology that creates a secure, encrypted connection over an untrusted network, like the internet. It's used to protect data privacy, provide remote access to corporate networks, and secure communications.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is a security incident response team (SIRT), and what are its responsibilities?", + "answer": "A SIRT is a group of individuals responsible for responding to and managing cybersecurity incidents. Their responsibilities include incident identification, containment, eradication, recovery, and communication.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'security awareness training' and its importance in organizations.", + "answer": "Security awareness training involves educating employees and users about security best practices, threats, and how to protect sensitive information. It is crucial to reduce human-related security risks and improve overall security posture.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is a zero-day vulnerability, and how can organizations protect against it?", + "answer": "A zero-day vulnerability is a security flaw in software or hardware that is actively exploited by attackers before a vendor releases a fix. Protection measures include regular software updates, intrusion detection, and vulnerability scanning.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + + { + "question": "What is a honeypot, and how is it used in cybersecurity?", + "answer": "A honeypot is a security mechanism designed to attract and deceive attackers. It mimics a vulnerable system or network to gather information about their tactics, techniques, and motivations. It helps organizations detect and analyze threats.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is the principle of 'Zero Trust' security, and why is it gaining popularity?", + "answer": "Zero Trust is a security approach that assumes no trust, even inside an organization's network. It requires strict identity verification and continuous monitoring. It's gaining popularity due to the evolving threat landscape and the need for enhanced security.", + "domain": "Computer Networks", + "difficulty": "Difficult" + }, + { + "question": "Explain the concept of 'SQL injection' and how to prevent it.", + "answer": "SQL injection is a type of cyberattack that exploits vulnerabilities in web applications by injecting malicious SQL code. Prevention involves using parameterized queries, input validation, and proper error handling to avoid exposing database vulnerabilities.", + "domain": "Penetration Testing", + "difficulty": "Easy" + }, + { + "question": "What is multi-factor authentication (MFA), and why is it important for securing user accounts?", + "answer": "MFA is a security method that requires users to provide multiple forms of identification to access an account. It adds an extra layer of protection by reducing the risk of unauthorized access, even if passwords are compromised.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is the difference between a virus and a worm in the context of malware?", + "answer": "A virus attaches itself to host files and requires user interaction to spread. A worm is a standalone malware program that can self-replicate and spread across networks without user interaction.", + "domain": "SOC Analyst", + "difficulty": "Intermediate" + }, + { + "question": "Define 'phishing' and provide examples of common phishing techniques.", + "answer": "Phishing is a cyberattack method in which attackers impersonate trusted entities to trick individuals into revealing sensitive information. Examples include email phishing, spear phishing, and voice phishing (vishing).", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is penetration testing, and how does it contribute to cybersecurity?", + "answer": "Penetration testing, often called ethical hacking, involves authorized attempts to exploit vulnerabilities in a system or network. It helps organizations identify weaknesses and vulnerabilities before malicious attackers can exploit them.", + "domain": "Penetration Testing", + "difficulty": "Easy" + }, + { + "question": "Explain the concept of 'least common mechanism' in access control.", + "answer": "Least common mechanism, also known as the principle of least privilege, restricts users and processes to the minimum access or permissions necessary to perform their tasks. It reduces the risk of unauthorized access and potential damage.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult" + }, + { + "question": "What is a security incident, and why is it important to report and document them?", + "answer": "A security incident is an event that compromises the confidentiality, integrity, or availability of data or systems. Reporting and documenting incidents are essential for analyzing the impact, identifying the root cause, and preventing future occurrences.", + "domain": "Incident Response", + "difficulty": "Easy" + }, + { + "question": "What is the role of encryption in data protection, and how does end-to-end encryption work?", + "answer": "Encryption converts data into an unreadable format, ensuring confidentiality. End-to-end encryption secures data during transmission by encoding it on the sender's side and decoding it only on the recipient's side, preventing eavesdropping.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + + { + "question": "What is a DMZ (Demilitarized Zone) in network security?", + "answer": "A DMZ is a network segment that acts as a buffer zone between the internal trusted network and the untrusted external network, usually the internet. It often contains servers that need to be accessible from both networks while providing an added layer of security.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "How does a Distributed Denial of Service (DDoS) attack work, and what are mitigation strategies?", + "answer": "A DDoS attack involves overwhelming a target system or network with a flood of traffic from multiple compromised devices. Mitigation strategies include traffic filtering, rate limiting, and content delivery networks (CDNs) to absorb traffic spikes.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is Public Key Infrastructure (PKI), and why is it important in cybersecurity?", + "answer": "PKI is a system for managing digital keys and certificates used in secure communication. It's essential for tasks like secure email, web browsing, and digital signatures, ensuring the authenticity and confidentiality of data.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "Explain the concept of 'defense in depth' in cybersecurity.", + "answer": "Defense in depth is a strategy that involves implementing multiple layers of security controls and mechanisms to protect an organization's assets. It includes measures at the network, application, and physical levels to mitigate risks.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "What is a Trojan horse in the context of malware, and how does it operate?", + "answer": "A Trojan horse is a type of malware that disguises itself as legitimate software but, when executed, carries out malicious actions. It can steal data, provide remote access to attackers, or damage a system.", + "domain": "SOC Analyst", + "difficulty": "Easy" + }, + { + "question": "What are the key components of an Incident Response Plan (IRP)?", + "answer": "An IRP typically includes four key components: Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity. These steps help organizations respond effectively to cybersecurity incidents.", + "domain": "Incident Response", + "difficulty": "Intermediate" + }, + { + "question": "What is the role of a Security Information and Event Management (SIEM) system in cybersecurity?", + "answer": "A SIEM system collects and analyzes security-related data from various sources, providing real-time monitoring and threat detection. It helps organizations identify and respond to security incidents effectively.", + "domain": "SOC Analyst", + "difficulty": "Easy" + }, + { + "question": "Explain the concept of 'least privilege' in access control.", + "answer": "Least privilege means granting users and processes only the minimum access or permissions needed to perform their tasks. It reduces the attack surface and minimizes the risk of unauthorized access.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + { + "question": "What is a security policy, and why is it important for organizations?", + "answer": "A security policy is a set of rules, guidelines, and procedures that define how an organization protects its information and assets. It's important for ensuring consistency and compliance with security measures.", + "domain": "Logical Aptitude", + "difficulty": "Easy" + }, + { + "question": "What is social engineering in the context of cybersecurity, and how can it be prevented?", + "answer": "Social engineering involves manipulating individuals into revealing sensitive information or performing actions that compromise security. Prevention measures include user education, awareness training, and strict access controls.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy" + }, + + { + "question": "What is a firewall, and how does it work?", + "answer": "A firewall is a network security device that monitors and filters incoming and outgoing network traffic. It operates by enforcing a set of security rules to allow or block traffic based on criteria like IP address, port, and protocol.", + "domain": "Computer Networks", + "difficulty": "Easy" + }, + { + "question": "Explain the difference between a stateful and a stateless firewall.", + "answer": "A stateful firewall keeps track of the state of active connections and makes decisions based on the context of the traffic. In contrast, a stateless firewall filters packets based on static criteria, like IP address and port, without considering the connection's state.", + "domain": "Computer Networks", + "difficulty": "Intermediate" + }, + { + "question": "What is asymmetric encryption, and how does it differ from symmetric encryption?", + "answer": "Asymmetric encryption uses a pair of keys (public and private) for encryption and decryption. Symmetric encryption uses a single key for both encryption and decryption. Asymmetric encryption is more secure for key exchange, while symmetric encryption is faster for data encryption.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + { + "question": "Define a cryptographic hash function and provide an example of its use.", + "answer": "A cryptographic hash function takes an input and produces a fixed-length string of characters, which is a hash value. It's a one-way process, meaning you can't reverse it to get the original input. Example use: storing password hashes securely.", + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate" + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the Difference Between SIEM and SOAR?", + "answer": "SIEM (Security Information and Event Management) focuses on collecting and analyzing security data and generating alerts. SOAR (Security Orchestration, Automation, and Response) extends SIEM by automating incident response actions and orchestrating security processes." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "Name the different layers of the OSI model.", + "answer": "The OSI (Open Systems Interconnection) model consists of seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Differentiate between IDS and IPS.", + "answer": "IDS (Intrusion Detection System) monitors network traffic for suspicious activity and generates alerts. IPS (Intrusion Prevention System) not only detects threats but also takes automated actions to block or prevent them." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Differentiate between HIDS and NIDS.", + "answer": "HIDS (Host-based Intrusion Detection System) monitors activity on individual hosts, while NIDS (Network-based Intrusion Detection System) monitors network traffic for signs of malicious activity. They have different scopes of monitoring." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "Explain SSL.", + "answer": "SSL (Secure Sockets Layer) is a cryptographic protocol that ensures secure data transmission over the internet. It encrypts data exchanged between a user's web browser and a web server, safeguarding it from eavesdropping and tampering." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain different types of Malwares.", + "answer": "Different types of malware include viruses, worms, Trojans, ransomware, spyware, adware, and rootkits. Each has unique characteristics and malicious purposes, such as data theft, system damage, or unauthorized access." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain WAF.", + "answer": "WAF (Web Application Firewall) is a security solution that protects web applications from various online threats, including SQL injection, cross-site scripting (XSS), and other application-layer attacks. It filters and monitors HTTP requests and responses." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "Define the process of salting. What is the use of salting?", + "answer": "Salting is the process of adding a random value (salt) to data before hashing it. It is used to enhance the security of password storage by making each hashed password unique, even if the original passwords are the same. This prevents attackers from using precomputed tables (rainbow tables) for password cracking." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Define Exfiltration.", + "answer": "Exfiltration refers to the unauthorized copying, transfer, or retrieval of data from a system or network by an attacker. It involves stealing sensitive information and transmitting it to an external location without detection." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is RDP (Remote Desktop Protocol)?", + "answer": "RDP (Remote Desktop Protocol) is a proprietary protocol developed by Microsoft that enables remote access to and control of a computer or server over a network. It allows users to interact with a remote desktop as if they were physically present at the remote machine." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What are IP and MAC Addresses?", + "answer": "IP (Internet Protocol) addresses are numeric labels assigned to devices on a network for identification and communication. MAC (Media Access Control) addresses are hardware addresses associated with network interface cards (NICs) and are used for local network communication." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Name some tools used for packet sniffing.", + "answer": "Some tools used for packet sniffing include Wireshark, Tcpdump, Snort, and Ettercap. These tools capture and analyze network traffic for various purposes, including troubleshooting and security monitoring." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain the concept of session hijacking.", + "answer": "Session hijacking, also known as session fixation, is an attack where an attacker gains unauthorized access to a user's active session on a web application. This can allow the attacker to impersonate the user and perform actions on their behalf." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a Backdoor?", + "answer": "A backdoor is a hidden or undocumented means of accessing a computer system or network. It is typically created by attackers to maintain unauthorized access even after initial compromise. Backdoors can be used for various malicious purposes, including remote control and data theft." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "Is it right to send login credentials through email?", + "answer": "No, it is not right to send login credentials through email. Email is not a secure communication method, and sending sensitive information like login credentials through email can expose them to interception by malicious actors. Secure methods like encrypted channels or secure password reset mechanisms should be used instead." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "List security vulnerabilities as per Open Web Application Security Project (OWASP).", + "answer": "The OWASP (Open Web Application Security Project) Top Ten Project lists common security vulnerabilities in web applications. These include Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain ARP Poisoning.", + "answer": "ARP (Address Resolution Protocol) poisoning is a network attack where an attacker associates their MAC address with the IP address of another device on the network, causing traffic intended for that device to be intercepted. This can lead to eavesdropping, data manipulation, or other malicious activities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is Nmap?", + "answer": "Nmap is a widely-used open-source network scanning tool that helps users discover devices and services running on a network. It provides information about open ports, operating systems, and other network characteristics. Nmap is valuable for network reconnaissance and security assessment." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "List out web-based attacks.", + "answer": "Web-based attacks include SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), clickjacking, session fixation, and remote file inclusion (RFI), among others. These attacks target vulnerabilities in web applications and can result in data breaches or unauthorized access." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "Is it okay to share information with your close friends at the organization you are working at?", + "answer": "While it's natural to have friendships at the workplace, it's important to exercise caution when sharing sensitive or confidential information. Employees should adhere to company policies and guidelines regarding information sharing, ensuring that they do not compromise security or violate data protection regulations." + + }, + + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What would you do if you discovered a data breach?", + "answer": "In the event of a data breach, immediate incident response is critical. First, I would contain the breach by isolating affected systems to prevent further intrusion. Then, I'd initiate the incident response plan, notifying relevant stakeholders and legal authorities if necessary. Forensic analysis would be conducted to determine the scope and impact of the breach. Compromised data would be encrypted, and compromised accounts disabled. Finally, I'd work on closing the breach, applying security patches, and enhancing security measures to prevent future breaches." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "How would you respond to a ransomware attack?", + "answer": "Responding to a ransomware attack necessitates a well-defined plan. Initially, I'd isolate infected systems to halt the malware's spread. Following that, I'd assess the attack's scope and ascertain whether data was encrypted. Law enforcement authorities would be contacted if required. I'd explore options for decrypting data, evaluate the attacker's demands, but not entertain paying the ransom. Systems would be restored from secure backups, and security vulnerabilities addressed to prevent future attacks." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What steps would you take to secure a new network?", + "answer": "Securing a new network involves a systematic approach. I'd start with a comprehensive risk assessment to identify potential vulnerabilities. Access controls and firewalls would be configured to restrict unauthorized access. Robust encryption would be implemented for sensitive data transmission. Routine patching and updates would be carried out. Continuous network monitoring and intrusion detection systems would be deployed. Additionally, comprehensive employee training on security best practices would be a top priority." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How would you secure a web application?", + "answer": "Ensuring the security of a web application is multifaceted. I'd begin with rigorous code reviews and vulnerability assessments to pinpoint weaknesses. Robust input validation and output encoding would be implemented to thwart common attacks such as XSS and SQL injection. Strong authentication mechanisms and secure session management would be essential. Regular security testing and proactive monitoring would be implemented. A Web Application Firewall (WAF) could provide an additional layer of defense." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What would you do if you discovered a vulnerability in a critical system?", + "answer": "Discovering a vulnerability in a critical system demands immediate action. I'd evaluate the severity of the vulnerability and its potential impact on operations. If a patch is available, it would be applied promptly. In cases where a patch is unavailable, compensating controls would be put in place to mitigate risk. The incident would be documented and reported to relevant stakeholders. Vulnerability management processes would be closely reviewed and refined to prevent future occurrences." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "How would you handle a phishing attack?", + "answer": "Addressing a phishing attack requires a combination of technical and user-focused actions. The first step would be to identify and quarantine the phishing email to prevent further dissemination. Affected accounts would be secured, and passwords reset. Intensified user education and awareness training would be implemented to enhance the recognition of phishing attempts. An incident report would be filed, and indicators of phishing attacks would be shared with relevant security communities." + }, + { + "domain": "Ethical Questions", + "difficulty": "Difficult", + "question": "Is it right to send login credentials through email?", + "answer": "No, sending login credentials through email is not considered a secure practice. Email communication is not inherently secure, and sending sensitive information like login credentials via email can expose them to interception by malicious actors. Secure methods such as encrypted channels or secure password reset mechanisms should be used instead." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "List security vulnerabilities as per Open Web Application Security Project (OWASP).", + "answer": "The OWASP (Open Web Application Security Project) Top Ten Project identifies common security vulnerabilities in web applications. These vulnerabilities include Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring." + }, + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "What would you do if you discovered an insider threat?", + "answer": "Addressing an insider threat involves a careful and methodical approach. The first step is to gather evidence and assess the nature and intent of the threat. Depending on the situation, HR, legal, and law enforcement may be involved if necessary. Access privileges would be revoked, and the insider's activity closely monitored. Additionally, security controls would be reviewed and enhanced to prevent similar incidents from occurring in the future." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How would you handle a social engineering attack?", + "answer": "Social engineering attacks exploit human psychology to gain unauthorized access. Responding to such attacks requires a combination of user awareness and robust security controls. I would intensify employee education on recognizing and reporting social engineering attempts. Simulated attacks, such as phishing tests, would be conducted to assess susceptibility. Implementing multi-factor authentication, strong access controls, and having a well-defined incident response plan would mitigate risks." + }, + + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the OSI model?", + "answer": "The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions of a telecommunication or networking system into seven distinct layers. These layers, from top to bottom, are: Application, Presentation, Session, Transport, Network, Data Link, and Physical. The OSI model helps in understanding and explaining how different networking protocols and technologies interact within a network." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the difference between TCP and UDP?", + "answer": "TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are two different transport layer protocols in the OSI model. The main difference between them is in how they handle data transmission. TCP provides reliable, connection-oriented communication with features like error checking and flow control. UDP, on the other hand, offers faster, connectionless communication but does not guarantee delivery or sequencing of data. UDP is often used for real-time applications like video streaming and online gaming, while TCP is used for tasks where data integrity is crucial." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a MAC address?", + "answer": "A MAC (Media Access Control) address, also known as a hardware address or physical address, is a unique identifier assigned to network interface cards (NICs) or network adapters in devices such as computers and routers. MAC addresses are used at the data link layer of the OSI model to uniquely identify devices on a local network. They are typically expressed as a series of hexadecimal numbers, such as '00:1A:2B:3C:4D:5E.'" + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a VLAN?", + "answer": "A VLAN (Virtual Local Area Network) is a logical segmentation of a physical network into multiple isolated broadcast domains. VLANs are used to group devices together in a way that makes them function as if they were on the same physical network, even if they are located on different network segments or switches. VLANs help improve network security, reduce broadcast traffic, and enhance network management by allowing administrators to control and segregate network traffic based on specific criteria." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a subnet?", + "answer": "A subnet, short for 'subnetwork,' is a smaller network within a larger network. It involves dividing an IP network into multiple, smaller IP address ranges to improve network efficiency and organization. Subnetting allows for better IP address management and routing by grouping devices with similar network requirements together. It also helps reduce broadcast traffic by isolating devices within their respective subnets." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a DNS server?", + "answer": "A DNS (Domain Name System) server is a network service that translates user-friendly domain names (such as www.example.com) into IP addresses (such as 192.168.1.1) that computers use to identify and locate each other on the internet or a local network. DNS servers play a crucial role in enabling humans to access websites using memorable domain names, while computers rely on IP addresses for routing and communication." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a DHCP server?", + "answer": "A DHCP (Dynamic Host Configuration Protocol) server is a network service that automatically assigns IP addresses, subnet masks, and other network configuration parameters to devices on a local network. DHCP servers streamline the process of setting up and managing IP addresses, particularly in larger networks, by dynamically allocating and renewing IP addresses for devices as they connect to the network. This simplifies network administration and prevents IP address conflicts." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is NAT?", + "answer": "NAT (Network Address Translation) is a network technology that allows multiple devices within a private network to share a single public IP address when accessing the internet. NAT works by mapping private IP addresses to a single public IP address and keeping track of which devices initiated specific connections. NAT enhances network security and conserves public IP addresses, which can be a limited resource." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a VPN tunnel?", + "answer": "A VPN (Virtual Private Network) tunnel is a secure, encrypted connection established over a public or untrusted network (such as the internet) to connect two private networks or a remote device to a private network. VPN tunnels ensure the confidentiality and integrity of data transmitted between the connected entities. They are commonly used for secure remote access, connecting branch offices, and protecting data during transit." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a load balancer?", + "answer": "A load balancer is a network device or software component that evenly distributes incoming network traffic or application requests across multiple servers or resources. The goal of load balancing is to optimize resource utilization, enhance fault tolerance, and improve the overall performance and availability of a network or web application. Load balancers can be hardware appliances or software-based solutions." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a zero-day vulnerability?", + "answer": "A zero-day vulnerability is a security flaw or weakness in a software application or operating system that is unknown to the vendor or developer. It is called 'zero-day' because, when it is discovered and exploited by attackers, there are zero days of protection available to the users. These vulnerabilities can be particularly dangerous as there are no patches or fixes available at the time of discovery." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the difference between IDS and IPS?", + "answer": "An IDS (Intrusion Detection System) is a cybersecurity tool that monitors network traffic and system activities to identify and alert on suspicious or potentially malicious activities. It acts as a passive observer, providing notifications but not actively blocking threats. On the other hand, an IPS (Intrusion Prevention System) not only detects threats but also takes active measures to block or mitigate them. It can automatically block malicious traffic or activities in real-time to protect the network." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is CIA in the context of cybersecurity?", + "answer": "CIA in cybersecurity stands for Confidentiality, Integrity, and Availability. These three principles represent the core objectives of information security. Confidentiality ensures that data is kept private and protected from unauthorized access. Integrity ensures that data remains accurate and unaltered. Availability ensures that data and resources are accessible when needed by authorized users." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a botnet?", + "answer": "A botnet is a network of compromised computers (often referred to as 'bots' or 'zombies') that are controlled by a remote attacker, typically without the knowledge or consent of the device owners. These compromised computers can be used to carry out various malicious activities, such as launching DDoS attacks, sending spam emails, or participating in other cyberattacks. Botnets are often used for large-scale and coordinated attacks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the difference between stored and reflected XSS?", + "answer": "Stored XSS (Cross-Site Scripting) and reflected XSS are two types of web vulnerabilities. Stored XSS occurs when a malicious script is permanently stored on a target website and executed whenever a user visits the affected page. Reflected XSS, on the other hand, involves injecting a malicious script into a URL, and the script is executed only when a user clicks on the manipulated URL. Both can lead to unauthorized script execution in a user's browser, but the attack vectors and impact differ." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What are HTTP response codes?", + "answer": "HTTP response codes, also known as HTTP status codes, are three-digit numeric codes returned by a web server to indicate the result of a client's request. These codes provide information about whether a request was successful, redirected, or encountered an error. For example, a '200 OK' code indicates a successful request, while a '404 Not Found' code signifies that the requested resource was not found on the server." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a DDoS attack?", + "answer": "A DDoS (Distributed Denial of Service) attack is a type of cyberattack in which multiple compromised computers, often part of a botnet, are used to flood a target system or network with a high volume of traffic, overwhelming its resources and making it inaccessible to legitimate users. The goal of a DDoS attack is to disrupt the availability of the targeted service or website, rather than stealing data or gaining unauthorized access." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a SQL injection attack?", + "answer": "A SQL injection attack is a type of cyberattack in which an attacker inserts malicious SQL (Structured Query Language) code into a web application's input fields or parameters. This code is then executed by the application's database, allowing the attacker to manipulate or extract data from the database, potentially gaining unauthorized access to sensitive information. Proper input validation and parameterized queries are essential defenses against SQL injection." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a buffer overflow attack?", + "answer": "A buffer overflow attack occurs when an attacker exploits a software vulnerability that allows them to write more data into a buffer (a temporary data storage area) than it can hold. This excess data can overflow into adjacent memory areas, potentially overwriting critical program data or even executing malicious code. Buffer overflow attacks can lead to application crashes or, when executed successfully, allow attackers to gain control of a system." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a man-in-the-middle attack?", + "answer": "A man-in-the-middle (MitM) attack is a cybersecurity attack in which an attacker intercepts and potentially alters the communication between two parties without their knowledge. The attacker positions themselves between the communicating parties and can eavesdrop on sensitive information, capture data, or manipulate the communication. MitM attacks can occur in various contexts, such as in public Wi-Fi networks, where attackers can intercept data transmitted between a user and a website." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the difference between a firewall and a WAF?", + "answer": "A firewall and a WAF (Web Application Firewall) serve different purposes in cybersecurity. A firewall is a network security device or software that filters and controls incoming and outgoing network traffic based on predetermined security rules. It operates at the network level and can block or allow traffic based on factors like IP addresses and port numbers. In contrast, a WAF is specifically designed to protect web applications from a range of web-based attacks, such as SQL injection and XSS. It operates at the application layer and analyzes HTTP requests and responses to identify and block malicious web traffic targeting web applications." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a DMZ?", + "answer": "A DMZ (Demilitarized Zone) is a network segment or subnetwork that is isolated from the internal network but is still accessible from the internet. It is often used as a security buffer zone to host services and resources that need to be accessible from the internet, such as web servers or email servers. The DMZ is typically protected by firewalls and security measures to prevent unauthorized access to the internal network." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a certificate authority?", + "answer": "A certificate authority (CA) is a trusted entity or organization responsible for issuing digital certificates. Digital certificates are used to verify the authenticity of a website, server, or individual in online communications. CAs play a crucial role in the Public Key Infrastructure (PKI) by verifying the identity of entities requesting certificates and digitally signing those certificates to vouch for their legitimacy. Web browsers and applications rely on CAs to establish secure and encrypted connections." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a digital signature?", + "answer": "A digital signature is a cryptographic technique used to verify the authenticity and integrity of a digital document, message, or transaction. It involves the use of a private key to create a unique digital signature for a piece of data. Recipients can use the sender's public key to verify the signature and confirm that the data has not been tampered with and that it indeed originated from the claimed sender. Digital signatures are widely used for secure email communication, document signing, and ensuring the trustworthiness of digital content." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a hash function?", + "answer": "A hash function is a mathematical function that takes an input (or 'message') and produces a fixed-length string of characters, which is typically a hexadecimal number. The output, known as the hash value or hash code, is unique to the specific input data. Hash functions are used in cybersecurity to create data fingerprints or checksums, which are used for various purposes, including data integrity verification, password hashing, and digital signatures." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a salt?", + "answer": "A salt is a random data value that is generated and used as an additional input to a hash function or cryptographic process, such as password hashing. Salts are used to enhance security by ensuring that the same input data does not produce the same hash output every time. By adding a unique salt to each piece of data before hashing, even identical data will result in different hash values. This prevents attackers from using precomputed tables (rainbow tables) to crack hashed passwords more easily." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a public key infrastructure (PKI)?", + "answer": "A public key infrastructure (PKI) is a framework or set of policies, procedures, and technologies used to manage digital keys and certificates. PKI enables secure communication and authentication over public networks, such as the internet. It involves the issuance, distribution, management, and revocation of digital certificates, which are used to verify the identity of entities in online transactions. PKI is a critical component of secure email, web browsing, and other online activities that require strong encryption and authentication." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a secure boot?", + "answer": "Secure boot is a security feature implemented in computer systems and devices to ensure that only trusted and authenticated software is loaded and executed during the boot process. It helps protect against the loading of unauthorized or malicious code at system startup. Secure boot relies on cryptographic signatures and digital certificates to verify the integrity and authenticity of the bootloader and operating system components before they are allowed to run." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is a secure enclave?", + "answer": "A secure enclave, often referred to as a 'trusted execution environment' (TEE), is a secure and isolated area within a computer's central processing unit (CPU) or system-on-chip (SoC). It provides a highly protected environment for executing sensitive or trusted code, such as cryptographic operations, without exposing it to potential threats from the main operating system or other applications. Secure enclaves are commonly used to safeguard critical security functions and protect sensitive data." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is a secure container?", + "answer": "A secure container, often referred to as a 'container' or 'sandbox,' is a restricted and isolated environment in which applications or processes can run without interacting with the host system or other containers. Secure containers are commonly used to enhance security by preventing malicious or untrusted code from affecting the host system. They provide a controlled and secure space for running software, ensuring that it cannot access or modify sensitive system resources." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are some common techniques used in social engineering attacks, and how can they be prevented?", + "answer": "Social engineering attacks often involve manipulation and deception. Common techniques include phishing emails, pretexting (creating a fabricated scenario), baiting (offering something enticing), and tailgating (following someone into a restricted area). Prevention measures include employee training on recognizing social engineering attempts, implementing email filtering and validation, and enforcing strict access control and visitor policies." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How can organizations protect against DDoS attacks?", + "answer": "Protection against Distributed Denial of Service (DDoS) attacks involves deploying robust network and application-level defenses. This includes using dedicated DDoS mitigation services, traffic filtering and rate limiting, content delivery networks (CDNs), and traffic diversion. Additionally, having a well-prepared incident response plan is crucial for mitigating the impact of DDoS attacks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are some best practices for securing web applications against SQL injection attacks?", + "answer": "To secure web applications against SQL injection attacks, organizations should employ input validation and parameterized queries to prevent malicious input from being executed as SQL commands. Implementing least privilege access, using web application firewalls (WAFs), and conducting regular security testing can also enhance protection." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How can organizations protect against zero-day vulnerabilities?", + "answer": "Protecting against zero-day vulnerabilities involves continuous monitoring, rapid patching, and implementing intrusion detection and prevention systems. Employing application whitelisting, network segmentation, and user training to detect and prevent suspicious activities can also help mitigate the risks associated with unknown vulnerabilities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are some best practices for securing mobile devices against malware and other threats?", + "answer": "Securing mobile devices includes keeping operating systems and applications up to date, using mobile device management (MDM) solutions, implementing encryption, and promoting secure usage practices among employees. Regular security assessments and app vetting can also help identify and mitigate mobile device threats." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is the difference between IAST, SAST, and DAST, and how are they used in application security testing?", + "answer": "Interactive Application Security Testing (IAST), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST) are different approaches to application security testing. IAST assesses applications in real-time during runtime, SAST analyzes source code for vulnerabilities without executing the application, and DAST tests running applications for vulnerabilities. Each has its strengths and limitations, and they are often used together in a comprehensive application security testing strategy." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some common security risks associated with cloud computing, and how can they be mitigated?", + "answer": "Common security risks in cloud computing include data breaches, misconfigured resources, insider threats, and lack of visibility. These risks can be mitigated by using strong access controls, encryption, regular audits, and comprehensive security policies. Implementing Identity and Access Management (IAM) solutions and monitoring cloud infrastructure can also enhance security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is the shared responsibility model in cloud security, and how does it work?", + "answer": "The shared responsibility model defines the division of security responsibilities between cloud service providers (CSPs) and customers. CSPs are responsible for securing the cloud infrastructure, while customers are responsible for securing their data and applications in the cloud. The model varies depending on the type of cloud service (e.g., IaaS, PaaS, SaaS), and it is essential for customers to understand and fulfill their security obligations." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some best practices for securing data in the cloud?", + "answer": "Securing data in the cloud involves encryption, access control, data classification, and regular backups. Encrypting data at rest and in transit, implementing strong access policies, and classifying data based on sensitivity are crucial. Additionally, conducting data backup and recovery tests ensures data availability and resilience." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is multi-factor authentication, and how can it be used to enhance cloud security?", + "answer": "Multi-factor authentication (MFA) requires users to provide two or more authentication factors (e.g., password, biometric data, token) to access an account or system. MFA enhances cloud security by adding an additional layer of protection beyond passwords. It reduces the risk of unauthorized access, especially when sensitive data or applications are hosted in the cloud." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some best practices for securing cloud-based applications?", + "answer": "Securing cloud-based applications involves thorough testing, continuous monitoring, and adherence to security best practices. This includes conducting vulnerability assessments, applying patches promptly, using WAFs, and implementing robust IAM policies. Employing DevSecOps practices and leveraging cloud-native security tools can also enhance the security of cloud-based applications." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is the MITRE ATT&CK Framework, and how is it used in the cybersecurity industry?", + "answer": "The MITRE ATT&CK Framework is a comprehensive knowledge base that catalogs real-world adversary tactics, techniques, and procedures (TTPs). It is widely used in the cybersecurity industry as a valuable resource for understanding, analyzing, and countering cyber threats. Organizations leverage the framework to enhance their threat intelligence, threat detection, and incident response capabilities by mapping observed or potential adversary behavior to the framework's structured taxonomy." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How can organizations leverage the MITRE ATT&CK Framework for threat intelligence, threat detection, and incident response?", + "answer": "Organizations can leverage the MITRE ATT&CK Framework for threat intelligence by using it as a reference to categorize and analyze threat actor behavior. In threat detection, the framework serves as a foundation for creating detection rules and signatures to identify malicious activities. During incident response, it helps organizations understand the tactics and techniques employed by adversaries, enabling more effective containment, eradication, and recovery efforts." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some key tactics and techniques covered in the MITRE ATT&CK Framework?", + "answer": "The MITRE ATT&CK Framework covers a wide range of tactics and techniques used by threat actors. Some key tactics include initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and impact. Techniques under these tactics provide detailed insights into specific adversary behaviors, such as spear-phishing, PowerShell exploitation, credential dumping, and data exfiltration." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How does the MITRE ATT&CK Framework help organizations understand and defend against real-world adversary tactics and techniques?", + "answer": "The MITRE ATT&CK Framework helps organizations understand and defend against real-world adversary tactics and techniques by providing a structured and up-to-date knowledge base. It offers a common language for describing cyber threats and allows organizations to map observed incidents to specific tactics and techniques. This enables a proactive and data-driven approach to threat hunting, security assessments, and the development of effective defenses tailored to the specific behaviors of adversaries." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some limitations or gaps in the MITRE ATT&CK Framework, and how can they be addressed in future work?", + "answer": "While the MITRE ATT&CK Framework is a valuable resource, it may have limitations or gaps due to the evolving nature of cyber threats. Some limitations include incomplete coverage of emerging threats and the need for regular updates to reflect new adversary tactics. To address these issues, ongoing research and collaboration within the cybersecurity community are essential. MITRE and the community work together to continuously improve and expand the framework, ensuring its relevance and effectiveness in addressing contemporary cyber threats." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is the Common Vulnerabilities and Exposures (CVE) framework, and how does it help in organizing and categorizing software flaws?", + "answer": "The Common Vulnerabilities and Exposures (CVE) framework is a system for identifying, organizing, and categorizing software vulnerabilities and exposures in a standardized way. CVEs provide a unique identifier (CVE ID) for each known vulnerability, allowing for consistent tracking and communication across the cybersecurity community. CVEs help organizations understand and address software flaws by providing a common language for discussing vulnerabilities, sharing information, and prioritizing remediation efforts." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How has the CVE landscape evolved over the past two decades, and what are some key trends and challenges in managing vulnerabilities?", + "answer": "Over the past two decades, the CVE landscape has evolved significantly. The number of reported vulnerabilities has grown exponentially, reflecting the increasing complexity of software and the expanding attack surface. Key trends include the rise of coordinated vulnerability disclosure programs, greater collaboration among security researchers, vendors, and organizations, and the emergence of automated vulnerability management tools. Challenges in managing vulnerabilities include the need for timely and accurate vulnerability assessments, patch management, and the prioritization of critical vulnerabilities to address first." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How can organizations use CVEs to prioritize and address security vulnerabilities in their systems and applications?", + "answer": "Organizations can use CVEs to prioritize and address security vulnerabilities by establishing a vulnerability management process. This process involves identifying vulnerabilities relevant to their systems and applications, assigning severity ratings, and applying patches or mitigation measures based on the CVE information. CVEs also help organizations assess the potential impact of vulnerabilities on their environment, allowing them to prioritize remediation efforts for the most critical vulnerabilities first." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some best practices for staying up-to-date with the latest CVEs and applying relevant patches and updates?", + "answer": "Staying up-to-date with the latest CVEs and applying relevant patches and updates is critical for cybersecurity. Best practices include subscribing to CVE alert services and security mailing lists, regularly scanning systems for vulnerabilities, and maintaining an inventory of software and hardware assets. Organizations should establish a patch management process that includes testing patches before deployment, prioritizing critical vulnerabilities, and ensuring timely patching across the organization. Continuous monitoring and vulnerability assessments are also essential to identify and remediate vulnerabilities as they emerge." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is the OWASP Top 10, and how does it help organizations identify and mitigate common web application security risks?", + "answer": "The OWASP Top 10 is a regularly updated list of the ten most critical web application security risks. It serves as a valuable resource for organizations to identify and mitigate common vulnerabilities and threats in web applications. By prioritizing these risks, organizations can focus their efforts on addressing the most significant security challenges, including issues like injection attacks, broken authentication, and insecure deserialization. The OWASP Top 10 provides guidance and best practices to help organizations secure their web applications effectively." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How often is the OWASP Top 10 updated, and what are some key changes in recent versions?", + "answer": "The OWASP Top 10 is typically updated every few years to adapt to the evolving threat landscape and advancements in web application security. The update frequency may vary, but recent versions have introduced notable changes. Some key changes in recent versions include the addition of new security risks, such as XML External Entity (XXE) attacks, and the reordering of items based on their prevalence and impact. Updates also consider emerging technologies and attack techniques, ensuring that the list remains relevant to the current state of web application security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some practical steps organizations can take to address the OWASP Top 10 vulnerabilities in their web applications?", + "answer": "Addressing the vulnerabilities listed in the OWASP Top 10 requires organizations to take proactive measures. Practical steps include conducting thorough security assessments and code reviews to identify vulnerabilities specific to their web applications. Implementing robust security controls and best practices, training developers and staff in secure coding and web application security, and performing regular vulnerability scanning and penetration testing are essential. Organizations should also establish a monitoring system to detect and respond to suspicious activities promptly. Prioritizing remediation efforts based on the severity and potential impact of vulnerabilities is crucial to effective risk management." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is the NIST Cybersecurity Framework, and how does it help organizations manage and reduce cybersecurity risk?", + "answer": "The NIST Cybersecurity Framework is a comprehensive set of guidelines, best practices, and standards developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risk effectively. It provides a structured approach that consists of five core functions: Identify, Protect, Detect, Respond, and Recover. Organizations can use the framework to assess their current cybersecurity posture, establish goals, and develop strategies to improve their cybersecurity resilience. By aligning with the NIST Framework, organizations can better identify vulnerabilities, protect against threats, detect incidents, respond to and recover from cyberattacks, ultimately reducing their cybersecurity risk." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "How can organizations use the NIST Framework to improve their risk and cybersecurity management communications with internal and external stakeholders?", + "answer": "Organizations can leverage the NIST Framework to enhance their risk and cybersecurity management communications in several ways. Internally, it provides a common language and structure for discussing cybersecurity practices and risks across departments and levels of the organization. It enables better alignment of security initiatives with business objectives and facilitates informed decision-making. Externally, organizations can use the NIST Framework to communicate their commitment to cybersecurity best practices to customers, partners, and regulatory authorities. By demonstrating adherence to a recognized standard, organizations can build trust and transparency in their cybersecurity efforts, which is increasingly important in today's interconnected business landscape." + }, + + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of SIEM (Security Information and Event Management) systems in cybersecurity, and what are some popular SIEM tools used by SOC analysts?", + "answer": "SIEM systems play a crucial role in cybersecurity by collecting, analyzing, and correlating security event data from various sources within an organization's network. They provide SOC analysts with real-time visibility into the security posture of their environment, enabling the detection and response to security incidents. Some popular SIEM tools used by SOC analysts include Splunk, IBM QRadar, Elastic Security (formerly known as the ELK Stack), LogRhythm, and AlienVault USM (Unified Security Management). These tools help analysts centralize and analyze security data for threat detection and incident response." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the OWASP ZAP (Zed Attack Proxy) tool, and how can it be used to test web application security?", + "answer": "OWASP ZAP (Zed Attack Proxy) is a popular open-source web application security testing tool. SOC analysts use ZAP to assess the security of web applications by simulating various types of attacks, including injection attacks, cross-site scripting (XSS), and security misconfigurations. ZAP can identify vulnerabilities in web applications and provide detailed reports, making it an essential tool for identifying and remediating security flaws in web-based systems." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of vulnerability scanners in cybersecurity, and what are some popular vulnerability scanning tools used by security professionals?", + "answer": "Vulnerability scanners are essential tools in cybersecurity used to identify and assess vulnerabilities within an organization's systems and networks. They play a crucial role in proactive security by helping SOC analysts discover weaknesses before malicious actors can exploit them. Popular vulnerability scanning tools used by security professionals include Nessus, Qualys, OpenVAS, Rapid7 Nexpose, and Acunetix. These tools automate the discovery and assessment of vulnerabilities, enabling analysts to prioritize and remediate security issues efficiently." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the Nmap tool, and how can it be used for network reconnaissance and vulnerability scanning?", + "answer": "Nmap (Network Mapper) is a widely used open-source tool for network reconnaissance and vulnerability scanning. SOC analysts use Nmap to discover hosts, services, and open ports on a network. It can also identify potential vulnerabilities by detecting the software and versions running on remote systems. Nmap offers a variety of scanning techniques and options, making it a versatile tool for both security assessments and network mapping, helping analysts assess the security posture of their environments." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of packet sniffers in cybersecurity, and what are some popular packet sniffing tools used by security professionals?", + "answer": "Packet sniffers, also known as network analyzers or packet capture tools, are used in cybersecurity to capture and analyze network traffic. SOC analysts rely on packet sniffers to monitor network communications, identify anomalies, and investigate security incidents. Some popular packet sniffing tools used by security professionals include Wireshark, Tcpdump, Snort, and Zeek (formerly known as Bro). These tools provide detailed insights into network traffic, helping analysts detect suspicious activities and potential security threats." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the role of endpoint detection and response (EDR) tools in cybersecurity, and what are some popular EDR tools used by SOC analysts?", + "answer": "Endpoint Detection and Response (EDR) tools are crucial for cybersecurity as they focus on monitoring and securing individual endpoints (devices) within an organization's network. EDR tools provide SOC analysts with real-time visibility into endpoint activities, detect threats, and respond to security incidents. Popular EDR tools used by SOC analysts include CrowdStrike Falcon, Carbon Black (VMware Carbon Black), SentinelOne, McAfee ENS (Endpoint Security), and Symantec EDR. These tools help analysts protect endpoints from malware, detect suspicious behavior, and respond to threats effectively." + }, + + { + "domain": "Digital Forensics", + "difficulty": "Difficult", + "question": "What are some popular computer forensics tools used by digital forensics professionals?", + "answer": "Digital forensics professionals rely on a variety of tools to investigate and analyze digital evidence. Some popular computer forensics tools include:\n\n1. EnCase Forensic: A comprehensive forensic platform with advanced analysis capabilities.\n2. AccessData FTK (Forensic Toolkit): Used for data acquisition, analysis, and reporting.\n3. Autopsy: An open-source graphical interface for The Sleuth Kit (TSK), providing a range of forensic analysis features.\n4. X-Ways Forensics: Known for its speed and efficiency in data recovery and analysis.\n5. Cellebrite UFED (Universal Forensic Extraction Device): Specializes in mobile device forensics.\n6. Oxygen Forensic Detective: Focuses on extracting and analyzing data from smartphones and cloud services.\n7. Volatility: An open-source memory forensics framework for analyzing RAM dumps.\n8. Wireshark: Used for network packet analysis, valuable in digital investigations.\n9. Registry Explorer: A tool for analyzing Windows registry files for evidence.\n10. Paladin: A Linux distribution for digital forensics and incident response.\n\nThese tools assist digital forensics professionals in collecting, preserving, and analyzing digital evidence for investigative purposes." + }, + + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What are some common blue teaming tools used by SOC analysts to monitor and defend against cyber threats?", + "answer": "SOC analysts utilize various blue teaming tools to monitor and defend against cyber threats. Some common blue teaming tools include:\n\n1. Security Information and Event Management (SIEM) systems: Such as Splunk, IBM QRadar, and Elastic Security, for real-time event monitoring and threat detection.\n2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Such as Snort and Suricata, for network traffic analysis and threat prevention.\n3. Security Orchestration, Automation, and Response (SOAR) platforms: Like Palo Alto Networks Cortex XSOAR, for automating incident response workflows.\n4. Endpoint Detection and Response (EDR) solutions: Such as CrowdStrike Falcon and Carbon Black, for monitoring and securing endpoints.\n5. Network traffic analyzers: Such as Wireshark and Tcpdump, for deep packet inspection and analysis.\n6. Threat intelligence platforms: Like ThreatConnect and Recorded Future, for gathering and analyzing threat intelligence data.\n\nThese tools assist SOC analysts in actively defending against cyber threats, monitoring security events, and responding to incidents effectively." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "How can blue teams use honeypots and deception techniques to detect and deter attackers, and what are some popular honeypot tools used by blue teams?", + "answer": "Blue teams can employ honeypots and deception techniques as proactive cybersecurity measures to detect and deter attackers. Honeypots are decoy systems or services designed to lure attackers away from critical assets. They can be used to:\n\n1. Gather threat intelligence by monitoring attacker activity and tactics.\n2. Divert attackers from real systems, reducing the risk of a successful breach.\n3. Study attacker behavior to enhance defensive strategies.\n\nSome popular honeypot tools used by blue teams include:\n\n1. Dionaea: An open-source honeypot that focuses on collecting malware samples and analyzing attacker behavior.\n2. Cowrie: A medium-interaction SSH and Telnet honeypot designed to mimic vulnerable systems.\n3. Kippo: An SSH honeypot that logs attacker interactions and emulates a Unix-like environment.\n4. Glastopf: A web application honeypot that emulates vulnerable web services to attract web-based attacks.\n5. Snort with Honeynet add-ons: Snort can be used with additional Honeynet Project tools to create honeypots for network-based detection.\n\nDeception techniques involve the creation of deceptive assets, such as fake credentials or files, to mislead attackers. Deception platforms like Attivo Networks and TrapX Security offer tools for deploying and managing deception elements. These techniques can help blue teams identify attackers early in the cyber kill chain and improve threat detection and incident response." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "What are some common red teaming tools used by penetration testers?", + "answer": "Penetration testers, also known as red teamers, use a variety of tools to simulate real-world attacks and identify vulnerabilities. Some common red teaming tools include:Metasploit: A widely used penetration testing framework that provides a collection of exploit modules and payloads for various targets.. Cobalt Strike: A commercial tool that facilitates advanced threat emulation, post-exploitation, and collaborative red teaming.. Empire: An open-source post-exploitation framework that allows red teamers to maintain control over compromised systems. PowerShell Empire: An extension of the Empire framework, focusing on PowerShell-based post-exploitation techniques. BloodHound: A tool used for Active Directory (AD) enumeration and attack path analysis, helping red teamers understand AD environments. CrackMapExec (CME): A Swiss Army knife for pentesters and red teamers, enabling them to perform various post-exploitation tasks. BeEF (Browser Exploitation Framework): Used to assess and exploit web browsers through client-side attacks. Empire-DS: A Python-based post-exploitation agent for macOS systems. PowerSploit: A collection of PowerShell modules for offensive security tasks, including situational awareness and exploitation. Mimikatz: A tool for extracting credentials and performing pass-the-hash attacks, often used to demonstrate the impact of credential theft. These tools help penetration testers assess an organization's security posture, discover vulnerabilities, and provide recommendations for improving security." + }, + + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is your action plan when detecting an incident as a SOC Analyst?", + "answer": "Upon detecting an incident, I would swiftly identify and verify it, assess its impact, and isolate affected systems. Communication with stakeholders and incident response teams is crucial. I would preserve digital evidence, analyze the threat, eradicate it, and restore systems. Root cause analysis, documentation, and reporting follow. Post-incident, a review for improvement, continuous enhancement of security measures, legal compliance, and public relations management would be key." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is Cyber Kill Chain?", + "answer": "The Cyber Kill Chain is a concept developed by Lockheed Martin to describe the stages of a cyberattack, from initial reconnaissance to the final objective, which is typically data exfiltration or system compromise. The stages include Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control (C2), and Actions on Objectives (Data exfiltration or system control). Understanding the Cyber Kill Chain helps organizations identify and thwart cyber threats at various stages of an attack, improving cybersecurity defenses." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "How can you classify the roles in Cyber Security? What is your understanding of different job roles and functions that are part of Cyber Security?", + "answer": "Cybersecurity roles can be classified into various categories, including:1. Security Analysts: Responsible for monitoring, analyzing, and responding to security incidents.2. Ethical Hackers (Penetration Testers): Identify vulnerabilities and test systems for weaknesses.3. Security Engineers: Design, implement, and manage security infrastructure.4. Security Architects: Develop overall security strategies and design secure systems.5. Security Managers/Directors: Oversee security teams and ensure compliance with policies.6. Chief Information Security Officer (CISO): Responsible for the organization's overall security posture.\n7. Compliance and Risk Managers: Ensure adherence to regulations and assess cybersecurity risks.These roles work together to protect an organization's information assets and systems from cyber threats." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What's the difference between symmetric and asymmetric (public-key) cryptography?", + "answer": "Symmetric cryptography uses the same key for both encryption and decryption, making it faster but requiring secure key distribution. Asymmetric cryptography, also known as public-key cryptography, uses a pair of public and private keys. Data encrypted with one key can only be decrypted with the other, enhancing security and eliminating the need for secure key exchange. Asymmetric cryptography is slower but provides greater security and key management convenience." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What are Ports in Computers, how many ports a computer has?", + "answer": "Ports in computers are communication endpoints that allow data to be sent and received over a network. A computer has 65,535 ports available for network communication. These ports are categorized into three ranges: well-known ports (0-1023), registered ports (1024-49151), and dynamic or private ports (49152-65535). Well-known ports are typically associated with commonly used services, such as port 80 for HTTP and port 443 for HTTPS." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Why is deleted data not truly gone when you delete it?", + "answer": "Deleted data is often not truly gone because the operating system simply marks the space occupied by the deleted file as available for reuse. Until new data overwrites that space, the original data may still be recoverable using specialized tools. Secure deletion methods overwrite the data to make it more challenging to recover." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is Encryption, Encoding, Hashing?", + "answer": "Encryption is the process of converting plaintext data into ciphertext to protect its confidentiality. Encoding is a reversible transformation of data for various purposes like data compression or transmission. Hashing is a one-way process that generates a fixed-size hash value or digest from data. It is used for data integrity verification and password storage." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is Salting (in context of Hashing), and why is it used?", + "answer": "Salting is the practice of adding a random value (the 'salt') to data before hashing it. It is used to enhance the security of hashed data, especially for password storage. Salting ensures that identical passwords result in different hashes due to unique salts, making it harder for attackers to use precomputed tables (rainbow tables) for password cracking." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "Would you Encrypt and Compress or Compress and Encrypt? Why?", + "answer": "Encrypting and then compressing data is generally recommended. This approach ensures that sensitive information is protected before compression, reducing the risk of exposing confidential data during the compression process. Compressing first and then encrypting may leak information through patterns in the compressed data or make it harder to detect malicious content within compressed files." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What's the difference between deep web and dark web?", + "answer": "The deep web refers to all web content that is not indexed by search engines and includes legitimate content like password-protected websites, databases, and private content. The dark web, on the other hand, is a small portion of the deep web intentionally hidden and accessible only through special software like Tor. It is known for illegal activities, marketplaces, and anonymity, making it a hub for cybercrime." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is MITRE ATT&CK?", + "answer": "MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a knowledge base that provides information on adversarial tactics and techniques used by cyberthreat actors. It helps organizations understand and counteract real-world attack methods by mapping out how adversaries operate. ATT&CK provides a valuable resource for threat intelligence, threat detection, and incident response in cybersecurity." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Explain/differentiate Vulnerability and Exploit", + "answer": "A vulnerability is a weakness or flaw in a system or software that can be exploited by an attacker to compromise security. An exploit, on the other hand, is a piece of software or code that takes advantage of a vulnerability to gain unauthorized access or perform malicious actions. Exploits are tools or techniques used to leverage vulnerabilities for nefarious purposes." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain Vulnerability, Threat, and Risk.", + "answer": "In cybersecurity, a vulnerability is a weakness or gap in security defenses that could be exploited by a threat actor. A threat is any potential danger or harmful event that could exploit a vulnerability. Risk is the likelihood and potential impact of a threat exploiting a vulnerability, leading to harm or loss. Managing risk involves identifying vulnerabilities, assessing threats, and implementing controls to mitigate risk." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the Difference Between Events, Alerts & Incidents?", + "answer": "Events are raw data entries generated by systems or security devices, indicating a specific occurrence or activity, such as a login attempt. Alerts are notifications triggered by security monitoring tools when they detect potentially suspicious or noteworthy events. Incidents are confirmed security events that require investigation and response due to their potential impact on security. Incidents often result from multiple related alerts and may involve active threats." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is APT Groups (in a Cyber Security Context)?", + "answer": "APTs (Advanced Persistent Threats) are organized and sophisticated cyberthreat groups with the capability to conduct long-term, targeted attacks on specific organizations or entities. APT groups often have access to advanced tools, techniques, and extensive resources. They aim to remain undetected while exfiltrating data, stealing intellectual property, or causing other harm. Countering APTs requires a high level of cybersecurity expertise and vigilance." + }, + + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is traceroute and how do you use it?", + "answer": "Traceroute is a network diagnostic tool used to trace the route that packets take from your computer to a destination host or server. It works by sending a series of packets with increasing Time-to-Live (TTL) values, causing routers along the path to respond with their information. This reveals the intermediate hops and their IP addresses, helping diagnose network issues and latency." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is SSH? On what port does SSH work?", + "answer": "SSH (Secure Shell) is a network protocol used for secure remote access and command execution on a remote server. SSH operates on port 22 by default. It provides encrypted communication, authentication, and secure file transfer." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "Can you do SSH from Windows?", + "answer": "Yes, you can use SSH from Windows. Windows 10 and Windows Server 2019 include an integrated OpenSSH client. Alternatively, third-party SSH clients like PuTTY are available for Windows." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Why is DNS Monitoring Important? What information can it reveal?", + "answer": "DNS (domain Name System) monitoring is important for security and network management. It can reveal information about network traffic patterns, potential security threats like DNS attacks, and unauthorized domain access. Monitoring DNS queries and responses helps detect and respond to malicious activities, such as DNS spoofing or DDoS attacks." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "DNS Communication Happens on which port?", + "answer": "DNS communication typically occurs on port 53. UDP (User Datagram Protocol) is commonly used for DNS queries, while TCP (Transmission Control Protocol) is used for larger data transfers and zone transfers." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is VPN?", + "answer": "VPN (Virtual Private Network) is a technology that creates a secure and encrypted connection over a public network, such as the internet. It allows users to access private networks and resources while ensuring data confidentiality and integrity. VPNs are used for remote access, privacy protection, and secure communication." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is Proxy?", + "answer": "A proxy server acts as an intermediary between a client device and a destination server or resource. It can be used to forward requests and responses, providing benefits such as anonymity, content filtering, and load balancing. Proxies can be deployed for various purposes, including security and performance optimization." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the Difference in VPN and Proxy?", + "answer": "While both VPN and proxy can route internet traffic, they serve different purposes. VPNs create secure, encrypted tunnels for all network traffic, enhancing privacy and security. Proxies, on the other hand, primarily serve as intermediaries for specific types of traffic, like web requests, without encrypting all traffic. VPNs are ideal for secure, private connections, while proxies are often used for content filtering or bypassing regional restrictions." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is Forward Proxy and Reverse Proxy?", + "answer": "A forward proxy acts on behalf of clients, forwarding their requests to servers on the internet. It is commonly used for client anonymity and content filtering. A reverse proxy, on the other hand, acts as a gateway for incoming client requests, forwarding them to backend servers. It is used for load balancing, SSL termination, and protecting server identities." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is a Load Balancer?", + "answer": "A load balancer is a network device or software application that distributes incoming network traffic across multiple servers or resources. It ensures efficient utilization of resources, improves response times, and enhances the availability and scalability of services. Load balancers can operate at the application, network, or transport layer." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is CDN?", + "answer": "CDN (Content Delivery Network) is a network of geographically distributed servers that work together to deliver web content, such as images, videos, and web pages, to users from the nearest server location. CDNs reduce latency, improve content availability, and enhance website performance by caching and serving content from edge servers." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Can you explain man-in-the-middle attack?", + "answer": "A man-in-the-middle (MITM) attack occurs when an attacker intercepts and possibly alters communications between two parties without their knowledge. The attacker secretly relays information between the legitimate parties, allowing them to eavesdrop or manipulate the data. MITM attacks can compromise data integrity and confidentiality. Countermeasures include encryption and certificate validation." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Does HTTPS/SSL protect from Man-in-the-Middle Attack?", + "answer": "HTTPS (Hypertext Transfer Protocol Secure) with SSL/TLS encryption provides protection against most man-in-the-middle (MITM) attacks. It ensures data confidentiality and integrity by encrypting the communication between the client and server. However, HTTPS security relies on the correct validation of server certificates. Weak certificate validation or certificate authority compromise can still make MITM attacks possible." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the difference between IPS and IDS?", + "answer": "IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) are both security systems, but they serve different purposes. IDS monitors network or system activities and generates alerts upon detecting suspicious or unauthorized behavior. It does not actively block threats. In contrast, IPS not only detects but also takes action to prevent threats by blocking or dropping malicious traffic. IPS is proactive in protecting systems." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What are different OSI Layers in Networking?", + "answer": "The OSI (Open Systems Interconnection) model defines seven layers in networking, from the top (Layer 7) to the bottom (Layer 1): 1. Application Layer 2. Presentation Layer 3. Session Layer 4. Transport Layer 5. Network Layer 6. Data Link Layer 7. Physical Layer Each layer has specific functions and interacts with adjacent layers to facilitate network communication." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "How is TCP/IP Layer Different from OSI Layers in Networking?", + "answer": "While the OSI model has seven layers, the TCP/IP model combines some of these layers, resulting in four layers: 1. Application Layer (combining OSI Layers 5-7) 2. Transport Layer (combining OSI Layer 4) 3. Internet Layer (equivalent to OSI Layer 3) 4. Network Access Layer (combining OSI Layers 1-2) The TCP/IP model is more practical for understanding internet protocols and is widely used in practice." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Do you prefer filtered ports or closed ports on your firewall?", + "answer": "It is generally recommended to have closed ports on a firewall by default. Closed ports do not respond to incoming connection attempts, making them less visible to potential attackers. Filtered ports, on the other hand, actively reject or drop incoming traffic, indicating the presence of a firewall. While both approaches have their use cases, closed ports offer a stealthier security posture." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is a firewall? What are different types of Firewall?", + "answer": "A firewall is a network security device or software that controls incoming and outgoing network traffic based on predetermined security rules. There are several types of firewalls, including: 1. Packet Filtering Firewalls 2. Stateful Inspection Firewalls 3. Proxy Firewalls 4. Next-Generation Firewalls (NGFWs) 5. Application Layer Firewalls (ALGs) Firewalls can be hardware-based, software-based, or cloud-based, and they are used to protect networks and devices from unauthorized access and threats." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How can you bypass a firewall or IDS?", + "answer": "Bypassing a firewall or IDS (Intrusion Detection System) is unethical and illegal without proper authorization. It involves exploiting vulnerabilities or using techniques like tunneling, evasion, or encryption to hide malicious traffic. Security professionals focus on securing networks and systems rather than bypassing security measures. Ethical hacking, with proper authorization, is conducted to identify and mitigate vulnerabilities." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is Fragmentation attack? How can Fragmentation be used as a DoS Attack? How can this be avoided or handled?", + "answer": "A fragmentation attack is a type of network attack that involves sending fragmented packets to a target system. These packets are intentionally broken into smaller fragments to exploit vulnerabilities in the system's reassembly process. Fragmentation attacks can be used as a DoS (Denial of Service) attack by overwhelming the target's resources. To avoid or handle fragmentation attacks, network security measures should include packet inspection, reassembly rules, and intrusion detection systems." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Besides firewalls, what other devices are used to enforce network boundaries?", + "answer": "In addition to firewalls, several other devices are used to enforce network boundaries and enhance security. These include: 1. Intrusion Detection Systems (IDS) 2. Intrusion Prevention Systems (IPS) 3. Routers and Gateways 4. Proxy Servers 5. VPN Concentrators 6. Load Balancers 7. Network Access Control (NAC) Systems 8. Content Filtering Appliances These devices help monitor, filter, and protect network traffic while enforcing security policies." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a honeypot?", + "answer": "A honeypot is a decoy system or network designed to attract and deceive potential attackers. It appears to contain valuable information or vulnerabilities that attackers might exploit. The primary purpose of a honeypot is to gather information about attackers' tactics, techniques, and intentions, helping organizations improve their security measures and threat intelligence." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is the difference between an HIDS and an NIDS? Examples of both.", + "answer": "HIDS (Host-based Intrusion Detection System) and NIDS (Network-based Intrusion Detection System) differ in their scope and focus. HIDS monitors and analyzes activities on individual hosts or devices, looking for signs of intrusion or malicious behavior within the host's operating system. Examples of HIDS include OSSEC and Tripwire. NIDS, on the other hand, monitors network traffic for suspicious patterns or known attack signatures. Examples of NIDS include Snort and Suricata." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is worse in detection, a false negative or a false positive? And why?", + "answer": "In detection systems, both false negatives and false positives are undesirable, but their impact differs. A false negative occurs when a genuine threat or intrusion goes undetected, allowing malicious activity to continue unnoticed. A false positive, on the other hand, generates an alert for benign or non-malicious activity, potentially leading to unnecessary investigations and resource consumption. The severity of each depends on the specific context and consequences. However, false negatives are generally considered worse in cybersecurity because they represent missed threats and potential security breaches." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is DDoS and DoS attack?", + "answer": "DDoS (Distributed Denial of Service) and DoS (Denial of Service) attacks are malicious attempts to disrupt the availability of a network, service, or website. In a DoS attack, a single source overwhelms the target with traffic, rendering it inaccessible. DDoS attacks involve multiple sources, making them more powerful. Attackers use various techniques to flood the target with traffic, exhausting its resources and causing downtime." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What do you understand by IP Subnetting?", + "answer": "IP subnetting is the practice of dividing an IP address space into smaller, more manageable subnetworks or subnets. It involves creating subnets with unique IP address ranges and subnet masks to optimize network addressing, improve security, and enhance network management. Subnetting helps efficiently allocate IP addresses within an organization and reduces broadcast domains." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Explain NAT (Network Address Translation)?", + "answer": "NAT (Network Address Translation) is a networking technique that allows multiple devices on a private network to share a single public IP address when communicating with external networks, such as the internet. NAT works by mapping private IP addresses to a single public IP address in outgoing traffic and maintaining a translation table for incoming traffic. It enhances network security and conserves IPv4 addresses." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is Port Forwarding? How and why is it used?", + "answer": "Port forwarding is a networking technique that redirects incoming network traffic from one port on a router or gateway to another port on a device within a private network. It is used to allow external users to access specific services or applications hosted within the private network. Port forwarding is commonly used for online gaming, remote access, and hosting web servers or services behind a router." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is VLAN?", + "answer": "A VLAN (Virtual Local Area Network) is a logical segmentation of a physical network into multiple isolated broadcast domains. VLANs are used to enhance network security, efficiency, and management by grouping devices into separate virtual networks, even if they are physically connected to the same network switch. VLANs enable better control over network traffic and reduce broadcast traffic propagation." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What Security Principle means a signed message came from the owner of the key that signed it?", + "answer": "The security principle that ensures a signed message came from the owner of the key that signed it is called non-repudiation. Non-repudiation prevents the sender of a message from denying their involvement or the authenticity of their signature. It provides assurance that the message was indeed signed by the claimed sender and cannot be easily repudiated in legal or security contexts." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is ARP Poisoning?", + "answer": "ARP (Address Resolution Protocol) poisoning, also known as ARP spoofing, is a network attack where an attacker sends falsified ARP messages to associate their MAC address with the IP address of a legitimate device on the network. This allows the attacker to intercept or redirect network traffic intended for the targeted device, enabling eavesdropping or other malicious activities." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is Three-way-Handshake? Explain.", + "answer": "The three-way handshake is a fundamental process in establishing a TCP (Transmission Control Protocol) connection between two devices. It consists of three steps: SYN, SYN-ACK, and ACK, where the initiating device requests a connection, the receiving device acknowledges the request, and a connection is established." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "How many packets are sent and received in 3-way handshake?", + "answer": "In the 3-way handshake, three packets are sent and received: SYN, SYN-ACK, and ACK." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Explain BruteForce Attack. How do you detect it?", + "answer": "A Brute Force Attack is a method where an attacker tries every possible password or encryption key until the correct one is found. It can be detected by monitoring for multiple login attempts within a short time, unusual patterns in login attempts, or by using intrusion detection systems (IDS) and intrusion prevention systems (IPS)." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How can you prevent Brute Force attack? Mention some methods.", + "answer": "To prevent Brute Force attacks, you can implement account lockout policies, CAPTCHA challenges, rate limiting, two-factor authentication (2FA), and use strong, complex passwords." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Have you heard of 2FA? How 2FA protects users?", + "answer": "Yes, 2FA stands for Two-Factor Authentication. It protects users by requiring them to provide two separate authentication factors: something they know (e.g., a password) and something they have (e.g., a mobile device or smart card). This adds an extra layer of security, making it more difficult for unauthorized users to access accounts." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the difference between SSL and TLS?", + "answer": "SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols used to secure communication over networks. TLS is the successor to SSL, providing stronger security. TLS is often referred to as SSL, but they have different versions and TLS is considered more secure." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the use of SSL? How does it protect?", + "answer": "SSL (Secure Sockets Layer) is used to encrypt data transmitted between a user's web browser and a website's server. It protects data from eavesdropping and tampering during transmission, ensuring confidentiality and data integrity." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How SSL Certificate Exchange happens?", + "answer": "SSL certificate exchange involves the web server presenting its digital certificate to the client (browser) during the initial connection. The client verifies the certificate's authenticity with a trusted certificate authority (CA), and if successful, encryption parameters are agreed upon for secure communication." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What do you understand by DMZ and Non-DMZ?", + "answer": "A DMZ (Demilitarized Zone) is a network segment that sits between an organization's internal network and external network (typically the internet). It hosts public-facing services like web servers. Non-DMZ refers to the internal network where sensitive data and critical resources are kept isolated from public access." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "What is Metadata, and how can you view it?", + "answer": "Metadata is data that describes other data. It provides information about the characteristics of data, such as its origin, format, author, and more. You can view metadata in files, documents, or digital assets by accessing file properties or using metadata viewers." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "Explain TCP and UDP. How do they differ?", + "answer": "TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are transport layer protocols in networking. TCP is connection-oriented, ensuring reliable data delivery with error checking and flow control. UDP is connectionless, providing faster, but less reliable, data transmission without error correction or order guarantee." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is DNS? How does DNS Resolution happen? Which Port is used for DNS? Is it over TCP or UDP?", + "answer": "DNS (domain Name System) is a network protocol that translates human-readable domain names into IP addresses. DNS resolution involves querying DNS servers to find the corresponding IP address. DNS primarily uses both UDP (User Datagram Protocol) on port 53 and TCP (Transmission Control Protocol) on port 53, depending on the type of query and response." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is Data Exfiltration? Mention some methods of Data Exfiltration.", + "answer": "Data exfiltration is the unauthorized or malicious transfer of data from an organization's network to an external destination. Methods include email attachments, file transfers, cloud storage uploads, covert channels, and using external devices like USB drives." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How can you check for Data Exfiltration Activities?", + "answer": "To check for data exfiltration activities, you can monitor network traffic for unusual or large data transfers, use intrusion detection systems (IDS) and data loss prevention (DLP) tools, conduct regular security audits, and employ behavioral analysis to detect anomalies." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "If you are observing too much traffic to/from port 22, what steps do you take?", + "answer": "Observing excessive traffic to/from port 22 (SSH) may indicate a potential security issue. To address it, you can investigate the source and destination of the traffic, check for unauthorized access attempts, implement rate limiting or intrusion detection systems, and consider changing the SSH port or implementing stronger authentication methods." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "How do you place a firewall, load balancer, proxy? In what order and why?", + "answer": "The placement of network devices like firewalls, load balancers, and proxies depends on network architecture and security requirements. Generally, a firewall is placed at the network perimeter to filter incoming and outgoing traffic. Load balancers distribute traffic to backend servers for scalability and redundancy. Proxies can sit between clients and servers for security and caching purposes. The order depends on specific use cases, but firewalls usually come first to filter malicious traffic." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What information can you get from a MAC Address?", + "answer": "A MAC (Media Access Control) address is a unique identifier assigned to a network interface. It can provide information about the manufacturer of the network interface card (NIC) based on the OUI (Organizationally Unique Identifier) portion of the MAC address. However, it does not reveal specific device details or location." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "Which protocol does PING use and on which port does PING work?", + "answer": "PING (Packet Internet Groper) uses ICMP (Internet Control Message Protocol) to check network connectivity. It does not operate on a specific port, as ICMP operates at a lower level of the network stack than traditional ports." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "How do you start about hacking a target? What is Information Gathering, Enumeration?", + "answer": "Hacking a target typically begins with information gathering, where you collect data about the target, such as IP addresses, domain names, and employee names. Enumeration involves extracting more detailed information, such as open ports, running services, and user accounts." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What are the phases of Network Penetration Testing?", + "answer": "Network Penetration Testing typically consists of the following phases: 1. Information Gathering, 2. Scanning, 3. Enumeration, 4. Vulnerability Assessment, 5. Exploitation, 6. Post-Exploitation, and 7. Reporting." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "What NMAP argument/flag in nmap tells about the service's version?", + "answer": "The -sV flag in NMAP is used to probe and determine the version of services running on open ports." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "What is the difference between -v and -V in NMAP?", + "answer": "In NMAP, -v (verbose) is used to increase the verbosity of the output, providing more information during the scan. -V (version) is used to display the NMAP version and the version detection scan parameters." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "Can SQL injection lead to Remote code execution?", + "answer": "Yes, SQL Injection (SQLi) vulnerabilities can potentially lead to Remote Code Execution (RCE) if an attacker can manipulate SQL queries to execute arbitrary code on the target server." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How do you erase tracks when hacked a machine? Consider it is Linux.", + "answer": "To erase tracks on a compromised Linux machine, you can clear log files, remove any backdoors or malware, close unnecessary ports and services, and restore system files to their original state. It's crucial to cover your tracks to avoid detection." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is your opinion on Automated Pentesting vs. Manual Pentesting? Which one is better?", + "answer": "Automated Pentesting tools can quickly identify common vulnerabilities, but they may miss complex or unique issues. Manual Pentesting involves human expertise and creativity, making it better for in-depth assessments. A combination of both is often ideal for comprehensive testing." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between Black-Box Pentesting vs. White-Box Pentesting?", + "answer": "Black-Box Pentesting is conducted with no prior knowledge of the target system, simulating an external attacker's perspective. White-Box Pentesting, on the other hand, is conducted with full knowledge of the system's architecture and source code. Black-Box focuses on discovering vulnerabilities, while White-Box assesses code and architecture." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What are Phishing assessments?", + "answer": "Phishing assessments involve simulating phishing attacks to test an organization's susceptibility to social engineering. This helps identify weaknesses in employee awareness and response to phishing emails." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How can you bypass Antivirus Detection? Explain.", + "answer": "Bypassing antivirus detection involves using obfuscation techniques, customizing malware, or employing fileless attacks that don't leave traditional signatures. It requires constant adaptation, evading heuristic analysis, and avoiding known patterns to fool antivirus software." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How does EDR work? How to bypass EDR detections? Explain.", + "answer": "EDR (Endpoint Detection and Response) monitors and responds to endpoint threats. Bypassing EDR involves using advanced evasion techniques like fileless attacks, living-off-the-land techniques, and exploiting zero-day vulnerabilities. Evading detection requires understanding EDR's behavior and customizing attacks to avoid its detection mechanisms." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is a Supply Chain Attack?", + "answer": "A Supply Chain Attack targets the software or hardware supply chain to compromise a product's security. Attackers infiltrate the supply chain, injecting malware or vulnerabilities into the product before it reaches end-users, potentially affecting a wide range of systems." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Compromising a local account is easier or an AD account?", + "answer": "Compromising a local account is generally easier than an Active Directory (AD) account. Local accounts are isolated to a single system, while AD accounts can grant broader access. However, the ease of compromise depends on factors like system security measures." + }, + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is an Active Directory?", + "answer": "Active Directory (AD) is a directory service developed by Microsoft that manages resources in a network, including user and computer accounts, authentication, and access control. It centralizes network management and security." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How would you do Data Exfiltration if you hacked a machine?", + "answer": "Data exfiltration involves unauthorized transfer of data from a compromised machine. Methods include using encrypted tunnels, steganography, covert channels, or disguising data as benign traffic. The choice depends on the situation and the level of stealth required." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "What are things to consider before doing Penetration Testing or Vulnerability Assessment of a target?", + "answer": "Before conducting Penetration Testing or Vulnerability Assessment, consider obtaining proper authorization, defining the scope, notifying stakeholders, ensuring backups, and preparing incident response plans. Ethical and legal aspects must be addressed, and testing should not disrupt critical services." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Would you place the machine (server example Nessus) within the same Network of machines being tested or separate?", + "answer": "It is recommended to place the penetration testing machine, such as Nessus, in a separate network or isolated environment from the target machines. This separation ensures that the testing does not interfere with the production environment and allows for better control." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Why or why not will you whitelist the source machine of attack in Penetration Testing or Vulnerability Assessment?", + "answer": "Whitelisting the source machine of the attack during Penetration Testing or Vulnerability Assessment is generally not recommended. It's essential to simulate real-world scenarios where attackers can originate from anywhere. Whitelisting could lead to incomplete assessments and miss potential vulnerabilities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How do you rate Vulnerabilities? Explain scoring systems or frameworks.", + "answer": "Vulnerabilities are often rated using scoring systems like CVSS (Common Vulnerability Scoring System). CVSS considers factors like impact, exploitability, and access complexity to assign a severity score. Organizations use these scores to prioritize patching and remediation efforts." + }, + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "Name some tools you use in Network Pentesting.", + "answer": "Some tools used in Network Penetration Testing include NMAP, Wireshark, Metasploit, Burp Suite, Hydra, Nikto, and Aircrack-ng, among others." + }, + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "How do you report Vulnerability or Security Gaps after pentesting?", + "answer": "Reporting vulnerabilities and security gaps after penetration testing involves documenting findings, providing evidence, rating their severity, and suggesting mitigation steps. A comprehensive report helps organizations understand and address the identified weaknesses." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What are some HTTP Status codes you monitor during a pentest? Explain some interesting ones.", + "answer": "During a pentest, HTTP status codes like 200 (OK), 301 (Moved Permanently), 404 (Not Found), and 500 (Internal Server Error) are monitored. Interesting ones include 302 (Found, indicating a temporary redirect) and 401 (Unauthorized, indicating authentication issues). Unusual status codes may indicate vulnerabilities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a 0-Day (Zero-Day) attack?", + "answer": "A 0-Day (Zero-Day) attack is an exploitation of a software vulnerability that is unknown to the vendor or the public. Attackers use it before the vendor can develop and release a patch, giving zero days for defense. These attacks are highly effective and challenging to mitigate." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is Sub-domain Takeover? Explain.", + "answer": "Sub-domain Takeover occurs when a sub-domain that once pointed to a valid service or resource no longer does so. An attacker can claim or hijack the sub-domain and potentially redirect it to malicious content. It can be exploited for various attacks, including phishing." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How can you detect the presence of a WAF (Web Application Firewall) and which one?", + "answer": "Detecting the presence of a Web Application Firewall (WAF) often involves sending requests with known evasion techniques or patterns that trigger WAF protection. Analyzing the response headers or error messages can provide clues about the specific WAF in use." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is C2 Server?", + "answer": "A C2 (Command and Control) server is a centralized server used by attackers to control compromised devices or malware. It serves as a communication hub, enabling attackers to send commands, receive data, and manage their malicious operations." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Mention some SSL/TLS related Vulnerabilities.", + "answer": "Some SSL/TLS-related vulnerabilities include POODLE, Heartbleed, BEAST, DROWN, and ROBOT, among others. These vulnerabilities can expose SSL/TLS-protected communication to various attacks if not properly patched or configured." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How does NMAP determine the Operating System of the target?", + "answer": "NMAP determines the operating system of a target through a process called OS fingerprinting. It sends specific probes and analyzes the responses to identify unique characteristics and patterns associated with different operating systems, allowing it to make an educated guess about the OS in use." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Difference between Pass-the-Hash and Pass-the-Ticket?", + "answer": "Pass-the-Hash (PtH) uses hashed passwords, while Pass-the-Ticket (PtT) targets Kerberos tickets. PtH doesn't need plaintext passwords; PtT replays tickets for unauthorized access." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Heard of OWASP? What is it? Name some vulnerabilities from OWASP Top 10.", + "answer": "OWASP stands for Open Web Application Security Project. It is a community-driven organization that focuses on improving the security of software. Some vulnerabilities from OWASP Top 10 include Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), and more." + + }, + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What is Vulnerability Assessment, Penetration Testing, and Red Teaming? Differences?", + "answer": "Vulnerability Assessment involves identifying and assessing vulnerabilities in a system. Penetration Testing simulates cyberattacks to find and exploit vulnerabilities. Red Teaming is a broader assessment that involves emulating real-world attacks to test an organization's defenses." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How do you handle Brute Forcing on your application?", + "answer": "To handle Brute Forcing, implement account lockout policies, use CAPTCHAs, enforce strong password policies, and monitor for suspicious login attempts. Additionally, implement rate limiting to restrict the number of login attempts." + + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is Authentication and Authorization?", + "answer": "Authentication is the process of verifying the identity of a user or system. Authorization is the process of granting or denying access to specific resources or actions based on authenticated user permissions." + + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is Stateful and Stateless in HTTP context?", + "answer": "In the HTTP context, stateful means that the server retains information about the client's state between requests, typically using sessions or cookies. Stateless means that each request from a client to the server must contain all the information needed to understand and process the request, without relying on previous requests." + + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "How does HTTP handle session state?", + "answer": "HTTP itself is stateless, but web applications use various mechanisms like cookies and session management to maintain state information between requests and responses." + + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is Cross-Site Scripting (XSS)?", + "answer": "Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. It can lead to theft of sensitive data or session hijacking." + + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the difference between stored, reflected, and DOM XSS?", + "answer": "Stored XSS stores malicious scripts on the target server, reflected XSS reflects them off a web server, and DOM XSS manipulates the Document Object Model of a web page." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Which of the XSS attacks are hard to detect, and why?", + "answer": "DOM XSS attacks can be hard to detect because they manipulate the client-side DOM, and traditional server-side defenses may not catch them." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is the defense against XSS? Remediation.", + "answer": "Defenses against XSS include input validation, output encoding, Content Security Policy (CSP), and keeping software up to date. Remediation involves fixing vulnerabilities and addressing their root causes." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "Do you prefer blacklisting or whitelisting, and why?", + "answer": "Whitelisting is preferred because it allows only known, trusted entities or actions, while blacklisting tries to block known threats, which can be less effective as new threats emerge." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is CSRF, its impact, and remediation?", + "answer": "Cross-Site Request Forgery (CSRF) is an attack that tricks users into performing actions without their knowledge. It can lead to unauthorized actions on behalf of the victim. Remediation includes using anti-CSRF tokens and validating requests." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "When investigating CSRF attacks, what are the things you will look for?", + "answer": "When investigating CSRF attacks, look for evidence of unauthorized actions, unusual requests, and any patterns that indicate CSRF attempts." + + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "Can you perform CSRF attack if HTTP method is PUT with no CSRF prevention? Explain.", + "answer": "Yes, you can perform a CSRF attack even if the HTTP method is PUT if there is no CSRF prevention in place. An attacker can craft a malicious HTML page that forces a user to unknowingly send a PUT request to a target server, causing unintended changes." + + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "How do you determine the server stack (e.g., IIS, Apache, Nginx) a website is hosted on?", + "answer": "Determining the server stack involves analyzing server headers, response banners, or error messages. Tools like Nmap can also help in fingerprinting the server's stack." + + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is SQL Injection, and name some types of SQL Injection vulnerabilities.", + "answer": "SQL Injection is a vulnerability that allows attackers to manipulate SQL queries by injecting malicious SQL code. Some types include Union-Based, Time-Based, and Blind SQL Injection." + + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "Explain Union-Based SQL Injection.", + "answer": "Union-Based SQL Injection involves injecting SQL queries that include a UNION statement to extract data from other database tables." + + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "Explain Time-Based SQL Injection.", + "answer": "Time-Based SQL Injection involves exploiting database delay responses to infer information about the database structure." + + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Explain Blind SQL Injection.", + "answer": "Blind SQL Injection is an attack where an attacker can infer the success or failure of a query without seeing the actual results. It relies on true or false conditions." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "How do you protect against SQLi?", + "answer": "Protection against SQLi includes input validation, using prepared statements or parameterized queries, and implementing proper access controls and web application firewalls." + + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What are Prepared Statements and Parametrized Queries in the context of SQLi?", + "answer": "Prepared Statements and Parametrized Queries are methods to prevent SQL Injection by separating SQL code from user input and ensuring inputs are treated as data, not executable code." + + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is 2nd-Order SQLi?", + "answer": "2nd-Order SQLi is a type of SQL Injection where the payload is stored in the application's database, but the actual SQL injection occurs when that data is later used in a query." + + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How do you store passwords for applications in a database?", + "answer": "Passwords should never be stored in plain text. Instead, they should be securely hashed and salted before storing in the database. Strong cryptographic hashing algorithms like bcrypt or Argon2 should be used." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is RCE (Remote Code Execution)? How do you test for RCE? How can this bug be remediated?", + "answer": "Remote Code Execution (RCE) is a security vulnerability that allows an attacker to execute arbitrary code on a target system. To test for RCE, security professionals often attempt to inject malicious code through input fields or vulnerabilities in a web application. Remediation involves secure coding practices, input validation, and regular patching to fix known vulnerabilities." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "Explain OS Command Injection.", + "answer": "OS Command Injection is a type of security vulnerability where an attacker can execute arbitrary operating system commands on a target system. This usually occurs when an application passes unvalidated user input to a system shell. Prevention involves input validation and using APIs that don't allow direct execution of OS commands." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is CORS (Cross-Origin Resource Sharing)? and SOP (Same-Origin Policy)?", + "answer": "CORS (Cross-Origin Resource Sharing) is a security feature that allows or restricts web applications running at one origin (domain) to make requests for resources from a different origin (domain). SOP (Same-Origin Policy) is a security measure that restricts web pages from making requests to a different domain than the one that served the web page. CORS headers specify which origins are permitted to access a resource." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Does CORS protect against CSRF (Cross-Site Request Forgery) attacks?", + "answer": "No, CORS is not primarily designed to protect against CSRF attacks. It focuses on cross-origin requests and does not prevent requests from an attacker's domain if the user is already authenticated on the target site. CSRF protection typically involves using anti-CSRF tokens and validating requests on the server-side." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What are some security headers in HTTP requests? Name some.", + "answer": "Security headers in HTTP requests include Content Security Policy (CSP), Strict Transport Security (HSTS), X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection. These headers help protect against various web security vulnerabilities." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What are various HTTP methods?", + "answer": "HTTP methods include GET, POST, PUT, DELETE, HEAD, OPTIONS, TRACE, CONNECT, and PATCH. These methods define the operation to be performed for a given resource on the server." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the difference between GET, POST, and PUT requests?", + "answer": "GET is used to retrieve data from the server, POST is used to submit data to be processed, and PUT is used to update a resource or create a new resource if it doesn't exist. PUT is idempotent, meaning multiple identical requests will have the same effect as a single request." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is CSP (Content Security Policy)?", + "answer": "Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting (XSS) and other code injection attacks. It defines which content sources are allowed to be loaded by a web page, reducing the risk of executing malicious scripts." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "Explain Race Condition. How can you test for it?", + "answer": "Race Condition is a concurrency-related security issue where the behavior of a program depends on the relative timing of events, leading to unexpected outcomes. To test for it, you can create scenarios that involve simultaneous access or modification of shared resources and observe whether the expected behavior is maintained." + }, + { + "domain": "Penetration Testing", + "difficulty": "Difficult", + "question": "Explain Cookie Attributes/Flags and their significance in web security.", + "answer": "Cookie attributes or flags include HttpOnly, Secure, SameSite, and domain. HttpOnly prevents JavaScript access to the cookie, Secure enforces secure (HTTPS) transmission, SameSite helps mitigate CSRF and XSS attacks, and domain specifies the domains that can access the cookie. These attributes enhance web security by controlling cookie behavior." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is Threat Modeling?", + "answer": "Threat Modeling is a structured approach to identifying, evaluating, and prioritizing potential security threats and vulnerabilities in a system or application. It helps organizations proactively design security measures to address identified risks." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Easy", + "question": "Are you aware of the Software Development Life Cycle (SDLC)?", + "answer": "Yes, the Software Development Life Cycle (SDLC) is a systematic process for planning, creating, testing, deploying, and maintaining software applications. It includes phases like requirements gathering, design, coding, testing, and deployment, with security considerations integrated throughout the cycle." + }, + { + "domain": "Logical Aptitude", + "difficulty": "Difficult", + "question": "What is a CI/CD Pipeline? Explain its role with respect to security.", + "answer": "A CI/CD (Continuous Integration/Continuous Deployment) pipeline is an automated workflow for building, testing, and deploying software changes. Its role in security involves integrating security checks, code analysis, and vulnerability scanning into the pipeline to identify and address security issues early in the development process, ensuring that secure code is deployed." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "Knowing that MD5 is not the most secure hashing algorithm, why don't we use SHA-256 or other secure algorithms exclusively?", + "answer": "While MD5 is known to be insecure for cryptographic purposes, it is still used in non-cryptographic scenarios where collision resistance is not a concern. Legacy systems and applications may continue to use MD5 for compatibility reasons. However, for security-critical applications, SHA-256 or stronger algorithms should be used exclusively." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Internet-facing NGINX is being used in front of multiple applications in a microservice architecture. These applications are accessible to users via different sub-domains through NGINX. What can go wrong from a security perspective?", + "answer": "Several security concerns may arise in this scenario. Misconfigurations in NGINX can lead to improper routing, potentially exposing internal services. Lack of proper security headers, input validation, or authentication mechanisms can result in vulnerabilities. Additionally, inadequate access control or exposure of sensitive information can occur if not configured securely." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "Can a server's SSL certificate prevent SSL Injection against your system? Explain.", + "answer": "An SSL certificate primarily ensures secure communication over HTTPS, but it does not prevent SSL Injection attacks directly. SSL Injection typically involves exploiting vulnerabilities in the application's handling of SSL/TLS, not the certificate itself. To prevent SSL Injection, secure coding practices, input validation, and proper handling of SSL/TLS should be implemented." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "An attacker is trying to extract a session cookie using an XSS vulnerability, but a blank popup is shown. What could be the reason for this behavior?", + "answer": "The blank popup behavior could be due to the browser's Same-Origin Policy (SOP) restrictions. If the attacker's script is trying to access a cookie from a different domain, SOP may block the request, resulting in an empty response. This is a security measure to prevent cross-site attacks." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "A web application allows users to download their account statements in PDF format. How can you securely implement this functionality? Explain.", + "answer": "To securely implement the download functionality, several measures should be taken: Implement proper authentication and authorization to ensure only authorized users can access statements. Generate PDFs securely, avoiding injection vulnerabilities. Use proper session management to protect user sessions. Implement Content Security Policy (CSP) to prevent XSS attacks. Ensure secure communication over HTTPS. Regularly update and patch libraries and dependencies." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is Threat Modeling?", + "answer": "Threat Modeling is a structured approach to identifying, evaluating, and prioritizing potential security threats and vulnerabilities in a system or application. It helps organizations proactively design security measures to address identified risks." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is STRIDE?", + "answer": "STRIDE is an acronym representing six threat categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. It is used in threat modeling to categorize and analyze potential security threats and vulnerabilities." + }, + + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How can you break the password of BIOS on a locked machine. How to do the same on Laptop (expected follow-up).", + "answer": "Breaking the BIOS password on a locked machine can be challenging. It often involves physically resetting the BIOS settings by accessing the motherboard, which may require technical expertise and potentially void warranties. The process can vary by manufacturer and model. For laptops, the steps may differ, and it's crucial to refer to the laptop's user manual or contact the manufacturer's support for guidance." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Where is the password stored in Windows Machines ?", + "answer": "Passwords in Windows machines are stored in a hashed format in the Security Account Manager (SAM) database. The actual password hashes are stored within the SAM file." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How can you read SAM File in Windows ? How does it store passwords ?", + "answer": "The SAM file in Windows contains password hashes, and it is usually located at C:\\Windows\\System32\\config\\SAM. Reading the SAM file requires elevated privileges. Tools like 'pwdump' or 'Mimikatz' can be used to extract password hashes from the SAM file. The passwords themselves are not stored in plain text but as hashes." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Mention some methods you crack Windows Password.", + "answer": "Cracking Windows passwords can be attempted using methods like brute force attacks, dictionary attacks, rainbow tables, or using specialized tools like 'John the Ripper' or 'Hashcat.' However, successful password cracking is challenging, especially for strong passwords." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Let's talk about Linux system passwords. Where are they stored, and which hash does Linux use?", + "answer": "Linux system passwords are typically stored in the '/etc/shadow' file. Linux uses various hashing algorithms like MD5, SHA-256, or SHA-512 to store password hashes in the shadow file, depending on the system configuration." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "How can you detect malicious activity around both SAM and passwd/shadow files, respectively? (Say things you should be monitoring and how.)", + "answer": "Monitoring the integrity and access to SAM (on Windows) or passwd/shadow (on Linux) files is crucial. Security event logs and file integrity monitoring tools can help detect unauthorized access or changes to these files. Suspicious login attempts and privilege escalation events should also be monitored." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is Incident Response?", + "answer": "Incident Response is a structured approach to addressing and managing security incidents. It involves identifying, responding to, and mitigating security threats and breaches to minimize damage and reduce recovery time. The goal is to restore normal operations while preserving evidence for investigation." + }, + { + "domain": "Incident Response", + "difficulty": "Easy", + "question": "What is the Lifecycle of an Incident Response Process?", + "answer": "The Incident Response Lifecycle typically consists of preparation, identification, containment, eradication, recovery, and lessons learned. These stages ensure a systematic and effective response to security incidents, from initial detection to post-incident analysis and improvement." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is SLA?", + "answer": "SLA stands for Service Level Agreement. It is a contractual agreement that defines the expected level of service between a service provider and a customer. In the context of incident response, SLAs may specify response times, communication protocols, and resolution objectives for security incidents." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "I hope you understand the idea of P0, P1, P2, P3, P4 Incidents? Which one will you handle with priority?", + "answer": "P0, P1, P2, P3, and P4 are commonly used incident priority levels, with P0 indicating the highest priority and P4 the lowest. P0 incidents are critical and require immediate attention, while P1, P2, P3, and P4 represent decreasing levels of urgency. Handling priorities should align with the organization's incident response policy, focusing on critical incidents first." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is IOC (Indicators of Compromise) and IOA (Indicators of Attack)?", + "answer": "Indicators of Compromise (IOCs) are pieces of evidence that suggest a security incident has occurred or is ongoing. They are often specific, observable artifacts like file hashes or IP addresses. Indicators of Attack (IOAs) are broader indicators that suggest an attack may be in progress, even if specific IOCs are not yet available. IOAs help detect early-stage attacks." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How can you tell if an email is Phishing or not?", + "answer": "Detecting phishing emails involves checking for suspicious signs such as misspelled domain names, unusual sender addresses, generic greetings, unexpected attachments, or links to suspicious websites. Verifying the sender's identity, scrutinizing email content, and using email filtering solutions can help identify phishing attempts." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What will you do if a user reports a phishing email?", + "answer": "If a user reports a phishing email, it should be taken seriously. The response typically involves investigating the email, assessing its legitimacy, and determining if it poses a threat. Depending on the findings, actions may include isolating affected systems, warning other users, and reporting the incident to relevant security teams or authorities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "You discover a user clicked links in a phishing email and also shared credentials. What actions will be taken by you?", + "answer": "In such a scenario, immediate actions should be taken to mitigate the impact. These may include resetting the compromised user's credentials, isolating affected systems, analyzing the phishing email for IOCs, and conducting user awareness training to prevent future incidents. A full incident response process may be initiated." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "How can you determine if an email is spam? What action is taken to prevent its spread?", + "answer": "Emails can be classified as spam based on various factors such as sender reputation, content analysis, and user feedback. To prevent the spread of spam, organizations use email filtering solutions that can identify and quarantine spam emails. Some spam may be blocked or moved to a dedicated spam folder, while others may be deleted." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "When a user reports their machine is hacked, what are the things you look for?", + "answer": "When investigating a potentially hacked machine, SOC analysts typically look for signs of compromise, including unusual system behavior, unauthorized access, unfamiliar processes or connections, and suspicious log entries. They also consider the user's description of the incident and gather relevant data for analysis." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What are some malware persistence techniques?", + "answer": "Malware can establish persistence on a compromised system through techniques like registry modifications, scheduled tasks, startup programs, DLL injection, or rootkit installation. These methods allow malware to survive system reboots and continue its malicious activities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What is Process Injection? Name some (sub)methods.", + "answer": "Process injection is a technique used by malware to inject malicious code into legitimate processes. Submethods of process injection include DLL injection, code cave injection, APC injection, and reflective DLL injection. These methods allow malware to evade detection and execute malicious code within the context of a trusted process." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How can you detect or confirm that your organization has been hit (affected) by ransomware? What are the indicators?", + "answer": "Indicators of a ransomware attack may include encrypted files with ransom notes, a sudden increase in file extensions like .locky or .crypt, compromised user accounts, and ransomware-related processes or executables. Unusual network traffic patterns and multiple user reports of inaccessible files can also indicate a ransomware attack." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How do you respond to a ransomware attack?", + "answer": "Responding to a ransomware attack involves isolating affected systems to prevent further spread, identifying the ransomware variant and its encryption methods, notifying relevant authorities, and assessing the possibility of restoring data from backups. Paying the ransom is generally discouraged, as it does not guarantee data recovery and may fund cybercriminals." + }, + + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Have you worked on any EDR Tools before? What makes EDR different from Antivirus?", + "answer": "Yes, EDR (Endpoint Detection and Response) tools are used for real-time monitoring and response to security threats at the endpoint level. EDR tools provide capabilities beyond traditional antivirus solutions by offering features like behavioral analysis, threat hunting, and incident response. EDR tools focus on detecting and responding to advanced threats and provide detailed insights into endpoint activities, making them more suitable for handling sophisticated attacks." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How/Why would you classify a website as malicious?", + "answer": "A website can be classified as malicious if it exhibits suspicious or harmful behavior. Common reasons for classifying a website as malicious include hosting malware, phishing attempts, distributing malicious software, or engaging in fraudulent activities. Signs of a malicious website may include warnings from antivirus software, browser security alerts, reports from threat intelligence sources, or analysis of its content and behavior and expired/invalid digital certificate" + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "You discover your Infrastructure / Application is under DDoS attack? What will be your response plan?", + "answer": "In the event of a Distributed Denial of Service (DDoS) attack, the response plan typically involves the following steps: 1. Identify and confirm the DDoS attack. 2. Mitigate the attack by implementing traffic filtering, rate limiting, or content delivery networks (CDNs). 3. Monitor network traffic and system performance. 4. Notify relevant stakeholders, including incident response teams, internet service providers (ISPs), and law enforcement if necessary. 5. Collect and preserve attack-related data for analysis and legal purposes. 6. Develop a post-attack report to assess the impact and plan for future prevention." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "How would you advise the backup policy of critical data in infrastructure?", + "answer": "Advising a backup policy for critical data involves determining data retention requirements, choosing backup methods (e.g., full, incremental, differential), selecting backup storage locations (e.g., on-premises, cloud), defining backup schedules, and ensuring encryption and access controls for backup data. Regular testing of backup and recovery procedures is essential to ensure data availability in case of incidents. Additionally, off-site backups should be considered to protect against physical disasters." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What are some interesting logs you can collect in a Windows Environment?", + "answer": "In a Windows environment, collecting various logs is crucial for security monitoring. Some interesting logs to collect include: 1. Security Event Logs: Records authentication and authorization events. 2. Application Event Logs: Captures application-related events and errors. 3. System Event Logs: Contains system-level events and errors. 4. Active Directory Logs: Records domain controller activities and user authentication. 5. DNS Logs: Logs DNS queries and responses. 6. Firewall Logs: Captures network traffic and firewall rule violations. 7. IIS Logs: Records web server activities and access attempts. 8. PowerShell Logs: Monitors PowerShell script execution for potential misuse." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What are different DNS Records? Explain.", + "answer": "DNS (Domain Name System) records play a vital role in translating domain names into IP addresses. Common DNS records include: 1. A Record: Maps a domain to an IPv4 address. 2. AAAA Record: Maps a domain to an IPv6 address. 3. CNAME Record: Provides an alias for another domain name. 4. MX Record: Specifies mail server information for email delivery. 5. TXT Record: Stores textual information and is often used for SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) records. 6. SOA Record: Indicates the start of a zone of authority and contains administrative information. 7. NS Record: Lists authoritative name servers for a domain. 8. PTR Record: Performs reverse DNS lookup, mapping an IP address to a domain name." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain DNS Exfiltration. How to detect DNS Exfiltration?", + "answer": "DNS exfiltration is a technique used by attackers to covertly transfer data from an organization's network to an external location using DNS queries. To detect DNS exfiltration, SOC analysts can monitor DNS traffic for unusual patterns, such as a high volume of requests to uncommon domains, long subdomain strings, or frequent queries for non-standard ports. Analyzing outbound DNS traffic against known indicators of compromise (IOCs) and employing DNS filtering solutions can help identify and block DNS exfiltration attempts." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Browser, Application, and OS are Vulnerable, which one will you prioritize to fix and why?", + "answer": "Prioritizing vulnerabilities depends on several factors, including the severity of the vulnerabilities, the potential impact on the organization, the availability of patches or mitigations, and the risk appetite of the organization. In many cases, critical OS vulnerabilities that can lead to widespread compromise may be prioritized first to ensure the overall security of the infrastructure. However, each vulnerability should be assessed individually, and a risk-based approach should guide the prioritization process." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "How can you perform Network Packet Analysis?", + "answer": "Network packet analysis involves capturing and analyzing data packets as they traverse a network. To perform packet analysis, SOC analysts can use packet capture tools like Wireshark to capture network traffic. They can then filter, inspect, and analyze packets to identify anomalies, security threats, or performance issues. Packet analysis helps in understanding network behavior, detecting malicious activities, and troubleshooting network problems." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "Can you do Network Packet Analysis with Wireshark? What information can you get from this analysis?", + "answer": "Yes, Wireshark is a widely used tool for network packet analysis. With Wireshark, SOC analysts can capture and analyze network traffic to gather various insights, including: 1. Source and destination IP addresses and ports. 2. Protocol distribution. 3. Packet payload content. 4. Packet timing and flow patterns. 5. Identification of network protocols in use. 6. Detection of unusual or suspicious traffic patterns. 7. Identification of potential security threats or vulnerabilities. Wireshark provides valuable visibility into network communications, helping analysts understand network behavior and security events." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Can you do Network packet Analysis of HTTPS (SSL Enabled) traffic with Wireshark?", + "answer": "Yes, Wireshark can capture and analyze HTTPS (SSL/TLS) encrypted traffic to a certain extent. While the payload of the encrypted packets cannot be directly inspected without the decryption keys, Wireshark can still provide information about the SSL/TLS handshake, certificate exchange, and other metadata associated with encrypted sessions. Decrypting HTTPS traffic requires access to the private keys used for encryption, and it is typically performed in controlled environments for security monitoring purposes." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What are the logs from a Linux machine you would pick for SIEM?", + "answer": "For SIEM (Security Information and Event Management) purposes in a Linux environment, SOC analysts may prioritize collecting and forwarding the following logs: 1. Syslog: General system logs covering various events and services. 2. Auth Logs: Authentication and authorization logs, including login attempts and security-related events. 3. Apache or Nginx Access Logs: Web server access logs for monitoring web traffic. 4. SSH Logs: Logs related to Secure Shell (SSH) sessions and authentication. 5. Application Logs: Logs generated by critical applications for tracking application-specific events. The specific logs to collect may vary based on the organization's needs and the criticality of systems." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is SIEM? what is it used for?", + "answer": "SIEM, or Security Information and Event Management, is a comprehensive solution used for collecting, correlating, analyzing, and managing security-related data from various sources across an organization's IT infrastructure. The primary uses of SIEM are: 1. Real-time Security Monitoring: SIEM monitors network and system activities in real-time, allowing the detection of security incidents and anomalies. 2. Threat Detection: SIEM identifies potential security threats by correlating data from multiple sources, such as firewalls, IDS/IPS, antivirus, and logs. 3. Incident Response: SIEM assists in incident investigation, providing detailed event logs and context. 4. Compliance Reporting: SIEM helps organizations meet regulatory compliance requirements by providing audit trails and reports. 5. Log Management: SIEM centralizes and manages logs for improved visibility and analysis. SIEM is a critical tool for enhancing an organization's security posture and responding effectively to security incidents." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "How do you investigate a suspicious login alert for a business user's email?", + "answer": "Investigating a suspicious login alert for a business user's email typically involves the following steps: 1. Verify the Alert: Confirm the authenticity and relevance of the alert. 2. Gather Information: Collect details about the alert, including user account, IP address, timestamp, and context. 3. Analyze Logs: Review relevant logs, such as authentication logs, to identify any anomalies or signs of unauthorized access. 4. Contact User: Contact the user to verify their recent activities and validate whether the login was legitimate. 5. Check for Compromised Credentials: Determine if the user's credentials have been compromised or if the login attempt was part of a credential stuffing attack. 6. Block or Secure Account: If unauthorized access is confirmed, take immediate action to secure the user's account, such as resetting passwords, enabling multi-factor authentication, or locking the account. 7. Investigate Further: If the incident appears to be part of a larger security event, initiate a deeper investigation and incident response process." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is the difference between Credential Stuffing and Password Spraying? How do you detect these?", + "answer": "Credential stuffing and password spraying are both attack techniques used to gain unauthorized access to accounts, but they differ in their approach: 1. Credential Stuffing: In credential stuffing, attackers use large sets of username-password pairs obtained from previous data breaches and attempt to log in to multiple online accounts using these pairs. The goal is to exploit users who reuse passwords across different services. Detection: Detection involves monitoring login attempts for a high number of failed login events from various IP addresses using known username-password combinations. 2. Password Spraying: Password spraying involves trying a small number of commonly used passwords against a large number of usernames. Attackers hope to find weak or default passwords that may be shared among multiple users. Detection: Detection focuses on identifying repeated login attempts with different usernames but a limited set of passwords. Both techniques can be detected by analyzing authentication logs, rate limiting login attempts, and implementing account lockout policies." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "Make a use-case of Password Spraying attack.", + "answer": "In a password spraying attack use-case, an attacker targets a corporate network's Outlook Web Access (OWA) portal, which is accessible externally. The attacker's goal is to gain unauthorized access to corporate email accounts. Here's how the attack unfolds: 1. Reconnaissance: The attacker identifies the OWA portal's URL and collects a list of potential usernames. They may obtain this list from publicly available sources or by scraping employee names from the company's website and social media profiles. 2. Password List: The attacker compiles a shortlist of common or default passwords commonly used within the organization, such as 'Password123' or 'Welcome123.' 3. Password Spraying: The attacker uses an automated script to attempt login with each username-password combination from the shortlist, starting with the first username and cycling through the passwords. 4. Low and Slow: To avoid detection, the attacker performs the attack at a slow rate to stay under the radar of account lockout policies and intrusion detection systems. 5. Success: If the attacker discovers a valid username-password combination, they gain unauthorized access to the victim's email account. This access can be used for further reconnaissance, data theft, or launching additional attacks within the organization." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Explain Static Analysis and Dynamic Analysis of Malwares.", + "answer": "Static analysis and dynamic analysis are two common approaches for analyzing malware: 1. Static Analysis: Static analysis involves examining the malware without executing it. It focuses on analyzing the code, structure, and characteristics of the malware file. Techniques in static analysis include: - File Signature Analysis: Checking file signatures against known malware databases. - Code Disassembly: Disassembling executable files to inspect their assembly-level code. - Behavioral Analysis: Examining file metadata, headers, and embedded resources. - String Analysis: Searching for known malicious strings or patterns within the file. - Sandbox Analysis: Running the malware in a controlled environment to observe its behavior without affecting the host system. 2. Dynamic Analysis: Dynamic analysis involves executing the malware in a controlled environment (sandbox) to observe its behavior in real-time. It aims to understand how the malware interacts with the system and network. Techniques in dynamic analysis include: - Behavior Monitoring: Tracking the malware's activities, such as file changes, registry modifications, and network connections. - Network Traffic Analysis: Capturing and analyzing network traffic generated by the malware. - Memory Analysis: Examining the malware's interactions with system memory. - API Call Analysis: Monitoring API calls made by the malware during execution. Both static and dynamic analysis play crucial roles in identifying and understanding malware, enabling security professionals to develop effective countermeasures and protection mechanisms." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is information security and how is it achieved?", + "answer": "Information security is the practice of protecting information assets from unauthorized access, disclosure, alteration, or destruction while ensuring their confidentiality, integrity, and availability. It is achieved through a combination of security measures, including access controls, encryption, security policies, employee training, and ongoing risk management." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What are the core principles of information security?", + "answer": "The core principles of information security, often referred to as the CIA triad, are: 1. Confidentiality: Ensuring that information is only accessible to authorized individuals or entities. 2. Integrity: Maintaining the accuracy and trustworthiness of data and systems. 3. Availability: Ensuring that information and resources are available and accessible when needed." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is non-repudiation (as it applies to IT security)?", + "answer": "Non-repudiation is the ability to prove that a specific action or transaction was performed by a particular entity and cannot be denied by that entity. In IT security, it often involves creating digital signatures or audit logs to provide evidence of actions taken by users or systems." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the relationship between information security and data availability?", + "answer": "Information security plays a crucial role in ensuring data availability. By protecting data from unauthorized access, data breaches, and system failures, information security measures contribute to the availability of data when needed by authorized users." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a security policy and why do we need one?", + "answer": "A security policy is a documented set of rules, guidelines, and procedures that define the organization's approach to information security. It serves as a framework for implementing security controls, ensuring compliance, and mitigating security risks. Security policies provide clarity and consistency in security practices across an organization." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the difference between logical and physical security? Can you give an example of both?", + "answer": "Logical security focuses on safeguarding digital assets and data, such as user accounts, passwords, and encryption. Physical security, on the other hand, pertains to protecting tangible assets like buildings, hardware, and access points. An example of logical security is implementing role-based access control (RBAC) for a database, while an example of physical security is installing surveillance cameras at a data center." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are the most common types of attacks that threaten enterprise data security?", + "answer": "Common types of attacks that threaten enterprise data security include phishing attacks, malware infections, ransomware attacks, DDoS (Distributed Denial of Service) attacks, insider threats, and SQL injection attacks, among others." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the difference between a threat and a vulnerability?", + "answer": "A threat is a potential danger or harmful event that can exploit a vulnerability to compromise the security of a system or organization. A vulnerability, on the other hand, is a weakness or gap in the security defenses that can be exploited by a threat. In essence, threats exploit vulnerabilities to cause harm." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Can you give me an example of common security vulnerabilities?", + "answer": "Common security vulnerabilities include unpatched software, weak passwords, misconfigured security settings, lack of encryption, and insecure application design. An example is a web application that does not validate user input, making it susceptible to SQL injection attacks." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "Are you familiar with any security management frameworks such as ISO/IEC 27002?", + "answer": "Yes, ISO/IEC 27002 is a widely recognized security management framework that provides best practices and guidelines for information security management. It covers various aspects of information security, including policies, risk management, access control, and compliance." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a security control?", + "answer": "A security control is a measure, safeguard, or countermeasure put in place to mitigate security risks and protect information assets. Security controls can be technical, administrative, or physical in nature and are designed to enforce security policies and procedures." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What are the different types of security control?", + "answer": "There are several types of security controls, including: 1. Preventive Controls: Aimed at preventing security incidents from occurring, such as firewalls and access controls. 2. Detective Controls: Focus on identifying and detecting security incidents, such as intrusion detection systems (IDS) and security monitoring. 3. Corrective Controls: Designed to mitigate the impact of security incidents and restore normal operations, such as incident response and patch management. 4. Compensating Controls: Used when standard security controls are not feasible or effective, providing an alternative approach to managing risks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you describe the information lifecycle? How do you ensure information security at each phase?", + "answer": "The information lifecycle consists of several phases, including creation, storage, processing, sharing, archiving, and disposal. To ensure information security at each phase: 1. Creation: Implement data input validation and access controls. 2. Storage: Encrypt sensitive data at rest and use access controls to restrict unauthorized access. 3. Processing: Implement secure coding practices and conduct regular security testing. 4. Sharing: Use encryption and secure file transfer methods for sharing data. 5. Archiving: Apply retention policies and encryption to archived data. 6. Disposal: Properly sanitize or destroy data before disposal." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is Information Security Governance?", + "answer": "Information Security Governance refers to the framework, structure, and processes that organizations use to manage and control their information security activities. It involves defining responsibilities, establishing policies and procedures, and ensuring that security objectives align with business goals. Information Security Governance provides strategic direction for security efforts within an organization." + }, + { + "domain": "Ethical Questions", + "difficulty": "Intermediate", + "question": "What are your professional values? Why are professional ethics important in the information security field?", + "answer": "My professional values in the information security field include integrity, confidentiality, and a commitment to upholding ethical standards. Professional ethics are crucial in information security to maintain trust, protect privacy, and ensure responsible use of technology. Adhering to ethical principles helps prevent data breaches, misuse of information, and harm to individuals and organizations." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Is geo-blocking a valid security control?", + "answer": "Yes, geo-blocking is a valid security control. It involves restricting access to digital resources, services, or content based on the geographic location of users or entities. Geo-blocking can help protect against certain threats, such as DDoS attacks originating from specific regions, and it can be part of a comprehensive security strategy." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What's the difference between symmetric and public-key cryptography?", + "answer": "Symmetric cryptography uses a single shared key for both encryption and decryption, making it faster but requiring secure key exchange. Public-key cryptography uses a pair of keys, a public key for encryption and a private key for decryption, eliminating the need for secure key exchange but being slower." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are your first three steps when securing a Linux server?", + "answer": "1. Update the system and apply security patches. 2. Configure a firewall to restrict incoming and outgoing traffic. 3. Harden the server by disabling unnecessary services and applying security configurations." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are your first three steps when securing a Windows server?", + "answer": "1. Install the latest updates and security patches. 2. Configure Windows Firewall or other security measures. 3. Disable unnecessary services and apply security settings, such as Group Policies." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are your first three steps when securing a web application?", + "answer": "1. Conduct a security assessment or audit of the web application. 2. Implement secure coding practices and input validation to prevent common vulnerabilities. 3. Set up access controls and authentication mechanisms to protect sensitive data and resources." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are the security risks of IoT devices?", + "answer": "Security risks of IoT devices include weak or hardcoded passwords, lack of regular updates, susceptibility to remote attacks, data privacy concerns, and the potential for device compromise leading to network breaches." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Who's more dangerous to an organization, insiders or outsiders?", + "answer": "Insiders, such as employees or contractors with access to systems and data, can pose a significant threat to an organization as they have knowledge of internal systems and may have malicious intent. However, the severity of the threat depends on various factors, and both insiders and outsiders can be dangerous." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Why is DNS monitoring important?", + "answer": "DNS monitoring is essential because it helps detect and prevent DNS-related attacks, such as DNS hijacking and DNS tunneling. It also provides visibility into network traffic and can help identify malicious activities or misconfigurations." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "How would traceroute help you find out where a breakdown in communication is?", + "answer": "Traceroute is a network diagnostic tool that identifies the route packets take from the source to the destination. It displays a list of network hops and their response times, helping pinpoint where communication breaks down or experiences latency." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Why would you want to use SSH from a Windows PC?", + "answer": "Using SSH from a Windows PC allows secure remote access to Unix-based systems and servers. It encrypts the connection, provides authentication, and allows secure file transfers and remote administration." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How would you find out what a POST code means?", + "answer": "To find out what a POST (Power-On Self-Test) code means, you can refer to the motherboard's manual or documentation. POST codes are specific sequences of beeps or LED flashes generated during the boot process, and their meanings are documented by the motherboard manufacturer." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the difference between a black hat and a white hat?", + "answer": "A black hat refers to a malicious hacker who engages in unauthorized and often illegal activities, such as breaking into computer systems or conducting cyberattacks for personal gain. A white hat, on the other hand, is an ethical hacker who legally and professionally tests systems for vulnerabilities to improve security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Why are internal threats often more successful than external threats?", + "answer": "Internal threats can be more successful because insiders, such as employees or contractors, may have legitimate access to systems and data. They can exploit this access to bypass external security measures, making them harder to detect. Insider threats can also involve trusted individuals with knowledge of an organization's internal workings." + }, + { + "domain": "Digital Forensics", + "difficulty": "Easy", + "question": "Why is deleted data not truly gone when you delete it?", + "answer": "Deleted data is often not truly gone because the deletion process typically removes only the file's reference from the file system, marking the space as available. The actual data remains on the storage medium until it is overwritten by new data. Specialized recovery tools can sometimes retrieve deleted files until they are overwritten." + }, + { + "domain": "Digital Forensics", + "difficulty": "Intermediate", + "question": "What is the Chain of Custody?", + "answer": "The Chain of Custody refers to the documented and unbroken trail that shows the control, transfer, analysis, and disposition of physical or digital evidence during an investigation or legal case. It ensures the integrity and admissibility of evidence in court by providing a clear record of who handled the evidence and when." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How would you permanently remove the threat of data falling into the wrong hands?", + "answer": "Permanently removing the threat of data falling into the wrong hands involves secure data disposal methods, such as data wiping, degaussing, or physical destruction of storage media. Additionally, implementing strong access controls, encryption, and data loss prevention measures can prevent unauthorized access to sensitive data." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is exfiltration?", + "answer": "Exfiltration refers to the unauthorized copying, transfer, or theft of data from a secured or restricted environment to an external location controlled by an attacker. It is a common goal of cyberattacks and data breaches and often involves the removal of sensitive or confidential information from an organization's network." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the CIA triangle?", + "answer": "The CIA triangle, in the context of information security, stands for Confidentiality, Integrity, and Availability. These three principles represent the core objectives of information security: Confidentiality ensures that data is protected from unauthorized access, Integrity ensures data is accurate and unaltered, and Availability ensures data is accessible when needed." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is the difference between information protection and information assurance?", + "answer": "Information protection primarily focuses on safeguarding data from unauthorized access, disclosure, or damage. It involves measures such as encryption, access controls, and backup procedures. Information assurance, on the other hand, encompasses a broader set of activities that ensure the reliability, integrity, and availability of information. It includes security, compliance, risk management, and business continuity efforts." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What's the difference between deep web and dark web?", + "answer": "The deep web consists of web content not indexed by search engines and is accessible through regular web browsers. The dark web is a small portion of the deep web that is intentionally hidden and is only accessible using specialized software like Tor. It often contains websites associated with illegal activities." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is MITRE ATT&CK?", + "answer": "MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a knowledge base that describes the actions and tactics used by cyber adversaries during different stages of an attack. It provides a framework for understanding and countering cybersecurity threats." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is Kubernetes?", + "answer": "Kubernetes is an open-source container orchestration platform used for automating the deployment, scaling, and management of containerized applications. It simplifies container management and provides tools for maintaining the health and performance of containerized workloads." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What role does AI and machine learning have in information security?", + "answer": "AI and machine learning play a significant role in information security by automating threat detection, identifying anomalies in network traffic, and enhancing cybersecurity tools. They improve the ability to detect and respond to security threats quickly and accurately." +}, +{ + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What does a proxy do?", + "answer": "A proxy acts as an intermediary server between a client and a target server. It forwards client requests to the target server and then forwards the server's responses back to the client. Proxies can be used to improve security, privacy, and performance by hiding the client's IP address and filtering traffic." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Can you explain a man-in-the-middle attack?", + "answer": "A man-in-the-middle (MitM) attack occurs when an attacker intercepts and possibly alters the communication between two parties without their knowledge. The attacker positions themselves between the victims and can eavesdrop on, manipulate, or inject malicious content into the communication." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the most secure authentication methodology, and why?", + "answer": "The most secure authentication methodology is multi-factor authentication (MFA) because it combines two or more authentication factors (something you know, something you have, or something you are). MFA significantly enhances security by requiring multiple proofs of identity, making it harder for attackers to gain unauthorized access." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is GDPR, and does it affect you?", + "answer": "GDPR (General Data Protection Regulation) is a European data protection and privacy regulation that impacts organizations worldwide if they process personal data of EU residents. GDPR aims to protect individuals' data privacy rights and imposes strict data protection requirements on businesses." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What role does automation have in information security?", + "answer": "Automation in information security streamlines repetitive tasks, accelerates incident response, and improves overall security posture. It can automate threat detection, vulnerability assessment, patch management, and security policy enforcement." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is the difference between SIEM and UEBA?", + "answer": "SIEM (Security Information and Event Management) systems collect and analyze security event data from various sources. UEBA (User and Entity Behavior Analytics) focuses on identifying anomalies in user and entity behavior. While SIEM is broader, UEBA is a subset that specifically targets user and entity behavior." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you give me an example of a supply chain attack?", + "answer": "An example of a supply chain attack is the compromise of a software update from a trusted vendor. Attackers infiltrate the vendor's infrastructure and inject malicious code into the software update. When customers download and install the update, they unknowingly introduce malware into their systems." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you define what is APT?", + "answer": "APTs (Advanced Persistent Threats) are sophisticated, long-term cyberattacks orchestrated by organized threat actors, such as nation-states or advanced hacking groups. APTs aim to remain undetected while infiltrating and persistently targeting specific organizations or entities for data theft or espionage." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are the top 3 countries in information war?", + "answer": "The top countries involved in information warfare can change over time, but historically, countries with significant cyber capabilities and interests in cyber conflict include the United States, Russia, and China." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you explain some ways attackers are using AI?", + "answer": "Attackers are using AI for various purposes, including automated spear-phishing, generating convincing deepfake videos and audio, optimizing social engineering attacks, evading detection by security tools, and automating the execution of cyberattacks to increase their scale and effectiveness. for example: a tool called Worm GPT" +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What are Linux's strengths and weaknesses vs. Windows?", + "answer": "Linux's strengths include better security, flexibility, open-source nature, and efficient resource management. Its weaknesses include a steeper learning curve, limited software compatibility for certain applications, and fewer user-friendly features compared to Windows." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a firewall? And provide an example of how a firewall can be bypassed by an outsider to access the corporate network.", + "answer": "A firewall is a network security device that filters incoming and outgoing network traffic based on predetermined security rules. Firewalls can be bypassed by attackers using techniques like exploiting vulnerabilities in allowed services (e.g., web servers) to gain unauthorized access to the corporate network." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Besides firewalls, what other devices are used to enforce network boundaries?", + "answer": "Other devices used to enforce network boundaries include intrusion detection systems (IDS), intrusion prevention systems (IPS), routers with access control lists (ACLs), and network segmentation using virtual LANs (VLANs). These devices enhance network security by controlling and monitoring traffic flow." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is the role of network boundaries in information security?", + "answer": "Network boundaries define the limits of a network and separate it from external untrusted networks. They play a critical role in information security by controlling access, monitoring traffic, and providing a first line of defense against unauthorized access, threats, and attacks." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What does an intrusion detection system do? How does it do it?", + "answer": "An intrusion detection system (IDS) monitors network or system activity for signs of malicious behavior or policy violations. It detects anomalies and generates alerts. IDS can use signature-based detection (known attack patterns) or anomaly-based detection (unusual behavior) to identify potential threats." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is a honeypot? What type of attack does it defend against?", + "answer": "A honeypot is a security mechanism or system intentionally designed to attract attackers. It emulates vulnerable systems to lure attackers away from actual critical systems. It can be used to detect and analyze various types of attacks, including network reconnaissance and unauthorized access attempts." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What technologies and approaches are used to secure information and services deployed on cloud computing infrastructure?", + "answer": "Securing information and services in cloud computing involves using encryption, identity and access management, virtual private clouds, security groups, multi-factor authentication, and continuous monitoring. Service providers also implement physical and environmental security measures." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What information security challenges are faced in a cloud computing environment?", + "answer": "Challenges in cloud computing security include data breaches, misconfigured security settings, compliance issues, shared responsibility confusion, and potential loss of data control. Addressing these challenges requires proper configuration, encryption, and a well-defined security strategy." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Can you give me an overview of IP multicast?", + "answer": "IP multicast is a network communication method where data is sent from one source to multiple receivers efficiently. It's commonly used for streaming, conferencing, and content distribution. Multicast groups share a single copy of data, reducing network congestion and bandwidth usage." +}, +{ + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "How many bits do you need for a subnet size?", + "answer": "The number of bits required for a subnet size depends on the number of subnets needed. To support 'n' subnets, you need 'x' bits, where 2^x is greater than or equal to 'n' (2^x >= n)." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is packet filtering?", + "answer": "Packet filtering is a network security technique that inspects data packets as they pass through a firewall or router. It enforces security rules based on criteria such as source IP, destination IP, port numbers, and packet characteristics to allow or block traffic." +}, +{ + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you explain the difference between a packet filtering firewall and an application layer firewall?", + "answer": "A packet filtering firewall operates at the network layer and filters traffic based on IP addresses and port numbers. An application layer firewall operates at the application layer (Layer 7) and can make filtering decisions based on specific application content or protocols, providing more granular control but potentially at a higher performance cost." +}, +{ + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What are the layers of the OSI model?", + "answer": "The OSI (Open Systems Interconnection) model consists of seven layers: 1. Physical, 2. Data Link, 3. Network, 4. Transport, 5. Session, 6. Presentation, and 7. Application. These layers define a framework for understanding network communication processes and interactions." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "How would you login to Active Directory from a Linux or Mac box?", + "answer": "You can log in to Active Directory from a Linux or Mac box by configuring the system to use the Lightweight Directory Access Protocol (LDAP) for authentication. Tools like 'ldapsearch' or using 'sssd' (System Security Services Daemon) can be set up to facilitate AD authentication." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is an easy way to configure a network to allow only a single computer to log in on a particular jack?", + "answer": "To ensure only one computer can log in through a specific network jack, you can use port security features available on network switches. Set the switch port to allow only one MAC address, thereby limiting access to a single device." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What are the three ways to authenticate a person?", + "answer": "The three primary ways to authenticate a person are: 1. Something you know (e.g., password), 2. Something you have (e.g., smart card or mobile device), and 3. Something you are (biometrics like fingerprints or retinal scans). Multi-factor authentication combines two or more of these methods for enhanced security." + }, + { + "domain": "Ethical Questions", + "difficulty": "Easy", + "question": "You find out that there is an active problem on your network. You can fix it, but it is out of your jurisdiction. What do you do?", + "answer": "If you identify a network problem outside your jurisdiction, it's essential to communicate the issue to the relevant team or department responsible for that part of the network. Document the problem, its impact, and any potential solutions you might have discovered." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is worse in firewall detection, a false negative or a false positive? And why?", + "answer": "In firewall detection, a false negative is generally worse than a false positive. A false negative occurs when the firewall fails to detect a real threat, allowing it to pass through. False positives, while disruptive, can be investigated and resolved. False negatives can lead to actual security breaches." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "How would you judge if a remote server is running IIS or Apache?", + "answer": "To determine if a remote server is running IIS or Apache, you can inspect the HTTP response headers. IIS typically includes 'Server: Microsoft-IIS' in its headers, while Apache may display 'Server: Apache.' Additionally, differences in other headers and error messages can provide clues." + }, + { + "domain": "Computer Networks", + "difficulty": "Easy", + "question": "What is the difference between an HIDS and a NIDS?", + "answer": "HIDS (Host-Based Intrusion Detection System) focuses on monitoring the activities and security of individual hosts or devices. NIDS (Network-Based Intrusion Detection System) watches network traffic to identify and respond to suspicious patterns or attacks. HIDS works on the host, while NIDS operates at the network level." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "Why is it so hard to monitor cloud traffic from the network?", + "answer": "Monitoring cloud traffic from the network can be challenging due to cloud services' decentralized and virtualized nature. Traffic is often encrypted, and the traditional network perimeter is blurred, making it difficult to inspect traffic at a central point. Specialized cloud monitoring solutions are needed to address these challenges." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What is SD-WAN?", + "answer": "SD-WAN (Software-Defined Wide Area Network) is a technology that simplifies the management and operation of a wide area network. It uses software-defined networking to efficiently route traffic over multiple connection types, such as MPLS, broadband, and LTE. SD-WAN enhances network performance, security, and agility." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "Vulnerabilities represent 50% of Application Security pen test findings, what's the other half?", + "answer": "The other half of application security pen test findings typically consists of threats or weaknesses that may not be directly tied to specific vulnerabilities. This could include configuration issues, design flaws, business logic errors, or security best practice violations." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you explain what is business logic error and what does that have to do with application security?", + "answer": "A business logic error occurs when there is a flaw or mistake in the way an application handles specific business processes or rules. These errors can lead to unintended consequences, data breaches, or security vulnerabilities if they allow unauthorized access or manipulation of data." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you briefly discuss the role of information security in each phase of the software development lifecycle?", + "answer": "Information security should be integrated into each phase of the software development lifecycle (SDLC). It involves identifying security requirements, conducting risk assessments, implementing secure coding practices, and performing security testing. Security activities encompass planning, design, coding, testing, deployment, and maintenance phases to ensure robust application security." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How would you implement a secure login field on a high traffic website where performance is a consideration?", + "answer": "To implement a secure login field on a high-traffic website with performance in mind, consider using multi-factor authentication (MFA) to enhance security without significantly impacting performance. Additionally, implement rate limiting to defend against brute force attacks and leverage secure coding practices to prevent common login vulnerabilities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What are the various ways to handle account brute forcing?", + "answer": "To handle account brute forcing, you can implement account lockout policies, CAPTCHA challenges, rate limiting, and intrusion detection systems. These measures limit the number of login attempts an attacker can make and increase the difficulty of automated brute force attacks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is cross-site request forgery?", + "answer": "Cross-Site Request Forgery (CSRF) is an attack where a malicious website tricks a user's browser into making an unintended request to a different website where the user is authenticated. It can lead to actions being taken on the user's behalf without their consent or knowledge." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "How does one defend against CSRF?", + "answer": "To defend against CSRF attacks, developers can use anti-CSRF tokens (also known as synchronizer tokens) in web forms. These tokens are unique per user session and need to be included in each form submission. This makes it difficult for attackers to forge valid requests." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "If you were a site administrator looking for incoming CSRF attacks, what would you look for?", + "answer": "As a site administrator monitoring for CSRF attacks, you would look for unusual or unauthorized actions performed by users, particularly if these actions can lead to unintended consequences. You should also monitor the server logs for suspicious or repetitive actions from users." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What's the difference between HTTP and HTML?", + "answer": "HTTP (Hypertext Transfer Protocol) is a protocol used for transmitting data, typically for web browsing. HTML (Hypertext Markup Language) is a markup language used for creating structured web content, such as text, images, and links. They serve different purposes in web communication, with HTTP handling data transfer and HTML defining content structure." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How does HTTP handle state?", + "answer": "HTTP itself is a stateless protocol, meaning it doesn't inherently manage the state of a user's interactions with a web server. However, web applications use various mechanisms to handle session state, such as cookies, sessions, and tokens, to maintain user data between HTTP requests." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What exactly is cross-site scripting?", + "answer": "Cross-Site Scripting (XSS) is a type of security vulnerability where attackers inject malicious scripts into web applications viewed by other users. These scripts execute in the context of the user's browser, potentially stealing data, hijacking sessions, or defacing websites." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What's the difference between stored and reflected XSS?", + "answer": "Stored XSS occurs when the injected script is permanently stored on the target server, affecting all users who view the malicious content. Reflected XSS, on the other hand, involves the injection of scripts that are reflected off a web server, typically through malicious links sent to victims." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What are the common defenses against XSS?", + "answer": "Common defenses against Cross-Site Scripting (XSS) include input validation and output encoding, security headers like Content Security Policy (CSP), and using web application firewalls (WAFs). Proper coding practices, like not trusting user input, are also essential." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "On a Windows network, why is it easier to break into a local account than an AD account?", + "answer": "Breaking into a local Windows account is often easier than an Active Directory (AD) account because local accounts are limited to a single system and may not have the same level of security and complexity requirements. AD accounts, managed centrally, typically have stronger security policies and are more challenging to compromise." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What does user enumeration mean?", + "answer": "User enumeration is the process of determining valid usernames or user IDs within a system or application. It can be used by attackers to identify potential targets for further attacks, such as password cracking or phishing." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you explain OWASP top 10?", + "answer": "The OWASP Top 10 is a list of the ten most critical web application security risks, as defined by the Open Web Application Security Project (OWASP). It serves as a guide for organizations to understand and address the most prevalent security vulnerabilities in web applications. they are Broken Access Control Cryptographic Failures Injection Insecure Design Security Misconfiguration Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures Security Logging and Monitoring Failures Server-Side Request Forgery (SSRF) " + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "How would you secure a database?", + "answer": "Securing a database involves access control, encryption, patch management, and regular security audits. Implement strong authentication and authorization mechanisms, encrypt sensitive data, apply security patches, and conduct vulnerability assessments." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What are the common defenses against SQL injection?", + "answer": "Common defenses against SQL injection include using parameterized queries or prepared statements, input validation, and stored procedures. Avoiding dynamic SQL and using web application firewalls (WAFs) can also help prevent SQL injection attacks." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "How do you see the obfuscated SQL injection in clear text?", + "answer": "To see an obfuscated SQL injection in clear text, you can inspect server logs or intrusion detection system alerts. Obfuscation techniques may include various encodings or escape sequences that can be recognized when reviewing log entries." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "How would you secure the local access to a database?", + "answer": "Securing local access to a database involves setting strong access controls, limiting the number of privileged users, using encryption for data at rest, and monitoring database activity for suspicious behavior. Implement role-based access control and regular security audits." + }, + + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "Describe the 80/20 rules of networking.", + "answer": "The 80/20 rule in networking, also known as the Pareto Principle, suggests that roughly 80% of network issues are caused by 20% of the factors. It implies that a small number of network components or configurations are responsible for the majority of network problems. Identifying and addressing this critical 20% can significantly improve network performance and reliability." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What are web server vulnerabilities and name a few methods to prevent web server attacks?", + "answer": "Web server vulnerabilities can include issues like misconfigurations, software vulnerabilities, and lack of security patches. To prevent web server attacks, best practices include keeping software up to date, implementing a web application firewall (WAF), using strong authentication, applying security headers, and regularly scanning for vulnerabilities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are the most damaging types of malwares?", + "answer": "The most damaging types of malware include ransomware, which encrypts data and demands a ransom for decryption; advanced persistent threats (APTs), which are stealthy and persistent; and rootkits, which provide unauthorized access and control over systems. Other damaging malware includes trojans, worms, and keyloggers." + }, + { + "domain": "Computer Networks", + "difficulty": "Difficult", + "question": "What's your preferred method of giving remote employees access to the company network and are there any weaknesses associated with it?", + "answer": "A preferred method for remote access is through a Virtual Private Network (VPN) or secure remote desktop solutions. Weaknesses may include vulnerabilities in VPN software, potential insider threats, and risks related to unsecured endpoints. Proper access controls, encryption, and security policies can mitigate these weaknesses." + }, + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "List a couple of tests that you would do to a network to identify security flaws.", + "answer": "Common tests to identify security flaws in a network include vulnerability assessments and penetration tests. Vulnerability assessments scan the network for known vulnerabilities, while penetration tests simulate attacks to uncover weaknesses. Additionally, regular security audits and monitoring can help identify security flaws." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What kind of websites and cloud services would you block?", + "answer": "Websites and cloud services that may be blocked include those with malicious content, phishing sites, or known malware distribution sites. Blocking may also be applied to unauthorized cloud services or those not compliant with organizational security policies." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What type of security flaw is there in VPN?", + "answer": "VPN security flaws may include vulnerabilities in VPN protocols, weak encryption, misconfigurations, and the risk of unauthorized access if login credentials are compromised. Additionally, inadequate logging and monitoring can lead to security blind spots." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a DDoS attack?", + "answer": "A Distributed Denial of Service (DDoS) attack is a malicious attempt to overwhelm a target server, network, or website with an excessive amount of traffic. This flood of traffic makes the target's resources unavailable to legitimate users, causing disruption or downtime." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Can you describe the role of security operations in the enterprise?", + "answer": "Security operations in the enterprise involve monitoring, detecting, responding to, and mitigating security threats and incidents. This includes activities like security incident response, threat detection, vulnerability management, and ensuring compliance with security policies and standards." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is layered security architecture? Is it a good approach? Why?", + "answer": "Layered security architecture, also known as defense in depth, is a robust approach to security that involves implementing multiple security layers or controls to protect systems and data. It is considered a good approach because it provides redundancy and multiple opportunities to thwart attacks. If one layer fails, others may still provide protection." + }, + + { + "domain": "Incident Response", + "difficulty": "Difficult", + "question": "How do you ensure that a design achieves regulatory compliance?", + "answer": "Achieving regulatory compliance in a design requires a thorough understanding of relevant regulations and standards. Compliance should be built into the design from the start, and periodic assessments and audits can ensure ongoing compliance." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "Can you give me a few examples of security architecture requirements?", + "answer": "Security architecture requirements may include encryption standards, authentication methods, access controls, logging and monitoring specifications, incident response procedures, and compliance with industry-specific security frameworks." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "You see a user logging in as root to perform basic functions. Is this a problem?", + "answer": "Yes, this is a problem. Allowing users to log in as the root (superuser) to perform basic functions poses significant security risks. It grants excessive privileges and increases the chances of accidental or deliberate system changes that can lead to vulnerabilities and errors." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is data protection in transit vs. data protection at rest?", + "answer": "1. Data Protection in Transit:- Data protection in transit refers to the security measures and protocols applied to data while it is being transmitted between systems or over a network.- This includes ensuring the confidentiality and integrity of data as it travels from the source to the destination.- Common methods for data protection in transit include encryption, secure communication protocols (e.g., HTTPS for web traffic), and secure socket layers (SSL) or transport layer security (TLS).2. Data Protection at Rest:- Data protection at rest, on the other hand, focuses on safeguarding data when it is stored on physical or digital storage media, such as hard drives, databases, or archives.- The goal is to protect data when it is not actively in use or being transmitted.- Measures for data protection at rest involve encryption, access controls, authentication mechanisms, and physical security of storage devices.In summary, data protection in transit safeguards data while it is on the move, and data protection at rest secures data when it is stored or archived. Both are critical for ensuring the overall security of sensitive information." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What's the difference between a threat, vulnerability, and a risk?", + "answer": "A threat is a potential danger or harmful event that can exploit a vulnerability in a system or organization. A vulnerability is a weakness or gap in security that could be exploited by a threat. A risk is the likelihood of a threat exploiting a vulnerability, potentially causing harm or damage. In simpler terms, a threat is what can go wrong, a vulnerability is where it can go wrong, and a risk is the probability of it going wrong." + }, + + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What are the primary design flaws in HTTP, and how would you improve it?", + "answer": "HTTP lacks encryption, making data transmission insecure. It is also stateless, which can be improved with session management. To enhance security, HTTPS should be used to encrypt data, and state management mechanisms like cookies or tokens can be employed." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between a vulnerability and an exploit?", + "answer": "A vulnerability is a weakness or flaw in a system's security that could potentially be exploited. An exploit is a piece of code or an attack method that takes advantage of a specific vulnerability to compromise a system or application." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What role does cyber awareness have in information security?", + "answer": "Cyber awareness plays a crucial role in information security by educating users and employees about potential threats and best practices. It helps individuals recognize and mitigate security risks, reducing the likelihood of falling victim to cyberattacks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "Can you explain threat modeling?", + "answer": "Threat modeling is a structured approach to identifying and evaluating potential threats and vulnerabilities in a system or application. It helps in understanding security risks and designing appropriate countermeasures to mitigate these risks." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the main reason why organizations don't fix the penetration test findings?", + "answer": "One common reason organizations don't fix penetration test findings promptly is due to resource constraints. It may be costly or time-consuming to address all identified issues. Additionally, organizations might not fully grasp the severity of the findings or believe they have other security measures in place to mitigate the risks." + }, + { + "domain": "Penetration Testing", + "difficulty": "Easy", + "question": "What's the difference between high and critical vulnerability finding?", + "answer": "High and critical vulnerability findings are both serious, but critical findings are more severe. High vulnerabilities may have a significant impact, while critical vulnerabilities have the potential for severe consequences, such as complete system compromise, data breaches, or service disruptions." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What are some security software tools you can use to monitor the network?", + "answer": "Security software tools for network monitoring include Wireshark, Snort, Nagios, Suricata, Security Information and Event Management (SIEM) systems like Splunk or ELK Stack, intrusion detection systems (IDS), and intrusion prevention systems (IPS), among others." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What should you do after you suspect a network has been hacked?", + "answer": "After suspecting a network hack, you should isolate affected systems, notify relevant parties, begin the incident response process, gather evidence, and implement necessary countermeasures. Document the incident, assess the extent of the compromise, and work to prevent future attacks." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "How can you encrypt email to secure transmissions about the company?", + "answer": "You can encrypt email using technologies like S/MIME or PGP. Implementing email encryption ensures that sensitive information sent via email is protected from unauthorized access or interception, enhancing the security of company communications." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What are some risks of the Internet of Things (IoT) and how can they be mitigated?", + "answer": "Risks of IoT include security vulnerabilities, data privacy concerns, and device compromise. These can be mitigated through robust device security, encryption, regular updates, user awareness, and network segmentation." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "Can you name a few EDR tools?", + "answer": "Some Endpoint Detection and Response (EDR) tools include Sophos EDR CrowdStrike, Carbon Black, Palo Alto Networks Cortex XDR, Symantec Endpoint Protection, and McAfee MVISION EDR, among others." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "What is the difference between a security audit and a penetration test?", + "answer": "A security audit is a comprehensive review of security policies and procedures, while a penetration test is a simulated attack to identify vulnerabilities. Penetration tests are a subset of security audits, focusing on assessing the exploitability of vulnerabilities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Difficult", + "question": "What is SSL and why is it not enough when it comes to encryption?", + "answer": "SSL (Secure Sockets Layer) is a cryptographic protocol for securing data in transit. It's not enough because it has vulnerabilities like POODLE and is deprecated. TLS (Transport Layer Security) is the modern successor to SSL, providing stronger security." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What's more secure, SSL or HTTPS?", + "answer": "HTTPS (HyperText Transfer Protocol Secure) is more secure than SSL (Secure Sockets Layer). HTTPS combines HTTP with security protocols like TLS (Transport Layer Security) to encrypt data during transmission. SSL is an older protocol that may have security vulnerabilities." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What's the difference between a threat, vulnerability, and a risk?", + "answer": "A threat is a potential danger or harmful event, a vulnerability is a weakness that could be exploited, and a risk is the likelihood of a threat exploiting a vulnerability. Risks are assessed based on the presence and severity of vulnerabilities and the potential impact of threats." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What are some of the responsibilities of level 1 and 2 SOC analysts?", + "answer": "Level 1 SOC analysts typically handle initial incident triage, log analysis, and basic incident response. Level 2 analysts focus on more advanced threat detection, investigation, and coordinating incident response activities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is port blocking?", + "answer": "Port blocking is a security measure where specific network ports are closed or restricted to prevent unauthorized access or malicious activities, such as hacking or malware propagation." + }, + { + "domain": "Computer Networks", + "difficulty": "Intermediate", + "question": "What is ARP and how does it work?", + "answer": "ARP (Address Resolution Protocol) is used to map an IP address to a MAC address on a local network. It works by broadcasting a request for the MAC address corresponding to a given IP address." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is port scanning?", + "answer": "Port scanning is the process of probing a network to discover open ports on target systems. It's often used by security professionals to assess network security and by attackers to find vulnerabilities." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is an insider threat?", + "answer": "An insider threat is a security risk that originates from within an organization. It can be caused by current or former employees, contractors, or business associates who misuse their access to compromise data or systems." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Intermediate", + "question": "What is data loss prevention (DLP)?", + "answer": "Data Loss Prevention (DLP) is a strategy and set of tools used to prevent unauthorized access and sharing of sensitive data. It helps organizations protect their data from being leaked or lost." + }, + { + "domain": "Incident Response", + "difficulty": "Intermediate", + "question": "What is an incident response plan?", + "answer": "An incident response plan is a documented set of procedures and guidelines that an organization follows when responding to and managing security incidents, such as data breaches, cyberattacks, or system compromises." + }, + { + "domain": "Cyber Security Fundamentals", + "difficulty": "Easy", + "question": "What is a botnet?", + "answer": "A botnet is a network of compromised computers (bots) that are controlled by an attacker, often for malicious purposes. These bots can be used to launch coordinated cyberattacks or carry out various tasks." + }, + { + "domain": "SOC Analyst", + "difficulty": "Easy", + "question": "What is CSRF?", + "answer": "CSRF (Cross-Site Request Forgery) is an attack where a malicious website tricks a user's browser into making an unwanted request to a different site where the user is authenticated, potentially causing unwanted actions." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What is Splunk?", + "answer": "Splunk is a software platform used for searching, monitoring, and analyzing machine-generated data. It's widely used in cybersecurity for log management, threat detection, and incident response." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Why is Splunk used for analyzing data?", + "answer": "Splunk is used for analyzing data because it allows organizations to search, monitor, and gain insights from vast amounts of machine-generated data, helping to identify security threats, operational issues, and more." + }, + { + "domain": "SOC Analyst", + "difficulty": "Difficult", + "question": "What do SOAR solutions provide that SIEM tools usually don't?", + "answer": "SOAR (Security Orchestration, Automation, and Response) solutions provide workflow automation and orchestration capabilities to streamline incident response processes. They enhance the efficiency of incident handling, which is not a core feature of traditional SIEM tools." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "What uses a user's behavior as part of their process to determine anomalous behavior on a network?", + "answer": "User and Entity Behavior Analytics (UEBA) uses a user's behavior, including historical actions and patterns, to detect anomalous activities and potential security threats on a network." + }, + { + "domain": "SOC Analyst", + "difficulty": "Intermediate", + "question": "Which components are seen with many next-gen SIEM solutions, but not traditional SIEMs?", + "answer": "Next-generation SIEM solutions often include features like machine learning, advanced analytics, cloud integration, and orchestration, which may not be present in traditional SIEMs." + }, + { + "domain": "Penetration Testing", + "difficulty": "Intermediate", + "question": "How can you perform XSS if