Interview questions and answers for Ethical hacker and Penetration tester 2020

Here I am actually presenting about top interview questions and answers which are asked by employer or recruiter or talent acquisition team to freshers.

So here I am not now wasting your valuable time and let’s me start with questions and answers which is useful for fresher to crack there interview. In an advance “Lo y La mejor de las suertes”

1. Explain Ethical Hacking ?

Ethical hacking is when a person is allowed to hack the system with the permission of the authorized owner of product or organization or application or e.t.c. to find vulnerability in a system and later fix them.

2. What is difference between IP and MAC address ?

IP(Internet Protocol): To every devices IP addresses are assigned,so that device can located in network.

MAC (Media access control): This address is a 48 bits unique serial number assigned to every NIC(Network Interface Card).

3. List out of some common tools used by ETHICAL HACKERS ?

NMAP

METASPLOIT

WIRESHARK

NESSUS,NEXPOSE OR QUALYS

Maltego,Shodan,Github,GHDB,OSINT framework

Burpsuite

Sqlmap

XSS HUNTER

cURL

4.What is foot printing ? Which are techniques used for footprinting?

foot printing refers accumulating and uncovering as much as information about the target network before gaining access into any network.The approach adopted by hacker before hacking.

Open source foot printing: it will look for the contact information of administrator that will be used in guessing the password in social engineering.

Network Enumeration: The hackers tries to identify the domain name and the network blocks of the target networks.

Scanning: Once the network is known the second step is to spy the active addresses on the network .Identifying active IP addresses from ping, fping, nmap, hping3 e.t.c.

Stack fingerprinting: Once hosts and ports have been mapped by the scanning network , the final foot printing step step can be performed .This is called stack fingerprinting.

5. What is brute force attack ?

It is a type of attack or technique for checking a authentication of username and password from word lists and if there has weak authentication so easily get access in system through that service.Example of services like ftp,ssh,telnet e.t.c are using authentication.if this service using weak credential so that time we are using hydra,ncrack,medusa,nmap,patator for brute forcing.

6. What is DOS ? What are common attack name from DOS ?

Denial of service is malicious attack on network,that is done by flooding the network with the useless traffic.

Buffer overflow attack

SYN attack

Teardrop attack

Smurf attack.

7. What is SQL injection ?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack.

Some common SQL injection examples include: Retrieving hidden data, where you can modify an SQL query to return additional results. Subverting application logic, where you can change a query to interfere with the application’s logic. UNION attacks, where you can retrieve data from different database tables.

8. What is phishing ? what are types of social engineering attacks ?

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication

The word phishing was coined around 1996 by hackers stealing America Online accounts and passwords. … Hackers commonly replace the letter f with ph, a nod to the original form of hacking known as phone phreaking.

Phishing

Baiting

Quid Pro Quo

Pretexting

Piggybacking or tailgating

9. What is Network sniffing ? type of sniffing ?

It is a process of monitoring and capturing all data packets passing through network. Sniffers are used by network/system administrator to monitor and troubleshoot network traffic. Attackers use sniffers to capture data packets containing sensitive information such as password, account information etc. Sniffers can be hardware or software installed in the system. By placing a packet sniffer on a network in promiscuous mode, an intruder can capture and analyze all of the network traffic.

There are two types:

Active Sniffing:

Sniffing in the switch is active sniffing. A switch is a point to point network device. The switch regulates the flow of data between its ports by actively monitoring the MAC address on each port, which helps it pass data only to its intended target. In order to capture the traffic between target sniffers has to actively inject traffic into the LAN to enable sniffing of the traffic. This can be done in various ways.

Passive Sniffing:

This is the process of sniffing through the hub. Any traffic that is passing through the non-switched or unbridged network segment can be seen by all machines on that segment. Sniffers operate at the data link layer of the network. Any data sent across the LAN is actually sent to each and every machine connected to the LAN. This is called passive since sniffers placed by the attackers passively wait for the data to be sent and capture them.

10. What is ARP spoofing or ARP poisoining ,how to detect and what is prevention ?

An ARP spoofing, also known as ARP poisoning, is a MitM attack that allows attackers to intercept communication between network devices. The attack works as follows:

1. The attacker must have to access to the network. They scan the network to determine the IP addresses of at least two devices⁠ — let’s say these are a workstation and a router.
2. The attacker uses a spoofing tool, such as Arpspoof ,Driftnet, dsniff to send out forged ARP responses.
3. The forged responses advertise that the correct MAC address for both IP addresses, belonging to the router and workstation, is the attacker’s MAC address. This fools both router and workstation to connect to the attacker’s machine, instead of to each other.
4. The two devices update their ARP cache entries and from that point onwards, communicate with the attacker instead of directly with each other.
5. The attacker is now secretly in the middle of all communications.

Once the attacker succeeds in an ARP spoofing attack, they can:

• Continue routing the communications as-is⁠ — the attacker can sniff the packets and steal data, except if it is transferred over an encrypted channel like HTTPS.
• Perform session hijacking⁠ — if the attacker obtains a session ID, they can gain access to accounts the user is currently logged into.
• Alter communication⁠ — for example pushing a malicious file or website to the workstation.
• (DDoS)⁠ — the attackers can provide the MAC address of a server they wish to attack with DDoS, instead of their own machine. If they do this for a large number of IPs, the target server will be bombarded with traffic.

How to Detect an ARP Cache Poisoning Attack

Here is a simple way to detect that a specific device’s ARP cache has been poisoned, using the command line. Start an operating system shell as an administrator. Use the following command to display the ARP table, on both Windows and Linux:

The output will look something like this:

If the table contains two different IP addresses that have the same MAC address, this indicates an ARP attack is taking place. Because the IP address 192.168.5.1 can be recognized as the router, the attacker’s IP is probably 192.168.5.202.

To discover ARP spoofing in a large network and get more information about the type of communication the attacker is carrying out, you can use the open source Wireshark protocol.

ARP Spoofing Prevention

• Use a Virtual Private Network (VPN)⁠ — a VPN allows devices to connect to the Internet through an encrypted tunnel. This makes all communication encrypted, and worthless for an ARP spoofing attacker.
• Use static ARP⁠ — the ARP protocol lets you define a static ARP entry for an IP address, and prevent devices from listening on ARP responses for that address. For example, if a workstation always connects to the same router, you can define a static ARP entry for that router, preventing an attack.
• Use packet filtering⁠ — packet filtering solutions can identify poisoned ARP packets by seeing that they contain conflicting source information, and stop them before they reach devices on your network.
• Run a spoofing attack⁠ — check if your existing defenses are working by mounting a spoofing attack, in coordination with IT and security teams. If the attack succeeds, identify weak points in your defensive measures and remediate them.

11. What is MAC flooding ?

In computer network jargon, MAC flooding is a technique employed in order to compromise the security of the network switches.

12. What is DHCP Rogue server ?

A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. An accidental rogue device is commonly a modem with DHCP capabilities which a user has attached to the network unaware of the consequences of doing so

13. What is XSS and types of XSS ?

Cross-site scripting is a type of web application security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.

a. Reflected XSS

b. Stored XSS

c. DOM based XSS

14. What is Burp Suite ?

Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

15. What is pharming and defacement ?

Pharming : Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.

Defacement : Website defacement is an attack on a website that changes the visual appearance of a website or a web page. These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own.

16. How can you stop your website getting hacked ?

a. Sanitizing and validating user parameters

b. Using firewall

c. Encrypting the cookies

d. Validating and verifying user input

e. Validating and sanitizing headers

17. What is keylogger trojans ?

A keylogger Trojan virus is just as it sounds: a program that logs keystrokes. The danger of one infecting your computer is that it tracks every single keystroke you enter through your keyboard, including passwords and usernames.

18. What is enumeration ?

Enumeration is defined as the process of extracting user names, machine names, network resources, shares and services from a system.The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit in the System gaining phase.

19. What is network time protocol ?

The Network Time Protocol is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware.

20. What is MIB ?

A management information base (MIB) is a formal description of a set of network objects that can be managed using the Simple Network Management Protocol (SNMP). The format of the MIB is defined as part of the SNMP.

21. What are the password cracking techniques ?

a. Phishing

b. Social engineering

c. malware

d. Brute forcing attack

e. Dictionary attack

f. Mask attack

g. Rainbow table attack

h. Network analyzer

i . Spidering

j. Offline cracking

k. Shoulder surfing

l. Guess

22. What is methodology of Ethical hacking ?

a. Reconnaissance

b. Scanning

c. Gaining access

d. Maintaining access

e. Covering track

23. What is CSRF ? How can you prevent this ?

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts.

Prevention: An attacker can launch a CSRF attack when he knows which parameters and value combination are being used in a form. Therefore, by adding an additional parameter with a value that is unknown to the attacker and can be validated by the server, you can prevent CSRF attacks.

24. what is difference between encryption and hashing ?

Encryption is reversible and ensure confidentiality.

Hashing is irreversible and ensure integrity.

25. What is CIA triangle ?

Confidentiality : Keeping the information secret

Integrity : Keeping the information unaltered.

Availability : Information is available to the authorized parties at all time.

26. What is difference between VA and PT ?

VA known as a vulnerability assessment is an approach used to find flaws in an application and network. It is like travelling on the surface.

PT known as Penetration testing is an approach of finding exploitable vulnerabilities like a real attacker will do. It is digging for gold.

27. What is firewall ?

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

28. What is penetration testing ?

PENETRATION TESTING is a type of Security Testing that uncovers vulnerabilities, threats, risks in a software application, network or web application that an attacker could exploit. The purpose of pen test is to find all the security vulnerabilities that are present in the system being tested.It is also called pen testing or pen test.

29. Why are company required penetration testing ?

Penetration is essential in an enterprise because -

• Financial sectors like Banks, Investment Banking, Stock Trading Exchanges want their data to be secured, and penetration testing is essential to ensure security
• In case if the software system is already hacked and the organization wants to determine whether any threats are still present in the system to avoid future hacks.
• Proactive Penetration Testing is the best safeguard against hackers.

30. How many of penetration testing ?

The type of penetration test selected usually depends on the scope and whether the organization wants to simulate an attack by an employee, Network Admin (Internal Sources) or by External Sources. There are three types of Penetration testing :

• Black Box Testing
• White Box Penetration testing
• Grey Box Penetration Testing

31. How to do penetration testing ?

Step 1) Planning phase

1. Scope & Strategy of the assignment is determined
2. Existing security policies, standards are used for defining the scope

Step 2) Discovery phase

1. Collect as much information as possible about the system including data in the system, usernames and even passwords. This is also called as FINGERPRINTING
2. Scan and Probe into the ports
3. Check for vulnerabilities of the system

Step 3) Attack Phase

1. Find exploits for various vulnerabilities You need necessary security Privileges to exploit the system

Step 4) Reporting Phase

1. A report must contain detailed findings
2. Risks of vulnerabilities found and their Impact on business
3. Recommendations and solutions, if any

The prime task in penetration testing is to gather system information. There are two ways to gather information -

• ‘One to one’ or ‘one to many’ model with respect to host: A tester performs techniques in a linear way against either one target host or a logical grouping of target hosts (e.g. a subnet).
• ‘Many to one’ or ‘many to many’ model: The tester utilizes multiple hosts to execute information gathering techniques in a random, rate-limited, and in non-linear.

32 . What is the role and responsibilities of penetration tester ?

• Testers should collect required information from the Organization to enable penetration tests
• Find flaws that could allow hackers to attack a target machine
• Pen Testers should think & act like real hackers albeit ethically.
• Work done by Penetration testers should be reproducible so that it will be easy for developers to fix it
• Start date and End date of test execution should be defined in advance.
• A tester should be responsible for any loss in the system or information during the Software Testing
• A tester should keep data and information confidential

33. What is cyber security ?

Cybersecurity refers to the protection of hardware, software, and data from attackers. The primary purpose of cyber security is to protect against cyberattacks like accessing, changing, or destroying sensitive information.

34. What are the element of cyber security ?

• Information security
• Network security
• Operational security
• Application security
• End-user education
• Business continuity planning

35. What is cryptography ?

It is a technique used to protect information from third parties called adversaries. Cryptography allows the sender and recipient of a message to read its details.

36. What is difference between IDS and IPS ?

Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful while preventing the intrusion. In the Intrusion Prevention System (IPS), the system finds the intrusion and prevent it.

37. What is traceroute ?

It is a tool that shows the packet path. It lists all the points that the packet passes through. Traceroute is used mostly when the packet does not reach the destination. Traceroute is used to check where the connection breaks or stops or to identify the failure.

38. What is SSL ?

SSL stands for Secure Sockets Layer. It is a technology creating encrypted connections between a web server and a web browser. It is used to protect the information in online transactions and digital payments to maintain data privacy.

39. What do you mean by data leakage ?

Data leakage is an unauthorized transfer of data to the outside . Data leakage occurs via email, media, laptops, and USB keys.

40. What is port scanning?

It is the technique for identifying open ports and service available on a specific host. Hackers use port scanning technique to find information for malicious purposes.

41. What is a VPN?

VPN stands for Virtual Private Network. It is a network connection method for creating an encrypted and safe connection. This method protects data from interference, snooping, censorship.

42. What is MITM attack?

A MITM or Man-in-the-Middle is a type of attack where an attacker intercepts communication between two persons. The main intention of MITM is to access confidential information

43. What is 2FA? How to implement it for a public website?

TFA stands for Two Factor Authentication. It is a security process to identify the person who is accessing an online account. The user is granted access only after presenting evidence to the authentication device.

44. What are the difference between asymmetric and symmetric encryption?

Symmetric encryption requires the same key for encryption and decryption. On the other hand, asymmetric encryption needs different keys for encryption and decryption.

45. What is WAF ?

WAF stands for Web Application Firewall. WAF is used to protect the application by filtering and monitoring incoming and outgoing traffic between web application and the internet.

46. What is the process of salting ? What is the use of salting?

Salting is that process to extend the length of passwords by using special characters. To use salting, it is very important to know the entire mechanism of salting. The use of salting is to safeguard passwords. It also prevents attackers testing known words across the system.

For example, Hash(“QxLUF1bgIAdeQX”) is added to each and every password to protect your password. It is called as salt.

47. What is SSH?

SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system administrators secure way to access the data on a network.

48. What is TCP Three-way handshake ?

It is a process used in a network to make a connection between a local host and server. This method requires the client and server to negotiate synchronization and acknowledgment packets before starting communication.

49. What is Exfiltration ?

Data exfiltration refers to the unauthorized transfer of data from a computer system. This transmission may be manual and carried out by anyone having physical access to a computer.

50. What is Data Encryption? Why it is important in network security?

Data encryption is a technique in which the sender converts the message into a code. It allows only authorized user to gain access.

51. What is a remote desktop protocol?

Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect two devices over a network.

The user uses RDP client software to serve this purpose while other device must run RDP server software. This protocol is specifically designed for remote management and to access virtual PCs, applications, and terminal server.

52. What is Forward Secrecy ?

Forward Secrecy is a security measure that ensures the integrity of unique session key in event that long term key is compromised.

53.What is a buffer overflow attack ?

Buffer overflow attack is an attack that takes advantage of a process that attempts to write more data to a fixed-length memory block.

54. What is impersonation?

It is a mechanism of assigning the user account to an unknown user.

55. What do you mean by SRM?

SRM stands for Security Reference Monitor provides routines for computer drivers to grant access rights to object.

56. Name some tools used for packet sniffing.

Following are some tools used for packet sniffing.

• Tcpdump
• Kismet
• Wireshark
• NetworkMiner
• Dsniff

57. What is the concept of session hijacking ?

TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most common method of session hijacking. In this method, attackers use IP packets to insert a command between two nodes of the network.

58. What is honeypot and its Types ?

Honeypot is a decoy computer system which records all the transactions, interactions, and actions with users.

Honeypot is classified into two categories: 1) Production honeypot and 2) Research honeypot.

• Production honeypot: It is designed to capture real information for the administrator to access vulnerabilities. They are generally placed inside production networks to increase their security.
• Research Honeypot: It is used by educational institutions and organizations for the sole purpose of researching the motives and tactics of the black-hat community for targeting different networks.

59. What is Backdoor?

It is a malware type in which security mechanism is bypassed to access a system.

60. What is a security auditing?

Security auditing is an internal inspection of applications and operating systems for security flaws. An audit can also be done via line by line inspection of code.

61. What is Security Testing?

Security Testing is defined as a type of Software Testing that ensures software systems and applications are free from any vulnerabilities, threats, risks that may cause a big loss.

62. What is Security Scanning.

Security scanning involves identifying network and system weaknesses and later provides solutions for reducing these risks. This scanning can be performed for both Manual as well as Automated scanning.

63. Name the available hacking tools.

Following is a list of useful hacking tools.

• Acunetix
• WebInspect
• Probably
• Netsparker
• Angry IP scanner:
• Burp Suite
• Savvius

64. What are the OWASP top 10 vulnerabilities ?

1. Injection flaws
2. Broken authentication
3. Sensitive Data Exposure
4. XML External Entities{XXE}
5. Broken access control
6. Security misconfiguration
7. XSS
8. Insecure deserialization
9. Using components with known vulnerabilities
10. Insufficient logging and monitoring.

65. What is an access token ?

An access token is a credential which is used by the system to check whether the API should be granted to a particular object or not.

Thank you every one I hope freshers will find it useful for a interview.