Q&A

Top 40 Interview Questions – Information Security | CEH

5 years ago
Sarcastic Writer

This article presents various questions you’re likely to be asked by various employers when you
interview for a job position after the completion of CEH(Certified Ethical Hacker).

  • What is the difference between encoding, encryption and hashing?
  • What is the difference between proxy, firewall, IDS, and IPS?
  • How does asymmetric encryption work?
  • How does SSL work?
  • What is TLS and how is it different from SSL?
  • Can you name a critical vulnerability found in SSL during recent times?
  • What is port scanning? How can port scanning be prevented?
  • What is a man-in-the-middle attack? Can it be prevented?
  • What is the difference between false positive and false negative?
  • What does the term “defense in depth” mean?
  • What is a stateful inspection by a firewall?
  • What is a DMZ? Which systems should be placed in DMZ?
  • Is SSH completely secure?
  • What is BYOD and what are the common security concerns associated with it?
  • What are the different layers of the OSI model? Explain each layer in brief.
  • What are honeypots?
  • How do you keep yourself updated with the latest trends in Information Security?
  • Which OS do you feel is more secure, Linux or Windows?
  • How does Kerberos work?
  • What is a zero-day vulnerability? Can it be prevented?
  • What is a rainbow table attack? How can it be prevented?
  • What is the difference between hub, switch, and router?
  • What are some common security concerns in Cloud computing?
  • What is the difference between vulnerability assessment and penetration testing?
  • What are the high-level steps to perform vulnerability assessment and penetration testing?
  • What tools do you normally use for vulnerability assessment and penetration testing? Which tool you find the best and why?
  • Is it possible to hack into a system without using any tool?
  • What is the difference between active and passive information gathering?
  • How does HTTPS make a website secure?
  • What is a SQL injection attack? What are its types?
  • What is a XSS attack? What are its types?
  • What is CSRF? How can you prevent it?
  • What is the difference between white box application security testing and black box application security testing?
  • What standards do you refer to for web application security and related vulnerabilities?
  • Will a Layer 3 firewall be useful in protecting the web application against common attacks? If yes, then to what extent?
  • How does HTTP handle state?
  • How do you identify that an application is vulnerable to blind SQL injection attack?
  • What are the top five mobile application security threats?
  • What is the difference between a standard, a policy, and a procedure?
  • Name a vulnerability for each OSI layer.

All Credit goes to Mr. Sagar Ajay Rahalkar

Related Posts

Q&A

15 Important Questions Related to Computer

1 month ago
Sarcastic Writer
Q&A

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 14

2 years ago
Sarcastic Writer
Q&A

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 13

2 years ago
Sarcastic Writer
Q&A

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 12

2 years ago
Sarcastic Writer

You Missed

Articles

How the Beverage Development Companies Backbone of Economy of Every Country

12 hours ago
Sarcastic Writer
Articles

Navigating the Digital Highway: Essential Tips for Automotive Digital Marketing

3 days ago
Sarcastic Writer
Articles

Mastering the Code: Essential Skills for Web Development Success

3 days ago
Sarcastic Writer
Articles

Superior Auto Service Seattle: Keeping Your Vehicle in Top Shape

3 days ago
Sarcastic Writer