Articles

Top 40 Interview Questions – Information Security | CEH

This article presents various questions you’re likely to be asked by various employers when you
interview for a job position after the completion of CEH(Certified Ethical Hacker).

  • What is the difference between encoding, encryption and hashing?
  • What is the difference between proxy, firewall, IDS, and IPS?
  • How does asymmetric encryption work?
  • How does SSL work?
  • What is TLS and how is it different from SSL?
  • Can you name a critical vulnerability found in SSL during recent times?
  • What is port scanning? How can port scanning be prevented?
  • What is a man-in-the-middle attack? Can it be prevented?
  • What is the difference between false positive and false negative?
  • What does the term “defense in depth” mean?
  • What is a stateful inspection by a firewall?
  • What is a DMZ? Which systems should be placed in DMZ?
  • Is SSH completely secure?
  • What is BYOD and what are the common security concerns associated with it?
  • What are the different layers of the OSI model? Explain each layer in brief.
  • What are honeypots?
  • How do you keep yourself updated with the latest trends in Information Security?
  • Which OS do you feel is more secure, Linux or Windows?
  • How does Kerberos work?
  • What is a zero-day vulnerability? Can it be prevented?
  • What is a rainbow table attack? How can it be prevented?
  • What is the difference between hub, switch, and router?
  • What are some common security concerns in Cloud computing?
  • What is the difference between vulnerability assessment and penetration testing?
  • What are the high-level steps to perform vulnerability assessment and penetration testing?
  • What tools do you normally use for vulnerability assessment and penetration testing? Which tool you find the best and why?
  • Is it possible to hack into a system without using any tool?
  • What is the difference between active and passive information gathering?
  • How does HTTPS make a website secure?
  • What is a SQL injection attack? What are its types?
  • What is a XSS attack? What are its types?
  • What is CSRF? How can you prevent it?
  • What is the difference between white box application security testing and black box application security testing?
  • What standards do you refer to for web application security and related vulnerabilities?
  • Will a Layer 3 firewall be useful in protecting the web application against common attacks? If yes, then to what extent?
  • How does HTTP handle state?
  • How do you identify that an application is vulnerable to blind SQL injection attack?
  • What are the top five mobile application security threats?
  • What is the difference between a standard, a policy, and a procedure?
  • Name a vulnerability for each OSI layer.

All Credit goes to Mr. Sagar Ajay Rahalkar

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

H4ck0
Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.
https://www.yeahhub.com/

WHERE SHOULD WE SEND

HACKING TUTORIALS & INFOSEC NEWS?

Subscribe to Our Newsletter and Get Instant Delivered to Your Email Inbox.

We respect your privacy and take protecting it seriously.

Leave a Reply

Your email address will not be published. Required fields are marked *

three + 2 =