1. What is Log Processing?

How audit logs are processed, searched for key events, or summarized.

2. What is IP Spoofing?

An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.

In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system

3. What is Defense in Depth?

The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.

4. What is uthentication?

The process of determining the identity of a user that is attempting to access a system.

authentication is a process that can verify pc identity(user name and pass etc).

5. What is Least Privilege?

Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.

6. What is Cryptographic Checksum?

A one-way function applied to a file to produce a unique ``fingerprint'' of the file for later reference. Checksum systems are a primary means of detecting filesystem tampering on Unix.

7. Explain You are currently designing your own Desktop Publishing application, as you have not found any that?

You are currently designing your own Desktop Publishing application, as you have not found any that do exactly what you want with existing applications. As part of the design you are using a Controller to which you send all GUI requests. Not all objects can process the same commands. For example you can?t select the spell check tool when an image has the focus. To stop any possible errors you would like to filter out some of the messages as they are passed from these objects to

8. What is DNS spoofing?

Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

9. What is Bastion Host?

A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be ``outside'' web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., Unix, VMS, NT, etc.) rather than a ROM-based or firmware operating system.

10. What is Log Retention?

How long audit logs are retained and maintained.

Download Interview PDF

11. What is Virus?

A replicating code segment that attaches itself to a program or data file. Viruses might or might not not contain attack programs or trapdoors.

Viruses is hidden software

12. What is Perimeter-based Security?

The technique of securing a network by controlling access to all entry and exit points of the network.

13. What is Intrusion Detection?

Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network.

15. What is Trojan Horse?

A software entity that appears to do something normal but which, in fact, contains a trapdoor or attack program.

the software which protects the computer from getting virus which totally affects the total working of the computer

16. Explain the difference between router ACLs and Firewall ACLs?

Fundamental purpose: 1)Routers are designed to route traffic, not stop it.2)Firewalls are designed to examine and accept/reject traffic. But the both ACL are do the same job. Depending upon our requirments we do our ACL configuration on it. ...

17. What is Data Driven Attack?

A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall.

18. What is Dual Homed Gateway?

A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.

19. What is Virtual Network Perimeter?

A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks.

20. What is Screened Subnet?

A subnet behind a screening router. The degree to which the subnet may be accessed depends on the screening rules in the router.

21. In what way firewall provides security and how far it works to different intruders and attackers? and what are all the disadvantages in the firewalls security access?

A firewall block everything.it depends on you when configuring your network wat traffic to let in and wat traffic to block.its acts as a gaurd to u r network.its like a screening of a person on a airport...its does a deep pack inspection.

22. Explain Can traceout command work across the firewall? If No then why? If Yes then why?

Traceroute is based on ICMP type 30 under Windows and UDP under *NIX; traceroute pacjets that would hit the firewall should be dropped similarly any echo replay coming from inside the firewall should be restricted outbound. The answer: traceroute can ...

23. What is Screened Host?

A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.

24. Explain employee assistance program (EAP) application is now required to be deployed?

Your companys employee assistance program (EAP) application is now required to be deployed on the Web. The following are characteristics and requirements of the new system: The UI is an off-the-shelf, unsigned terminal-emulator applet. The applet communicates with a terminal server using a proprietary TCP/IP-based protocol. The terminal server sits behind the corporate firewall and listens on port 10001. The only configurable items for the applet

Download Interview PDF

25. What is IP Splicing/Hijacking?

An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.