1. What is asymmetric Key Encryption?

The encryption process where different keys are used for encrypting and decrypting the information is known as Asymmetric Key Encryption. Though the keys are different, they are mathematically related and hence, retrieving the plaintext by decrypting ciphertext is feasible.

2. Explain me what port is for ICMP or pinging?

Ping uses the ICMP protocol, which is a layer 3 protocol. Ping doesn't use a port, so you want to note that this is a trick question if asked.

3. Tell me do you prefer Windows or Linux?

This question is more of a preference, but many network security professionals know linux to work with security. For instance, Linux is better to know when working with routers. Be honest with your answer and give pros and cons that relate to which one you prefer.

4. Explain me about your home network?

Although there is no right answer for this question, it helps the candidate relax, while pushing them off script. From there, try probing into details and ask relevant questions about decisions.

Understanding how a person thinks about cybersecurity is just as important as knowing about the controls. Following the discussion as to why the candidate made specific decisions, you are likely to be asked, “What is the goal of information security within an organization?”

This helps the interviewer understand what you think about the role. Are you authoritarian and will be ready to stop the project because of a risk or is there a better way? This will also help them answer if the applicant is trustworthy.

5. Explain me what are the two types of XSS?

Cross site scripting has two types of attacks: reflected and stored. A stored XSS hack allows the attacker to store malicious code within the database. The database content is served to the user from the database and can be used in private pages behind a secure login to gain access to site private data. The next is reflected, and this comes from the hacker sending the user a link that runs JS code within the pages directly from the querystring.

6. Do you know what is Cross Site Scripting or XSS?

Cross site scripting occurs when an attacker is able to inject executable code within JavaScript. This is done through a hacked database or poorly scrubbed querystring variables.

7. What is symmetric Key Encryption?

The encryption process where same keys are used for encrypting and decrypting the information is known as Symmetric Key Encryption.

The study of symmetric cryptosystems is referred to as symmetric cryptography. Symmetric cryptosystems are also sometimes referred to as secret key cryptosystems.

8. Explain me RSA Analysis?

The security of RSA depends on the strengths of two separate functions. The RSA cryptosystem is most popular public-key cryptosystem strength of which is based on the practical difficulty of factoring the very large numbers.

Encryption Function − It is considered as a one-way function of converting plaintext into ciphertext and it can be reversed only with the knowledge of private key d.

Key Generation − The difficulty of determining a private key from an RSA public key is equivalent to factoring the modulus n. An attacker thus cannot use knowledge of an RSA public key to determine an RSA private key unless he can factor n. It is also a one way function, going from p & q values to modulus n is easy but reverse is not possible.

9. Tell me what are some ways that the company can defend against XSS?

First, the programmers should defend against JS script added to a querystring. Also, remove JS from any input variables send through online forms and stored in a database.

10. Explain what is RC5?

RC5 is the coding technique through which IR remote button keycode are coded and transmitted to the receiver......

Download Interview PDF