Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips | Edureka

Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips | Edureka

#Cybersecurity #Interview #Questions #Answers #CyberSecurity #Interview #Tips #Edureka

Hello everyone this is aria from eddy Rekha today’s video is all about interview questions that are asked for cyber security personnel’s so today’s video will be actually divided into two parts the first part will actually cover all the general questions that are asked for cyber security jobs and the next

Part will cover the scenario based questions that are asked in such interviews okay so let’s get started so the first question is what do you mean by cyber security so as an interviewee I’d expect that the candidate should first tell me the need for cyber security says views on cyber

Security so the candidate should be like this today’s generation lives on the internet and we general users are almost ignorant as to how those random bits of ones and zeros treat securely to a computer for a hacker it’s a golden age with so many access point public IPs and

Constant traffic and tons of data to exploit blackhat hackers are having one hell of a time exploiting vulnerabilities and creating malicious software for the same above that cyber attacks are evolving by the day hackers are becoming smarter and more creative with their malware and how they bypass virus scans and firewalls still

Baffle many people therefore there has to be some sort of protocol that protects us against all these cyber attack and make sure our data doesn’t fall into the wrong hands this is exactly why we need cyber security now for defining cyber security here goes cyber security is a combination of

Processes practices and technologies designed to protect networks computers programs data and information from attack damage or unauthorized access okay so moving on to the next question is what do you have on your home network so a home network gives you a test environment for experimentation Active Directory domain controller a dedicated

Firewall appliance and a nether – to store as long as you are learning and fiddling with it that’s what matters I’ve augmented the router my ISP provided with an apple airport extreme which provides better wireless performance to some devices from there I’ve extended the wild part of the

Network into two parts of the house using five port Ethernet switches my office and living room each with four devices in the office I have a network attached storage device which provides shared data folders to every device for movies and TV streaming anywhere in the house as well as backups

In the living room is a range of gaming consoles a TiVo box and an Android media player despite owning a Smart TV it’s not hooked into my network simply because a device we own do a far better job of anything the Smart TV offers okay now moving on to the next question is

What is encryption and why is it important well a process of converting data into an unreadable forms to prevent unauthorized access and thus ensuring data protection is called encryption encryption is important because it allows you to securely protect data that you don’t want anyone else to have

Access to businesses use it to protect corporate secrets government’s use it to secure classified information and many individuals use it to protect personal information to guard against things like identity theft okay so that explains encryption and why it is important moving on tell me the difference between symmetric and asymmetric encryption okay

So if we compare on the basis of keys symmetric encryption has the same secret key for both encryption and decryption whereas asymmetric uses different keys for encryption and decryption purposes performance why is symmetric encryption is fast but is more vulnerable while asymmetric encryption is slightly slower due to high computation some examples of

Symmetric are DES and three DES while asymmetric the most popular is RSA and Fe Hellman okay so time for the next question so what is the CIA tried now in this question the candidates should explain what is CI triad and what it is used for so here’s the answer the CIA

Triad for Information Security provides a baseline standard for evaluating and implementing information security irrespective of the system and/or organization in question where confidentiality is all about making sure that data is accessible only to its intended individual measures undertaken to ensure confidentiality are designed to prevent sensitive information from

Reaching the wrong people while making sure that the right people can in fact get it integrity on the other hand is all about making sure that data is kept properly in task without it being meddled with an unauthorized way data must be changed in transit and

Steps must be taken to ensure that data can be altered by unauthorized people these measures include five omission and user access controls on the topic of availability well it is all about making sure that data and computers are available as needed by authorized parties moving on to the next question

Is what do you understand by risk vulnerability and threat in a network well threat refers to someone or something with the potential to do harm to a system or an organization moving on vulnerability refers to a weakness of an asset that can be exploited by one or

More tackles in other words it is an issue or bug that allows an attack to be successful last but not the least risk refers to the potential for loss or damage when threat exploits of vulnerability okay the next question is how do you report risk well risk needs

To be assessed first before it can be reported there are two ways you can actually analyze risk the first is it can be either quantitative or qualitative this approach is suitable for both technical and business guys the business guys will see the probable loss in numbers while the technical guys will

Monitor and assess the impact and frequency now depending on the audience the risk can then be reported moving on how do you differentiate between IPs and IDs systems well first of all idea stands for intrusion detection system and IPS is intrusion prevention system now IDs just detects the intrusion and

Leaves the rest to the administrator for assessment and evaluation or any further action IPS on the other hand detects the intrusion and takes necessary actions to further prevent intrusion also there is a difference in the positioning of devices in the network although they work on the same concept the placement

Is very very different moving on what do you know about cyber security frameworks well cyber security framework is voluntary guidance based on existing guidelines and practices for organizations to better manage and reduce cyber security risks besides helping associations oversee and decrease probable risks it was intended to cultivate risk and cybersecurity

Administration communications among both inner and outter authoritative partners most frequently adopted cybersecurity frameworks are PCI DDS which stands for payment card industry data security standards the ISO 27001 and 27w – which is the International Organization for Standardization then CIS which stands for the critical security control and the most famous cybersecurity framework

Is NIST moving on to the next question which is what is weak information security well information security policy is considered to be weak if it does not meet the criteria of an effective one the criteria include distribution review comprehension compliance and uniform information security is weak if the

Policy has not been made readily available for review by every employee within an organization or the organization is unable to demonstrate that the employees understand the content of the policy document this is when an information security is considered weak moving on to the next question is what’s the better approach

Of setting up a firewall ok so following on the steps you should take to configure your firewall the first is a username and password modify the default password for your firewall device next is the remote administration which will disable the feature of remote administration from the outside network

Then comes port forwarding for certain applications to work properly such as a webserver or FTP server you need to configure appropriate port forwarding next comes a DHCP server which is installing a firewall on a network with an existing DHCP server will cause conflict unless the firewalls DHCP

Server is disabled then is logging now in order to troubleshoot firewall issues or potential attacks you want to make sure to enable logging and understand how to view the logs last but not least we need to actually go through the policies now if you want to have solid

Security policies in place make sure that your firewall is configured to enforce those policies moving on to the next question is can you explain SSL encryption now SSL stands for secure socket layer and it is a protocol which enables safe conversation between two or more parties it is designed to identify

And verify that the person you are talking to on the other end is exactly who they pretend to be we also have HTTPS which stands for hypertext Transfer Protocol secure which is actually STP combined with SSL which provides you with a safer browsing experience with encryption

So this is a very tricky question but SSL wins in terms of security moving on which one is more secure SSL or TLS well SSL is meant to verify the sender’s identity but it doesn’t search for any more hazards than that SSL can help you track the person you

Are talking to but that can also be tricked at times TLS is another identification tool just like SSL but it offers better security features it provides additional protection to the data and hence SSL and TLS are often used together for better protection moving on what are salted hashes well

Salt is actually random data when a properly protected password system receives a new password it creates a hash value of that password and adds a random salt value then the combined value is stored in its database this helps defend against dictionary attacks and known hash attacks example if

Someone uses the same password on two different systems and they are being used using the same hashing algorithm the hash value would be same however if someone of the system uses salt with the hashes the value will be different moving on to the next question which is

How can identity theft be prevented okay so the following steps can be ensured to actually prevent identity theft first of all ensure a strong and unique password secondly avoid sharing confidential information online especially on social media third shope from known and trusted websites only fourth use the latest version of the

Browsers fifth installed advanced malware spyware and tools next use specialized security solutions against financial data and always update your system and software and last but not least always protect your social security number now moving on to the next question is how can you prevent the man-in-the-middle attack okay so an MIT

M attack happens when communication between two parties that the systems is included or intercepted by an outside entity this can happen in any form of online communication such as email social media web surfing etc not only they are trying to eavesdrop on your private conversation they can also

Target all the information inside your devices and the outcomes could be pretty catastrophic so the first method to prevent this attack would be to have encryption preferably public key encryption between both the parties this way they both will have an idea with whom they are talking with because of the digital verification

Secondly to prevent this it is best to avoid open Wi-Fi networks and if it is necessary then use plugins like HTTPS force TLS etc moving on to the next question which is state the differences between encoding hashing and encryption okay so the purpose of encoding is to

Transform data so that it can be properly and safely consumed by a different type of system that is example the binary data being sent over email or viewing special characters on a web page the goal is not to keep information secret but rather to ensure it’s able to

Be properly consumed examples include a sky unicode URL encoding and base64 now the purpose of encryption is to transform data in order to keep it secret from others example sending someone a secret letter then only they should be able to read or securely sending a password over the internet

Rather than focusing on usability the goal is to ensure that data cannot be consumed by anyone other than the intended response examples include AES Blowfish and RSA now hashing serves the purpose of ensuring integrity that is it makes sure that if something has changed you know that some change has taken place

Technically hashing takes arbitrary inputs and produces a fixed length of string example of sha-3 md5 which is now obsolete and sha-256 etc now moving on to the next question which is what steps will you take to secure a server now secure server uses the secure socket layer protocol for

Data encryption and decryption to protect data from unauthorized interception here are four simple ways you can actually secure a server so the first way is that you make sure that you have a secure password for your route and administrator user the secondly the next thing you need to do is to make new

Users on your system these will be the users you’ll use to manage the system step 3 is removed remote access from the default or route administrator accounts and the last step is to configure your firewall rules forum would access ok so the next question is what is a DDoS

Attack and how is it mitigated okay so DDR stands for distributed denial of service when a network is flooded with large number of requests which is not recognize to handle making the server unavailable to the legitimate requests senders DDoS can be mitigated by analyzing and filtering the traffic

In the scrubbing centers and the scrubbing centers are centralized data cleaning stations where in the traffic to a website is analyzed and malicious traffic is removed okay so the twentieth question is why do you need DNS monitoring the domain name system allows your website under a certain domain that

Is easily recognizable also keeps the information about other domain names it works like a directory for everything on the Internet thus DNS monitoring is very important since you can easily visit a website without actually having to memorize their IP addresses DNS has an important role in how end-users in your enterprise

Connect to the Internet inspecting DNS traffic between client’s devices and your local recursive resolver could be revealing a wealth of information for forensic analysis DNS queries can reveal both botnets and malware is connecting to the C&C server so this is why DNS monitoring is very essential moving on

What is a three-way handshake the TCP three-way handshake in transmission control protocol is the method used by a device on a network to set up a stable connection over an Internet Protocol based network TCP is three-way handshaking technique is often referred to as a syn synack or more accurately

Syn synack and AK because of there are three messages transmitted by the TCP to negotiate and start a TCP session between two computers moving on to the next question is what are black hat hackers white hat hackers and grey hat hackers so like all hackers black hat hackers usually have extensive knowledge

About breaking into computer networks and bypassing security protocols they are responsible for writing malware which is a method used to gain access to these systems their primary motivation is usually for a personal or financial gain but they can also be involved in cyber espionage ease protests or perhaps

Just addicted to the thrill of cybercrime now white hat hackers choose to use their power for good rather than evil also known as ethical hackers white hat hackers can sometime be paid employees or contractors working for companies are security specialists that attempt to find security holes via

Hacking they employ the same method of hacking as black hats with one exception that is they do it but permission from the owners of the system first which makes the process completely legal now there comes grey hat hackers as in life they are gray areas that need

A black nor white grey hat hackers are a blend of both black hat and white hat hackers often grey hat hackers will look for vulnerabilities in the system without the owner’s permission or knowledge if issues are found they will report them to the owner sometimes requesting a small fee to fix

The issue okay now moving on how often should you perform patch management well patch manage should be done as soon as it is released for Windows once the patch is released it should be applied to all machines not later than one month same goes for network devices we should

Patch it as soon as it is released and proper patch management process should be followed – question number 24 what do you know about application security application security is the practice of improving the security of applications using software hardware and other procedural methods countermeasures are taken to ensure application security the

Most common being an application firewall that limits the execution of files or the handling of data by specific installed programs moving on to the next question which is differentiate between penetration testing and software testing now penetration testing helps identify and address the security vulnerabilities whereas software testing focuses on functionality of the software

And not the security aspect a good penetration tester truly thinks differently than the other two they don’t care about the proper behaviors of the system or software and they are crafty looking for that one small of vulnerability that was not mitigated and software security testers generally

Have a fair amount of crossover as they usually know the full details of the system or software and they know how it’s supposed to properly behave when properly used and they can test for a lot of the common end-user miss behaviour moving on when to use trace

Though or trace route so trace route is a command which can show you the part a packet of information takes from your computer to the one you specify it will list all the routers it passes through until it reaches its destination or fails to and is discarded in addition to

This it will tell you how long each hop from router to router takes now when you connect to a website say how to calm the traffic has to go through several intermediaries before eating the website the traffic goes through your local router your internet service providers router onto larger networks

And so on okay so moving on to question number 27 which is tell me something about the common cyberattacks that plagued us today I’m going to be discussing eight cyber threats firstly its malware now malware is an all-encompassing term for a variety of cyber threats including Trojans viruses

And wombs malware is simply defined as code with malicious intent that typically steals data or destroy something on your computer next is fishing now fishing often posing as a request for data from a trusted third party phishing attacks are sent by email and ask users to click on a link and

Enter their personal data phishing emails have gotten much more sophisticated in recent years making it really difficult for some people to discern a legitimate request for information from a false one phishing emails often fall into the same category as spam but are more harmful than just a

Simple ad next is a password attack and a password attack is exactly what it sounds like that is a third party trying to gain access to your system by cracking a user’s password usually using some algorithm like brute force dictionary attacks or software which is

A key logo next is a DDoS attack and a DOS attack focus and lawn disrupting the service to a network attackers send high volumes of data or traffic through the network until the network becomes overloaded and can no longer function next is a man-in-the-middle attack and a man-in-the-middle attack is an attack

Where somebody is impersonating the endpoints in an online information exchange for example if you are a banking online the man in the middle would communicate with you by impersonating your bank and communicate with the bank by impersonating you next is drive-by downloads and this is a malware which is actually implanted into

A legitimate website and a program is downloaded to the user’s system just by visiting the site it doesn’t require any type of action by the user to actually start to trigger the download next is malvert icing and mallet icing is actually malicious code which is hidden behind advertisements on websites and it

Is also downloaded to your system without your knowledge last but not the least is rogue software which is malware that masquerade as legitimate unnecessary security software that will keep your system safe okay so moving on to the next question is what are different OSI layers and

What is the job of the network layer okay so OSI our open system interconnection is a reference model for how applications communicate over a network a reference model is a conceptual framework for understanding relationships and the purpose of the OSI reference model is to guide vendors and developers so the digital communication

Product and software programs they create can interoperate and to facilitate a clear framework that describes the function of a network or telecommunication system the seven OSI layers are application layer presentation layer session layer transport layer network layer data link layer and the physical layer okay so the network layer is actually used for

Controlling the operations of the subnet and the main job of this layer is to deliver packets from a source to a destination across multiple links moving on to the next question which is how would you reset a password-protected BIOS configuration now since bios is a pre boot system it has its own storage

Mechanism for its setting and preferences in the classic scenario simply popping out the CMOS battery will be enough to have the memory storing these settings lose its power supply and as a result it will lose all its setting are the times you need to use a jumper

Or a physical switch on the motherboard still other times you’ll need to actually remove the memory itself from the device and reprogram it in order to wipe it out the simplest way by far however is if the BIOS has come from the factory with a default password enabled

Try the whole word password now for question number 13 what is cross-site scripting or XSS now XSS refers to client-side code injection attacks wherein an attacker can execute malicious scripts also commonly referred to as malicious payload into a legitimate website or web application XSS is amongst the most rampant of web

Application vulnerabilities and of course when a web application makes use of unvalidated or unencoded user input within the output it generates by leveraging XSS an attacker would exploit a vulnerability within a website or web application that the victim would visit essentially using the vulnerable website as a vehicle to deliver a malicious

Script to the victims browser now what is data protection in transit versus data protection at rest so the answer to that is that data in transit or data in motion is data actively moving from one location to another such as across the internet or through a private network data protection in

Transit is the protection of this data while it’s traveling from network to network or being transferred from a local storage device to a cloud storage device wherever data is moving effectively data protection measures for in transit data are critical as data is often considered less secure valid

Motion now data at rest is data that is not actively moving from device to device or network the network such as data stored on a hard drive laptop flash drive or archives stash stored in some other way data protection at rest aims to secure an active data are stored on

Any device or network while data at rest is sometimes considered to be less vulnerable than data in transit attackers often find data at rest a more valuable target than data in motion the risk profile for data in transit or data address depends on the security measures

That are in place to secure data in either state moving on to question number 32 is tell me the differences between cyber security and network security okay so cyber security describes that the policies and procedures implemented by a network administrator to avoid and keep track of unauthorized access exploitation modification or denial of

The network and the network resources network security describes the process and practices designed to protect network computers programs and data from attack damage or unauthorized access in a computing context security includes both cyber security and physical security while cyber security is concerned with sets outside the castle network security is worried about what

Is going on within the castle walls the cyber security specialist is the crusading knight defending the kingdom and network security focuses on the barbarians at the gate and how the castle connects to the world around it moving on to question number 33 which is how will you prevent data leakage data

Leakage is when data gets out of the organization in an unauthorized way data can get leaked through various ways that is emails prints laptops getting lost unauthorized upload of data to public portals removable drives photographs etc a few controls can be restricting uploads on internet websites following an internal encryption

Solution restricting the mails to internal networks or restriction on printing confidential data etc moving on to the next question which is what is ARP and how does it work okay so address resolution protocol or ARP is a protocol for mapping an Internet Protocol address to a physical machine address that is recognized on

The local network on the topic of how it works when an incoming packet destined for a host machine on a particular local area network arrives at a gateway the Gateway asks the ARP program to find a physical host or MAC address that matches the IP address now the ARP

Program looks into the ARP cache and if it finds the address it provides it so that the packet can be converted to the right packet length and format and send it to the machine now if no entry is found for the IP address ARP broadcasts a request packet in a special format to

All machines on the LAN to see if one machine knows that it has the IP address associated with it so for question number 35 is what is 2fa and how can it be implemented for the public websites so an extra layer of security that is known as multi-factor authentication

Requires not only a password and username but also something that only and only that user has on them that is a piece of information only they should know or have immediately to hand such as a physical token Authenticator apps replace the need to obtain verification code via text voice call or email for

Example to access a web site or web based service that supports Google Authenticator they use the types in their username and password that is a knowledge factor okay now time for question number 36 which is what techniques can be used to prevent brute-force login attacks so here the

Attacker tries to determine the password for a target through a permutation of fuzzing process as it is a lengthy task attackers usually employ a software such as Fuzzle to automate the process of creating numerous passwords to be tested against target to avoid such attacks pass what best practices should be

Followed mainly on critical resources like servers routers expose services and so on okay so now in time for the next question which is what is cognitive cyber security now the applications of artificial intelligence technology is patterned on human thought process to detect threats and protected physical and digital system self-learning security systems

Use data mining pattern recognition and natural language processing to simulate the human brain albeit in a high powered computer model this is exactly what cognitive cybersecurity is so what is Port blocking with in Latin well restricting the users from accessing a set of services within the local area

Network is called port blocking stopping the source – not to access the destination node by a ports as applications work on the port supports are blocked to restrict the access filing up the security holes in the network infrastructure okay so time for question number 39 which is what is the

Difference between VPN and VLAN okay so VPN is related to remote access to the network of a company while VLAN basically means to logically segregate networks without physically segregating them with various switches now while VPN saves the data from prying eyes while in transit and no one on the

Net can capture the packets and read the data VLAN does not involve any encryption technique but it is only used to slice up a logical network into different sections for the purpose of Management and security okay so it’s time for question number 40 so the question is what protocols fall under

The tcp/ip internet layer okay so I’ll be going through the five layers that consists the tcp/ip protocol and I’ll also be listing out the protocols that are inside every layer so starting with the physical layer the protocols that reside in the physical layer are the Ethernet I should Polly 802.3 and the

Rs-232 from one of the many protocols and moving on to the data link layer we have the Triple P protocol the I Triple E 802.2 protocol then moving on to the network layer it’s governed by the IP protocol the ARP protocol which is basically the address resolution protocol and the ICMP protocol then

Moving on ahead is the transport layer now the transport layer has two main protocols namely the TCP and the UDP protocols and last but not least we have the application layer which is governed by a multiple of protocols namely NFS NIS plus DNS telnet FTP our IP SNMP and various other protocols are

Such ok so that brings us to the end of the general interview questions that might be asked in any cybersecurity interview now moving on to the scenario based questions so first I’ll be reading out the scenario and then I’ll ask the questions regarding the scenario – okay

So for a scenario number one we have you received the following email from help desk so the email goes as follows dear UCSC email user beginning next week we will be deleting all inactive email accounts in order to create space for more users you are required to send the

Following information to continue using your email account if you do not receive this information from you by the end of the week your email account will be closed so then the email actually goes on to ask the various credentials like name email login password DOB and the

Alternate email and then it says please contact the webmail team with any questions and thank you for your immediate attention so in such a scenario what do you do and justify your actions for doing so okay so this email is a classic example of phishing trying to trick you into biting the

Justification is the generalized way of addressing the receiver which is used in mass spam Mills above that a corporate company will never ask personal details on mail they want your information so don’t respond to the mail instant message texts phone calls etc asking you for your password or the private

Information you should never disclose your password to anyone even if they say they work for the UCSC IPS or any other campus organization moving on to the next scenario which is a friend sends an electronic Hallmark greeting card to your book email you need to click on the

Attachment to see the card what do you do and justify your actions well this one has four big risks firstly some attachments contain viruses or other malicious programs so just in general it’s risky to open unknown or unsolicited attachments secondly also in some cases just clicking on a malicious

Link can infect a computer so unless you are sure a link is safe don’t really click on it third email addresses can be faked so just because the email says it is from someone you know you can’t be certain of this without checking with the person fourth finally some websites

And links look less but they’re really hoaxes designed to steal your information so what we have to do is actually not click on the email and actually ignore it completely moving on to the next scenario which is one of the staff members in IPs subscribes to a

Number of free IT magazines among the questions she was asked in order to activate her subscriptions one magazine asked her for a month of birth a second asked for a year of birth and a third asked for her mother’s maiden name what you info is going on in the situation

And justified well all three newsletters probably have the same parent company or are distributed through the same service the parent company or service can combine individual pieces of seemingly harmless information and use or sell it for identity theft then it is even possible that there is a fourth

Newsletter that asks for a day of birth has one the activation questions often questions about personal information are optional in addition to being suspicious about situations like the one described here never provide personal information when it is not legitimately necessary or to people or companies you don’t

Personally know so now a tie-in for scenario number four well in our computing labs and departments print billing is often tied to users log in people log in they print and then they get a bill sometimes people call to complain about bills for printing they never did only to find out that the

Bills are indeed correct so what do you info is going on in this situation and justify your inference sometimes you realize they loan their account to a friend who couldn’t remember his or her password and the friend did the printing and thus the charges it’s also possible

That somebody came in from behind them and use their account now this is an issue with share or public computers in general if you don’t log on to the computer properly when you leave someone else can come in from behind and retrieve what you were doing and use

Your accounts always log out of accounts quit program and close browser windows before you walk away from a general public computer now moving on to scenario number five we have that we saw a case a while back where someone used their yahoo accounts at a computer lab

On a campus she made sure her yahoo account was no longer open in the browser window before leaving the lab now someone came in behind her and used the same browser to reiax as her accounts started sending emails from it and caused all sorts of million so what do

You think might have gone wrong here well the first person probably didn’t log out of her account so the new person could just go into the history and access it secondly another possibility is that she did log out but didn’t clear her web cache this is done through the

Browser menu to clear pages that the browser has saved for future use time for scenario number six now okay so two different offices on campus are working straighten out an error and an employee’s bank account due to a direct deposit mistake office number one emails the correct account and deposit

Information to office number two which promptly fixes the problem the employee confirms with the bank that everything has indeed been straightened out so what is exactly wrong here well account and deposit information is sensitive data that could be used for identity theft sending this or any kind of sensitive

Information by email is very very risky because email is typically not private or secure anyone who knows how can access it anywhere along its route so as an alternative the two offices could have called each other or worked with the IT s to send the information in a

More secure fashion okay moving on to the next scenario which is the mouse on your computer screen starts to move around on its own and click on things on your desktop what do you do in such a situation a call a co-worker / phobia can see B disconnect your computer from

The network C unplug your mouse D tell your supervisor e turn the computer off F run an anti-virus or G all of the above so we have to select all the options that apply in the situation so the options that apply are B and D which is basically disconnect your computer

From the network and tell your supervisor so this is definitely suspicious immediately report the problem to your supervisor and the IT support center also since it seems possible that someone is controlling the computer remotely it is best if you can disconnect the computer from the network

And turn our wireless if you have it until help arrives if possible don’t turn off the computer okay time for scenario number eight so below are a list of passwords pulled out of your database now which of the following passwords meet the UCSC’s password requirement okay so the third

Password which is option number C is the only one that meets all the following of the UCSC’s requirement it has at least eight characters in length that contains at least three of the following four types of characters which are lowercase characters uppercase characters numbers and special characters and not a word is

Preceded or followed by a digit so it’s the third option which is correct in this situation moving on to the second last scenario we have for today is you receive an email from your bank telling you there is a problem with your account the email provides instructions and

Links so you can log in to fix your account and fix the problem in doing so so what should you do well we have to delete the email and better yet use the web client that is Gmail Yahoo mail etc and reported as spam or phishing and then deleted any unsolicited email or

Phone call asking you to enter your account information disclose your password financial account information social security number or any other private or personal information is suspicious even if it appears to be from a company you are familiar with always contact the sender using a method you know is legitimate to verify that the

Message is indeed from them okay so it’s time for our last scenario of the day which is a vial back the IT folks got a number of complaints that one of our campus computers were sending out via Gras spam they checked it out and the reports were true a hacker had installed

A program on the computer that made it automatically send out tons of spam email with other computers own knowledge so how do you think the hacker got into the computer to set this up well this was actually the result of a hacked password using passwords that can be easily guessed and protecting your

Password by not sharing them or writing them down can help to prevent this password should be at least 8 characters in length and use a mixture of uppercase Lucas letters and numbers and symbols even though in this case it was a hacked password other things could possibly

Lead to this are that out of date patches and updates the lack of an anti-virus software or an out-of-date antivirus software or clicking on an unknown link or attachment or downloading unknown and unsolicited programs onto your computer okay guys so that was it for the session on cybersecurity interview questions if

You all have any questions regarding any of the questions that were discussed you’re please put a comment down below if y’all also want the PowerPoint presentation that showing out here you all can also comment for that and if you all want any other cyber security related specific interview questions

Please do come and for that I’ll make a video on them soon that’s it from me goodbye I hope you have enjoyed listening to this video please be kind enough to like it and you can comment any of your doubts and queries and we will reply them at the earliest do look

Out for more videos in our playlist and subscribe to any rekha channel to learn more happy learning

Like it? Share with your friends!


What's Your Reaction?

hate hate
confused confused
fail fail
fun fun
geeky geeky
love love
lol lol
omg omg
win win


Choose A Format
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
Youtube and Vimeo Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format