1. What is Cybersecurity?

The practice of preventing unwanted access, attacks, damage, and theft of networks, devices, systems, data, and digital assets is known as cybersecurity. It entails using best practices, procedures, and technology to protect data and guarantee business continuity.

2. What is the CIA triad?

The CIA triad is the foundation of information security:

Confidentiality: Only authorized users should be able to access data.

 Integrity: Information must be true, consistent, and unchanged.

 Availability: Data and systems should always be available when needed.

3. Define "threat," "vulnerability," and "risk."

Threat: This refers to any situation that could potentially cause harm, like hacking or malware attacks.

• Vulnerability: This is a weakness that can be taken advantage of, such as a missing software patch.

• Risk: This is the chance that a threat will successfully exploit a vulnerability.

4. What is Encryption?

Encryption takes readable information, known as plaintext, and transforms it into a scrambled format called ciphertext using various cryptographic algorithms like AES and RSA. Only those with the right key can unlock and read the original content. This technology is essential for securing communications in SSL/TLS, VPNs, email security, and data protection.

5. What is a firewall?

A firewall monitors, filters, and controls network traffic.
Types:

·        Packet Filtering Firewall

·        Stateful Firewall

·        Next-Gen Firewall (NGFW)

·        Web Application Firewall (WAF)

6. What are IDS and IPS?

·        IDS (Intrusion Detection System): Detects malicious activity and alerts.

·        IPS (Intrusion Prevention System): Detects and blocks malicious traffic.

7. What is Multi-Factor Authentication (MFA)?

Security that uses two or more factors:

1.     Something you know (password)

2.     Something you have (OTP, token)

3.     Something you are (biometrics)

8. What is Zero Trust?

Zero Trust assumes no user, device, or network is trusted by default.
Every time someone tries to access something, they need to be continuously authenticated and authorized.

9. What is vulnerability assessment?

A systematic process to identify and classify security weaknesses.
Tools: Nessus, OpenVAS, Qualys, and Rapid7.

10. What is Penetration Testing?

Authorized simulation of cyberattacks to exploit vulnerabilities.
Types:

·        Black Box

·        White Box

·        Gray Box
Used to test real-world cyber resilience.

11. What is phishing?

A social engineering attack where attackers impersonate trusted entities to steal:

·        Credentials

·        Money

·        Sensitive data
Types include spear phishing, whaling, and SMS phishing.

12. What is ransomware?

Malware that encrypts data and demands ransom for decryption keys.
Examples: WannaCry, LockBit, and REvil.

13. What is Malware?

Malicious software designed to damage or gain unauthorized access.
Includes virus, worm, Trojan, spyware, botnet, and ransomware.

14. What is SQL injection?

A web attack where malicious SQL queries are inserted into input fields.
Impact: Unauthorized data access, modification, or deletion.

15. What is XSS (Cross-Site Scripting)?

Attackers inject malicious scripts into web pages viewed by users.
Types: Stored, Reflected, and DOM-Based XSS.

16. What is a DDoS attack?

Distributed Denial of Service floods a server with massive traffic, making it unavailable.
Uses botnets like Mirai.

17. What is Patch Management?

The process of applying software updates to fix vulnerabilities.
Helps prevent exploits and ensure compliance.

18. What is an SOC (Security Operations Center)?

A team and technology setup that monitors, analyzes, and responds to cybersecurity incidents 24/7.

19. What is SIEM?

Security Information and Event Management tools collect logs, correlate events, and detect threats.
Examples: Splunk, QRadar, Azure Sentinel.

20. What is Threat Intelligence?

Information that helps organizations understand:

·        Who attackers are

·        How they operate

·        What threats are emerging?
Sources: OSINT, ISACs, CTI platforms.

21. What is the MITRE ATT&CK Framework?

A global knowledge base of real-world adversary tactics and techniques.
Used for threat modeling, red teaming, and SOC analysis.

22. What is the Least Privilege Principle?

Users should have only the minimum required access to perform their duties.
This helps prevent misuse and reduces the potential impact of any security breaches.

23. What is social engineering?

Psychological manipulation that tricks people into revealing information.
Examples: Phishing, tailgating, and pretexting.

24. What are hashing algorithms?

One-way cryptographic functions that convert data into fixed-size values.
Examples: SHA-256, SHA-1, MD5.
Used for passwords, data integrity, and digital signatures.

25. Authentication vs. Authorization.

·        Authentication: Verifies identity.

·        Authorization: Grants access permissions after identity is verified.

26. What is SSL/TLS?

Security protocols that encrypt data between clients and servers.
Used in HTTPS, VPN, and email security.

27. What are public & private keys?

Used in asymmetric cryptography.

·        Public key: Encrypts data

·        Private key: Decrypts data
Used in SSL, SSH, and PGP.

28. What is DLP (Data Loss Prevention)?

Technologies that prevent unauthorized data transfer or leakage.
Monitors emails, endpoints, and cloud storage.

29. What is incident response?

A structured approach for handling security breaches.
Stages: Preparation → Detection → Containment → Eradication → Recovery → Lessons learned

30. What is a honeypot?

A honeypot is essentially a cleverly designed decoy—it's a fake system, server, or service that appears to be a real and vulnerable target, luring in cybercriminals.

31. What is a botnet?

A network of infected devices controlled remotely by attackers.
Used for DDoS, spam, and credential stuffing.

32. What is steganography?

Hiding data inside images, audio, or video files to evade detection.

33. What is API security?

Protecting APIs from attacks like

·        API key leaks

·        Injection

·        Rate-limit bypass
Used heavily in cloud and mobile apps.

34. What is cloud security?

Strategies to protect cloud environments (AWS, Azure, GCP).
Covers data encryption, IAM, monitoring, and container security.

35. What is Endpoint Security?

Protection for devices like laptops, mobile phones, and IoT.
Includes antivirus, EDR, and disk encryption.

36. What is IAM (Identity & Access Management)?

IAM, or Identity and Access Management, is essentially a set of policies, technologies, and processes designed to make sure that the right people have access to the right resources at the right time—and nothing beyond that.
Includes SSO, MFA, RBAC, and PAM.

37. What is network segmentation?

Network segmentation is all about breaking down a computer network into smaller, isolated segments. This approach boosts security, enhances performance, and tightens access control. It’s a smart strategy because if one segment gets compromised, the attacker can’t just waltz through the whole network.

38. What are security policies?

Security policies are essentially the formal rules and guidelines that outline how an organization safeguards its systems, networks, applications, and data against security threats. They set clear, mandatory expectations for employees, IT teams, and third parties, ensuring that everyone behaves consistently and securely throughout the organization.

Examples: password policy, encryption policy, access policy.

39. What is log monitoring?

Log monitoring is all about keeping a close eye on system, application, and network logs. It’s a continuous effort to collect, analyze, and review these logs to spot security threats, performance hiccups, anomalies, or any operational issues as they happen. Think of logs as a detailed diary of everything going on within a system. By keeping tabs on them, organizations can swiftly catch any suspicious activities or early warning signs of an attack.
Tools: ELK Stack, Splunk, Graylog.

40. What is ARP spoofing?

ARP spoofing is a cyberattack where an attacker sends fake (forged) ARP messages on a local network to associate their own device’s MAC address with the IP address of another device (usually the gateway or a victim user).

41. What is MITM (Man-in-the-Middle)?

A Man-in-the-Middle (MITM) attack happens when someone sneaky steps in to intercept, watch, or even change the communication between two parties who think they’re chatting directly with one another.

Used in Wi-Fi attacks, ARP spoofing, and SSL stripping.

42. What is password salting?

Password salting is a clever security measure that involves adding a random, unique string—known as a salt—to a user’s password before it gets hashed. This process ensures that the resulting hash is distinct, even if two users happen to choose the same password.

43. What is an APT (Advanced Persistent Threat)?

An Advanced Persistent Threat (APT) refers to a long-term, targeted cyberattack where highly skilled attackers sneak into a network without permission and stay hidden for a long time. Their goal? To steal sensitive data, conduct espionage, or inflict damage.
Example: APT29, Lazarus Group.

44. What is CVE?

A CVE, or Common Vulnerabilities and Exposures, is a cybersecurity flaw that’s been made public and given a unique ID. This helps everyone—organizations, security tools, and researchers—track, share, and fix these vulnerabilities more easily. It’s managed by the MITRE Corporation and is a go-to resource for security professionals around the world.
Each vulnerability has a unique CVE ID.

45. What is a zero-day vulnerability?

A zero-day vulnerability is a security flaw in software or hardware that the vendor or developer is completely unaware of, and there’s no patch or fix available when it’s discovered or exploited by attackers. The term “zero-day” highlights that developers have had no time—zero days—to address the vulnerability before it can be taken advantage of.

46. What is digital forensics?

Digital forensics involves the careful process of identifying, collecting, analyzing, and preserving digital evidence from various sources like computers, networks, mobile devices, and other digital media, all while ensuring that the methods used are forensically sound. This field is mainly focused on investigating cybercrimes, security incidents, and data breaches.

47. What are security baselines?

A security baseline is essentially a collection of essential security standards, configurations, and controls that an organization puts in place to ensure that its systems, applications, and networks are consistently protected. Think of it as a yardstick for measuring compliance, minimizing risk, and promoting best practices. Examples: CIS Benchmarks, NIST Baselines.

48. What is email spoofing?

Email spoofing is a sneaky cyberattack method where an attacker pretends to be someone else by faking the sender’s email address. This trickery makes it look like the message is coming from a trusted source. The main aim? To fool the recipient into doing something harmful, like clicking on dangerous links, sharing sensitive information, or downloading malware.

49. What is threat modeling?

A structured process to identify:

Threat modeling is a systematic method used in cybersecurity to pinpoint, evaluate, and rank potential threats to a system, application, or network before any attacks take place. This proactive approach enables organizations to build secure systems instead of just responding after a breach has happened.

50. What is Red Team vs. Blue Team?

Red Team: These are the offensive ethical hackers who mimic real attackers.

Blue Team: The defenders who keep an eye out, prevent, and respond to any attacks. They often collaborate during Purple Team exercises.