Network Security Interview Questions and Answers

Are you looking for a Network Security job in a reputed organization? If yes, then you are searching for it at the right place. Browse the ACTE page to get a collection of all the jobs related to Network Security and also the other information like the job application process, the salary expected and the growth path in this job. In a Network Security job, you will control the authentication to access the data in a network. As a Network Security administrator, you will have to protect both, the hardware and the software of the organization from the threats like viruses, malwares, hackers and stop them from entering the network. To help you through the job process, we have designed a few Network Security job interview questions and answers which will make your job interview simple.

1. Why Does Active Ftp Not Work With Network Firewalls?

Ans:

When a user initiates a connection with the FTP server, two TCP connections are established. The second TCP connection (FTP data connection) is initiated and established from the FTP server. When a firewall is between the FTP client and server, the firewall would block the connection initiated from the FTP server since it is a connection initiated from outside. To resolve this, Passive FTP can be used or the firewall rule can be modified to add the FTP server as trusted.

2. Which Feature On A Network Switch Can Be Used To Prevent Rogue Dhcp Servers?

Ans:

DHCP Snooping

3. Which Feature On A Cisco Ios Firewall Can Be Used To Block Incoming Traffic On A Ftp Server?

Ans:

Extended ACL.

4. Name One Secure Network Protocol Which Can Be Used Instead Of Telnet To Manage A Router?

Ans:

SSH

5. Provide A Reason As To Why Https Should Be Used Instead Of Http?

Ans:

HTTP sends data in clear text whereas HTTPS sends data encrypted.

6. How Can You Prevent A Brute Force Attack On A Windows Login Page?

Ans:

Setup a account lockout for specific number of attempts, so that the user account would be locked up automatically after the specified number.

7. In An Icmp Address Mask Request, What Is The Attacker Looking For?

Ans:

The attacker is looking for the subnet/network mask of the victim. This would help the attacker to map the internal network.

8. Why Is Ripv1 Insecure In A Network?

Ans:

RIPv1 does not use a password for authentication as with RIPv2. This makes it possible to attackers to send rogue RIP packets and corrupt the routing table.

9. Which Feature On A Network Switch Can Be Used To Protect Against Cam Flooding Attacks?

Ans:

Port-Security feature can be used for the same. In a cam flooding attack, the attacker sends a storm of mac-addresses (frames) with different values. The goal of the attacker is to fill up the cam table. Port-Security can be used to limit the number of mac-addresses allowed on the port.

10. Which Protocol Does Https Uses At The Transport Layer For Sending And Receiving Data?

Ans:

TCP

11. ____ Typically Involves Using Client-side Scripts Written In Javascript That Are Designed To Extract Information From The Victim And Then Pass The Information To The Attacker?

Ans:

Cross site scripting (XSS)

12. What Is Srm (security Reference Monitor)?

Ans:

The Security Reference Monitor is the kernel mode component that does the actual access validation, as well as audit generation

13. In A Company Of 500 Employees, It Is Estimated That _____ Employees Would Be Required To Combat A Virus Attack?

Ans:

five employees.

14. According To The Research Group Postini, Over ____ Of Daily E-mail Messages Are Unsolicited And Could Be Carrying A Malicious Payload?

Ans:

two-thirds.

15. A Software-based ____ Attempt To Monitor And Possibly Prevent Attempts To Attack A Local System?

Ans:

HIDS

16. A Security ____ Focuses On The Administration And Management Of Plans, Policies, And People?

Ans:

manager.

17. Under The _____ , Healthcare Enterprises Must Guard Protected Health Information And Implement Policies And Procedures To Safeguard It, Whether It Be In Paper Or Electronic Format?

Ans:

HIPAA.

18. How Did Early Computer Security Work?

Ans:

It was pretty simple- just passwords to protect one’s computer. With the innovation of the internet, however, computers have increased security with firewalls and hundreds of anti-virus programs.

19. What Is A Firewall?

Ans:

A Firewall is software that blocks unauthorized users from connecting to your computer. All computers at Bank Street are protected by a firewall which is monitored and updated by CIS.

20. Business ____ Theft Involves Stealing Proprietary Business Information Such As Research For A New Drug Or A List Of Customers That Competitors Are Eager To Acquire?

Ans:

data.

21. ____ Monitor Internet Traffic And Block Access To Preselected Web Sites And Files?

Ans:

Internet content filters.

22. What Is Another Name For Unsolicited E-mail Messages?

Ans:

spam

23. The ____ Is The Link Between The Cellular Network And The Wired Telephone World And Controls All Transmitters And Base Stations In The Cellular Network?

Ans:

MTSO

24. ____ Technology Enables A Virtual Machine To Be Moved To A Different Physical Computer With No Impact To The Users?

Ans:

Live migration

25. A(n) ____ Finds Malicious Traffic And Deals With It Immediately?

Ans:

IPS

26. A ____ Virus Infects The Master Boot Record Of A Hard Disk Drive?

Ans:

boot

27. Can Police Track An Ip Address After It Has Been Changed?

Ans:

Sometimes-for example, if the user has a dynamic IP address, and their IP address changes within this system as usual, it can generally be tracked. If the user uses a proxy service to make their IP address appear as if it is located in some random other p

28. ____ Is A Software Program That Delivers Advertising Content In A Manner That Is Unexpected And Unwanted By The User?

Ans:

Adware

29. Encryption Under The Wpa2 Personal Security Model Is Accomplished By ____?

Ans:

AES-CCMP

30. According To The 2007 Fbi Computer Crime And Security Survey, The Loss Due To The Theft Of Confidential Data For 494 Respondents Was Approximately ____?

Ans:

$10 million.

31. ____, Also Called Add-ons, Represent A Specific Way Of Implementing Activex And Are Sometimes Called Activex Applications?

Ans:

ActiveX controls.

32. What Is A Sid (security Id)?

Ans:

SID stands for Security Identifier and is an internal value used to uniquely identify a user or a group. A SID contain * User and group security descriptors * 48-bit ID authority * Revision level * Variable sub authority values

33. ____ Can Fully Decode Application-layer Network Protocols. Once These Protocols Are Decoded, The Different Parts Of The Protocol Can Be Analyzed For Any Suspicious Behavior?

Ans:

Protocol analyzers

34. A ____ Is A Computer Program Or A Part Of A Program That Lies Dormant Until It Is Triggered By A Specific Logical Event?

Ans:

logic bomb

35. A ____ Is A Cumulative Package Of All Security Updates Plus Additional Features.

Ans:

service pack

36. The Goal Of ____ Is To Prevent Computers With Suboptimal Security From Potentially Infecting Other Computers Through The Network?

Ans:

NAC

37. ____ Is A Windows Vista And Windows Xp Service Pack 2 (sp2) Feature That Prevents Attackers From Using Buffer Overflow To Execute Malware?

Ans:

DEP

38. ____ Are Portable Communication Devices That Function In A Manner That Is Unlike Wired Telephones?

Ans:

Cell phones

39. A ____ Is A Single, Dedicated Hard Disk-based File Storage Device That Provides Centralized And Consolidated Disk Storage Available To Lan Users Through A Standard Network Connection?

Ans:

NAS

40. What Is Administrator Privileges When Trying To Install A Download?

Ans:

Administrator privileges allows the user full access to a program or network second only to the system account. If you don’t have administrator privileges, you cannot do certain things You may be able use a program, but not upgrade it.

41. With Operating System Virtualization, A Virtual Machine Is Simulated As A Self-contained Software Environment By The ____ System (the Native Operating System To The Hardware)?

Ans:

host

42. While Most Attacks Take Advantage Of Vulnerabilities That Someone Has Already Uncovered, A(n) ____ Occurs When An Attacker Discovers And Exploits A Previously Unknown Flaw?

Ans:

zero day

43. ____ Enables The Attacker’s Computer To Forward Any Network Traffic It Receives From Computer A To The Actual Router?

Ans:

IP forwarding.

44. A(n) ____ Is A Computer Programming Language That Is Typically Interpreted Into A Language The Computer Can Understand?

Ans:

scripting language

45. In A ____ Attack, Attackers Can Attackers Use Hundreds Or Thousands Of Computers In An Attack Against A Single Computer Or Network?

Ans:

distributed

46. What Is The Maximum Fine For Those Who Wrongfully Disclose Individually Identifiable Health Information With The Intent To Sell It?

Ans:

$250,000

47. _____ Ensures That Information Is Correct And That No Unauthorized Person Or Malicious Software Has Altered That Data?

Ans:

Integrity

48. The Plain Text To Be Transmitted Has A Cyclic Redundancy Check (crc) Value Calculated, Which Is A Check Sum Based On The Contents Of The Text. Wep Calls This The ____ And Append It To The End Of The Text?

Ans:

Correct Answer: integrity check value (ICV)

49. The _____ Act Is Designed To Broaden The Surveillance Of Law Enforcement Agencies So They Can Detect And Suppress Terrorism?

Ans:

USA Patriot

50. The Single Most Expensive Malicious Attack Was The 2000 ____, Which Cost An Estimated $8.7 Billion?

Ans:

Love Bug.

51. Live Migration Can Be Used For ____; If The Demand For A Service Or Application Increases, Then Network Managers Can Quickly Move This High-demand Virtual Machine To Another Physical Server With More Ram Or Cpu Resources?

Ans:

load balancing

52. The ____ Are The Operating System Settings That Impose How The Policy Will Be Enforced?

Ans:

configuration baselines

53. ____ Involves Using Someone’s Personal Information, Such As Social Security Numbers, To Establish Bank Or Credit Card Accounts That Are Then Left Unpaid, Leaving The Victim With The Debts And Ruining Their Credit Rating?

Ans:

Identity theft

54. Targeted Attacks Against Financial Networks, Unauthorized Access To Information, And The Theft Of Personal Information Is Sometimes Known As ____?

Ans:

cybercrime

55. The Goal Of ____ Is To Make It Harder To Predict Where The Operating System Functionality Resides In Memory?

Ans:

ASLR

56. Instead Of The Web Server Asking The User For The Same Information Each Time She Visits That Site, The Server Can Store That User-specific Information In A File On The User’s Local Computer And Then Retrieve It Later. This File Is Called A(n) ____?

Ans:

cookie

57. One Type Of Virtualization In Which An Entire Operating System Environment Is Simulated Is Known As ____ Virtualization?

Ans:

operating system

58. Wep Accomplishes Confidentiality By Taking Unencrypted Text And Then Encrypting Or “scrambling” It Into ____ So That It Cannot Be Viewed By Unauthorized Parties While Being Transmitted?

Ans:

ciphertext.

59. ____ Authentication Is Based Upon The Fact That Only Pre-approved Wireless Devices Are Given The Shared Key?

Ans:

Shared key

60. ____ Work To Protect The Entire Network And All Devices That Are Connected To It?

Ans:

NIPS

61. Flash Memory Is A Type Of ____, Non Volatile Computer Memory That Can Be Electrically Erased And Rewritten Repeatedly?

Ans:

EEPROM

62. What Is The Primary Function Of A Firewall?

Ans:

Its primary function is to prevent accesses from untrusted (or undesired) external systems to internal systems and services, and to prevent internal users and systems to access external untrusted or undesired systems and services. More generally, its pur

63. ____ Hinges On An Attacker Being Able To Enter An Sql Database Query Into A Dynamic Web Page?

Ans:

SQL injection

64. ____ Are Designed To Inspect Traffic, And Based On Their Configuration Or Security Policy, They Can Drop Malicious Traffic?

Ans:

NIPS

65. An Attacker Could Alter The Mac Address In The Arp Cache So That The Corresponding Ip Address Would Point To A Different Computer, Which Is Known As ____?

Ans:

ARP poisoning.

66. Creating And Managing Multiple Server Operating Systems Is Known As ____ Virtualization?

Ans:

server

67. A ____ Is A Program Advertised As Performing One Activity But Actually Does Something Else?

Ans:

Trojan

68. A(n) ____ Attack Makes A Copy Of The Transmission Before Sending It To The Recipient?

Ans:

replay

69. ____ Is An Image Spam That Is Divided Into Multiple Images?

Ans:

GIF layering

70. A Computer ____ Is A Program That Secretly Attaches Itself To A Legitimate “carrier,” Such As A Document Or Program, And Then Executes When That Document Is Opened Or Program Is Launched?

Ans:

virus

71. _____ Ensures That Only Authorized Parties Can View Information?

Ans:

Confidentiality

72. Coppa Requires Operators Of Online Services Or Web Sites Designed For Children Under The Age Of _____ To Obtain Parental Consent Prior To The Collection, Use, Disclosure, Or Display Of A Child’s Personal Information?

Ans:

13

73. ____ Is A Process Of Ensuring That Any Inputs Are “clean” And Will Not Corrupt The System?

Ans:

Input validation

74. In Order To Avoid Detection Some Viruses Can Alter How They Appear. These Are Known As ____ Viruses?

Ans:

metamorphic

75. ____ Is A Language Used To View And Manipulate Data That Is Stored In A Relational Database?

Ans:

SQL

76. What Is The Most Secure Operating System?

Ans:

Security is a difficult and sometimes controversial thing to analyze. The only truly “secure” operating systems are those that have no contact with the outside world. The firmware in your DVD player is a good example. Among all modern general purpose op.

77. What Do You Do If Spybot Will Not ‘immunize’?

Ans:

redownload spybot.

78. The Goal Of A ____ Is To Hide The Ip Address Of Client Systems Inside The Secure Network?

Ans:

proxy server

79. ____ Uses “speckling” And Different Colors So That No Two Spam E-mails Appear To Be The Same?

Ans:

Geometric variance

80. What Is Sam (security Account Manager)?

Ans:

SAM stands for Security Account Manager and is the one who maintains the security database, stored in the registry under HKLMSAM. It serves the Local Security Authority (LSA) with SIDs. The SAM maintains the user account database.

81. Today’s Computer Systems Have A(n) ____ Chip In Which The Contents Can Be Rewritten To Provide New Functionality?

Ans:

PROM

82. ____ Is A Means Of Managing And Presenting Computer Resources By Function Without Regard To Their Physical Layout Or Location?

Ans:

Virtualization

83. A ____ Virus Can Interrupt Almost Any Function Executed By The Computer Operating System And Alter It For Its Own Malicious Purposes?

Ans:

resident

84. Why Is Wep Security Not Recommended For Wireless Networks?

Ans:

WEP security is easily compromised – usually in 60 seconds or less. Part of the problem is that WEP security was developed for backward compatibility with older devices and is a less strong security measure.

85. Besides Default Rule Sets, What Activities Are Actively Monitored By Your Ids?

Ans:

IDSs come with default rule sets to look for common attacks. These rule sets must also be customized and augmented to look for traffic and activities specific to your organization’s security policy. For example, if your organization’s security policy prohibits peer-to-peer communications, then a rule should be created to watch for that type of activity. In addition, outbound traffic should be watched for potential Trojans and backdoors.

86. What Type Of Traffic Are You Denying At The Firewall?

Ans:

There should be a default deny rule on all firewalls to disallow anything that is not explicitly permitted. This is more secure than explicitly denying certain traffic because that can create holes and oversights on some potentially malicious traffic.

87. Where Is Your Organization’s Security Policy Posted And What Is In It?

Ans:

There should be an overall policy that establishes the direction of the organization and its security mission as well as roles and responsibilities. There can also be system-specific policies to address for individual systems. Most importantly, the policies should address the appropriate use of computing resources. In addition, policies can address a number of security controls from passwords and backups to proprietary information. There should be clear procedures and processes to follow for each policy. These policies should be included in the employee handbook and posted on a readily accessible intranet site.

88. What Is Security Policy In A Distributed Network Environment?

Ans:

The security policy anything really, whatever your admin enforces. Everything from what programs you are allowed to what wallpaper you have can be controlled through GPO’s. Usually you will find the common one are that every computer has to get updates, every computer has to have an AV

89. What Is Preprocessing In Ids?

Ans:

Before analysis all the captured data needs to be organized in a particular format or pattern for the classification purpose this whole process of organizing data is known as preprocessing. In this process data that is collected from the IDS or IPS sensors needs to be put into some canonical format or a structured database format based on the preprocessing. Once the data is formatted it is further broken down into classifications, which totally depends on the analysis scheme used. Once the data is classified, it is concatenated and used along with predefined detection templates in which the variables are replaced with real-time data.

90. What Are The Tolerable Levels Of Impact Your Systems Can Have?

Ans:

An organization must understand how an outage could impact the ability to continue operations. For example, you must determine how long systems can be down, the impact on cash flow, the impact on service level agreements, and the key resources that must be kept running.

91. How Are Subnets Used To Improve Network Security?

Ans:

Subnets improve network security and performance by arranging hosts into different logical groups. Subnetting is required when one network address needs to be distributed across multiple network segments. Subnetting is required when a company uses two or more types of network technologies like Ethernet and Token Ring.

92. What Does Your Network/security Architecture Diagram Look Like?

Ans:

The first thing you need to know to protect your network and systems is what you are protecting.

You must know:

• The physical topologies
• Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.)
• Types of operating systems
• Perimeter protection measures (firewall and IDS placement, etc.)
• Types of devices used (routers, switches, etc.)
• Location of DMZs
• IP address ranges and subnets
• Use of NAT In addition, you must know where the diagram is stored and that it is regularly updated as changes are made.

93. What Security Measures Are In Place For In-house Developed Applications?

Ans:

Any development that is taking place in house should include security from the beginning of the development process. Security needs to be a part of standard requirements and testing procedures. Code reviews should be conducted by a test team to look for vulnerabilities such as buffer overflows and backdoors. For security reasons, it is not a good idea to subcontract development work to third parties.

94. Why Is 802.11 Wireless More Of A Security Problem Than Any Other Type Of Network?

Ans:

Wireless is typically less secure because it uses radio waves for transmission. In other words, you have your data “floating” in airspace which makes it more susceptible to being compromised (hacked). With a wired connection someone cannot “steal” your data frames (packets) unless they physically connect to the network cabling. Additionally, the level of security built into wireless technology is less advanced than that of wired networks. This is mainly due to the fact that 802.11 is a relatively newer protocol standard. Manufacturers (both hardware and software) are developing better security for wireless systems and it is possible to harden the security of a WLAN by using the current security protocols along with using some third-party software. For additional specific information read the RFC standards for 802.11.

95. What Resources Are Located On Your Internal Network?

Ans:

In addition to internal web, mail, and DNS servers, your internal network could also include databases, application servers, and test and development servers.

96. What Is Your Backup Policy?

Ans:

VPNs should be used for remote access and other sensitive communication. IPSEC is a great choice for this purpose. Strong encryption protocols such as 3DES and AES should be used whenever possible. Web access to sensitive or proprietary information should

97. You Are Working On A Router That Has Established Privilege Levels That Restrict Access To Certain Functions. You Discover That You Are Not Able To Execute The Command Show Running-configuration. How Can You View And Confirm The Access Lists That Have Been.

Ans:

show ip interface Ethernet 0 The only command that shows which access lists have been applied to an interface is show ip interface Ethernet 0. The command show access-lists displays all configured access lists, and show ip access-lists displays all configured IP access lists, but neither command indicates whether the displayed access lists have been applied to an interface.

98. What Is The Defining Difference Between Computer Security And Information Security?

Ans:

Ar 25-2

99. How Are You Monitoring For Trojans And Back Doors?

Ans:

In addition to periodic vulnerability scanning, outgoing traffic should be inspected before it leaves the network, looking for potentially compromised systems. Organizations often focus on traffic and attacks coming into the network and forget about monitoring outgoing traffic. Not only will this detect compromised systems with Trojans and backdoors, but it will also detect potentially malicious or inappropriate insider activity.

100. What Types Of Idss Does Your Organization Use?

Ans:

To provide the best level of detection, an organization should use a combination of both signature-based and anomaly-based intrusion detection systems. This allows both known and unknown attacks to be detected. The IDSs should be distributed throughout the network, including areas such as the Internet connection, the DMZ, and internal networks.