Q.1. How will you explain network sniffing in basic term?
A.1. Network sniffing are the techniques used for monitoring and analysing data packets in real-time that are being sent and received in any computer network. They are also termed as packet sniffing or network probe.
Q.2. What are the three main types of hackers?
A.2. The three major categories of hackers are: –
i) White Hat hackers also termed as the ethical hackers or good security professionals. They take hacking and security issues professionally and hence helps in removing viruses, malwares, setup VPNs and firewalls for your company, carries out penetration testing and help organisations and people understand and find out the various types of vulnerabilities in their system and eventually fix them.
ii) Black Hat hackers are also known as ‘crackers’ are those people with high skills in hacking that are not legal and involves their profit only. They mostly steal data or money or otherwise harm systems that have vulnerabilities or bugs in them. They find banks and big companies with weak spots, penetrate them and steal information, confidential data or even money. They are the most prominent in the world of cyber criminals.
iii) Grey Hat hackers are the combination of both black and white hat hackers. They may or may not steal information and money or they might or might not help organisations and private firms save their information and other confidential data from leakage. Instead, they spend their time playing around with vulnerabilities and bugs.
Q.3. Who are script kiddies?
A.3. Script Kiddies are beginner level cyber criminals or hackers and actually do not care about hacking any systems or stealing things or even don’t possesses good technical skills and knowledge. They just copy and paste code found over the internet, use them (virus) to harm others. They basically download others developed or used software (like Metasploit or Trojan Codes) and watch video online as to how to use that and will start using. Popular attacks performed by script kiddies are DOS (Denial of Service) or DDOS (Distributed Denial of Service) attacks.
Q.4. What are the tools that you have used while learning ethical hacking?
A.4. (This answer depends from candidate to candidate). The most common ethical hacking tools that every C|EH (Certified Ethical Hackers) use are: –
- Acunetix (web vulnerability scanner)
- Nmap (CLI and GUI based)
- Nessus Vulnerability Scanner
Q.5. What are the various phases of ethical hacking?
A.5. The various phases that an ethical hacker should follow while performing pentesting are –
- 1st Phase | Reconnaissance: Here ethical hackers and penetration testers gather initial facts, figures, architecture & intelligence on the target system or user.
- 2nd Phase | Scanning: Here, this phase needs the use of different applications and technical tools for gathering additional intelligence on the target system or user.
- Phase 3 | Gaining Access: Here the ethical hackers require taking command over 1 or more network machines and devices for extracting data from target system.
- Phase 4 | Maintaining Access: It needs taking a step further involving them to be constantly inside the target’s system or environment for gathering as much information as possible.
- Phase 5 | Covering Tracks: is the final phase to cover tracks so that they don’t get traced by removing digital footprints essential for semblance of getting detected.
Q.6. How will you explain Adware to a non technical guy?
A.6. Adware is the special type of software that is intended for forcing pre-chosen ads for displaying on any PC or system.
Q.7. How can you explain the term “Back door” in few words?
A.7. A “back door” in other words termed as trap door can be defined as a concealed access point to any computing device, machines, or applications running on desktop, cloud, server etc. which bypasses various security methods like logins and password protections.
Q.8. Explain in 1 sentence, what an “Exploit” is?
A.8. An “exploit” is any program or attack vectors used on computer systems, particularly one having vulnerabilities in them, and takes advantage of those system for hacking purpose. In layman language, you can say that vulnerability is a house made of glass and an exploit is a stone which make the glass house vulnerable to such threats.