Home Q&A Top 40 Interview Questions – Information Security | CEH

Top 40 Interview Questions – Information Security | CEH

Q&A By · December 15, 2017 · Comments off

This article presents various questions you’re likely to be asked by various employers when you
interview for a job position after the completion of CEH(Certified Ethical Hacker).

  • What is the difference between encoding, encryption and hashing?
  • What is the difference between proxy, firewall, IDS, and IPS?
  • How does asymmetric encryption work?
  • How does SSL work?
  • What is TLS and how is it different from SSL?
  • Can you name a critical vulnerability found in SSL during recent times?
  • What is port scanning? How can port scanning be prevented?
  • What is a man-in-the-middle attack? Can it be prevented?
  • What is the difference between false positive and false negative?
  • What does the term “defense in depth” mean?
  • What is a stateful inspection by a firewall?
  • What is a DMZ? Which systems should be placed in DMZ?
  • Is SSH completely secure?
  • What is BYOD and what are the common security concerns associated with it?
  • What are the different layers of the OSI model? Explain each layer in brief.
  • What are honeypots?
  • How do you keep yourself updated with the latest trends in Information Security?
  • Which OS do you feel is more secure, Linux or Windows?
  • How does Kerberos work?
  • What is a zero-day vulnerability? Can it be prevented?
  • What is a rainbow table attack? How can it be prevented?
  • What is the difference between hub, switch, and router?
  • What are some common security concerns in Cloud computing?
  • What is the difference between vulnerability assessment and penetration testing?
  • What are the high-level steps to perform vulnerability assessment and penetration testing?
  • What tools do you normally use for vulnerability assessment and penetration testing? Which tool you find the best and why?
  • Is it possible to hack into a system without using any tool?
  • What is the difference between active and passive information gathering?
  • How does HTTPS make a website secure?
  • What is a SQL injection attack? What are its types?
  • What is a XSS attack? What are its types?
  • What is CSRF? How can you prevent it?
  • What is the difference between white box application security testing and black box application security testing?
  • What standards do you refer to for web application security and related vulnerabilities?
  • Will a Layer 3 firewall be useful in protecting the web application against common attacks? If yes, then to what extent?
  • How does HTTP handle state?
  • How do you identify that an application is vulnerable to blind SQL injection attack?
  • What are the top five mobile application security threats?
  • What is the difference between a standard, a policy, and a procedure?
  • Name a vulnerability for each OSI layer.

All Credit goes to Mr. Sagar Ajay Rahalkar

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts

Computer Fundamentals Questions Yeahhub

Top 10 Computer Fundamentals Questions and Answers

Computer Questions

Quiz Time – Testing Your Knowledge on Popular Computer Questions

Important Questions Related to Computer Yeahhub

15 Important Questions Related to Computer

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 14

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 13

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 12

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 11

Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 10