Explore topic-wise InterviewSolutions in .

Right option is (a) STRANGERS, keyloggers

The best explanation: One MUST isolate payment systems and payment processes from those computers that you THINK are used by strangers or may contain keyloggers. Otherwise, your card DETAILS and PIN may get COMPROMISED.

The correct choice is (b) EMPLOYEE access

Easy explanation: It is important to limit employee access to all data and information as well as limit the AUTHORITY for installing software. Otherwise, any employee with ILLICIT intention may install programs that are EITHER pirated version or may cause damage to the internal corporate network.

The correct CHOICE is (B) Antivirus

For explanation I would say: For keeping cloud service secure and fully WORKING, firewalls, encryption mechanisms and load-balancers are used but antivirus is not used it could for any security purpose.

Correct answer is (d) product licensing

To EXPLAIN I would SAY: Product licensing is the technique to obtain permission from a firm or organization for using, manufacturing & selling one or more products within a definite market area. This is done by the COMPANY for security reasons and USUALLY takes a royal fee/amount from its USERS.

Right option is (b) Keeping backup of

The EXPLANATION: Keeping a secured backup of the important and precious file is a SOLUTION to prevent your files from ransomware. The backup should have to be made in some secured CLOUD storage of any other location (server) in an encrypted FORM.

The correct ANSWER is (B) Ransomware

The BEST explanation: Ransomware has become a popular attack since last few years, and the attacker target board members, high-ranked officials and managing committee members of an organization; where the ransomware compromise the system by encrypting all FILES and ASK for some ransom in order to unlock or decrypt all files.

The correct option is (b) PEN drive

The EXPLANATION is: Use of pen drive to bring your work from home tasks to office systems may bring worms and virus along with it (if your home SYSTEM is infected with any malware or infected PROGRAMS) and may cause harm to your office systems.

Right answer is (C) Browser Hijacker

To elaborate: Browser hijacking is a technique that takes over your system’s browser SETTINGS and the attack will REDIRECT the websites you visit some other websites of its PREFERENCE.

Right answer is (b) Physical authorization

The BEST I can EXPLAIN: There are 3 main aspects that NEED to keep in mind when putting together new employees or USERS into an application. These are: Representing users in the database, ACCESS control, and Employee’s authentication.

The CORRECT answer is (a) information

Best explanation: Through clickjacking, the employee’s SYSTEM may get COMPROMISED by an infected program, trojans or spyware which got downloaded in the background AUTOMATICALLY as the user fell into the TRICK of an attacker.

Correct answer is (a) Distributed Denial-of-Service (DDoS)

To elaborate: Here the attacker USES MULTIPLE PCS and floods the bandwidth/resources of the VICTIM’s system, (usually 1 or MANY web-servers). The attack uses zombie PCs and each of the PC’s are remotely controlled by the attacker.

Right choice is (c) Clickjacking

Explanation: Clickjacking is a malicious method USED by cyber-criminals to trick a USER into CLICKING on something else which is ILLICIT from what the user wants. The single click usually redirects the employee to a strange site from where infected FILES get downloaded into the system of the employee.

The correct answer is (a) True

The explanation is: Illicit hackers may enter your personal area or room or CABIN to STEAL your laptop, pen DRIVE, documents or other components to MAKE their hands dirty on your confidential information. This type of hacking comes under PHYSICAL hacking.

Correct option is (d) password

The explanation is: In most of the CASES, the ATTACKER uses automated brute FORCE tools for compromising your PIN or password. This makes fetching of your password easier by a COMBINATION of different letters as a trial-and-error APPROACH.

The correct option is (c) malicious site

Easiest EXPLANATION: CLICKING a link which is there in your email which came from an UNKNOWN source can REDIRECT you to a malicious site that will automatically install malware in your SYSTEM. The mail will be sent by the attacker.

The CORRECT OPTION is (a) True

For explanation: The antivirus or PC defender software in a system helps in detecting virus and Trojans PROVIDED the antivirus or the defender application needs to be up-to-date.

Correct answer is (d) Spyware

Explanation: Spywares are special malware programs written by elite HACKERS and black hat hackers to SPIES your mobile phones and systems. This program secretly spy on the target system or user and takes their BROWSING activities, app DETAILS and keeps track of their physical locations.

Right choice is (B) Ransomware

For explanation I would SAY: Ransomware is special TYPES of malware that will INFECT your system, compromise all data by encrypting them and will pop up asking you for a RANSOM which will be in the form of Bitcoins (so that the attacker do not get tracked) and once the ransom is paid, it will release all files.

The correct option is (a) True

Explanation: ATM card skimmers are set up by ATTACKERS in ATM machines which look EXACTLY same but that secretly inserted machine will TAKE information from the magnetic STRIP of your card and store it in its MEMORY card or storage chip.

The correct ANSWER is (a) Attackers, Trojans

Best explanation: To do a SECURITY breaching in your system, your friend or anyone whom you DEAL with may come up with a USB drive and will give you to take from you some data. But that USB drive may contain Trojan that will get to your computer once triggered. So TRY using updated antivirus in your system.

Correct choice is (d) NGOs

The explanation: ATTACKERS target large organizations and firms that consists of business firms, financial corporations, medical and healthcare firms, government and secret agencies, BANKING sectors. They’ve valuable INFORMATION which can cost them HUGE so major targets for hackers focuses such firms only.

Right OPTION is (a) Data that willpay once sold

The best explanation: Usually, cyber-criminals steal those data that are CONFIDENTIAL and adds value once they are sold to the dark-market or in different deep WEB sites. Even these DAYS, different companies buy CUSTOMER data at large for analyzing data and gain profit out of it.

The correct OPTION is (c) FIXING the bugs

Easiest explanation: During a hack, the cyber-criminals first do a RESEARCH on the victim gathers information on the victim’s SYSTEM as well as network. Then perform the ATTACK. Once the attacker gains access it steals away confidential data.

Correct answer is (d) Data breach

Easiest explanation: Data breach an ACTIVITY that takes place when cyber-criminals infiltrates any data SOURCE and takes away or alters sensitive information. This is either done using a NETWORK to steal all local files or get access PHYSICALLY to a system.

Right answer is (d) Ethics in black HAT hacking

The explanation is: Ethics in cyber-security is the BRANCH of cyber security that deals with morality and provides different theories and principles’ REGARDING the view-points about what is right and what NEED not to be done.

The correct option is (a) privacy and security

Easy EXPLANATION: A penetration tester MUST KEEP in mind the privacy & security requirements as well as policies of a firm while EVALUATING the security postures of the target, which is called as “industry and business ethics policies”.

The correct choice is (a) Cyber-ethics

The explanation is: Cyber-ethics and knowledge of proper ethical aspects while doing penetration tests HELPS to CLASSIFY ARGUMENTS and situations, better understand a cyber crime and helps to determine APPROPRIATE actions.

Right option is (c) penetration testing

To explain: It is against the laws and ethics of ethical HACKERS that after doing penetration TESTS, the ethical HACKER should never disclose client information to other parties. The protection of client data is in the hands of the ethical hacker who PERFORMED the tests.

Correct choice is (a) True

To EXPLAIN I would say: Yes, it is very important for an ETHICAL hacker to make sure that while doing penetration TESTS, the confidential DATA and proprietary information are preserved properly and not get leaked to the external network.

Right answer is (d) Type of broadband company used by the firm

For explanation I WOULD say: Before performing any penetration test, through the LEGAL procedure the key POINTS that the penetration tester must keep in mind are –

i) Know the nature of the organization

ii) what type of work the organization do and

iii) the system and networks used in various departments and their confidential data that are sent and received over the network.

Correct option is (a) Ethical hacking

Easiest EXPLANATION: Ethical hacking is that USED by business organizations and firms for exploiting vulnerabilities to secure the FIRM. Ethical hackers help in increasing the capabilities of any organization or firm in protecting their IT and information ASSETS.

The correct ANSWER is (c) Malware

To explain: Malware is one of the biggest CULPRITS that harm companies because they are PROGRAMMED to do the MALICIOUS task automatically and help hackers do illicit activities with sophistication.

The CORRECT answer is (a) True

The EXPLANATION is: Without PRIOR permission of the SENIOR authority or any senior member, if you’re leaking or taking our your company’s data outside (and which is confidential), then it’s against the code of CORPORATE ethics.

The correct answer is (a) To think LIKE hackers and know how to defend such attacks

For explanation I would say: It is important for ethical hackers and SECURITY professional to know how the cyber-criminals think and proceed to target any SYSTEM or network. This is why ethical hackers and PENETRATION testers are trained with proper ethics to SIMULATE such a scenario as how the real cyber-attack takes place.

Right choice is (d) a bad

Easiest explanation: Overlooking or peeping into someone’s system when he/she is entering his/her password is a bad practice and is against the ethics of CONDUCT for every individual. SHOULDER SURFING is a SOCIAL engineering attack approach used by some cyber-criminals to know your password and GAIN access to your system later.