Ethical Hacking Interview Questions and Answers

Ques 1. What is footprinting?

Footprinting is a technique used for collecting as much information as possible about the targeted network/system/victim to execute a successful cyber attack. It also finds out the security posture of the target. During this phase, a hacker can collect data about a domain name, IP address, namespace, employee information, phone numbers, emails, and job information.

Footprinting is divided into two types:

Passive footprinting: It collects data of the target system located at a remote distance from the attacker.

Active footprinting: It is performed directly by getting in touch with the target machine.

Ques 2. What do you mean by fingerprinting in ethical hacking?

Fingerprinting is a technique used for determining which operating system is running on a remote computer.

Active fingerprinting: In this, we send the specially crafted packets to the target machine, and based on its response and gathered data, we determine the target OS.

Passive fingerprinting: In this, based on the sniffer traces of the packets, we can find out the OS of the remote host.

Ques 3. What is sniffing and what are its types?

Sniffing is referred to as a process of monitoring and capturing the data packets passing through a given network. It is mostly used by system/network administrators to monitor and troubleshoot network traffic. Sniffing allows you to see all sorts of traffic, both protected and unprotected. Attackers use this to capture data packets having sensitive information such as email traffic, FTP password, web traffic, router configuration, DNS traffic, and more.

Sniffing is divided into two types:

Active sniffing:

In this, traffic is not only locked and monitored but it may be altered in some way determined by the attack. It is used to sniff a switch-based network. It involves injecting the address resolution packets into a target network to switch on the content addressable memory table.

Passive sniffing:

In this, traffic is locked but not at all altered in any way. It works with hub devices, and traffic is sent to all the ports. Any traffic that is passing through the unbridged or non-switched network segment can be seen by all the machines on the segment.

Ques 4. What are the best sniffing tools?

The best sniffing tools are listed below:

• Tcpdump
• Wireshark
• Fiddler
• EtherApe 
• Packet Capture
• NetworkMiner
• WinDump
• EtterCap
• dSniff

Ques 5. What is ARP poisoning?

ARP (Address Resolution Protocol) poisoning is also known as ARP spoofing or ARP Poison routing. It is a form of attack where the attacker changes the MAC (Media Access Control) address and attacks the ethernet LAN network by changing the target computer’s ARP cache with forged requests and reply packets.

Ques 6. How to prevent ARP poisoning?

ARP poisoning can be prevented by the following methods:

Packet filters:

These help in reducing the chances of attacks being successful. These filters analyses each packet that has been sent over a network and filter out and blocks malicious packets that are suspicious.

Encryption:

Protocols such as SSH and HTTPS will also help you to reduce ARP poisoning attacks.

VPNs:

These are not suitable for larger organizations as each VPN connection needs to be placed between each computer and each server. If it is only a single person trying to attack using public wifi, then VPN will encrypt all the data that has been transmitted between the exit server and the client.

Static ARP entries:

This is suitable for smaller networks. This ARP is added for every machine on a network into a single individual computer.

Ques 7. What is DNS Cache Poisoning?

DNS cache poisoning is a technique that exploits vulnerabilities in the DNS (domain name system) to divert internet traffic away from legitimate servers and towards false ones. It is also known as DNS spoofing.

Ques 8. What is SQL injection and how to prevent it?

SQL injection is a type of injection attack that executes malicious SQL statements and controls the database server behind a web application.

These attacks mostly take place on the web pages developed using different web technologies.

These attacks can be made with the following intentions:

• To execute the different queries that are not allowed on the application.
• To change the content of the database
• To dump the entire database of the system.

The only way to prevent the SQL injection attack is input validation and parameterized queries including prepared statements. The application code should never use the input directly.

Ques 9. What is Cross-Site scripting and how can you fix it?

Cross-Site Scripting (XSS) is also referred to as a client-side code injection attack. In this, the attacker intends to execute malicious scripts on the victim’s web browser by including malicious code in a legitimate page or web application.

The actual attack occurs when the victim visits the page and executes malicious code, and this web application actually becomes a vehicle to deliver the malicious script to the user’s browser. Forums, web pages, and message boards that allow comments support cross-site scripting attacks.

To fix these attacks, apply context-dependent output encoding. 

Ques 10. What is a DDoS attack and how does it work?

DDoS (Distributed Denial of Service) attack is a type of DoS attack, where several compromised systems are often infected with a trojan and are used to target a single system causing a DoS (Denial of Service) attack.

Here is how DDoS work:

It is an attempt to make a webpage or online service inaccessible by overloading it with huge floods of traffic from various sources.

Ques 11. What are the types of DDoS attacks?

DDoS attacks are categorized into three types:

Volume-based Attacks:

These are also known as Layer3 & 4 attacks. In this, the attacker tries to saturate the bandwidth of the target site.

Protocol Attacks:

These attacks include actual server resources and others like load balancers and firewalls, and they are measured in Packets per Second.

Application Layer Attacks:

It includes the zero-day DDoS attacks, Slowloris, etc., that attack the Windows, Apache, or OpenBSD vulnerabilities and more. This is measured in Requests per Second.

Ques 12. What is a Pharming attack and how to prevent it?

Pharming attack is one of the various cyber-attacks practiced by the attackers. It is a fraudulent practice in which legitimate website traffic is manipulated to direct users to the fake look-alikes that will steal personal data such as passwords or financial details or install malicious software on the visitor's computer.

Pharming attacks can be prevented by the following methods:

• Install the power antivirus software that will detect and remove the malware that is directed to the malicious sites on your computer.
• Check the URLs on the sites that you visit are trustworthy. 

Ques 13. What is Spoofing?

Spoofing is a fraudulent practice in which communication is sent from an unauthorized source and disguised as a known source to the receiver. It is used to gain access to targets' personal information and spread malware and redistribute traffic to execute a denial-of-service attack.

The below listed are the most popular spoofing attacks: 

• Email spoofing
• Website spoofing
• Caller ID spoofing
• ARP spoofing
• DNS server spoofing

Ques 14. What are the different types of penetration testing?

There are five types of penetration testing:

1. Black Box: In this, the hacker attempts to detect information by their own means.
2. External Penetration Testing: In this case, the ethical hacker attempts to hack using public networks through the Internet. 
3. Internal Penetration Testing: The ethical hacker is inside the network of the company and conducts his tests from there.
4. White Box: In this, an ethical hacker is provided with all the necessary information about the infrastructure and the network of the organization that needs to penetrate.
5. Grey Box: It this, the hacker has partial knowledge of the infrastructure, like its domain name server.

Ques 15. What are the types of password cracking techniques?

The most popular password cracking techniques used by hackers are listed below:

1. Dictionary attack: This attack uses the common kind of words and short passwords that many people use. The hacker uses a simple file containing words that can be found in the dictionary and tries them frequently with numbers before or after the words against the user accounts.
2. Brute force attacks: These are similar to dictionary attacks, but instead of using simple words, hackers detect the non-dictionary words by using all possible alphanumeric combinations from aaa1 to zzz10.
3. Man in the middle attack: In this, the attacker's program actively monitors the information being passed and inserts itself in the middle of the interaction usually by impersonating an application or website. These attacks steal sensitive information such as social security numbers, account numbers, etc.
4. Traffic interception: In this, the hacker uses packet sniffers to monitor network traffic and capture passwords.
5. Keylogger attack: The hacker manages to install software to track the user's keystrokes and enable them not only to collect the user's account information and passwords but also to check which website or app the user was logging into the credentials.

Ques 16. What is a social engineering attack?

Social engineering is referred to like a broad range of methods majorly intended by the people who want to hack other people’s data or make them do a specific task to benefit the hacker.

The attacker first collects the victim’s information like security protocols required to proceed with the attack, and gains the victim's trust, and breaks security practices, such as granting access to critical resources or stealing sensitive information.  

Ques 17. What are the different types of social engineering attacks?

Different types of social engineering attacks include:

• Phishing
• Vishing
• Pretexting
• Quid pro quo
• Tailgating
• Spear phishing
• Baiting

Ques 18. What is a rogue DHCP server?

A rogue DHCP server is a DHCP server set up on a network by an attacker which is not under the control of network administrators. It can be either a modem or a router.

Rogue DHCP servers are primarily used by hackers for the purpose of network attacks such as Sniffing, Reconnaissance, and Man in the Middle attacks.

Ques 19. What is Burp Suite?

Burp Suite is an integrated platform used for executing a security test of web applications. It consists of various tools that work seamlessly together to manage the entire testing process from initial mapping to security vulnerabilities.