Ethical%20Hacking%20Interview%20Questions%20and%20Answers

Ques 1. What is hacking?

Hacking refers to unauthorized intrusion in a system or a network. The person involved in this process is called a hacker. They use the computer to commit non-malicious activities such as privacy invasion, stealing personal/corporate data, and more.

Ques 2. What is ethical hacking?

Ethical hacking is also known as penetration testing or intrusion testing where the person systematically attempts to penetrate/intrude into a computer system, application, network, or some other computing resources on behalf of its owner and finds out threats and vulnerabilities that a malicious hacker could potentially exploit.

The main objective of ethical hacking is to improve the security of the system or network and fix the vulnerabilities found during the testing. Ethical hackers employ the same tools and techniques adopted by malicious hackers to improve security and protect the system from attacks by malicious users with the permission of an authorized entity.

Ques 3. What are the tools used for ethical hacking?

The most popular ethical hacking tools are listed below:

• John the Ripper
• Metasploit
• Nmap
• Acunetix
• Wireshark
• SQLMap
• OpenVAS
• IronWASP
• Nikto
• Netsparker

Ques 4. What are the various stages of hacking?

There are mainly five stages in hacking:

1. Reconnaissance: This is the primary phase of hacking, also known as the footprinting or information gathering phase, where the hacker collects as much information as possible about the target. It involves host, network, DNS records, and more.
2. Scanning: It takes the data discovered during reconnaissance and uses it to examine the network. 
3. Gaining access: The phase where attackers enter into a system/network using various tools and techniques.
4. Maintaining access: Once hackers gain access, they want to maintain access for future exploitation and attacks. This can be done using trojans, rootkits, and other malicious files.
5. Covering tracks: Once the hackers are able to gain and maintain access, they cover tracks to avoid detection. It involves modifying/deleting/corrupting the value of logs, removing all traces of work, uninstalling applications, deleting folders, and more. 

Ques 5. What is a firewall?

A firewall is a network security system that allows or blocks network traffic as per predetermined security rules. These are placed on the boundary of trusted and untrusted networks.

Ques 6. What is the difference between encryption and hashing?

Hashing is used to validate the integrity of the content, while encryption ensures data confidentiality and security. Encryption is a two-way function that includes encryption and decryption, while hashing is a one-way function that changes a plain text to a unique digest that is irreversible.

Ques 7. What is the difference between IP address and Mac address?

IP address: For every device, an IP address is assigned. The IP address is a number allocated to a connection of a network.

MAC address: A MAC address is a unique serial number assigned to every network interface on every device.  

The major difference is MAC address uniquely identifies a device that wants to take part in a network while the IP address uniquely defines a connection of a network with an interface of a device.

Ques 8. What is the difference between virus and worm?

Virus: It is a type of malware that spreads by embedding a copy of itself and becomes a part of other programs. Viruses spread from one computer to another while sharing the software or document they are attached to using a network, file sharing, disk, or infected email attachments. 

Worm: These are similar to viruses and cause the same type of damage. They replicate functional copies of themselves and do not require a host program or human help to propagate. Advanced worms leverage encryption, ransomware, and wipers to harm their targets.

Ques 9. What do you mean by keystroke logging?

Keystroke logging is also known as keylogging or keyboard capturing. It is a type of surveillance software that records every keystroke made on the keyboard. Every action made on the keyboard is monitored, and data is retrieved by operating through the logging program. 

Ques 10. What is Cowpatty?

Cowpatty is the implementation of the offline dictionary attack against WPA/WPA2 networks using PSK-based authentication.

E.g. WPA-Personal

Most of the enterprises employ PSK-based authentication for WPA/WPA2 networks.

Ques 11. What do you mean by exploitation?

Exploitation is a part of programmed software or script that allows hackers to gain control over the targeted system/network and exploit its vulnerabilities. Most hackers use scanners like OpenVAS, Nessus, etc., to find these vulnerabilities.

Ques 12. What is a phishing attack?

Phishing is an attempt to steal sensitive information such as user data, credit card numbers, etc. These attacks occur mostly while using personal email accounts or social networking sites, online transactions, and more.

Ques 13. What are the types of hackers?

Based on the hacker’s motive and legality of actions, they are divided into three types:

• Black Hat: These hackers are responsible to create malware; they gain unauthorized access to a system or network and harm its operations and steal sensitive information. 
• White Hat: These hackers are also known as ethical hackers; they’re often employed by companies or government agencies to find out the vulnerabilities. They never intend to harm the system instead find out the weaknesses in the network/system as part of penetration testing and vulnerability assessments.
• Grey Hat: These hackers are a blend of both white hat and black hat hackers; they find out the vulnerabilities in a system without the owner’s permission or knowledge. Their intention is to bring the weaknesses in the system to the owner's attention and demand some compensation or incentive from the owner.

Apart from the above well-known hackers, there are miscellaneous hackers based on what they hack and how they do it:

• Hacktivist: The person who utilizes technology for announcing social, religious, or political messages. Mostly hacktivism includes website defacement or denial-of-service attacks.  
• Script Kiddie: The one who enters into the computer system using the automation tools written by others and has less knowledge of the underlying concept, hence the term kiddie. 
• Elite Hackers: This is a social message among hackers that describes the most skilled ones. Recently identified exploits will circulate among these hackers.
• Neophyte: They are also known as green hat hacker or newbie who has no knowledge about the workings of technology and hacking.
• Blue Hat: The one who is outside of computer security consulting firms try to attempt a bug test to a system before its launch to find out the weaknesses and close the gaps. 
• Red hat: They are a blend of both black hat and white hat hackers, usually employed by top security agencies, government agencies, etc., that fall under the category of sensitive information.

Ques 14. What are the different types of hacking?

Based on the category of being hacked, hacking is divided into different types as follows:

1. Website hacking: It refers to unauthorized access over a web server and its associated software such as databases and interfaces, and making changes to the information.
2. Network hacking: It refers to collecting data about a network using tools like Telnet, ping, etc., with the intent to harm the network and hamper its operations.
3. Email hacking: It refers to unauthorized access to the email account and utilizing it without the owner’s permission.
4. Password hacking: It refers to the process of recovering secret passwords from data that has been stored in the computer system.
5. Computer hacking: It refers to unauthorized access to the computer and stealing the data such as computer passwords and ID by employing hacking techniques.

Ques 15. What are the advantages and disadvantages of ethical hacking?

Advantages:

• It helps to fight against cyber terrorism and national security breaches.
• It helps to take preventive actions against hackers.
• Detects the weaknesses and closes the gaps in a system or a network.
• Prevents gaining access from malicious hackers.
• Provides security to banking and financial settlements.

Disadvantages:

• Might use the data against malicious hacking activities.
• May corrupt the files of an organization.
• Possibility to steal sensitive information on the computer system.

Ques 16. What do you mean by Trojan and explain its types?

A Trojan is a type of malware that is often developed by hackers or attackers to gain access to target systems. Users are manipulated by some attractive social media ads and then directed towards malicious sites into loading and performing Trojans on their systems.

Types of Trojans:

1. Trojan-Downloader: It is a type of virus that downloads and installs other malware.
2. Ransomware: It is a type of Trojan that can encrypt the data on your computer/device. 
3. Trojan-Droppers: These are complex programs used by cybercriminals to install malware. Most antivirus programs do not identify droppers as malicious, and hence it is used to install viruses.
4. Trojan-Rootkits: It prevents the detection of malware and malicious activities on the computer. 
5. Trojan-Banker: These steal user account-related information such as card payments and online banking.
6. Trojan-Backdoor: It is the most popular type of Trojan, that creates a backdoor for attackers to access the computer later on from remote using a remote access tool (RAT). This Trojan provides complete control over the computer.

Ques 17. What is enumeration in ethical hacking?

Enumeration is the primary phase of ethical hacking that is information gathering. In this phase, the attacker builds an active connection with the victim and tries to gain as much information as possible to find out the weaknesses or vulnerabilities in the system, and tries to exploit the system further.

Enumeration collects information about:

• Network shares
• Passwords policies lists
• IP tables
• SNMP data, if they are not secured properly
• Usernames of different systems

Ques 18. What are the different enumerations available in ethical hacking?

The different enumerations available in ethical hacking are listed below:

• DNS enumeration
• NTP enumeration
• SNMP enumeration
• Linux/Windows enumeration
• SMB enumeration

Ques 19. What is defacement?

Defacement is an attack in which the hacker changes the visual appearance of a web page or website. The attacker replaces the firm’s site with an alternate page or sometimes opposite to the text of the website.

Ques 20. What is MIB?

Management Information Base (MIB) is a virtual database of network objects. It contains all the formal descriptions of the network objects being monitored by a network management system. The MIB database of objects is used as a reference to a complete collection of management information on an entity like a computer network.

Ques 21. What is MAC flooding and how to prevent it?

MAC flooding is an attacking method that is used to compromise the security of the network switches. These switches maintain a table structure called a MAC table that consists of each MAC address of the host computer on the networks which are connected to the ports of the switch.

To prevent MAC flooding, use the following methods:

• Authentication with the AAA server
• Port security
• Implement IEEE 802.1x suites
• Employ security measures to prevent IP spoofing or ARP spoofing 

Ques 22. What is footprinting?

Footprinting is a technique used for collecting as much information as possible about the targeted network/system/victim to execute a successful cyber attack. It also finds out the security posture of the target. During this phase, a hacker can collect data about a domain name, IP address, namespace, employee information, phone numbers, emails, and job information.

Footprinting is divided into two types:

Passive footprinting: It collects data of the target system located at a remote distance from the attacker.

Active footprinting: It is performed directly by getting in touch with the target machine.

Ques 23. What do you mean by fingerprinting in ethical hacking?

Fingerprinting is a technique used for determining which operating system is running on a remote computer.

Active fingerprinting: In this, we send the specially crafted packets to the target machine, and based on its response and gathered data, we determine the target OS.

Passive fingerprinting: In this, based on the sniffer traces of the packets, we can find out the OS of the remote host.

Ques 24. What is sniffing and what are its types?

Sniffing is referred to as a process of monitoring and capturing the data packets passing through a given network. It is mostly used by system/network administrators to monitor and troubleshoot network traffic. Sniffing allows you to see all sorts of traffic, both protected and unprotected. Attackers use this to capture data packets having sensitive information such as email traffic, FTP password, web traffic, router configuration, DNS traffic, and more.

Sniffing is divided into two types:

Active sniffing:

In this, traffic is not only locked and monitored but it may be altered in some way determined by the attack. It is used to sniff a switch-based network. It involves injecting the address resolution packets into a target network to switch on the content addressable memory table.

Passive sniffing:

In this, traffic is locked but not at all altered in any way. It works with hub devices, and traffic is sent to all the ports. Any traffic that is passing through the unbridged or non-switched network segment can be seen by all the machines on the segment.

Ques 25. What are the best sniffing tools?

The best sniffing tools are listed below:

• Tcpdump
• Wireshark
• Fiddler
• EtherApe 
• Packet Capture
• NetworkMiner
• WinDump
• EtterCap
• dSniff

Ques 26. What is ARP poisoning?

ARP (Address Resolution Protocol) poisoning is also known as ARP spoofing or ARP Poison routing. It is a form of attack where the attacker changes the MAC (Media Access Control) address and attacks the ethernet LAN network by changing the target computer’s ARP cache with forged requests and reply packets.

Ques 27. How to prevent ARP poisoning?

ARP poisoning can be prevented by the following methods:

Packet filters:

These help in reducing the chances of attacks being successful. These filters analyses each packet that has been sent over a network and filter out and blocks malicious packets that are suspicious.

Encryption:

Protocols such as SSH and HTTPS will also help you to reduce ARP poisoning attacks.

VPNs:

These are not suitable for larger organizations as each VPN connection needs to be placed between each computer and each server. If it is only a single person trying to attack using public wifi, then VPN will encrypt all the data that has been transmitted between the exit server and the client.

Static ARP entries:

This is suitable for smaller networks. This ARP is added for every machine on a network into a single individual computer.

Ques 28. What is DNS Cache Poisoning?

DNS cache poisoning is a technique that exploits vulnerabilities in the DNS (domain name system) to divert internet traffic away from legitimate servers and towards false ones. It is also known as DNS spoofing.

Ques 29. What is SQL injection and how to prevent it?

SQL injection is a type of injection attack that executes malicious SQL statements and controls the database server behind a web application.

These attacks mostly take place on the web pages developed using different web technologies.

These attacks can be made with the following intentions:

• To execute the different queries that are not allowed on the application.
• To change the content of the database
• To dump the entire database of the system.

The only way to prevent the SQL injection attack is input validation and parameterized queries including prepared statements. The application code should never use the input directly.

Ques 30. What is Cross-Site scripting and how can you fix it?

Cross-Site Scripting (XSS) is also referred to as a client-side code injection attack. In this, the attacker intends to execute malicious scripts on the victim’s web browser by including malicious code in a legitimate page or web application.

The actual attack occurs when the victim visits the page and executes malicious code, and this web application actually becomes a vehicle to deliver the malicious script to the user’s browser. Forums, web pages, and message boards that allow comments support cross-site scripting attacks.

To fix these attacks, apply context-dependent output encoding. 

Ques 31. What is a DDoS attack and how does it work?

DDoS (Distributed Denial of Service) attack is a type of DoS attack, where several compromised systems are often infected with a trojan and are used to target a single system causing a DoS (Denial of Service) attack.

Here is how DDoS work:

It is an attempt to make a webpage or online service inaccessible by overloading it with huge floods of traffic from various sources.

Ques 32. What are the types of DDoS attacks?

DDoS attacks are categorized into three types:

Volume-based Attacks:

These are also known as Layer3 & 4 attacks. In this, the attacker tries to saturate the bandwidth of the target site.

Protocol Attacks:

These attacks include actual server resources and others like load balancers and firewalls, and they are measured in Packets per Second.

Application Layer Attacks:

It includes the zero-day DDoS attacks, Slowloris, etc., that attack the Windows, Apache, or OpenBSD vulnerabilities and more. This is measured in Requests per Second.

Ques 33. What is a Pharming attack and how to prevent it?

Pharming attack is one of the various cyber-attacks practiced by the attackers. It is a fraudulent practice in which legitimate website traffic is manipulated to direct users to the fake look-alikes that will steal personal data such as passwords or financial details or install malicious software on the visitor's computer.

Pharming attacks can be prevented by the following methods:

• Install the power antivirus software that will detect and remove the malware that is directed to the malicious sites on your computer.
• Check the URLs on the sites that you visit are trustworthy. 

Ques 34. What is Spoofing?

Spoofing is a fraudulent practice in which communication is sent from an unauthorized source and disguised as a known source to the receiver. It is used to gain access to targets' personal information and spread malware and redistribute traffic to execute a denial-of-service attack.

The below listed are the most popular spoofing attacks: 

• Email spoofing
• Website spoofing
• Caller ID spoofing
• ARP spoofing
• DNS server spoofing

Ques 35. What are the different types of penetration testing?

There are five types of penetration testing:

1. Black Box: In this, the hacker attempts to detect information by their own means.
2. External Penetration Testing: In this case, the ethical hacker attempts to hack using public networks through the Internet. 
3. Internal Penetration Testing: The ethical hacker is inside the network of the company and conducts his tests from there.
4. White Box: In this, an ethical hacker is provided with all the necessary information about the infrastructure and the network of the organization that needs to penetrate.
5. Grey Box: It this, the hacker has partial knowledge of the infrastructure, like its domain name server.

Ques 36. What are the types of password cracking techniques?

The most popular password cracking techniques used by hackers are listed below:

1. Dictionary attack: This attack uses the common kind of words and short passwords that many people use. The hacker uses a simple file containing words that can be found in the dictionary and tries them frequently with numbers before or after the words against the user accounts.
2. Brute force attacks: These are similar to dictionary attacks, but instead of using simple words, hackers detect the non-dictionary words by using all possible alphanumeric combinations from aaa1 to zzz10.
3. Man in the middle attack: In this, the attacker's program actively monitors the information being passed and inserts itself in the middle of the interaction usually by impersonating an application or website. These attacks steal sensitive information such as social security numbers, account numbers, etc.
4. Traffic interception: In this, the hacker uses packet sniffers to monitor network traffic and capture passwords.
5. Keylogger attack: The hacker manages to install software to track the user's keystrokes and enable them not only to collect the user's account information and passwords but also to check which website or app the user was logging into the credentials.

Ques 37. What is a social engineering attack?

Social engineering is referred to like a broad range of methods majorly intended by the people who want to hack other people’s data or make them do a specific task to benefit the hacker.

The attacker first collects the victim’s information like security protocols required to proceed with the attack, and gains the victim's trust, and breaks security practices, such as granting access to critical resources or stealing sensitive information.  

Ques 38. What are the different types of social engineering attacks?

Different types of social engineering attacks include:

• Phishing
• Vishing
• Pretexting
• Quid pro quo
• Tailgating
• Spear phishing
• Baiting

Ques 39. What is a rogue DHCP server?

A rogue DHCP server is a DHCP server set up on a network by an attacker which is not under the control of network administrators. It can be either a modem or a router.

Rogue DHCP servers are primarily used by hackers for the purpose of network attacks such as Sniffing, Reconnaissance, and Man in the Middle attacks.

Ques 40. What is Burp Suite?

Burp Suite is an integrated platform used for executing a security test of web applications. It consists of various tools that work seamlessly together to manage the entire testing process from initial mapping to security vulnerabilities.