Ethical Hacking Interview Questions and Answers
Freshers / Beginner level questions & answers
Ques 1. What is hacking?
Hacking refers to unauthorized intrusion in a system or a network. The person involved in this process is called a hacker. They use the computer to commit non-malicious activities such as privacy invasion, stealing personal/corporate data, and more.
Ques 2. What is ethical hacking?
Ethical hacking is also known as penetration testing or intrusion testing where the person systematically attempts to penetrate/intrude into a computer system, application, network, or some other computing resources on behalf of its owner and finds out threats and vulnerabilities that a malicious hacker could potentially exploit.
The main objective of ethical hacking is to improve the security of the system or network and fix the vulnerabilities found during the testing. Ethical hackers employ the same tools and techniques adopted by malicious hackers to improve security and protect the system from attacks by malicious users with the permission of an authorized entity.
Ques 3. What are the tools used for ethical hacking?
The most popular ethical hacking tools are listed below:
Ques 4. What are the various stages of hacking?
There are mainly five stages in hacking:
- Reconnaissance: This is the primary phase of hacking, also known as the footprinting or information gathering phase, where the hacker collects as much information as possible about the target. It involves host, network, DNS records, and more.
- Scanning: It takes the data discovered during reconnaissance and uses it to examine the network.
- Gaining access: The phase where attackers enter into a system/network using various tools and techniques.
- Maintaining access: Once hackers gain access, they want to maintain access for future exploitation and attacks. This can be done using trojans, rootkits, and other malicious files.
- Covering tracks: Once the hackers are able to gain and maintain access, they cover tracks to avoid detection. It involves modifying/deleting/corrupting the value of logs, removing all traces of work, uninstalling applications, deleting folders, and more.
Ques 5. What is a firewall?
A firewall is a network security system that allows or blocks network traffic as per predetermined security rules. These are placed on the boundary of trusted and untrusted networks.
Ques 6. What is the difference between encryption and hashing?
Hashing is used to validate the integrity of the content, while encryption ensures data confidentiality and security. Encryption is a two-way function that includes encryption and decryption, while hashing is a one-way function that changes a plain text to a unique digest that is irreversible.
Ques 7. What is the difference between IP address and Mac address?
IP address: For every device, an IP address is assigned. The IP address is a number allocated to a connection of a network.
MAC address: A MAC address is a unique serial number assigned to every network interface on every device.
The major difference is MAC address uniquely identifies a device that wants to take part in a network while the IP address uniquely defines a connection of a network with an interface of a device.
Ques 8. What is the difference between virus and worm?
Virus: It is a type of malware that spreads by embedding a copy of itself and becomes a part of other programs. Viruses spread from one computer to another while sharing the software or document they are attached to using a network, file sharing, disk, or infected email attachments.
Worm: These are similar to viruses and cause the same type of damage. They replicate functional copies of themselves and do not require a host program or human help to propagate. Advanced worms leverage encryption, ransomware, and wipers to harm their targets.
Ques 9. What do you mean by keystroke logging?
Keystroke logging is also known as keylogging or keyboard capturing. It is a type of surveillance software that records every keystroke made on the keyboard. Every action made on the keyboard is monitored, and data is retrieved by operating through the logging program.
Ques 10. What is Cowpatty?
Cowpatty is the implementation of the offline dictionary attack against WPA/WPA2 networks using PSK-based authentication.
E.g. WPA-Personal
Most of the enterprises employ PSK-based authentication for WPA/WPA2 networks.
Ques 11. What do you mean by exploitation?
Exploitation is a part of programmed software or script that allows hackers to gain control over the targeted system/network and exploit its vulnerabilities. Most hackers use scanners like OpenVAS, Nessus, etc., to find these vulnerabilities.
Ques 12. What is a phishing attack?
Phishing is an attempt to steal sensitive information such as user data, credit card numbers, etc. These attacks occur mostly while using personal email accounts or social networking sites, online transactions, and more.
Most helpful rated by users:
Related interview subjects
Data Protection Act interview questions and answers - Total 20 questions |
BGP interview questions and answers - Total 30 questions |
Ethical Hacking interview questions and answers - Total 40 questions |
Cyber Security interview questions and answers - Total 50 questions |
PII interview questions and answers - Total 30 questions |