Ethical Hacking 面接の質問と回答

質問 36. What are the types of password cracking techniques?

The most popular password cracking techniques used by hackers are listed below:

1. Dictionary attack: This attack uses the common kind of words and short passwords that many people use. The hacker uses a simple file containing words that can be found in the dictionary and tries them frequently with numbers before or after the words against the user accounts.
2. Brute force attacks: These are similar to dictionary attacks, but instead of using simple words, hackers detect the non-dictionary words by using all possible alphanumeric combinations from aaa1 to zzz10.
3. Man in the middle attack: In this, the attacker's program actively monitors the information being passed and inserts itself in the middle of the interaction usually by impersonating an application or website. These attacks steal sensitive information such as social security numbers, account numbers, etc.
4. Traffic interception: In this, the hacker uses packet sniffers to monitor network traffic and capture passwords.
5. Keylogger attack: The hacker manages to install software to track the user's keystrokes and enable them not only to collect the user's account information and passwords but also to check which website or app the user was logging into the credentials.

質問 37. What is a social engineering attack?

Social engineering is referred to like a broad range of methods majorly intended by the people who want to hack other people’s data or make them do a specific task to benefit the hacker.

The attacker first collects the victim’s information like security protocols required to proceed with the attack, and gains the victim's trust, and breaks security practices, such as granting access to critical resources or stealing sensitive information.  

質問 38. What are the different types of social engineering attacks?

Different types of social engineering attacks include:

• Phishing
• Vishing
• Pretexting
• Quid pro quo
• Tailgating
• Spear phishing
• Baiting

質問 39. What is a rogue DHCP server?

A rogue DHCP server is a DHCP server set up on a network by an attacker which is not under the control of network administrators. It can be either a modem or a router.

Rogue DHCP servers are primarily used by hackers for the purpose of network attacks such as Sniffing, Reconnaissance, and Man in the Middle attacks.

質問 40. What is Burp Suite?

Burp Suite is an integrated platform used for executing a security test of web applications. It consists of various tools that work seamlessly together to manage the entire testing process from initial mapping to security vulnerabilities.