Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

EXIN Cyber & IT Security Foundation Interview Questions

  1. Home
  3. EXIN Cyber & IT Security Foundation Interview Questions
EXIN Cyber & IT Security Foundation Interview Questions

1. Could you explain what is networking TCP IP?

TCP/IP is an abbreviation for Transmission Control Protocol/Internet Protocol and is a set of rules used to connect computers on the Internet. TCP/IP also has uses in private computer networks (intranets or extranets).

2. Can you name the 4 layers of TCP IP?

  • Application
  • Transport
  • Network
  • Link layers

3. What are the protocols in TCP IP?

  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)

4. What is the difference between TCP and UDP?

 TCP is a protocol that establishes a connection before transferring data, whereas UDP does not establish a connection until after data is sent. TCP is slower than UDP because it requires additional handshaking to set up a connection. Overall, UDP is faster and simpler than TCP but lacks the functionality for retransmitting lost data packets.

5.  How would you define the OSI model?

The Open Systems Interconnection (OSI) model is a seven-layer framework for communications over computer networks. The model was first adopted by all major computer and telecommunication companies in the early 1980s.

6. Can you name the seven layers of the OSI model?

  • Layer 1: Physical
  • Layer 2: Data Link
  • Layer 3: Network
  • Layer 4: Transport
  • Layer 5: Session
  • Layer 6: Presentation
  • Layer 7: Application

7. Can an operating system be vulnerable?

A flaw in the code or the operational logic within the operating system or application is called Vulnerability. Since the OSs of modern-day computing have a lot of complexity and offer several functionalities, it is nearly impossible for a development team to come up with software that has no glitches. 

8. What are the most common vulnerabilities that exist in a network or system?

  • Various types of malware
  • Software Applications can be outdated or unpatched.
  • Passwords that are easy to crack
  • Absence of multi-factor Authentication
  • Weak Firewalls
  • Vulnerabilities due to the mobility of devices
  • Absence of Data Backup
  • Email that isn’t secure

9. Can you name the various types of vulnerabilities in cyber security?

  • No data encryption.
  • OS command injection.
  • SQL injection.
  • Buffer overflow.
  • Access to critical functions without proper authentication.
  • Absence of authorization.
  • No restriction on upload of dangerous file types.
  • Dependency on distrustful inputs in a security decision.

10. What is the need for security measures?

 Policies and regulations are important parts of maintaining, implementing, administering, and auditing an organization’s security. Such measures not only help alleviate threats and attacks to the organization but also implement countermeasures in quick succession.

11. Do you know the four elements of computer security?

  • Protection
  • Detection
  • Verification
  • Reaction

12. Could you elaborate on the job of an application developer?

Developers are responsible for the coding, designing, and monitoring updates to the application. They may also troubleshoot possible security threats and provide end-user support. A developer may handle some project management tasks on the journey to building a new application.

13. What are the various kinds of application development?

  • Waterfall development
  • Agile development
  • Rapid Application Development (RAD)

14. How would you define countermeasure in security?

 A countermeasure is an action or device designed to reduce the effects of a threat on a computer system or network.

15. Can you name the types of countermeasures?

  • cryptography methods
  • humans factors
  • intrusion detection methods

16. How do encryption methodologies work?

Encryption algorithms are ways to scramble data. Encryption algorithms use keys to change the data predictably so that even though the encrypted data will appear random, it can be turned back into plaintext by using the decryption key.

17. What are the various kinds of encryption standards?

  • DES
  • AES
  • RSA

18. Can you differentiate between digital signature and hashing?

Hashes are used to check that messages have not been altered, and digital signatures are used to check that messages have not been altered and are authentic.

19. How does hashing create a digital signature?

A digital signature uses a hashing algorithm to generate a unique hash of the message or document. The sender then encrypts the hash using his or her private key. Changing any part of the message will produce a different hash.

20. What is Public Key Infrastructure PKI technology used for?

Public Key Infrastructure (PKI) is a system that allows you to encrypt and sign data, making it possible to authenticate the identity of users, devices, or services.

21. What are the benefits of Public Key Infrastructure?

  • Administrates the issuance of digital certificates to secure critical data
  • provides unique distinctive identification for users, devices, and applications
  • protect end-to-end communications

22. Can you name the key components of the Public Key Infrastructure PKI framework?

  • public key.
  • private key.
  • Certificate Authority.
  • Certificate Store.
  • Certificate Revocation List.
  • Hardware Security Module.

23. Which of the two would you rate more secure: SSL or IPsec?

Once a user is logged into the network, SSL takes over as the primary security protocol. SSL VPNs allow employees to access specific applications, whereas IPsec users are given full access to the network. By restricting access to certain resources, it’s easier to keep sensitive information secure.

24. What are the three IPsec protocols?

  • Authentication Header (AH)
  • Encapsulating Security Payload (ESP)
  • Internet Key Exchange (IKE)

25. Can you explain single sign-on SSO and its working mechanism?

Single sign-on is a technology that merges various types of application login screens into one. Instead of logging into separate pages for each application, you only have to enter your login credentials once on the SSO page.

26. How is single sign-on (SSO) different from social sign-on? 

SSO enables a user to access multiple services using one set of credentials. Whereas, social sign-on enables users to access a website using their social media account credentials.

27. Can you name the three main cloud computing deployment models?

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)

28. How do you categorize attack surface threats?

Attack surface threats can be categorized as –

  • Specific-user access.
  • Multi-user access.
  • Unknown-user access.

29. How are threats different from attacks?

Threats come in all shapes, sizes, and motives. Some are intentional, like human negligence or failure. Others are unintentional, like natural disasters. An intentional threat that is usually planned by a person who has a motive for the attack, such as stealing something, is called an attack. 

30. Can you explain the term ‘actor’ in the context of cybersecurity?

 A threat actor is someone responsible for a cybersecurity incident. It’s a neutral way of referring to them because it doesn’t label them as an individual, groups, or collections of multiple groups.

EXIN Cyber & IT Security Foundation free practice test
Menu