Part 1

Cybersecurity
Interview Questions

TOP 40+ Interview Questions &

Answers

[Link] +91 95038 20287 info@[Link]

1. What is Cybersecurity?

Answer:
Cybersecurity refers to protecting systems, networks, applications, and data from
cyber threats such as unauthorized access, attacks, or damage.
It includes preventive, detective, and responsive security measures to ensure data
and system protection.

Goal:
Prevent attacks
Protect data
Detect threats
Respond to incidents

2. What is the CIA Triad?

Answer:
The CIA triad represents the three core principles of cybersecurity:

Confidentiality:
Ensures information is accessible only to authorized individuals (e.g.,
encryption, access control).

Integrity:
Ensures data remains accurate and unaltered (e.g., hashing, checksums).

Availability:
Ensures systems and data are available when needed (e.g., redundancy,
backups).

[Link] +91 95038 20287 info@[Link]

3. What are common types of cyber attacks?
Answer:
Phishing (social engineering)
Malware (viruses, worms, trojans)
Ransomware (encrypts data for ransom)
SQL Injection (database manipulation)
XSS (script injection)
DoS/DDoS (service disruption)
MITM (man-in-the-middle interception)
Zero-day exploits (unknown vulnerabilities)

4. Difference between Vulnerability, Threat, and Risk

Answer:
Vulnerability: A weakness in a system (e.g., outdated software).

Threat: Anything that can exploit a vulnerability (e.g., attacker).

Risk: The potential damage if a threat exploits a vulnerability.

5. What is VAPT?
Answer:
Vulnerability Assessment: Finds weaknesses.
Penetration Testing: Exploits weaknesses to test security.
Together, VAPT identifies and validates real-world risks.

[Link] +91 95038 20287 info@[Link]

6. What is a Firewall?
Answer:
A firewall monitors and filters incoming/outgoing traffic based on rules.
It acts as a barrier between trusted and untrusted networks.

Types:
Packet-filtering
Stateful inspection
Proxy firewall
Next-Gen Firewall (NGFW)

7. Difference between IDS and IPS

Answer:
IDS (Intrusion Detection System): Detects suspicious activity and alerts.
IPS (Intrusion Prevention System): Detects and blocks threats in real time.

8. What is SQL Injection?

Answer:
An attack where malicious SQL queries are injected into input fields to
access/modify database data.

Prevention:
Parameterized queries
Prepared statements
Input validation

[Link] +91 95038 20287 info@[Link]

9. What is XSS (Cross-Site Scripting)?
Answer:
An attack where malicious scripts are injected into trusted websites.

Types:
Stored, Reflected, DOM-based
Prevention: Output encoding, input validation, CSP

10. What is CSRF (Cross-Site Request Forgery)?

Answer:
Forces a user to perform actions they did not intend while authenticated.

Prevention:
CSRF tokens
SameSite cookies
Re-authentication

11. What is Encryption vs Hashing?

Answer:
Encryption: Reversible (AES, RSA). Used for protecting confidentiality.
Hashing: Irreversible (SHA-256). Used for verifying data integrity.

12. Symmetric vs Asymmetric Encryption

Answer:
Symmetric: Same key for encryption/decryption (fast).
Asymmetric: Uses a public & private key pair (secure key exchange).
13. What is MFA (Multi-Factor Authentication)?
Answer:
Using 2+ verification factors:

Something you know (password)

Something you have (OTP)
Something you are (biometric)

14. What is Principle of Least Privilege?

Answer:
Users and systems should have only the minimum necessary access needed
to perform tasks.

Reduces damage in case of breach.

15. What is a SOC (Security Operations Center)?

Answer:
A dedicated team that:
Monitors
Detects
Investigates
Responds to security incidents

Using tools like SIEM, EDR, Threat Intel platforms.

16. What is SIEM?
Answer:
Security Information & Event Management:

Collects logs
Correlates events
Detects threats
Generates alerts

Tools: Splunk, QRadar, Azure Sentinel.

17. What is MITRE ATT&CK?

Answer:
A globally used framework that maps attacker behavior across:

Tactics (why)
Techniques (how)

Used for threat detection & SOC use cases.

18. Difference between Red, Blue, and Purple Teams

Answer:
Red Team: Offensive — simulates attacks
Blue Team: Defensive — protects system
Purple Team: Collaboration between Red & Blue

19. What is a Zero-Day Vulnerability?

Answer:
A vulnerability unknown to the vendor and exploited before a patch is
available.
20. What is an Incident Response Plan?
Answer:
A structured process to handle cyber incidents:

Preparation
Detection
Containment
Eradication
Recovery
Lessons Learned

21. What is Threat Intelligence?

Answer:
Information that helps organizations identify, predict, and prevent cyber threats.

Sources: MISP, OTX, VirusTotal, commercial feeds.

22. What is EDR (Endpoint Detection & Response)?

Answer:
Practices that protect cloud environments such as AWS, Azure, GCP.

Includes:
Identity (IAM)
Encryption
Monitoring
Compliance
24. What is API Security?
Answer:
Protecting APIs from threats like:

Broken Authentication
Data Exposure
Injection attacks
Rate Limit abuse

25. What is DevSecOps?

Answer:
Integrating security into every stage of DevOps pipeline:

Build → Test → Deploy → Monitor.

26. What is DLP (Data Loss Prevention)?

Answer:
Tools and processes to prevent unauthorized data transfer.

27. What is a Threat Model?

Answer:
A structured approach to identify:

Possible threats
Attack vectors
Mitigation strategies
28. Common Cybersecurity Tools
Answer:
Burp Suite
Metasploit
Nessus
Wireshark
Nmap
Splunk
OSINT tools

29. Key SOC Metrics

Answer:
MTTD: Mean Time to Detect
MTTR: Mean Time to Respond
False Positives
Escalation rate

30. What is OWASP Top 10?

Answer:
Broken Access Control
Injection
XSS
Insecure Design
Security Misconfigurations
SSRF
… and more.
31. What is SSL/TLS?
Answer:
Protocols used to encrypt data between user and server.

TLS is the modern, secure version of SSL.

32. What is a DMZ (Demilitarized Zone)?

Answer:
A network segment between internal and external networks that hosts
public-facing services.

33. What is Port Scanning?

Answer:
Scanning network ports using tools like Nmap to discover services and
vulnerabilities.

34. What is ARP Spoofing?

Answer:
Manipulating ARP tables to redirect network traffic through the attacker.

35. What is DNS Spoofing?

Answer:
Altering DNS responses to redirect users to malicious sites.
36. What is a VPN?
Answer:
A Virtual Private Network encrypts traffic and provides secure remote access.

37. What is Packet Sniffing?

Answer:
Capturing and analyzing network packets using tools like Wireshark.

38. What is SIEM Correlation?

Answer:
Detecting complex attacks by analyzing patterns across multiple
logs/events.

39. What is Cyber Threat Hunting?

Answer:
Proactively searching through networks to detect threats that evaded
detection tools.

40. What is Social Engineering?

Answer:
Manipulating people into giving up confidential information.

Examples:
Phishing
Pretexting
Tailgating