Top 30 Ethical Hacking Interview Questions

by Monika Dadool 20-Oct-18

0 336


1) What is Hacking?

Hacking is to access someone system for commercial or personal benefits without his/her Permission. In other words, hacking is a Digitized theft.


2) What is Ethical Hacking?

Ethical hacking is accessing someone system with his approval in order to locate the entire system's weakness and then further restoring them.


3) What are the essential skills required for Ethical Hacking?

a) Intelligence

b) Scanning Ability including port, vulnerability, and networks scanning.

c) Able to access and maintain.

d) Able to crack and guess passwords

e) Denial of Service attacks

f) Able to cover Tracks.

g) Session Hijacking


4) How ethical hacking is beneficial?

Ethical hackers are hired by the company to strengthen their database security, preventing malicious attacks, private information stealing, and data theft. The company hired them to perform certain hacking practices for finding the weakness of their system/server which further helps them to recover from it.


5) What do you mean by ARP poisoning?

Address Resolution Protocol poisoning is a network attack. Hackers attack on an Ethernet disturbs ARP's cache and modifies the MAC address.


6) Mention some of the tools that ethical hacker use of?

a) Metasploit

b) Wireshark

c) Nmap

d) Nikto

e) OpenVAS

f) SQLMap

g) IronWASP

h) Burp suite


7) What is SQL injection?

SQL injection is the most common web hacking technique used by the hacker to destroy any Database. It is the injection of malicious code through input in SQL statement. Hackers can able to execute administration operations on the database through SQL questions.


8) Mention some methods that hacker can use for SQL injection?

SQL injection can be done by a hacker through two methods:

a) Through URL, by manipulating query strings or with the use of select and union statement.

b) At login time with the use of multiple stored queries and procedures, "OR" condition and "having" clause.


9) Name some methods for preventing ARP poisoning?

a) Make use of VPN

b) ARP spoofing proof switch

c) Cryptographic network protocols


10) What is Mac Address?

Network interface card of every device is assigned a unique serial number called Mac Address. It can be changed only if we change the NIC card.


11) Ethical Hackers are categorised according to specification. What are their types?

a) Certified Ethical Hackers

b) White Box Penetration Testers

c) Cyber Warrior

d) Black Box Penetration Tester


12) How MAC flooding technique used by Hackers?

This technique is implemented on the network switches. The main objective is targeted on Mac table organized by the switches for storing MAC address of the recipients. Hackers send a huge number of Ethernet Frames to the switch as the intention of consuming memory of switch where MAC addresses are stored. When the Mac table is full, the switch will fail to save new address. This situation makes the switch behave like a Hub and start broadcasting like him. Hackers take advantage of this situation for stealing sensitive Information.


13) Brute Force Hack?

It is a simpler and slow technique used by a hacker to crack the password for a system or resource access. For implementing this technique, the hacker must have knowledge about JavaScript language and can also make use of hydra tool.


14) Name any two tools for DoS attacks?

Panther

Nemesy


15) What do you mean by DoS in hacking Terms?

DoS stands for Denial-of-Service. It is a network attack done by a hacker through network flooding. Hackers continuously send a request to the server which in turn makes the server busy and when authenticate users try to access the server, it results in '500' error.


16) Cross-site scripting

Cross-site scripting /XSS vulnerabilities are usually found on dynamic website due to some coding issues. Hackers make use of JavaScript language to exploit this situation and able to execute it on another browser.

For e.g. If we have developed a website with HTML language, then we are familiar with opening and closing tag. Suppose, we forgot to enter a close tag, Editor software will automatically close all the tag at the end of the code. All the codes will include in the body. This type of problems in our code will create XSS vulnerabilities. The Hacker use the malicious code of javascript and inject it on the website. That code will also include in the body and execute on the websites due to which errors occur on the website.


17) Give an idea on Pharming?

Pharming is the black hat SEO technique used by the hackers to steal Victim's sensitive information without his/her knowledge. Hackers, without victim consent, hijack its computer system and modifies its DNS or IP address and then install malicious code which redirects the traffic towards the malicious site.


18) What is the role of a keylogger trojan in hacking?

A keylogger is a Trojan software used by hackers to steal sensitive information of the user through keystroke tracking.

Hackers install a keylogger tool on the victim's system through phishing method i.e. fake email attachments or by exploiting a Browser vulnerability.


19) Give some password cracking techniques implemented by a hacker?

Ethical Hackers can use different password cracking strategies depending on the applicable situation. Some of the advanced techniques are outlined below:

a) Guessing

b) Attack Rule

c) Attacks Hybrid

d) Dictionary Attack

e) Spidering


20) What do you mean by phishing?

Phishing technique is used by hacker which includes sending false email attachments, chats or website to imitate real system with an objective of stealing sensitive information from the original system or website.


21) What is "Penetration Testing" and how it can be performed?

Ans. penetration testing is one of the security testing techniques used for vulnerabilities identification of the system for security evaluation. It can be performed through Black-box and White-box testing.

Black Box Testing: Entire information is available along with testers.

White Box Testing: No information is available. The system is tested in a real-world scenario for vulnerabilities identification.


22) What do you mean by open source footprinting?

Footprinting is the initial and most convenient stage used by a hacker for information gathering. For hacking any system or organization, there is a need for in-depth knowledge of the system. Hacker's use Open Source Footprinting technique for accommodating system details including ports, services, contact details, and remote access capabilities etc.


23) List some of the important languages required for Ethical Hacking?

a) Assembly Language

b) HTML

c) PERL

d) C/C++

e) JAVASCRIPT

f) PYTHON

g) LISP

h) Reverse Engineering

i) SQL

j) CCNA knowledge


24) Explain what is Network Sniffing?

A network sniffer is a tool used by both Hackers as well as Ethical Hackers for network management, monitoring and locating network issues.


25) Will CCNA certification is helpful for ethical hacker?

Yes, It will be helpful but you need knowledge of other languages too.


26) What is the maximum length of an SSID?

32 characters


27) What are the types of hacking Generally occur?

a) Network Hacking

b) Email Hacking 

c) Ethical Hacking

d) Password Hacking

e) Server Hacking

f) System Hacking


28) Evil Twin?

It is one of the most common methods used by a hacker for accessing wi-fi networks.


29) Buffer Overflow?

These are due to the coding errors found on the languages such as c/c++ etc. Through this, attackers are permitted to input information and can access on an application server.


30) What is Cowpatty?

It is a network tool that permits hackers the offline dictionary-related attacks implementation through a wireless system.Through this tool, attackers can easily hack wi-fi passwords.


31) Give any two web server attack tools?

a) Zeus

b) Mpack


Share:

Comments

    No Comments Yet.

Leave a Reply