Ethical Hacking Interview Questions and Answers
by Sathish, on Jan 11, 2021 10:43:24 AM
1.What is hacking?
Ans. Hacking refers to unauthorized intrusion in a system or a network. The person involved in this process is called a hacker. They use the computer to commit non-malicious activities such as privacy invasion, stealing personal/corporate data, and more.
2.What is ethical hacking?
Ans. Ethical hacking is also known as penetration testing or intrusion testing where the person systematically attempts to penetrate/intrude into a computer system, application, network, or some other computing resources on behalf of its owner and finds out threats and vulnerabilities that a malicious hacker could potentially exploit.
The main objective of ethical hacking is to improve the security of the system or network and fix the vulnerabilities found during the testing. Ethical hackers employ the same tools and techniques adopted by malicious hackers to improve security and protect the system from attacks by malicious users with the permission of an authorized entity.
3.What are the advantages and disadvantages of hacking?
|It can be used to foil security attacks||It creates massive security issues|
|To plug the bugs and loopholes||Get unauthorized system access|
|It helps to prevent data theft||Stealing private information|
|Hacking prevents malicious attacks||Violating privacy regulations|
4.Why is Python utilized for hacking?
Ans:Most broadly utilized scripting language for Hackers is Python. Python has some very critical highlights that make it especially valuable for hacking, most importantly, it has some pre-assembled libraries that give some intense functionality.
5.What is network sniffing?
Ans: System sniffing includes utilizing sniffer tools that empower real- time monitoring and analysis of data streaming over PC systems. Sniffers can be utilized for various purposes, regardless of whether it’s to steal data or manage systems. Network sniffing is utilized for ethical and unethical purposes. System administrators utilize these as system monitoring and analysis tool to analyse and avoid network related issues, for example, traffic bottlenecks. Cyber criminals utilize these devices for untrustworthy purposes, for example, character usurpation, email, delicate information hijacking etc.
6.What do you mean by DOS (Denial of administration) assault? Explain. What are the regular types of DOS assault?
Ans: Denial of Service, is a malicious attack on network that is executed by flooding the system with useless traffic. Despite the fact that DOS does not cause any data breach or security breach, it can cost the site proprietor a lot of cash and time.
- Buffer Overflow Attacks
- SYN Attack
- Teardrop Attack
- Smurf Attack
7.What do you understand by footprinting in ethical hacking? What are the techniques utilized for foot printing?
Ans: Footprinting is nothing but accumulating and revealing as much as data about the target network before gaining access into any network. Open Source Footprinting : It will search for the contact data of administrators that will be utilized for guessing password in Social Engineering Network Enumeration : The hacker attempts to distinguish the domain names and the network blocks of the target network Scanning : After the network is known, the second step is to spy the active IP addresses on the network. For distinguishing active IP addresses (ICMP) Internet Control Message Protocol is a functioning IP addresses Stack Fingerprinting : the final stage of foot printing step can be performed, once the hosts and port have been mapped by examining the network, this is called Stack fingerprinting.
8.What are the different types of hacking?
Ans: Based on the category of being hacked, hacking is divided into different types as follows:
- Website hacking: It refers to unauthorized access over a web server and its associated software such as databases and interfaces, and making changes to the information.
- Network hacking: It refers to collecting data about a network using tools like Telnet, ping, etc., with the intent to harm the network and hamper its operations.
- Email hacking: It refers to unauthorized access to the email account and utilizing it without the owner’s permission.
- Password hacking: It refers to the process of recovering secret passwords from data that has been stored in the computer system.
- Computer hacking: It refers to unauthorized access to the computer and stealing the data such as computer password and ID by employing hacking techniques.
9.What are the various stages of hacking?
Ans. There are mainly five stages in hacking:
- Reconnaissance: This is the primary phase of hacking, also known as footprinting or information gathering phase, where hacker collects as much information as possible about the target. It involves host, network, DNS records, and more.
- Scanning: It takes the data discovered during reconnaissance and uses to examine the network.
- Gaining access: The phase where attackers enter into a system/network using various tools and techniques.
- Maintaining access: Once hackers gain access, they want to maintain access for future exploitation and attacks. This can be done using trojans, rootkits, and other malicious files.
- Covering tracks: Once the hackers are able to gain and maintain access, they cover tracks to avoid detection. It involves the modifying/deleting/corrupting value of logs, removing all traces of work, uninstalling applications, deleting folders, and more.
10.What do you mean by Trojan and explain its types?
Ans: A Trojan is a type of malware that is often developed by hackers or attackers to gain access to target systems. Users are manipulated by some attractive social media ads and then directed towards malicious sites into loading and performing Trojans on their systems.
Types of Trojans:
- Trojan-Downloader: It is a type of virus that downloads and installs other malware.
- Ransomware: It is a type of Trojan that can encrypt the data on your computer/device.
- Trojan-Droppers: These are complex programs used by cybercriminals to install malware. Most of the antivirus programs do not identify droppers as malicious, and hence it is used to install viruses.
- Trojan-Rootkits: It prevents the detection of malware and malicious activities on the computer.
- Trojan-Banker: These steal user account-related information such as card payments and online banking.
- Trojan-Backdoor: It is the most popular type of Trojan, that creates a backdoor to attackers to access the computer later on from remote using a remote access tool (RAT). This Trojan provides complete control over the computer.
11.What is enumeration in ethical hacking?
Ans. Enumeration is the primary phase of ethical hacking that is information gathering. In this phase, the attacker builds an active connection with the victim and tries to gain as much information as possible to find out the weaknesses or vulnerabilities in the system and tries to exploit the system further.
Enumeration collects information about:
- Network shares
- Passwords policies lists
- IP tables
- SNMP data, if they are not secured properly
- Usernames of different systems
12.What are the different enumerations available in ethical hacking?
Ans. The different enumerations available in ethical hacking are listed below:
- DNS enumeration
- NTP enumeration
- SNMP enumeration
- Linux/Windows enumeration
- SMB enumeration
13.What do you mean by fingerprinting in ethical hacking?
Ans. Fingerprinting is a technique used for determining which operating system is running on a remote computer.
Active fingerprinting: In this, we send the specially crafted packets to the target machine and based on its response and gathered data, we determine the target OS.
Passive fingerprinting: In this, based on the sniffer traces of the packets, we can find out the OS of the remote host.