Cyber Security Interview Questions Part-4

Shifa cyclewala
5 min readAug 7, 2021

Precontext: This is the part 4 of the series of cyber security interview questions. If you haven’t read the first part go here -




  1. What are Ports and Protocols ?

Protocol is a set of rule by definition in computer networking, Protocol is a standard way for computers to exchange information each protocol has a port number assigned to it

There are 65,535 ports in total

2. Interviewer may ask you about any specific port or protocols.
Here is the list of most important ports and protocols

FTP — Port Number : 20,21 :
FTP : File Transfer Protocol
Use : The purpose of FTP is to transfer files Upload and Download

SSH — Port 22 :
SSH Secure Shell
Use : The SSH protocol uses encryption to secure the connection between a client and a server
It is used for remote login

Telnet — Port 23 :
Use : Its main function is to establish a connection between a server and a remote computer.
It is used for remote login

NOTE: The key difference between Telnet and SSH is that SSH uses encryption,
which means that all data transmitted over a network is secure , from eavesdropping

RDP — 3389 :
Remote Desktop Protocol
This port has been developed by Microsoft. It enables you to establish a connection with a remote computer
But this time we need a windows device at the other end.

DNS — 53 :
Domain Name System
URL to IP Mapping.

SMTP — 25 :
Simple mail transfer protocol
Sending Emails.

POP3 — 110 :
Post office protocol v3
Receiving emails.

IMAP4 — 143:
Internet message access protocol v4
Receiving emails(new version).

HTTP — 80 :
hypertext transfer protocol
Connect to the web pages on the internet
This is an application layer protocol

HTTPS — 443 :

Hypertext transfer protocol secure.
HTTPS is a secure protocol which uses TLS/SSL certificate to ensure the authentication.

3. What is ping and what packets does Ping use?

A ping is a signal sent to a host that requests a response.
It serves two primary purposes:
1) To check if the host is available
2) To measure how long the response takes.

Ping uses ICMP(Internet Control Message Protocol) Packets.

4. Explain me the process when I type in my browser and hit enter what happens in background


Explain how DNS works?

1. Browser Cache
2. OS Cache
3. Resolver(ISP)
4. Root server — have records based on TLDs that is Top level Domains
the root server knows where to locate the .COM .ORG .NET
5. Receives ip add a Request to Resolve a Domain Name.
6. Search for an IP Locally.
7. Contact ISP and its Recursive DNS Server to Resolve a Domain Name.
8. Ask Outside DNS Servers to Provide an IP Address.
9. Receive the IP Address.

5. What is the difference between Encoding , Encryption and hashing?

Encoding :-
Encoding can be used for reducing the size
data is transformed from one form to another. The main aim of encoding is to transform data into a form that is readable by most of the systems or that can be used by any external process.
Encoding transforms data into another format using a scheme that is publicly available so that it can easily be reversed. It does not require a key as the only thing required to decode it is the algorithm that was used to encode it.
Examples: ascii, unicode, URL Encoding, base64

Encryption :-
In encryption, data to be encrypted (called plain-text) is transformed using an encryption algorithm like AES encryption or RSA encryption using a secret key called cipher. The encrypted data is called cipher-text, and finally, the secret key can be used by the intended recipient to convert it back to plain-text.
The purpose of encryption is to transform data in order to keep it secret from others,
Example:- sending someone a secret letter that only they should be able to read, or securely sending a password over the Internet.
There are two types of encryption algorithms symmetric and asymmetric encryption

Hashing :-
Hashing serves the purpose of ensuring integrity
as discussed during CIA triad
making it so that if something is changed you can know that it is changed. Technically, hashing takes arbitrary input and produce a fixed-length string that has the following attributes:
The same input will always produce the same output.
1. Multiple disparate inputs should not produce the same output.
2. It should not be possible to go from the output to the input.
3. Any modification of a given input should result in drastic change to the hash.

In hashing, data is converted to the hash using some hashing function, which can be any number generated from string or text. Various hashing algorithms are MD5, SHA256. Data once hashed is non-reversible.

6. What is Encryption and Decryption?

Encryption is the process of translating plain text data (plaintext) into something that difficult to understand known as (ciphertext)

Decryption is the process of converting ciphertext back to plaintext.

7. If you had to both compress and encrypt data during a transmission, which would you do first??

Compress and then encrypt, Compression before encryption is more space efficient. When you encrypt the file you will generate a stream of random data, which will not be compressible and feasible for us.So compression then encryption is preferred

8. What is a Honeypot?

Honeypot is a method of catching hackers in action!!

A honeypot is a system designed to “lure hackers” into revealing their origins and techniques,and they’re used by security researchers and corporate IT staff.
For further analysis they use the same attacks and techniques to prevent their systems and websites.

Honeypot is a technique that allows you to understand attacker behavior and patterns of attacks.

Than these honeypots are used to understand the patterns of attacks by security professionals to stop cyber attacks by mitigating the patterns and attacks found from honeypots

Honeypots vary based on design and deployment models, but they are all intended to look like legitimate, vulnerable systems to attract cybercriminals.

9. What is XXE attack, explain any payload?

XML based attacks are generally referred to as XXE Attack. If the web app is running on XML, we can inject a XML Payload to fetch an internal file or also do a remote code execution.

Payload — <?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM “file:///etc/passwd” >]><foo>&xxe;</foo>

10. Any new CVE/ Zero Day u have heard about?

You can read about news and blogs related new & famous supply chain attacks like solarwinds etc. or any new CVE’s/0 Days. (The Interviewer wants to know are you updated by recent trends)

Printnightmare could be one of the recent attack vectors which could be of potential interest to interviewers while writing this article.

Note: This is the fourth part of the article and there will be more upcoming parts with more questions.

🧑🏻‍🏫 💥Stay Tuned and follow us for more:💥🧑🏻‍🏫

🧑🏻‍💻 Cyber Security School :
🔗 Udemy:
🧑🏻‍🏫 Join our Live Trainings:
📌 Youtube :
💬 Linkedin: