Ethical Hacking Interview Questions

What is the difference between active and passive reconnaissance?
Active reconnaissance involves sending packets or requests to the target system or network to gather information, while passive reconnaissance involves collecting information without directly interacting with the target.
What are some common types of web application attacks?
Some common types of web application attacks are SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), broken authentication, and file inclusion.
What is a firewall and how does it work?
A firewall is a network security device that monitors and controls incoming and outgoing traffic based on predefined rules. It acts as a barrier between trusted and untrusted networks, blocking or allowing traffic based on the rules.
What are some tools or techniques for password cracking?
Some tools or techniques for password cracking are brute force, dictionary, rainbow table, hash cat, John the Ripper, and Hydra.
What is encryption and what are some types of encryption algorithms?
Encryption is the process of transforming data into an unreadable form using a secret key, making it secure from unauthorized access. Some types of encryption algorithms are symmetric (such as AES, DES, and RC4) and asymmetric (such as RSA, ECC, and Diffie-Hellman).
What is a VPN and how does it work?
A VPN, or virtual private network, is a secure connection between two or more devices over the internet. It works by creating a tunnel that encrypts and protects the data that passes through it, making it appear as if the devices are on the same network.
What is phishing and how can you prevent it?
Phishing is a type of social engineering attack that involves sending fraudulent emails or messages that appear to be from legitimate sources, with the aim of tricking the recipients into revealing sensitive information or clicking on malicious links or attachments. You can prevent phishing by verifying the sender's identity, checking the URL and spelling, avoiding opening suspicious attachments or links, and using anti-phishing software.
What is a port scan and what are some types of port scans?
A port scan is a technique of probing a system or network to discover open ports and services running on them. It can be used to identify potential vulnerabilities or attack vectors. Some types of port scans are TCP SYN scan, TCP connect scan, UDP scan, stealth scan, and Xmas scan.
What is a malware and what are some types of malware?
Malware, or malicious software, is any software that is designed to harm or compromise a system or network. Some types of malware are virus, worm, Trojan, ransom ware, spyware, adware, and rootkit.
What are some steps for incident response?
Some steps for incident response are preparation, identification, containment, eradication, recovery, and lessons learned. These steps help to manage and mitigate the impact of a security breach or attack.