Get the Preplance app for a seamless learning experience. Practice offline, get daily streaks, and stay ahead with real-time interview updates.
Get it on
Google Play
4.9/5 Rating on Store
Cybersecurity Basics · Question Set
Ethical Hacking Fundamentals interview questions for placements and exams.
Questions
10
Included in this set
Subject
Cybersecurity Basics
Explore more sets
Difficulty
Mixed
Level of this set
Go through each question and its explanation. Use this set as a focused practice pack for Cybersecurity Basics.
SQL Injection is a common web application vulnerability where user inputs are improperly sanitized and malicious SQL is embedded (for example ' OR 1=1) to bypass authentication or extract data. :contentReference[oaicite:5]{index=5} Interviewers ask this frequently in ethical hacking roles because it shows you know vulnerabilities, not just theory.
For complete preparation, combine this set with full subject-wise practice for Cybersecurity Basics. You can also explore other subjects and sets from the links below.
Privilege escalation is the process where an attacker (or tester) starts with limited user access and then finds a way to elevate that access to higher privileges — such as administrator or root. It is dangerous because once administrative rights are obtained, the attacker can disable security controls, create new accounts, extract sensitive data or maintain persistence indefinitely. In a pentest interview, being able to explain both vertical (user→admin) and horizontal (user→another user account) escalation and give example methods (e.g., unpatched kernel exploit, weak SUID binaries, service mis-configuration) shows depth.
A buffer overflow attack happens when more data than a buffer can hold is written into it, which then allows the attacker to overwrite adjacent memory—including code pointers—and execute arbitrary code. During a penetration test you would identify vulnerable input fields (for example file upload or network service), send increasingly larger payloads, monitor memory/call stacks, use tools like gdb or WinDbg, and attempt to control the execution flow (e.g., return-oriented programming). Demonstrating this in interview shows you understand low-level exploitation and its relevance in real world.
Ethical hacking is the practice of legally probing systems, networks or applications **with authorization** from the owner to discover vulnerabilities and strengthen the system. :contentReference[oaicite:0]{index=0} Malicious hacking, by contrast, is unauthorized, aims to exploit vulnerabilities for personal or malicious gain, and does not seek to help the system owner. Understanding this distinction is foundational in ethical-hacking interviews.
Hackers are often classed by their intent and legality: White-Hat hackers are ethical hackers conducting authorized tests; Black-Hat hackers act illegally with malicious intent; Grey-Hat hackers operate in between (sometimes legal, sometimes not). :contentReference[oaicite:2]{index=2} Being able to name and differentiate these shows you understand hacker taxonomy and motivate your role as ethical hacker.
Footprinting is the first technical stage of ethical hacking where the tester gathers as much information as possible about the target: DNS records, network blocks, open ports, user enumeration, social engineering. :contentReference[oaicite:3]{index=3} This step is critical because a thorough information-gathering phase sets up later scanning and exploitation. Interviewers ask this to see if you understand the early phases of penetration testing.
Nmap (Network Mapper) is widely used by ethical hackers for port scanning, host discovery, service enumeration and OS detection. Many interview resources list Nmap among top tools to know. :contentReference[oaicite:4]{index=4} Familiarity with such tools demonstrates hands-on awareness, which interviewers value.
A MITM attack occurs when an attacker secretly places themselves in the communication path between two parties—this can allow eavesdropping, data theft or modification of messages. It is a critical vulnerability scenario in penetration testing interviews. :contentReference[oaicite:6]{index=6} Understanding this helps you propose encryption, certificate validation or VPN solutions for defence.
After a penetration test or ethical hack, the report is crucial: it documents vulnerabilities found, exploit evidence, business impact, risk ratings, remediation steps and executive summary for non-technical stakeholders. It shows the business value of what was done and helps the client fix issues. Interviewers ask this to check if you understand the full lifecycle of ethical hacking—not only the attack but its business context.
According to multiple sources, ethical hacking (and penetration testing) is often described in five key steps: Reconnaissance (information gathering), Scanning (port & vulnerability detection), Gaining Access (exploiting vulnerabilities), Maintaining Access (establishing persistence), and Covering Tracks (removing evidence). :contentReference[oaicite:1]{index=1} Interviewers often ask you to walk through these phases, because it shows you understand the attack lifecycle from the hacker’s view and thus how to defend against it.