Advanced network security is one of the most talked about topic in information and internet security today. With increasing sophisticated malware being injected in the internet, a proper security system is required to prevent confidential data and ensure regulatory compliance.
We have previously discussed about basic network security interview questions. This post presents some advanced level network security interview questions that will put your knowledge to test.
The questions below are intended to test your knowledge in this particular domain, but doesn’t test your problem solving skill and aptitude towards your job. If you are looking for HR interview questions, we have a nice collection of those questions included as well.
Here we list the top 10 advanced network security interview questions.
1. Mention a method to prevent brute-forcing in a windows server login .
Answer: It is easy to setup account lockout after particular number of login attempts. This can be configured easily in any windows server that will lock up accounts automatically after the attempts reach specified count.
2. If you see an ICMP address mask request, what do you think someone is trying to accomplish?
Answer: Most probably the attacker is trying to map internal networking scheme. He is primarily trying to figure out subnet or network mask.
3. Is Rip V1 implementable? Are there any security risks attached?
Answer: Rip v1 is not recommended in a network because it doesn’t even use password for authentication(solved in rip v2). This can be dangerous because malicious users could corrupt routing table by sending rogue RIP packets
4. What is difference between HTTP and HTTP(s) from an end-user’s perspective?
Answer: HTTP transfers data over unencrypted channel wheres HTTP(s) uses encryption which can hardly be broken. An end-user will feel more secure because of lesser chances of data being leaked over network using MITM(Man-in-the-middle) attack.
5. What is the scope of HTTP(s) ?
Answer : Implementing HTTP(s) doesn’t mean the application is secure. It’s scope is limited from end user’s PC to router or nearest relay device(eg. proxy). Once the traffic is relayed from router, there needs to be extra security measures applied( for eg. end-to-end encryption) to make sure that data is not sniffed anywhere in between end user and the server.
6. Can you state the reason for active FTP to not be compatible with firewalls?
Answer: It is possible to use active FTP server with firewall by adding FTP server as trusted. But by default, firewall blocks ftp connection initiated from outside which is required while user tries to connect with FTP server. Among two TCP connections established for a FTP transaction, Second TCP connection is established by FTP server.
7. What are few networking protocols that could be used to manage a router?
Answer: SSH [Secure Socket Shell] works on port 22 and Telnet works on port 25.
8. Mention a feature on switches that is used to prevent. rogue DHCP servers.
Answer: Switches have a feature called Dynamic Host Control Protocol (DHCP) Snooping, that helps to prevent rogue DHCP Servers.
9. Why does ARP cache poisoning occur?
Answer: The major reason behind ARP cache poisoning is, ARP protocol allows unsolicited ARP responses.
10. Mention some ARP Cache poisoning countermeasures:
Answer: Following are ARP cache poisoning countermeasures:
- User Intrusion detection system like Snort to detect changes in IP-MAC address pairing/
- Use ARP-cache monitoring programs like ARPwatch in linux that generates an alert when ARP poisoning is attempted.
- Some network devices like Cisco catalyst switches have Dynamic Arp Inspection to detect ARP poisoning.
If you are applying for a job as a security expert, you are sure to encounter these sort of questions that will differentiate you between the rest of the applicants.
Let us know in the comments if you’ve any unanswered advanced network security interview questions and we shall get back to you!