Recent major cybersecurity breaches have urged organizations to recruit infosec professionals skilled in ethical hacking. Ethical hacking is not a typical job, as it does not require a college diploma. All you need is a good understanding of computers, software and decent hacking skills. Ethical hacking is another term for penetration testing, commonly referred to as pentesting.
In this article, we highlight some common questions you might be asked during a job interview for ethical hacking related positions.
1. What are the hacking stages? Explain each stage.
Hacking, or targeting a specific machine, should follow and go through the following five phases:
- Reconnaissance: This is the first phase where the hacker attempts to collect as much information as possible about the target.
- Scanning: This stage involves exploiting the information gathered during reconnaissance phase and using it to examine the victim. The hacker can use automated tools during the scanning phase which can include port scanners, mappers and vulnerability scanners.
- Gaining access: This is the phase where the real hacking takes place. The hacker now attempts to exploit vulnerabilities discovered during the reconnaissance and scanning phase to gain access.
- Maintaining access: Once access is gained, hackers want to keep that access for future exploitation and attacks by securing their exclusive access with backdoors, rootkits and trojans.
- Covering tracks: Once hackers have been able to gain and maintain access, they cover their tracks and traces to avoid detection. This also allows them to continue the use of the hacked system and avoid legal actions.
2. What is scanning and what are some examples of the types of scanning used?
Scanning may be referred to as a set of procedures for identifying hosts, ports and the services attached to a network. Scanning is a critical component for information gathering. It allows the hacker to create a profile on the site of the organization to be hacked. Types of scanning include:
- Port scanning
- Vulnerability scanning
- Network scanning
3. What is footprinting? What are the techniques used for footprinting?
Footprinting refers to accumulating and uncovering information about the target network before attempting to gain access. Hacking techniques include:
- Open source footprinting: This technique will search for administrator contact information, which can be later used for guessing the correct password in social engineering.
- Network enumeration: This is when the hacker attempts to identify the domain names and network blocks of the targeted
- Scanning: Once the network is known, the second step is to pry on the active IP addresses on the network.
- Stack fingerprinting: This techinique should be the final footprinting step that takes place once the port and host are mapped.
4. What are some of the standard tools used by ethical hackers?
To facilitate some manual tasks and speed up the hacking process, hackers can use a set of tools such as:
- Burp Suite
- OWASP ZAP
5. What is Burp Suite? What tools does it contain?
Burp Suite is an integrated platform used for attacking web applications. It contains all the possible tools a hacker would require for attacking an application. Some of these functionalities include, but are not limited to:
6. What is network sniffing?
Network sniffing involves using sniffer tools that enable real-time monitoring and analysis of data packets flowing over computer networks. Sniffers can be used for different purposes, whether it’s to steal information or manage networks.
Network sniffing is used for ethical as well as unethical purposes. Network administrators use these as network monitoring and analysis tools to diagnose and prevent network-related problems such as traffic bottlenecks. Cybercriminals use these tools for dishonest purposes such as identity usurpation, email, sensitive data hijacking and more.
7. What is SQL injection and its types?
A SQL injection occurs when the application does not sanitize the user input. Thus a malicious hacker would inject SQL query to gain unauthorized access and execute administration operations on the database. SQL injections can be classified as follows:
- Error-based SQL injection
- Blind SQL injection
- Time-based SQL injection
8. What is cross-site scripting and its different variations?
- Reflected cross-site scripting
- Stored cross-site scripting
- DOM-based cross-site scripting
9. What is a denial of service (DOS) attack and what are the common forms?
DOS attacks involve flooding servers, systems or networks with traffic to cause over-consumption of victim resources. This makes it difficult or impossible for legitimate users to access or use targeted sites.
Common DOS attacks include:
- Buffer overflow attacks
- ICMP flood
- SYN flood
- Teardrop attack
- Smurf attack
10. How can you avoid or prevent ARP poisoning?
ARP poisoning is a form of network attack that can be mitigated through the following methods:
- Use packet filtering: Packet filters can filter out and block packets with conflicting source address information.
- Avoid trust relationship: Organizations should develop a protocol that relies on trust relationship as little as possible.
- Use ARP spoofing detection software: Some programs inspect and certify data before it is transmitted and blocks data that is spoofed.
- Use cryptographic network protocols: ARP spoofing attacks can be mitigated by the use of secure protocols such as SSH, TLS and HTTPS which send data encrypted before transmission and after reception.
Ethical Hacking Instant Pricing – InfoSec
It should come as no surprise that there are hundreds of other potential questions that you may be asked during an ethical hacker interview. For additional interview questions, see our Top 50 Information Security Interview Questions.