Hacking

Ethical Hacking Interview Questions

Infosec
February 1, 2015 by
Infosec

If you’ve got hacking skills, you can turn your ethical hacking into a career. Ethical hacking is the term given to penetration testing and prevention. Your career is based on your hacking skills, but you use them to protect companies against malicious hackers. Before you decide to interview, here are some questions you might run into when interviewing for a job.

  1. What is an IP address?

A: An IP address is a virtual number assigned to a computer. It’s the address used by the TCP/IP protocol to identify a machine on the network. A computer must have a unique IP address or a conflicting IP error will occur.

Cybersecurity interview guide

Cybersecurity interview guide

Ace your next interview with tips from our free ebook, “How to stand out, get hired and advance your career.”

  1. What is a MAC address?
  2. A: The MAC address is the physical address of the computer. This address is also unique, and it is tied to the IP address when the IP is assigned to your computer. MAC and IP addresses work together to identify a computer on the network. The main difference is the MAC address is physical but the IP address is virtual.

    1. What is footprinting or leaving a footprint?
    2. A: Footprints leave a trail for ethical hackers to investigate. A footprint can be a physical file or social media footprints. A user can leave a footprint from domain registrations.

      1. What is a brute force hack?
      2. A: A brute force hack tries to “guess” a password and user name using a dictionary. A brute force attack takes longer but it uses each value in the dictionary attack.

        1. What is a denial of service attack?
        2. A: A denial of service attack sends massive amounts of traffic to a website in an attempt to crash either the router or the web server. Hackers can use a syn attack, buffer overflow attack, smurf attack or even viruses.

          1. What is SQL injection?
          2. A: SQL injection is a type of hack that sends SQL commands to a server. The SQL injection attack runs commands on the server and either inserts data or returns data to the attacker.

            1. What are some other attacks?
            2. A: there are phishing attacks that trick people into entering data by using a website or form that looks similar to a bank website. Baiting is also a type of attack that tricks people into entering information on a malicious website.

              1. What is network sniffing?
              2. A: Network sniffing reads the data packets sent over a network between a user and the web server. Network sniffing can be combated using SSL or encryption when communication with a web server.

                1. What is a rogue DHCP server?
                2. A: A rogue DHCP server can redirect IP address assignments to allow the hacker to identify and redirect the client computer to another network segment. The hacker can then sniff network traffic from the target machine.

                  1. What is one tool you use for ethical hacking?
                  2. A: WireShark is a software penetration testing tool that lets you sniff network traffic and identify rogue packets for testing and security purposes.

                    Have you been having trouble setting yourself apart from other candidates in your Ethical Hacking interviews? If so, you should consider earning the CEH (Certified Ethical Hacker) certification to set yourself apart from the crowd. Fill out the form below for a course syllabus and pricing information on our instructor lead, live online and self paced training options.

                    Cybersecurity interview guide

                    Cybersecurity interview guide

                    Ace your next interview with tips from our free ebook, “How to stand out, get hired and advance your career.”

                    Interested in a hacker online training course? Check out InfoSec Institute's training bootcamp or fill out the form below for pricing.

                    Infosec
                    Infosec