Computer security

  Home  Basic Common  Computer security


“Computer security Interview Questions and Answers will guide you now that Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, so learn more about Computing Security,Information Security, NT security, Web Security and Network Security with the help of this Computer security Interview Questions with Answers guide”



89 Computer Security Questions And Answers

1⟩ What is computer impersonation?

Impersonation is the ability of a thread to execute in a security context other than from that of the process that owns the thread. This enables a server to act on behalf of a client to access its own objects.

 193 views

2⟩ How can I avoid computer viruses?

Most viruses travel through email or internet downloads. Never open attachments from unknown senders and be very cautious when downloading software from internet sources.

 204 views

3⟩ What is Spyware?

Spyware is software that is installed without your knowledge. The purpose of Spyware is to monitor your computing activities and report this data back to companies for marketing purposes. Besides being an invasion of privacy, this software can cause serious performance issues.

 184 views

4⟩ What is a Firewall?

A Firewall is software that blocks unauthorized users from connecting to your computer. All computers at Bank Street are protected by a firewall which is monitored and updated by CIS.

 210 views

5⟩ How can I avoid Spyware?

Most Spyware comes from free internet downloads such as screensavers and Peer-to-Peer programs (Kazaa, LimeWire, etc). The only way to avoid Spyware is to not install any of these malicious programs.

 188 views

6⟩ What makes a strong password?

Strong passwords are longer than six characters, contains letters and numbers and even capital letters. Of course a password is useless if you forget it, but remember that using your birth date or name makes you an easy target for hackers.

 199 views

9⟩ I have been hearing a lot about firewalls, but I am not sure what it is or if I need it. Can you help?

A firewall is basically a software program that allows you full access to the Internet and/or your network, while restricting access to your computer system from outside intrusions.

Internet users are extremely vulnerable to hackers, especially if you have cable or ADSL access to the Internet. You definitely need to protect your computer system.

Once you install a firewall, you'll be amazed at how many attempts to access your computer are blocked by your firewall.

Hackers can directly access your computer system by installing programs such as a key logger that can read every keystroke you make. This information is recorded and sent back to the hacker. Private information such as passwords and credit card numbers can easily be stolen.

A key logger is a small software program that quietly runs in the background. As these programs quite often run in DOS, you will most-likely never realize it's running. However, you can see if a key logger is running by pressing 'control' - 'alt' - 'delete' on your keyboard. This will launch a window that contains a list of all the programs currently running on your system. Review the list and watch for programs you don't recognize.

If you really want to keep your computer safe, I recommend the following:

1) Purchase a good virus program and keep it updated

2) Purchase a good firewall program and keep it updated

3) Purchase a program like Pest Patrol and keep it updated

 206 views

10⟩ What is this (X) IDS signature mean?

Pull some random URL from a log, or show them an actual snort signature to see if they really understand what the IDS system (if they are going to be a packet head as part of their job). Most good IDS folks will be able to answer this one. My favorite example is one that everyone has seen for years now, Code Red:

GET /default.ida? NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801

%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%

u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

Or my other favorite one is NetBIOS, right, unless you see a lot of winnuke anyone running a NetBIOS IDS signature on their network is looking at a mushroom cloud of activity, because windows works that way. This is a good leading question on when this signature would be used, where it would be used, and can give the interviewer a lot of good information on how the person thinks about IDS and what the IDS system is showing them. The leading part of this is that many of the windows vulnerabilities like MS06-040 should be monitored by a NetBIOS rule, and the trick is getting the interviewer down to the point where they are actually thinking about the ramifications and architectures of the rule. As an interview question this one can not be beat, but the interviewer must understand enough about how it works to keep the conversation going, otherwise the interviewer is going to get stuck really quickly if the interviewee knows what they are talking about.

 207 views

11⟩ How can I protect my home computer?

The best way to protect your personal computer is to install Anti-Virus and Firewall software. CIS does not support home computers however below are some helpful links to information about safeguarding your computer at home.

 217 views

12⟩ Use the out put from any network security scanner, which ever network security scanner is used by the interviewer

Use the out put from any network security scanner, which ever network security scanner is used by the interviewer and ask the interviewee to interpret the results. What does the scanner output say, how would they use the information, and how would they break the information down for the system administrators? This lets the interviewer determine how well the interviewee can interpret and voice back the results of a security scan, and how well they can communicate. The interviewer should already have worked with the scanner, its output, and should be able to work with the interviewee to determine the finer points of the data presented.

 193 views

13⟩ SEM/SIM Security information management questions

SEM/SIM Security information management questions. If the company has a security information management system, and the interviewee is familiar with the technology already, ask them how they would build out a regex (regular expression) to filter out java script from html code for sites that use a lot of java script. The reason for asking this question, is that even if they can not answer it directly, if they know where to go, or are familiar or comfortable with regular expressions, they can cut just about any script in language of choice to filter data out of very long logs, or other systems. This is a great open door question to asking the interviewee which scripting language they like, how they would use it, and follow on conversations about scripting. The answer to the question is " /<(W*)(SCRIPT|OBJECT|PARAM|EMBED|I?FRAME)([^>]*)>/js"

 192 views

14⟩ Where do I get patches, or, what is a Service Pack or a Hot Fix?

Microsoft have an on-line database, called the software library, with program fixes for both the NT operating system as well as applications. In Microsoft lingo a patch or program fix is called service pack (SP). There are a number of service packs out, both for different versions of Windows NT as well as applications such as SNA server.

Service packs are cumulative. This means that SP2 contains all of SP1 as well as the fixes introduced in SP2. Service packs often update a great amount of code by replacing major DLLs. Since most large applications (such as back office and development components) bring their own versions of "system" DLLs, service packs has to be applied after each and every "system update", where the term "system update" is not clearly defined. Any action that replaces any component updated by a service pack or hotfix has to be followed by applying latest SP and all hotfixes. Remember that adding hardware often install new software, which may have to be updated by SP and/or hotfix.

Hot fixes are intermediate fixes released between service packs and are not considered fully regression tested, and as such not recommended by Microsoft to be applied unless one really need the feature they provide. Lately, a bunch of security problems have been solved by means of releasing hot fixes.

Another thing on the subject is language or locale. If you are running a non US version of NT, you will not be able to apply all of the hotfixes. Some of them are not language dependent, while others refuse to install on anything else but a US version. If you have the option to do so, run US version of NT at least on your servers. By doing so, you will have the option of installing a hot fix dealing with a security problem immediately when it's released and not have to wait for the next SP to appear. Not to mention that you'd have to wait for the next SP to be ported to your language, which of course may take a while, the time depending on what language you are using.

If you cannot, or do not want to, download software like this from the net, you can contact your local Microsoft representant and ask them about the service pack you need.

Visit Microsofts library of service packs or go directly to their FTP server.

 208 views

15⟩ What is SAM (Security Account Manager)?

SAM stands for Security Account Manager and is the one who maintains the security database, stored in the registry under HKLMSAM. It serves the Local Security Authority (LSA) with SIDs. The SAM maintains the user account database.

 204 views

17⟩ What is an access token?

Each process has an associated access token which is used by the system to verify whether the process should be granted access to a particular object or not. The access token consists of a user SID, a list of group SIDs representing the groups the user belongs to, and a list of user rights (privileges) the user is blessed with.

 195 views

18⟩ Are there any NT based viruses, or can NT be susceptible for other viruses?

Some types of viruses, such as those written in a high-level language such as Java, MS Word scripting language, Excel macros, etc, will be able to perform some tricks on a NT machine as well.

According to DR Solomon, the MS Word based concept virus spread widely in part because several companies, including Microsoft, have shipped CD-ROMs containing the virus.

Windows NT machines can be affected by other types of viruses if you use, for example, dual boot to run some other type of operating system on the same hardware, e.g. OS/2, UNIX or other version of Windows. When using a coexisting, bootable operating system, if you have a virus in effect that destroy the boot sector or something like that, your NT partition will probably be destroyed as well.

 186 views

19⟩ What is an ACE (Access Control Entry)?

Access-Control Entries that is used to build Access-Control Lists (ACLs).

Each ACE contains the following information:

* A SID, that identifies the trustee. A trustee can be a user account, group account, or a logon account for a program such as a Windows NT service.

* An access mask specifying access rights controlled by the ACE.

* Flags that indicates the type of ACE and flags that determine whether other objects or containers can inherit the ACE from the primary object to which the ACL is attached.

 229 views

20⟩ What is a SID (Security ID)?

SID stands for Security Identifier and is an internal value used to uniquely identify a user or a group.

A SID contain

* User and group security descriptors

* 48-bit ID authority

* Revision level

* Variable subauthority values

 194 views