Monday 30 April 2018

Geography Interview Questions

1. What Are Conventional Symbols?
Conventional Symbols are symbols that are used on maps to represent different features.
2. Who Is The Father Of Modern Geography?
ERASTOSTHENES is often called the 'Father of Modern Geography'
3. What Are Decomposers In A Temperate Deciduous Forest?
In the Deciduous Forest, some decomposers that are living there include fungi, bacteria, and yes, even worms
4. What Is The Definition Of Urbanization?
Urbanization can be defined as the rapid and massive growth of, and migration to, large cities. Positive and negative consequences resulted. In US urbanization, some of these issues were employment, sanitation, housing, sewage, water, fire, social welfare, role of government, political machines, etc...
5. Are All Places Along The Equator Warm Why?
Most places along the equator are warm because that is where the sun's light and heat hits the Earth most directly. However, if the land is very high, like the Andes Mountains in Ecuador, there it can be cold and covered with snow.
6. Describe The Features Of Moai?
Moai are monolithic human figures on Easter Island.
Moai Seamount is a submarine volcano in the Pacific Ocean west of Easter Island.
7. What Are The Areas Not Countries That Are Included In The South America Continent?
They are South America, Central America, and the Falkland Islands.
8. What Is The Second Largest Desert In Africa That Is Partly In Botswana?
The second largest desert is Africa is the Kalahari Desert.
9. What Is The Total Surface Area Of Earth?
510,065,600 km of which 148,939,100 km (29.2 %) is land and 361,126,400 km (70.8 %) is water.
10. What Is The Height Of Powerscourt Falls In Hectometers?
It is 350 feet, or 1.0668 hectometers high.
11. Are There Underground Cities In The Us?
An underground city is a network of tunnels that connect buildings, usually in the downtown area of a city. These may include office blocks, shopping malls, train and metro stations, theatres, and other attractions.
12. What Is The General Locations World Wide For The Humid Tropical Climate?
They are found in the latitude range of 10 degrees south and 25 degrees north.
13. How Many Hours Of Daylight Exist On The Equator?
The equator is unique in that it has 12 hours of daylight and 12 hours of night every day of the year.
14. What Is The River That Flows On The Border Between Devon And Cornwall?
It is the River Tamar.
15. For The Intermediate Directions, Why Is North And South Listed First?
As arbitrary as it may be, it is up and down, side to side. The x and y-axis' it is the way maps were first drawn and have always been. A compass points north. The sign of the cross starts N S E W.

More about Geography:

Friday 27 April 2018

Ethical Hacking Interview Questions

1) Explain what is Ethical Hacking?

Ethical Hacking is when a person is allowed to hacks the system with the permission of the product owner to find weakness in a system and later fix them.

2) What is the difference between IP address and Mac address?

IP address: To every device IP address is assigned, so that device can be located on the network.  In other words IP address is like your postal address, where anyone who knows your postal address can send you a letter.
MAC (Machine Access Control) address: A MAC address is a unique serial number assigned to every network interface on every device.  Mac address is like your physical mail box, only your postal carrier (network router) can identify it and you can change it by getting a new mailbox (network card) at any time and slapping your name  (IP address) on it.

3) List out some of the common tools used by Ethical hackers?

·         Meta Sploit
·         Wire Shark
·         NMAP
·         John The Ripper
·         Maltego

4) What are the types of ethical hackers?

The types of ethical hackers are
·         Grey Box hackers or Cyberwarrior
·         Black Box penetration Testers
·         White Box penetration Testers
·         Certified Ethical hacker

5) What is footprinting in ethical hacking? What is the techniques used for footprinting?

Footprinting refers accumulating and uncovering as much as information about the target network before gaining access into any network. The approach adopted by hackers before hacking
·         Open Source Footprinting : It will look for the contact information of administrators that will be used in guessing the password in Social engineering
·         Network Enumeration : The hacker tries to identify the domain names and the network blocks of the target network
·         Scanning : Once the network is known, the second step is to spy the active IP addresses on the network.  For identifying active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses
·         Stack Fingerprinting : Once the hosts and port have been mapped by scanning the network, the final footprinting step can be performed.  This is called Stack fingerprinting.

6) Explain what is Brute Force Hack?

Brute force hack is a technique for hacking password and get access to system and network resources, it takes much time, it needs a hacker to learn about JavaScripts.  For this purpose, one can use tool name “Hydra”.

7) Explain what is DOS (Denial of service) attack? What are the common forms of DOS attack?

Denial of Service, is a malicious attack on network that is done by flooding the network with useless traffic.  Although, DOS does not cause any theft of information or security breach, it can cost the website owner a great deal of money and time.
·         Buffer Overflow Attacks
·         SYN Attack
·         Teardrop Attack
·         Smurf Attack
·         Viruses

8) Explain what is SQL injection?

SQL is one of the technique used to steal data from organizations, it is a fault created in the application code.  SQL injection happens when you inject the content into a SQL query string and the result mode content into a SQL query string, and the result modifies the syntax of your query in ways you did not intend

9) What are the types of computer based social engineering attacks? Explain what is Phishing?

Computer based social engineering attacks are
·         Phishing
·         Baiting
·         On-line scams
Phishing technique involves sending false e-mails, chats or website to impersonate real system with aim of stealing information from original website.

10) Explain what is Network Sniffing?

A network sniffer monitors data flowing over computer network links. By allowing you to capture and view the packet level data on your network, sniffer tool can help you to locate network problems. Sniffers can be used for both stealing information off a network and also for legitimate network management.

11) Explain what is ARP Spoofing or ARP poisoning?

ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and attacks an internet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets.

12) How you can avoid or prevent ARP poisoning?

ARP poisoning can be prevented by following methods
·         Packet Filtering : Packet filters are capable for filtering out and blocking packets with conflicting source address information
·         Avoid trust relationship : Organization should develop protocol that rely on trust relationship as little as possible
·         Use ARP spoofing detection software : There are programs that inspects and certifies data before it is transmitted and blocks data that is spoofed
·         Use cryptographic network protocols : By using secure communications protocols like TLS, SSH, HTTP secure prevents ARP spoofing attack by encrypting data prior to transmission and authenticating data when it is received

13) What is Mac Flooding?

Mac Flooding is a technique where the security of given network switch is compromised. In Mac flooding the hacker or attacker floods the switch with large number of frames, then what a switch can handle. This make switch behaving as a hub and transmits all packets at all the ports. Taking the advantage of this the attacker will try to send his packet inside the network to steal the sensitive information.

14) Explain what is DHCP Rogue Server?

A Rogue DHCP server is DHCP server on a network which is not under the control of administration of network staff. Rogue DHCP Server can be a router or modem.  It will offer users IP addresses , default gateway, WINS servers as soon as user’s logged in.  Rogue server can sniff into all the traffic sent by client to all other networks.

15) Explain what is Cross-site scripting and what are the types of Cross site scripting?

Cross site scripting is done by using the known vulnerabilities like web based applications, their servers or plug-ins users rely upon.  Exploiting one of these by inserting malicious coding into a link which appears to be a trustworthy source.  When users click on this link the malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing attacker to steal information.
There are three types of Cross-site scripting

  • Non-persistent
  •  Persistent
  • Server side versus DOM based vulnerabilities

More about Ethical Hacking:

Github Interview Questions

1. What is the command to write a commit message in Git?

Answer to this is pretty straightforward.
Command that is used to write a commit message is “git commit -a”.
Now explain about -a flag by saying -a on the command line instructs git to commit the new content of all tracked files that have been modified. Also mention you can use “git add<file>” before git commit -a if new files need to be committed for the first time.

2. What is ‘bare repository’ in Git?

You are expected to tell the difference between a “working directory” and “bare repository”.
A “bare” repository in Git just contains the version control information and no working files (no tree) and it doesn’t contain the special .git sub-directory. Instead, it contains all the contents of the .git sub-directory directly in the main directory itself, where as working directory consist of:  
  1. A .git subdirectory with all the Git related revision history of your repo.
  2. A working tree, or checked out copies of your project files.

3. What language is used in Git?

Instead of just telling the name of the language, you need to tell the reason for using it as well. I will suggest you to answer this by saying:
Git uses ‘C’ language. GIT is fast, and ‘C’ language makes this possible by reducing the overhead of run times associated with high level languages.

4. In Git how do you revert a commit that has already been pushed and made public?

There can be two answers to this question and make sure that you include both because any of the below options can be used depending on the situation:
  • Remove or fix the bad file in a new commit and push it to the remote repository. This is the most natural way to fix an error. Once you have made necessary changes to the file, commit it to the remote repository for that I will use
  • git commit -m “commit message”
  • Create a new commit that undoes all changes that were made in the bad commit.to do this I will use a command
  • git revert <name of bad commit>

5. What is the difference between git pull and git fetch?

Git pull command pulls new changes or commits from a particular branch from your central repository and updates your target branch in your local repository.
Git fetch is also used for the same purpose but it works in a slightly different way. When you perform a git fetch, it pulls all new commits from the desired branch and stores it in a new branch in your local repository. If you want to reflect these changes in your target branch, git fetch must be followed with a git merge. Your target branch will only be updated after merging the target branch and fetched branch. Just to make it easy for you, remember the equation below:
Git pull = git fetch + git merge

6. What is Git stash?

According to me you should first explain the need for Git stash.
Often, when you’ve been working on part of your project, things are in a messy state and you want to switch branches for sometime to work on something else. The problem is, you don’t want to do a commit of half-done work just so you can get back to this point later. The answer to this issue is Git stash.
Now explain what is Git stash.
Stashing takes your working directory that is, your modified tracked files and staged changes and saves it on a stack of unfinished changes that you can reapply at any time.

7. What is Git stash drop?

Begin this answer by saying for what purpose we use Git ‘stash drop’.
Git ‘stash drop’ command is used to remove the stashed item. It will remove the last added stash item by default, and it can also remove a specific item if you include it as an argument.
Now give an example.
If you want to remove a particular stash item from the list of stashed items you can use the below commands:
git stash list: It will display the list of stashed items like:
stash@{0}: WIP on master: 049d078 added the index file
stash@{1}: WIP on master: c264051 Revert “added file_size”
stash@{2}: WIP on master: 21d80a5 added number to log
If you want to remove an item named stash@{0} use command git stash drop stash@{0}.

8. How do you find a list of files that has changed in a particular commit?

For this answer instead of just telling the command, explain what exactly this command will do.
To get a list files that has changed in a particular commit use the below command:
git diff-tree -r {hash}
Given the commit hash, this will list all the files that were changed or added in that commit. The -r flag makes the command list individual files, rather than collapsing them into root directory names only.
You can also include the below mentioned point, although it is totally optional but will help in impressing the interviewer.
The output will also include some extra information, which can be easily suppressed by including two flags:
git diff-tree –no-commit-id –name-only -r {hash}
Here –no-commit-id will suppress the commit hashes from appearing in the output, and –name-only will only print the file names, instead of their paths.

9. What is the function of ‘git config’?

First tell why we need ‘git config‘.
Git uses your username to associate commits with an identity. The git config command can be used to change your Git configuration, including your username.
Now explain with an example.
Suppose you want to give a username and email id to associate commit with an identity so that you can know who has made a particular commit. For that I will use:
git config –global user.name “Your Name”: This command will add username.
git config –global user.email “Your E-mail Address”: This command will add email id.

10. What does commit object contains?

Commit object contains the following components, you should mention all the three points present below:
  • A set of files, representing the state of a project at a given point of time
  • Reference to parent commit objects
  • An SHAI name, a 40 character string that uniquely identifies the commit object.

11. How can you create a repository in Git?

This is probably the most frequently asked questions and answer to this is really simple.
To create a repository, create a directory for the project if it does not exist, then run command “git init”. By running this command .git directory will be created in the project directory.

12. How do you squash last N commits into a single commit?

There are two options to squash last N commits into a single commit include both of the below mentioned options in your answer:
  • If you want to write the new commit message from scratch use the following command
  • git reset –soft HEAD~N &&
  • git commit
  • If you want to start editing the new commit message with a concatenation of the existing commit messages then you need to extract those messages and pass them to Git commit for that I will use
  • git reset –soft HEAD~N &&
  • git commit –edit -m”$(git log –format=%B –reverse .HEAD@{N})”

13. What is Git bisect? How can you use it to determine the source of a (regression) bug?

I will suggest you to first give a small definition of Git bisect.
Git bisect is used to find the commit that introduced a bug by using binary search. Command for Git bisect is
git bisect <subcommand> <options>
Now since you have mentioned the command above explain them what this command will do.
This command uses a binary search algorithm to find which commit in your project’s history introduced a bug. You use it by first telling it a “bad” commit that is known to contain the bug, and a “good” commit that is known to be before the bug was introduced. Then Git bisect picks a commit between those two endpoints and asks you whether the selected commit is “good” or “bad”. It continues narrowing down the range until it finds the exact commit that introduced the change.

14. How do you configure a Git repository to run code sanity checking tools right before making commits, and preventing them if the test fails?

I will suggest you to first give a small introduction to sanity checking.
A sanity or smoke test determines whether it is possible and reasonable to continue testing.
Now explain how to achieve this.
This can be done with a simple script related to the pre-commit hook of the repository. The pre-commit hook is triggered right before a commit is made, even before you are required to enter a commit message. In this script one can run other tools, such as linters and perform sanity checks on the changes being committed into the repository.
Finally, give an example, you can refer the below script:
#!/bin/sh
files=$(git diff –cached –name-only –diff-filter=ACM | grep ‘.go$’)
if [ -z files ]; then
exit 0
fi
unfmtd=$(gofmt -l $files)
if [ -z unfmtd ]; then
exit 0
fi
echo “Some .go files are not fmt’d”
exit 1
This script checks to see if any .go file that is about to be committed needs to be passed through the standard Go source code formatting tool gofmt. By exiting with a non-zero status, the script effectively prevents the commit from being applied to the repository.
The Interviewer has not started asking questions on branching yet, so the next set of Git interview questions will be dealing with branching in Git.

15. Describe branching strategies you have used?

This question is asked to test your branching experience with Git so, tell them about how you have used branching in your previous job and what purpose does it serves, you can refer the below mention points:
  • Feature branching
  • A feature branch model keeps all of the changes for a particular feature inside of a branch. When the feature is fully tested and validated by automated tests, the branch is then merged into master.
  • Task branching
  • In this model each task is implemented on its own branch with the task key included in the branch name. It is easy to see which code implements which task, just look for the task key in the branch name.
  • Release branching
  • Once the develop branch has acquired enough features for a release, you can clone that branch to form a Release branch. Creating this branch starts the next release cycle, so no new features can be added after this point, only bug fixes, documentation generation, and other release-oriented tasks should go in this branch. Once it is ready to ship, the release gets merged into master and tagged with a version number. In addition, it should be merged back into develop branch, which may have progressed since the release was initiated.
In the end tell them that branching strategies varies from one organization to another so I know basic branching operations like delete, merge, checking out a branch etc..

For more about Github:

Internet Security Interview Questions

1: What is cybersecurity?

Cyber securities are defined as a group of processes, technologies and practices which are designed in a special way to protect computers, networks, access which are unauthorized and many more.

2: What do you mean by Cross Site Scripting?

Cross Site Scripting generally tends to refer to an injected attack which is from the side of the client code, where, the one who is attacking has all the authorities in executive scripts which are malicious into an application of web or a website which is legitimate. Such kinds of attack are generally seen where the web application is making use of the non-encoded or non-validated inputs of the users inside the range of the output which is generated.

3: What does Cyber security work for in a specific organization?

There are mainly three major reasons for which cyber security works:
1. Confidentiality: Whenever information is transmitted from one place to another, a certain level of secrecy is maintained, which is known as confidentiality.
2. Integrity: This means that whenever there is a need for change in any document stored beforehand or new, it can only be done by an authorised person with proper and secure mechanism.
3. Availability: Everything that is important should be readily available to the authorized people otherwise there will be no use of such information that is not available.

 4: What can you defend yourself from Cross Site Scripting attack?

Like any other injection attack, Cross Site Scripting attack can also be prevented by the use of the proper available sanitizers. Web developers have to have an eye on the gateways through which they receive information and these are the gateways which must be made as a barrier for malicious files. There are software or applications available for doing this, like the XSS Me for Firefox and domsnitch for Google Chrome. Also, the default web application firewall formula, popularly known as ModSecurity Plus will also o the job quite satisfactorily.

5: What do you mean by a Botnet?

A botnet is basically known to be a network or a group of computers which are affected by malware and are being constantly monitored by a server which throws the commands. The one is in control of the botnet can impact some serious damage through all those linked computers affected with malware.

6: Strike the difference between vulnerability, a risk and a threat?

These three terms are interlinked but they are very different from each other:
1. Vulnerability: If your security program has a breach or weakness then different threats can further exploit the program and thus hack into your system to access data that is stored securely.
2. Risk: If your system is not secure enough and has the chances of getting damaged or destruction along with loss of data when a threat exploits the vulnerability, it’s under huge risk.
3. Threat: Something that is necessary for exploiting the vulnerability either knowingly or by accident in order to damage or destroy personal and official data.

7: How can the two factor authentication be implemented for the public facing websites?

The two factor authentication or shortly abbreviated as 2FA acts as another or an extra seal on your already protected account with a password. This two factor authentication can be implemented on public-facing websites like Microsoft, Twitter, Apple, Google and LinkedIn. For enabling such services, one can easily go to settings and then to manage security settings. Here, you will find the option of enabling two factor authentications.

8: Being a professional, what is more important Threats or Vulnerabilities?

]Despite the advancements in the security systems with the years, the threats and vulnerabilities have only increased with each passing day. Assessing threats is still not under the control of any high-tech security team. Although, a threat rises from vulnerability, so if we have proper control ver them, we can still try and control threats. Secondly, the type of threats remains same but the vulnerabilities are what keep on changing. Thus we need to focus on building something that has a proper defence mechanism and also can track down new vulnerabilities.

9: What is the main point of consideration when it comes to the differences between the Stored XXS and the Reflected XXS?

In case of Stored XXS, since Stored XXS is stored in a page which is static, thus, it is directly pulled out and displayed to the user directly as per needed. On the other hand, in Reflected XXS, the user has to send a request first. Now, this request will start running on the browser of the victim’s computer and then will reflect the results back from the website or the browser to the user who has sent the request.

10: How does the HTTP control the State?

This is a tricky question. HTTP doesn’t and will never control the state. Answers like cookies are still better. The job of the cookies is to provide a gateway to what HTTP can’t do.  In simpler terms, cookies serve as a hack to what HTTP fails to do.

11: Describe the 3 major first steps for securing your Linux server.

Every system has its own security software’s so for securing your Linux, the first three steps are:
1. Auditing: A system scan is performed using a tool called Lynis for auditing. Every category is scanned separately and the hardening index is provided to the auditor for further steps.
2. Hardening: After the audit is complete, the system is hardened depending on the level of security it further needs. It is an mportant process based on the decision of auditor.
3. Compliance: The system needs to be checked almost every day for better results and also lesser threats from security point of view.

12:  What are the techniques used in preventing a brute force login attack?

To avoid brute force login attacks, you generally have three kinds of techniques to go about. The first technique is to implement a policy for account lockout. In this method, an account will be locked out unless and until the administrator himself opens it. The second being progressive delays. In this method, after a few attempts of login, your account will stay locked for the next few number of days. Lastly, use a challenge-response test. This prevents any kind of automatic submissions on the login page.

13: How can you defend yourself against CSRF attacks?

To defend yourself against CSRF attacks, you can opt for two available methods. Firstly, with every request try to include a random token. In this way a unique string of tokens will be generated which is a good safeguard. Secondly, for each field of form, try using different names. This will somewhat help you in becoming anonymous due to the entry of so many different names and thus will behave as a safeguard from CSRF attacks.

14: What is the need for DNS monitoring?

The Domain Name System allots your website under a certain domain that is easily recognizable and also keeps the information about other domain names. It works like a directory for everything on the internet. Thus, DNS monitoring is very important since you can easily visit a website without actually having to memorise their IP address.

15: Define the process of Salting and state the use of Salting.

Salting is that process where you extend the length of your passwords by using some special characters. In order to use salting, you must know the entire mechanism of salting and also, it is not that very difficult to be cracked by a person who already knows the concept of salting.
The use of salting is to make your passwords stronger and not easy to be cracked if you are someone who is prone to use of simple or ordinary words as passwords.

More about Internet Security: