Recently, many friends have come to consult:
- If you want to find a cybersecurity job, how should you prepare for a technical interview?
- I have been working for less than 2 years and want to look for opportunities to change jobs. Are there any relevant interview questions?
In order to better help you find a high-paying job, today I will share with you two network security engineer interview questions. There are 164 real interview questions in total . I hope they can help you avoid detours during the interview and get the offer faster!
93 Cybersecurity Interview Questions
1. What is SQL injection attack?
2. What is XSS attack?
3. What is CSRF attack?
4. What is a file upload vulnerability?
5. DDos attack
6. Distribution map of important protocols
7. Working principle of arp protocol
8. What is RARP? How does it work?
9. What is dns? How does dns work?
10. What is the rip protocol? How does rip work?
11. Disadvantages of RIP
12. OSPF protocol? How OSPF works
13. Summary of the differences between TCP and UDP?
14. What is a three-way handshake and four waves? Why does TCP need a three-way handshake?
15. The difference between GET and POST
16. The difference between cookies and sessions
17. How does session work? 1
8. A complete HTTP request process
19. The difference between HTTPS and HTTP
20. What are the seven-layer models of OSI?
21. The difference between http long connection and short connection
22. How does TCP ensure reliable transmission?
23. What are the common status codes?
24. What is SSL? How does https ensure the security of data transmission (how does SSL work to ensure security)
25. How to ensure that the public key is not tampered with?
26. How to use absolute path in php?
27. What are your commonly used penetration tools, and which one is the most commonly used?
28. Utilization of XSS blind typing to intranet server
29. Harpoon attacks and puddle attacks
30. What is virtual machine escape?
31. Man-in-the-middle attack?
32. TCP three-way handshake process?
33. Seven-layer model?
34. Understanding of cloud security
35. Have you ever learned about websocket?
36. What is DDOS? What are they? What are CC attacks? What are the differences?
37. What is a land attack?
38. How will you collect information?
39. What is a CRLF injection attack?
40. Prevent XSS from both front-end and back-end angles?
41. How to protect the security of a port?
42. Webshell detection ideas?
43. What is GPC? How to bypass it if it is enabled?
44. What are the encryption algorithms commonly used on the web?
45. What else can XSS do besides obtaining cookies?
46. Operator (or other) network hijacking
47. What is DNS spoofing?
48. Buffer overflow principles and defenses
49. Emergency response to network security incidents
50. Internal security of the enterprise
51. How to test the business before going online and from what angles?
52. The application has vulnerabilities but cannot be repaired or deactivated. What should you do?
53. How to protect against CSRF?
54. How to bypass file upload?
55. Verification code related utilization points
56. What content will you test for cookies?
57. Name several types of business logic vulnerabilities?
58. The brief description file contains vulnerabilities
59. What are some examples of business logic vulnerabilities and arbitrary password resets by users, and what factors caused them?
60. During the penetration test, I found a function that can only upload zip files. What possible ideas are there?
61. Why does the aspx Trojan have greater permissions than asp?
62. What are the ideas for having only one login page?
63. Which request headers are dangerous?
64. Talk about the difference between horizontal/vertical/unauthorized access?
65. What is xss? The dangers and principles of executing stored xss
66. The host is suspected to be invaded. Where should I check the logs?
67. Commonly used standard libraries in python
68. What is the difference between reverse tcp and bind tcp?
69. What problems may occur during the oauth authentication process and what kind of vulnerabilities may result?
70. How to obtain the real IP for a website that has a CDN
71. How to achieve cross-domain?
72. What is the difference between jsonp cross-domain and CORS cross-domain?
73. Algorithms? What sorting have you learned about?
74. SSRF vulnerability exploitation?
75. Common backdoor methods?
76. How to bypass directory access restrictions in open basedir?
77. What are the common problems in PHP code audit?
78. In the red-blue confrontation, the scene and posture of the blue team counterattacking the red team?
79. Linux scheduled tasks, what would a hacker do to hide his scheduled tasks?
80. What are the common ways to get shell without Redis authorization?
81. JWT attack methods? (Header, payload, signature)
82. What are some examples of vulnerabilities in JAVA middleware?
83. What vulnerabilities can DNS takeout be used for?
84. Summary of middleware vulnerabilities?
85. Talk about the idea of elevating privileges in Windows and Linux systems?
86. What frameworks are there for Python and what vulnerabilities have appeared in them?
87. The difference between small program penetration and ordinary penetration
88. Four major components of vulnerability testing of the app itself
89. IDS/IPS protection principles and bypass ideas
90. Utilization of json’s csrf
91. What vulnerabilities can be tested using data packets in json format?
92. How to collect information on the intranet server?
93. If a certain machine on the boundary layer of the intranet is taken down, how to detect other machines on the intranet?
Partial content display:
71 Cybersecurity Interview Questions
1. How to use absolute path in php?
2. What penetration tools do you commonly use? Which one is the most commonly used?
3. Utilization of XSS blind typing to intranet server
4. Harpoon attack and puddle attack?
5. What is virtual machine escape?
6. Man-in-the-middle attack?
7. TCP three-way handshake process?
8. Seven-layer model?
9. Understanding of cloud security
10. Have you ever learned about websocket?
11. What is DDOS? What? What is CC attack? What's the difference?
12. What is a land attack?
13. How will you collect information?
14. What is a CRLF injection attack?
15. To prevent XSS, from both front-end and back-end perspectives?
16. How to protect the security of a port?
17. Webshell detection ideas?
18. How to test the vulnerability of an IIS website? (depending on version)
19. What is GPC? How to bypass it if it is enabled?
20. What are the encryption algorithms commonly used on the web?
21. What else can XSS do besides obtaining cookies?
22. Operator (or other) network hijacking
23. What is DNS spoofing?
24. Buffer overflow principle and defense
25. Emergency response to network security incidents
26. Internal security of the enterprise
27. How to test the business before it goes online and from what angles?
28. The application has vulnerabilities but cannot be repaired or deactivated. What should you do?
29. How to protect against CSRF?
30. How to bypass file upload?
31. Verification code related utilization points
32. What content will you test for cookies?
33. Name several types of business logic vulnerabilities?
34. The brief description file contains vulnerabilities
35. What are some examples of business logic vulnerabilities and arbitrary password resets by users, and what factors caused them?
36. During the penetration test, I found a function that can only upload zip files. What possible ideas are there?
37. Why does the aspx Trojan have greater authority than asp?
38. What are the ideas for having only one login page?
39. Which request headers are dangerous?
40. Talk about the difference between horizontal/vertical/unauthorized access?
41. What is xss? The dangers and principles of executing stored xss
42. The host is suspected to be invaded. Where should I check the logs?
43. Commonly used standard libraries in python
44. What is the difference between reverse_tcp and bind_tcp?
45. What problems may occur during the oauth authentication process, and what kind of vulnerabilities may result?
46. How to obtain the real IP for a website that has a CDN
47. How to achieve cross-domain?
48. What is the difference between jsonp cross-domain and CORS cross-domain?
49. Algorithm? Have you learned about sorting?
50. SSRF vulnerability exploitation?
51. Common backdoor methods?
52. How to bypass open_basedir access directory restrictions?
53. What are the common problems in PHP code audit?
54. In the red-blue confrontation, the scene and posture of the blue team counterattacking the red team?
55. Linux scheduled tasks, what would a hacker do to hide his scheduled tasks?
56. What are the common ways to get shell without Redis authorization?
57. JWT attack methods? (header, payload, signature)
58. What are some examples of vulnerabilities in JAVA middleware?
59. What vulnerabilities can DNS takeout be used for?
60. HTTP-Only prohibits JS from reading cookie information. How to bypass this to obtain cookies?
61. Summary of middleware vulnerabilities?
62. Talk about the idea of elevating privileges in Windows systems and Linux systems?
63. What frameworks does python have and what vulnerabilities have appeared in them?
64. The difference between small program penetration and ordinary penetration
65. Four major components of vulnerability testing of the app itself
66. IDS/IPS protection principles and bypass ideas
67. Utilization of json’s csrf
68. What vulnerabilities can be tested using data packets in json format?
69. Briefly describe the principle and utilization method of xxe vulnerability
70. How to collect information on the intranet server?
71. If a machine on the boundary layer of the intranet is taken down, how to detect other machines on the intranet?
Partial content display
