Cyber Security Course

Cybersecurity training course provides hands-on classroom training to identify, detect, protect, respond to, and recover from system vulnerabilities.

CYBER SECURITY Online Training Course Details

Cyber Security Training Introduction

Cybersecurity training course provides hands-on classroom training to identify, detect, protect, respond to, and recover from system vulnerabilities.

The course materials provide extensive cybersecurity experience, with five of the most current security domains to give participants in-depth knowledge and practical approach to the latest essential security systems.

This course not only prepares you to take the Cybersecurity certification, but also ensures you are job ready through our best-in-class virtual lab environment.

Many people interpret and decide on what cyber security is, some see cyber security as a continuation of evolved version of it-security, others view it as a completely new branch of security and still others see it as mixture of the two.

This course will give you the basics based on actual literature reviews, academic research and personal experience in global projects and work in cyber security, focusing on cyber warfare, espionage, crime and defenses as well as attacks used.

Cyber Security Course Curriculum

Introduction to Cybersecurity

a. Cybersecurity objectives
b. Cybersecurity roles
c. Differences between Information Security & Cybersecurity

Cybersecurity Principles

a. Confidentiality, integrity, & availability
b. Authentication & nonrepudiation

Information Security (IS) within Lifecycle Management

a. Lifecycle management landscape
b. Security architecture processes
c. Security architecture tools
d. Intermediate lifecycle management concepts

Risks & Vulnerabilities

a. Basics of risk management
b. Operational threat environments
c. Classes of attacks

Incident Response

a. Incident categories
b. Incident response
c. Incident recovery

Future Implications & Evolving Technologies

a. New & emerging IT & IS technologies
b. Mobile security issues, risks, & vulnerabilities
c. Cloud concepts around data & collaboration

Want to have a course urgently or on Fast track. We can arrange you for a specialised training aimed only for you. Please get in touch with us with your requirements by mail or just fill in the Batch Enquiry form. We will get in touch with you with the slot times and other details with in 24 hours

For Priority Training contact below
  • eITCafe: trainings@eitcafe.com
  • India: 040 6678 6677
  • US: 630-636-0198

Support services

We know how hard it can be to find and keep a job when there are so many other things to worry about. Our support team is here to help break down the barriers which are blocking your road to employment.
If you are a Working Chance candidate, please don’t hesitate to ask for advice or support on any issues which are affecting your chances of finding a job.
For further information, please email jobsupport@eitcafe.com our Support and Training Manager.

Job Preparation

• Assistance with learning job seeking skills
• Resume creation
• Master application completion
• Dressing for success
• Job interview preparation

Job Development

• Assistance with completing applications online or in person
• Job development online, on foot, networking events, job fairs and established employer relationships to locate available positions in your job goal
• Job leads and information on attending hiring events
• Follow-ups on applications placed to request interviews.

What is “Vulnerability”?

The Vulnerability can be defined as weakness of any system through which intruders or bugs can attack on the system.
If security testing has not been performed rigorously on the system then chances of vulnerabilities get increase. Time to time patches or fixes requires preventing a system from the vulnerabilities.

What is the Intrusion Detection?

Intrusion detection is a system which helps in determining possible attacks and deal with it. Intrusion detection includes collecting information from many systems and sources, analysis of the information and find out the possible ways of attack on the system.
Intrusion detection check following:

  1. Possible attacks
  2. Any abnormal activity
  3. Auditing the system data
  4. Analysis of different collected data etc.

What is “SQL injection”?

SQL Injection is one of the common attacking techniques used by hackers to get the critical data.

Hackers check for any loop hole in the system through which they can pass SQL queries which by passed the security checks and return back the critical data. This is known as SQL injection. It can allow hackers to steal the critical data or even crash a system.

SQL injections are very critical and needs to be avoided. Periodic security testing can prevent these kind of attacks. SQL database security needs to be define correctly and input boxes and special characters should be handled properly.

List the attributes of Security Testing?

There are following seven attributes of Security Testing:

  1. Authentication
  2. Authorization
  3. Confidentiality
  4. Availability
  5. Integrity
  6. Non-repudiation
  7. Resilience

What is XSS or Cross Site Scripting?

XSS or cross site scripting is type of vulnerability that hackers used to attack web applications.

It allows hackers to inject HTML or JAVASCRIPT code into a web page which can steal the confidential information from the cookies and returns to the hackers. It is one of the most critical and common technique which needs to be prevented.

Key Features


Overview of Course and Learning analytic’s


Learn from Certified and Expert Trainers

Customized Course as per your requirement

24/7 online support for the course learners

High Quality E-learning Content for learning


Access to the Recorded Sessions and classes

Flexible Course timing and Payment terms

Live Practical Oriented Approach for learners

Course Curriculam

Cyber Security Course Module

The Cybersecurity Course will provide learners with principles of data and technology that frame and define cybersecurity.
Learners will gain insight into the importance of cybersecurity and the integral role of cybersecurity professionals.
The interactive, self-guided format will provide a dynamic learning experience where users can explore foundational cybersecurity principles, security architecture, risk management, attacks, incidents, and emerging IT and IS technologies.

Interview Questions & Answers

  1. Important Basic Network & Security(IFS) Q&A
  2. Top 12 Information Security Analyst Interview Questions & Answers
  3. Top 25 Ethical hacking Interview Questions
  4. Top 50 Network Administrator & Security Interview Questions Divided Using Layers


Important Basic Network & Security(IFS) Q&A

1) What is a Link?

A link refers to the connectivity between two devices. It includes the type of cables and protocols used in order for one device to be able to communicate with the other.

2) What are the layers of the OSI reference model?

There are 7 OSI layers: Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer.

3) What is backbone network?

A backbone network is a centralized infrastructure that is designed to distribute different routes and data to various networks. It also handles management of bandwidth and various channels.

4) What is a LAN?

LAN is short for Local Area Network. It refers to the connection between computers and other network devices that are located within a small physical location.

5) What is a node?

A node refers to a point or joint where a connection takes place. It can be computer or device that is part of a network. Two or more nodes are needed in order to form a network connection.

6) What are routers?

Routers can connect two or more network segments. These are intelligent network devices that store information in its routing table such as paths, hops and bottlenecks. With this info, they are able to determine the best path for data transfer. Routers operate at the OSI Network Layer.

7) What is point to point link?

It refers to a direct connection between two computers on a network. A point to point connection does not need any other network devices other than connecting a cable to the NIC cards of both computers.

8) What is anonymous FTP?

Anonymous FTP is a way of granting user access to files in public servers. Users that are allowed access to data in these servers do not need to identify themselves, but instead log in as an anonymous guest.

9) What is subnet mask?

A subnet mask is combined with an IP address in order to identify two parts: the extended network address and the host address. Like an IP address, a subnet mask is made up of 32 bits.

10) What is the maximum length allowed for a UTP cable?

A single segment of UTP cable has an allowable length of 90 to 100 meters. This limitation can be overcome by using repeaters and switches.

11) What is data encapsulation?

Data encapsulation is the process of breaking down information into smaller manageable chunks before it is transmitted across the network. It is also in this process that the source and destination addresses are attached into the headers, along with parity checks.

12) Describe Network Topology

Network Topology refers to the layout of a computer network. It shows how devices and cables are physically laid out, as well as how they connect to one another.

13) What is VPN?

VPN means Virtual Private Network, a technology that allows a secure tunnel to be created across a network such as the Internet. For example, VPNs allow you to establish a secure dial-up connection to a remote server.

14) Briefly describe NAT.

NAT is Network Address Translation. This is a protocol that provides a way for multiple computers on a common network to share single connection to the Internet.

15) What is the job of the Network Layer under the OSI reference model?

The Network layer is responsible for data routing, packet switching and control of network congestion. Routers operate under this layer.

16) How does a network topology affect your decision in setting up a network?

Network topology dictates what media you must use to interconnect devices. It also serves as basis on what materials, connector and terminations that is applicable for the setup.

17) What is RIP?

RIP, short for Routing Information Protocol is used by routers to send data from one network to another. It efficiently manages routing data by broadcasting its routing table to all other routers within the network. It determines the network distance in units of hops.

18) What are different ways of securing a computer network?

There are several ways to do this. Install reliable and updated anti-virus program on all computers. Make sure firewalls are setup and configured properly. User authentication will also help a lot. All of these combined would make a highly secured network.

19) What is NIC?

NIC is short for Network Interface Card. This is a peripheral card that is attached to a PC in order to connect to a network. Every NIC has its own MAC address that identifies the PC on the network.

20) What is WAN?

WAN stands for Wide Area Network. It is an interconnection of computers and devices that are geographically dispersed. It connects networks that are located in different regions and countries.

21) What is the importance of the OSI Physical Layer?

The physical layer does the conversion from data bits to electrical signal, and vice versa. This is where network devices and cable types are considered and setup.

22) How many layers are there under TCP/IP?

There are four layers: the Network Layer, Internet Layer, Transport Layer and Application Layer.

23) What are proxy servers and how do they protect computer networks?

Proxy servers primarily prevent external users who identifying the IP addresses of an internal network. Without knowledge of the correct IP address, even the physical location of the network cannot be identified. Proxy servers can make a network virtually invisible to external users.

24) What is the function of the OSI Session Layer?

This layer provides the protocols and means for two devices on the network to communicate with each other by holding a session.  This includes setting up the session, managing information exchange during the session, and tear-down process upon termination of the session.

25) What is the importance of implementing a Fault Tolerance System? Are there limitations?

A fault tolerance system ensures continuous data availability. This is done by eliminating a single point of failure. However, this type of system would not be able to protect data in some cases, such as in accidental deletions.

26) What does 10Base-T mean?

The 10 refers to the data transfer rate, in this case is 10Mbps. The word Base refers to base band, as oppose to broad band. T means twisted pair, which is the cable used for that network.

27) What is a private IP address?

Private IP addresses are assigned for use on intranets. These addresses are used for internal networks and are not routable on external public networks. These ensures that no conflicts are present among internal networks while at the same time the same range of private IP addresses are reusable for multiple intranets since they do not “see” each other.

28) What is NOS?

NOS, or Network Operating System, is specialized software whose main task is to provide network connectivity to a computer in order for it to be able to communicate with other computers and connected devices.

29) What is DoS?

DoS, or Denial-of-Service attack, is an attempt to prevent users from being able to access the internet or any other network services. Such attacks may come in different forms and are done by a group of perpetuators. One common method of doing this is to overload the system server so it cannot anymore process legitimate traffic and will be forced to reset.

30) What is OSI and what role does it play in computer networks?

OSI (Open Systems Interconnect) serves as a reference model for data communication. It is made up of 7 layers, with each layer defining a particular aspect on how network devices connect and communicate with one another. One layer may deal with the physical media used, while another layer dictates how data is actually transmitted across the network.

31) What is the purpose of cables being shielded and having twisted pairs?

The main purpose of this is to prevent crosstalk. Crosstalks are electromagnetic interferences or noise that can affect data being transmitted across cables.

32) What is the advantage of address sharing?

By using address translation instead of routing, address sharing provides an inherent security benefit. That’s because host PCs on the Internet can only see the public IP address of the external interface on the computer that provides address translation and not the private IP addresses on the internal network.

33) What are MAC addresses?

MAC, or Media Access Control, uniquely identifies a device on the network. It is also known as physical address or Ethernet address. A MAC address is made up of 6-byte parts.

34) What is the equivalent layer or layers of the TCP/IP Application layer in terms of OSI reference model?

The TCP/IP Application layer actually has three counterparts on the OSI model: the Session layer, Presentation Layer and Application Layer.

35) How can you identify the IP class of a given IP address?

By looking at the first octet of any given IP address, you can identify whether it’s Class A, B or C. If the first octet begins with a 0 bit, that address is Class A. If it begins with bits 10 then that address is a Class B address. If it begins with 110, then it’s a Class C network.

36) What is the main purpose of OSPF?

OSPF, or Open Shortest Path First, is a link-state routing protocol that uses routing tables to determine the best possible path for data exchange.

37) What are firewalls?

Firewalls serve to protect an internal network from external attacks. These external threats can be hackers who want to steal data or computer viruses that can wipe out data in an instant. It also prevents other users from external networks from gaining access to the private network.

38) Describe star topology

Star topology consists of a central hub that connects to nodes. This is one of the easiest to setup and maintain.

39) What are gateways?

Gateways provide connectivity between two or more network segments. It is usually a computer that runs the gateway software and provides translation services. This translation is a key in allowing different systems to communicate on the network.

40) What is the disadvantage of a star topology?

One major disadvantage of star topology is that once the central hub or switch get damaged, the entire network becomes unusable.

41) What is SLIP?

SLIP, or Serial Line Interface Protocol, is actually an old protocol developed during the early UNIX days. This is one of the protocols that are used for remote access.

42) Give some examples of private network addresses. with a subnet mask of with subnet mask of with subnet mask of

43) What is tracert?

Tracert is a Windows utility program that can used to trace the route taken by data from the router to the destination network. It also shows the number of hops taken during the entire transmission route.

44) What are the functions of a network administrator?

A network administrator has many responsibilities that can be summarize into 3 key functions: installation of a network, configuration of network settings, and maintenance/troubleshooting of networks.

45) Describe at one disadvantage of a peer to peer network.

When you are accessing the resources that are shared by one of the workstations on the network, that workstation takes a performance hit.

46) What is Hybrid Network?

A hybrid network is a network setup that makes use of both client-server and peer-to-peer architecture.

47) What is DHCP?

DHCP is short for Dynamic Host Configuration Protocol. Its main task is to automatically assign an IP address to devices across the network. It first checks for the next available address not yet taken by any device, then assigns this to a network device.

48) What is the main job of the ARP?

The main task of ARP or Address Resolution Protocol is to map a known IP address to a MAC layer address.

49) What is TCP/IP?

TCP/IP is short for Transmission Control Protocol / Internet Protocol. This is a set of protocol layers that is designed to make data exchange possible on different types of computer networks, also known as heterogeneous network.

50) How can you manage a network using a router?

Routers have built in console that lets you configure different settings, like security and data logging. You can assign restrictions to computers, such as what resources it is allowed access, or what particular time of the day they can browse the internet. You can even put restrictions on what websites are not viewable across the entire network.

51) What protocol can be applied when you want to transfer files between different platforms, such between UNIX systems and Windows servers?

Use FTP (File Transfer Protocol) for file transfers between such different servers. This is possible because FTP is platform independent.

52) What is the use of a default gateway?

Default gateways provide means for the local networks to connect to the external network. The default gateway for connecting to the external network is usually the address of the external router port.

53) One way of securing a network is through the use of passwords. What can be considered as good passwords?

Good passwords are made up of not just letters, but by combining letters and numbers. A password that combines uppercase and lowercase letters is favorable than one that uses all upper case or all lower case letters. Passwords must be not words that can easily be guessed by hackers, such as dates, names, favorites, etc. Longer passwords are also better than short ones.

54) What is the proper termination rate for UTP cables?

The proper termination for unshielded twisted pair network cable is 100 ohms.

55) What is netstat?

Netstat is a command line utility program. It provides useful information about the current TCP/IP settings of a connection.

56) What is the number of network IDs in a Class C network?

For a Class C network, the number of usable Network ID bits is 21. The number of possible network IDs is 2 raised to 21 or 2,097,152. The number of host IDs per network ID is 2 raised to 8 minus 2, or 254.

57) What happens when you use cables longer than the prescribed length?

Cables that are too long would result in signal loss. This means that data transmission and reception would be affected, because the signal degrades over length.

58) What common software problems can lead to network defects?

Software related problems can be any or a combination of the following:
– client server problems
– application conflicts
– error in configuration
– protocol mismatch
– security issues
– user policy and rights issues

59) What is ICMP?

ICMP is Internet Control Message Protocol. It provides messaging and communication for protocols within the TCP/IP stack. This is also the protocol that manages error messages that are used by network tools such as PING.

60) What is Ping?

Ping is a utility program that allows you to check connectivity between network devices on the network. You can ping a device by using its IP address or device name, such as a computer name.

61) What is peer to peer?

Peer to peer are networks that does not reply on a server. All PCs on this network act as individual workstations.

62) What is DNS?

DNS is Domain Name System. The main function of this network service is to provide host names to TCP/IP address resolution.

63) What advantages does fiber optics have over other media?

One major advantage of fiber optics is that is it less susceptible to electrical interference. It also supports higher bandwidth, meaning more data can be transmitted and received. Signal degrading is also very minimal over long distances.

64) What is the difference between a hub and a switch?

A hub acts as a multiport repeater. However, as more and more devices connect to it, it would not be able to efficiently manage the volume of traffic that passes through it. A switch provides a better alternative that can improve the performance especially when high traffic volume is expected across all ports.

65) What are the different network protocols that are supported by Windows RRAS services?

There are three main network protocols supported: NetBEUI, TCP/IP, and IPX.

66) What are the maximum networks and hosts in a class A, B and C network?

For Class A, there are 126 possible networks and 16,777,214 hosts
For Class B, there are 16,384 possible networks and 65,534 hosts
For Class C, there are 2,097,152 possible networks and 254 hosts

67) What is the standard color sequence of a straight-through cable?

orange/white, orange, green/white, blue, blue/white, green, brown/white, brown.

68) What protocols fall under the Application layer of the TCP/IP stack?

The following are the protocols under TCP/IP Application layer: FTP, TFTP, Telnet and SMTP.

69) You need to connect two computers for file sharing. Is it possible to do this without using a hub or router?

Yes, you can connect two computers together using only one cable. A crossover type cable can be use in this scenario. In this setup, the data transmit pin of one cable is connected to the data receive pin of the other cable, and vice versa.

70) What is ipconfig?

Ipconfig is a utility program that is commonly used to identify the addresses information of a computer on a network. It can show the physical address as well as the IP address.

71) What is the difference between a straight-through and crossover cable?

A straight-through cable is used to connect computers to a switch, hub or router. A crossover cable is used to connect two similar devices together, such as a PC to PC or Hub to hub.

72) What is client/server?

Client/server is a type of network wherein one or more computers act as servers. Servers provide a centralized repository of resources such as printers and files. Clients refers to workstation that access the server.

73) Describe networking.

Networking refers to the inter connection between computers and peripherals for data communication. Networking can be done using wired cabling or through wireless link.

74) When you move the NIC cards from one PC to another PC, does the MAC address gets transferred as well?

Yes, that’s because MAC addresses are hard-wired into the NIC circuitry, not the PC. This also means that a PC can have a different MAC address when the NIC card was replace by another one.

75) Explain clustering support

Clustering support refers to the ability of a network operating system to connect multiple servers in a fault-tolerant group. The main purpose of this is the in the event that one server fails, all processing will continue on with the next server in the cluster.

76) In a network that contains two servers and twenty workstations, where is the best place to install an Anti-virus program?

An anti-virus program must be installed on all servers and workstations to ensure protection. That’s because individual users can access any workstation and introduce a computer virus when plugging in their removable hard drives or flash drives.

77) Describe Ethernet.

Ethernet is one of the popular networking technologies used these days. It was developed during the early 1970s and is based on specifications as stated in the IEEE. Ethernet is used in local area networks.

78) What are some drawbacks of implementing a ring topology?

In case one workstation on the network suffers a malfunction, it can bring down the entire network. Another drawback is that when there are adjustments and reconfigurations needed to be performed on a particular part of the network, the entire network has to be temporarily brought down as well.

79) What is the difference between CSMA/CD and CSMA/CA?

CSMA/CD, or Collision Detect, retransmits data frames whenever a collision occurred. CSMA/CA, or Collision Avoidance, will first broadcast intent to send prior to data transmission.

80) What is SMTP?

SMTP is short for Simple Mail Transfer Protocol. This protocol deals with all Internal mail, and provides the necessary mail delivery services on the TCP/IP protocol stack.

81) What is multicast routing?

Multicast routing is a targeted form of broadcasting that sends message to a selected group of user, instead of sending it to all users on a subnet.

82) What is the importance of Encryption on a network?

Encryption is the process of translating information into a code that is unreadable by the user. It is then translated back or decrypted back to its normal readable format using a secret key or password. Encryption help ensure that information that is intercepted halfway would remain unreadable because the user has to have the correct password or key for it.

83) How are IP addresses arranged and displayed?

IP addresses are displayed as a series of four decimal numbers that are separated by period or dots. Another term for this arrangement is the dotted decimal format. An example is

84) Explain the importance of authentication.

Authentication is the process of verifying a user’s credentials before he can log into the network. It is normally performed using a username and password. This provides a secure means of limiting the access from unwanted intruders on the network.

85) What do mean by tunnel mode?

This is a mode of data exchange wherein two communicating computers do not use IPSec themselves. Instead, the gateway that is connecting their LANs to the transit network creates a virtual tunnel that uses the IPSec protocol to secure all communication that passes through it.

86) What are the different technologies involved in establishing WAN links?

Analog connections – using conventional telephone lines; Digital connections – using digital-grade telephone lines; switched connections – using multiple sets of links between sender and receiver to move data.

87) What is one advantage of mesh topology?

In the event that one link fails, there will always be another available. Mesh topology is actually one of the most fault-tolerant network topology.

88) When troubleshooting computer network problems, what common hardware-related problems can occur?

A large percentage of a network is made up of hardware. Problems in these areas can range from malfunctioning hard drives, broken NICs and even hardware startups. Incorrectly hardware configuration is also one of those culprits to look into.

89) What can be done to fix signal attenuation problems?

A common way of dealing with such a problem is to use repeaters and hub, because it will help regenerate the signal and therefore prevent signal loss. Checking if cables are properly terminated is also a must.

90) How does dynamic host configuration protocol aid in network administration?

Instead of having to visit each client computer to configure a static IP address, the network administrator can apply dynamic host configuration protocol to create a pool of IP addresses known as scopes that can be dynamically assigned to clients.

91) Explain profile in terms of networking concept?

Profiles are the configuration settings made for each user. A profile may be created that puts a user in a group, for example.

92) What is sneakernet?

Sneakernet is believed to be the earliest form of networking wherein data is physically transported using removable media, such as disk, tapes.

93) What is the role of IEEE in computer networking?

IEEE, or the Institute of Electrical and Electronics Engineers, is an organization composed of engineers that issues and manages standards for electrical and electronic devices. This includes networking devices, network interfaces, cablings and connectors.

94) What protocols fall under the TCP/IP Internet Layer?

There are 4 protocols that are being managed by this layer. These are ICMP, IGMP, IP and ARP.

95) When it comes to networking, what are rights?

Rights refer to the authorized permission to perform specific actions on the network. Each user on the network can be assigned individual rights, depending on what must be allowed for that user.

96) What is one basic requirement for establishing VLANs?

A VLAN is required because at switch level there is only one broadcast domain, it means whenever new user is connected to switch this information is spread throughout the network. VLAN on switch helps to create separate broadcast domain at  switch level. It is used for security purpose.

97) What is IPv6?

IPv6 , or Internet Protocol version 6, was developed to replace IPv4. At present, IPv4 is being used to control internet traffic, butis expected to get saturated in the near future. IPv6 was designed to overcome this limitation.

98) What is RSA algorithm?

RSA is short for Rivest-Shamir-Adleman algorithm. It is the most commonly used public key encryption algorithm in use today.

99) What is mesh topology?

Mesh topology is a setup wherein each device is connected directly to every other device on the network. Consequently, it requires that each device have at least two network connections.

100) what is the maximum segment length of a 100Base-FX network?

The maximum allowable length for a network segment using 100Base-FX is 412 meters. The maximum length for the entire network is 5 kilometers.

101) What are the types of LAN cables used? What is a cross cable?
Types of LAN cables that are in use are “Cat 5” and “Cat 6”. “Cat 5” can support 100 Mbps of speed and “CAT 6” can support 1Gbps of speed.
Cross cable: Its used to connect same type of devices without using a switch/hub so that they can communicate.

102) What is the difference between a normal LAN cable and cross cable? What could be the maximum length of the LAN cable?
The way the paired wires are connected to the connector (RJ45) is different in cross cable and normal LAN cable.
The theoritical length is 100 meters but after 80 meters you may see drop in speed due to loss of signal.

103) What id DHCP? Why it is used? What are scopes and super scopes?
DHCP: Dynamic host configuration protocol. Its used to allocate IP addresses to large number of PCs in a network environment. This makes the IP management very easy.
Scope: Scope contains IP address like subnet mask, gateway IP, DNS server IP and exclusion range which a client can use to communicate with the other PCs in the network.
Superscope: When we combine two or more scopes together its called super scope.

104) What are the types of LAN cables used? What is a cross cable?
Types of LAN cables that are in use are “Cat 5” and “Cat 6”. “Cat 5” can support 100 Mbps of speed and “CAT 6” can support 1Gbps of speed.
Cross cable: Its used to connect same type of devices without using a switch/hub so that they can communicate.

105) What is Active Directory?
A central component of the Windows platform, Active Directory directory service provides the means to manage the identities and relationships that make up network environments. For example we can create, manage and administor users, computers and printers in the network from active directory.

106) What is DNS? Why it is used? What is “forward lookup” and “reverse lookup” in DNS? What are A records and mx records?
DNS is domain naming service and is used for resolving names to IP address and IP addresses to names. The computer understands only numbers while we can easily remember names. So to make it easier for us what we do is we assign names to computers and websites. When we use these names (Like yahoo.com) the computer uses DNS to convert to IP address (number) and it executes our request.
Forward lookup: Converting names to IP address is called forward lookup.
Reverse lookup: Resolving IP address to names is called reverse lookup.
‘A’ record: Its called host record and it has the mapping of a name to IP address. This is the record in DNS with the help of which DNS can find out the IP address of a name.
‘MX’ Record: its called mail exchanger record. Its the record needed to locate the mail servers in the network. This record is also found in DNS.

107) What is IPCONFIG command? Why it is used?
IPCONFIG command is used to display the IP information assigned to a computer. Fromthe output we can find out the IP address, DNS IP address, gateway IP address assigned to that computer.

108) What is APIPA IP address? Or what IP address is assigned to the computer when the DHCP server is not available?
When DHCP server is not available the Windows client computer assignes an automatic IP address to itself so that it can communicate with the network cmputers. This ip address is called APIPA. ITs in the range of 169.254.X.X.
APIPA stands for Automatic private IP addressing. Its in the range of 169.254.X.X.

109) What is a DOMAIN? What is the difference between a domain and a workgroup? Domain is created when we install Active Directory. It’s a security boundary which is used to manage computers inside the boundary. Domain can be used to centrally administor computers and we can govern them using common policies called group policies.
We can’t do the same with workgroup.

110) Do you know how to configure outlook 2000 and outlook 2003 for a user?
Please visit the link below to find out how to configure outlook 2000 and outlook 2003.http://www.it.cmich.edu/quickguides/qg_outlook2003_server.asp

111) What is a PST file and what is the difference between a PST file and OST file? What file is used by outlook express?
PST file is used to store the mails locally when using outlook 2000 or 2003. OST file is used when we use outlook in cached exchanged mode. Outlook express useds odb file.

112) What is BSOD? What do you do when you get blue screen in a computer? How do you troubleshoot it?
BSOD stands for blue screen of Death. when there is a hardware or OS fault due to which the windows OS can run it give a blue screen with a code. Best way to resolve it is to boot the computer is “LAst known good configuration”. If this doesn’t work than boot the computer in safe mode. If it boots up than the problemis with one of the devices or drivers.

113) What is RIS? What is Imaging/ghosting?
RIS stands for remote installation services. You save the installed image on a windows server and then we use RIS to install the configured on in the new hardware. We can use it to deploy both server and client OS. Imaging or ghosting also does the same job of capturing an installed image and then install it on a new hardware when there is a need. We go for RIS or iamging/ghosting because installing OS everytime using a CD can be a very time consuming task. So to save that time we can go for RIS/Ghosting/imaging.

114) What is VPN and how to configure it?
VPN stands for Virtual private network. VPN is used to connect to the corporate network to access the resources like mail and files in the LAN. VPN can be configured using the stepsmentioned in the KB: http://support.microsoft.com/kb/305550

115) Your computer slowly drops out of network. A reboot of the computer fixes the problem. What to do to resolve this issue?
Update the network card driver.

116) Your system is infected with Virus? How to recover the data?
Install another system. Insall the OS with the lates pathces, Antivirus with latest updates. Connect the infected HDD as secondary drive in the system. Once done scan and clean the secondary HDD. Once done copy the files to the new system.

117) How to join a system to the domain? What type of user can add a system to the domain?
Please visit the article below and read “Adding the Workstation to the Domain”

118) What is the difference between a switch and a hub?
Switch sends the traffic to the port to which its meant for. Hub sends the traffic to all the ports.

119) What is a router? Why we use it?
Router is a switch which uses routing protocols to process and send the traffic. It also receives the traffic and sends it across but it uses the routing protocols to do so.

120) What are manageable and non manageable switches?
Switches which can be administered are calledmanageable switches. For example we can create VLAN for on such switch. On no manageable swiches we can’t do so.

121) What is NIC?
A network card, network adapter or NIC (network interface controller) is a piece of computer hardware designed to allow computers to communicate over a computer network

122) What is USB?
Universal Serial Bus (USB) is a serial bus standard to interface devices. Devices like Modem, Mouse, Keyboard etc can be connected.

123) Dialup vs. Broadband
A broadband connection (ADSL) provides high-speed Internet access over a standard phone line. The advantage of a broadband connection over a standard dialup service, is that Broadband is considerably faster, and is “always-on”, meaning that once you”re logged on, your PC is online until the PC is turned off again.

Broadband offer high-speed Internet access and allows telephone calls and a permanent Internet connection to share a single phone line simultaneously whereas in Dialup connection either Internet connection or telephone call can made at given time.

124) LAN and WAN
A local area network is a computer network covering a small geographic area, like a home, office, or group of buildings

Wide Area Network (WAN) is a computer network that covers a broad area (i.e., any network whose communications links cross metropolitan, regional, or national boundaries). Or, less formally, a network that uses routers and public communications links

125) Microsoft Access
Microsoft Office Access, previously known as Microsoft Access, is a relational database management system from Microsoft.

126) What is RAS?
Remote Access Services (RAS) refers to any combination of hardware and software to enable the remote access to tools or information that typically reside on a network of IT devices.

127) Difference between Client Mail and Web Mail?
Email clients download your emails onto your computer. Using a specialized email program such as Outlook Express or Apple Mail has the advantage of giving you complete control over your email; every email you receive is placed on your computer and you can keep as many large file attachments as you want.
Checking your email through our webmail is similar to using Hotmail or Yahoo! Mail. You never actually copy your messages to your computer; in fact, you are looking at them through your web browser on somebody else”s computer. When you are not online, you are not able to see your email.

128) RAM and ROM
random access memory, a type of computer memory that can be accessed randomly; that is, any byte of memory can be accessed without touching the preceding bytes. RAM is the most common type of memory found in computers and other devices, such as printers.

Pronounced rahm, acronym for read-only memory, computer memory on which data has been prerecorded. Once data has been written onto a ROM chip, it cannot be removed and can only be read. Unlike main memory (RAM), ROM retains its contents even when the computer is turned off. ROM is referred to as being nonvolatile, whereas RAM is volatile.

129) Spamguard
Spam Guard is an Outlook add-in that filters email that arrives in your inbox. If the sender of any message cannot be identified then the message is moved into a spam quarantine folder. Messages deposited in the spam quarantine folder can be inspected and either deleted or approved at your leisure.

130) Firewall and Antivirus
A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Antivirus is a software program which helps protect a computer against being infected by a virus.

131) DNS
Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they”re easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to

132) IPConfig
IPConfig is a command line tool used to control the network connections on Windows NT/2000/XP machines. There are three main commands: “all”, “release”, and “renew”. IPConfig displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, IPConfig displays the IP address, subnet mask, and default gateway for all adapters.

133) Trace route
Trace route is the program that shows you the route over the network between two systems, listing all the intermediate routers a connection must pass through to get to its destination. It can help you determine why your connections to a given server might be poor, and can often help you figure out where exactly the problem is. It also shows you how systems are connected to each other, letting you see how your ISP connects to the Internet as well as how the target system is connected.

Top 12 Information Security Analyst Interview Questions & Answers

134) Explain what is the role of information security analyst?

From small to large companies role of information security analyst includes

  • Implementing security measures to protect computer systems, data and networks
  • Keep himself up-to-date with on the latest intelligence which includes hackers techniques as well
  • Preventing data loss and service interruptions
  • Testing of data processing system and performing risk assessments
  • Installing various security software like firewalls, data encryption and other security measures
  • Recommending security enhancements and purchases
  • Planning, testing and implementing network disaster plans
  • Staff training on information and network security procedures

135) Mention what is data leakage? What are the factors that can cause data leakage?

The separation or departing of IP from its intended place of storage is known as data leakage.  The factors that are responsible for data leakage can be

  • Copy of the IP to a less secure system or their personal computer
  • Human error
  • Technology mishaps
  • System misconfiguration
  • A system breach from a hacker
  • A home-grown application developed to interface to the public
  • Inadequate security control for shared documents or drives
  • Corrupt hard-drive
  • Back up are stored in an insecure place

136) List out the steps to successful data loss prevention controls?

  • Create an information risk profile
  • Create an impact severity and response chart
  • Based on severity and channel determine incident response
  • Create an incident workflow diagram
  • Assign roles and responsibilities to the technical administrator, incident analyst, auditor and forensic investigator
  • Develop the technical framework
  • Expand the coverage of DLP controls
  • Append the DLP controls into the rest of the organization
  • Monitor the results of risk reduction

137) Explain what is the 80/20 rule of networking?

80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain local while 20% is routed towards a remote network.

138) Mention what are personal traits you should consider protecting data?

  • Install anti-virus on your system
  • Ensure that your operating system receives an automatic update
  • By downloading latest security updates and cover vulnerabilities
  • Share the password only to the staff to do their job
  • Encrypt any personal data held electronically that would cause damage if it were stolen or lost
  • On a regular interval take back-ups of the information on your computer and store them in a separate place
  • Before disposing off old computers, remove or save all personal information to a secure drive
  • Install anti-spyware tool

139) Mention what is WEP cracking? What are the types of WEP cracking?

WEP cracking is the method of exploiting security vulnerabilities in wireless networks and gaining unauthorized access.  There are basically two types of cracks

  • Active cracking: Until the WEP security has been cracked this type of cracking has no effect on the network traffic.
  • Passive cracking: It is easy to detect compared to passive cracking. This type of attack has increased load effect on the network traffic.

140) List out various WEP cracking tools?

Various tools used for WEP cracking are

  • Aircrack
  • WEPCrack
  • Kismet
  • WebDecrypt

141) Explain what is phishing? How it can be prevented?

Phishing is a technique that deceit people to obtain data from users.  The social engineer tries to impersonate genuine website webpage like yahoo or face-book and will ask the user to enter their password and account ID.

It can be prevented by

  • Having a guard against spam
  • Communicating personal information through secure websites only
  • Download files or attachments in emails from unknown senders
  • Never e-mail financial information
  • Beware of links in e-mails that ask for personal information
  • Ignore entering personal information in a pop-up screen

141) Mention what are web server vulnerabilities?

The common weakness or vulnerabilities that the web server can take an advantage of are

  • Default settings
  • Misconfiguration
  • Bugs in operating system and web servers

142) List out the techniques used to prevent web server attacks?

  • Patch Management
  • Secure installation and configuration of the O.S
  • Safe installation and configuration of the web server software
  • Scanning system vulnerability
  • Anti-virus and firewalls
  • Remote administration disabling
  • Removing of unused and default account
  • Changing of default ports and settings to customs port and settings

143) For security analyst what are the useful certification?

Useful certification for security analyst are

  • Security Essentials (GSEC): It declares that candidate is expert in handling basic security issues- it is the basic certification in security
  • Certified Security Leadership: It declares the certification of management abilities and the skills that is required to lead the security team
  • Certified Forensic Analyst: It certifies the ability of an individual to conduct formal incident investigation and manage advanced incident handling scenarios including external and internal data breach intrusions
  • Certified Firewall Analyst: It declares that the individual has proficiency in skills and abilities to design, monitor and configure routers, firewalls and perimeter defense systems

144) How can an institute or a company can safeguard himself from SQL injection?

An organization can rely on following methods to guard themselves against SQL injection

  • Sanitize user input: User input should be never trusted it must be sanitized before it is used
  • Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
  • Regular expressions: Detecting and dumping harmful code before executing SQL statements
  • Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database
  • Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.

Top 25 Ethical hacking Interview Questions


145) Explain what is Ethical Hacking?

Ethical Hacking is when a person is allowed to hacks the system with the permission of the product owner to find weakness in a system and later fix them.

146) What is the difference between IP address and Mac address?

IP address: To every device IP address is assigned, so that device can be located on the network.  In other words IP address is like your postal address, where anyone who knows your postal address can send you a letter.

MAC (Machine Access Control) address: A MAC address is a unique serial number assigned to every network interface on every device.  Mac address is like your physical mail box, only your postal carrier (network router) can identify it and you can change it by getting a new mailbox (network card) at any time and slapping your name  (IP address) on it.

147) List out some of the common tools used by Ethical hackers?

  • Meta Sploit
  • Wire Shark
  • NMAP
  • John The Ripper
  • Maltego

148) What are the types of ethical hackers?

The types of ethical hackers are

  • Grey Box hackers or Cyberwarrior
  • Black Box penetration Testers
  • White Box penetration Testers
  • Certified Ethical hacker

149) What is footprinting in ethical hacking? What is the techniques used for footprinting?

Footprinting refers accumulating and uncovering as much as information about the target network before gaining access into any network. The approach adopted by hackers before hacking

  • Open Source Footprinting : It will look for the contact information of administrators that will be used in guessing the password in Social engineering
  • Network Enumeration : The hacker tries to identify the domain names and the network blocks of the target network
  • Scanning : Once the network is known, the second step is to spy the active IP addresses on the network.  For identifying active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses
  • Stack Fingerprinting : Once the hosts and port have been mapped by scanning the network, the final footprinting step can be performed.  This is called Stack fingerprinting.

150) Explain what is Brute Force Hack?

Brute force hack is a technique for hacking password and get access to system and network resources, it takes much time, it needs a hacker to learn about JavaScripts.  For this purpose, one can use tool name “Hydra”.

151) Explain what is DOS (Denial of service) attack? What are the common forms of DOS attack?

Denial of Service, is a malicious attack on network that is done by flooding the network with useless traffic.  Although, DOS does not cause any theft of information or security breach, it can cost the website owner a great deal of money and time.

  • Buffer Overflow Attacks
  • SYN Attack
  • Teardrop Attack
  • Smurf Attack
  • Viruses

152) Explain what is SQL injection?

SQL is one of the technique used to steal data from organizations, it is a fault created in the application code.  SQL injection happens when you inject the content into a SQL query string and the result mode content into a SQL query string, and the result modifies the syntax of your query in ways you did not intend

153) What are the types of computer based social engineering attacks? Explain what is Phishing?

Computer based social engineering attacks are

  • Phishing
  • Baiting
  • On-line scams

Phishing technique involves sending false e-mails, chats or website to impersonate real system with aim of stealing information from original website.

154) Explain what is Network Sniffing?

A network sniffer monitors data flowing over computer network links. By allowing you to capture and view the packet level data on your network, sniffer tool can help you to locate network problems. Sniffers can be used for both stealing information off a network and also for legitimate network management.

155) Explain what is ARP Spoofing or ARP poisoning?

ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and attacks an internet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets.

156) How you can avoid or prevent ARP poisoning?

ARP poisoning can be prevented by following methods

  • Packet Filtering : Packet filters are capable for filtering out and blocking packets with conflicting source address information
  • Avoid trust relationship : Organization should develop protocol that rely on trust relationship as little as possible
  • Use ARP spoofing detection software : There are programs that inspects and certifies data before it is transmitted and blocks data that is spoofed
  • Use cryptographic network protocols : By using secure communications protocols like TLS, SSH, HTTP secure prevents ARP spoofing attack by encrypting data prior to transmission and authenticating data when it is received

157) What is Mac Flooding?

Mac Flooding is a technique where the security of given network switch is compromised. In Mac flooding the hacker or attacker floods the switch with large number of frames, then what a switch can handle. This make switch behaving as a hub and transmits all packets at all the ports. Taking the advantage of this the attacker will try to send his packet inside the network to steal the sensitive information.

158) Explain what is DHCP Rogue Server?

A Rogue DHCP server is DHCP server on a network which is not under the control of administration of network staff. Rogue DHCP Server can be a router or modem.  It will offer users IP addresses , default gateway, WINS servers as soon as user’s logged in.  Rogue server can sniff into all the traffic sent by client to all other networks.

159) Explain what is Cross-site scripting and what are the types of Cross site scripting?

Cross site scripting is done by using the known vulnerabilities like web based applications, their servers or plug-ins users rely upon.  Exploiting one of these by inserting malicious coding into a link which appears to be a trustworthy source.  When users click on this link the malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing attacker to steal information.

There are three types of Cross-site scripting

  • Non-persistent
  • Persistent
  • Server side versus DOM based vulnerabilities

160) Explain what is Burp Suite, what are the tools it consist of?

Burp suite is an integrated platform used for attacking web applications. It consists of all the Burp tools required for attacking an application.  Burp Suite tool has same approach for attacking web applications like framework for handling HTTP request, upstream proxies, alerting, logging and so on.

The tools that Burp Suite has

  • Proxy
  • Spider
  • Scanner
  • Intruder
  • Repeater
  • Decoder
  • Comparer
  • Sequencer

161) Explain what is Pharming and Defacement?

  • Pharming: In this technique the attacker compromises the DNS ( Domain Name System) servers or on the user computer so that traffic is directed to a malicious site
  • Defacement: In this technique the attacker replaces the organization website with a different page.  It contains the hackers name, images and may even include messages and background music

162) Explain how you can stop your website getting hacked?

By adapting following method you can stop your website from getting hacked

  • Sanitizing and Validating users parameters: By Sanitizing and Validating user parameters before submitting them to the database can reduce the chances of being attacked by SQL injection
  • Using Firewall: Firewall can be used to drop traffic from suspicious IP address if attack is a simple DOS
  • Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of the cookies, associating cookies with the client IP address and timing out the cookies after some time
  • Validating and Verifying user input : This approach is ready to prevent form tempering by verifying and validating the user input before processing it
  • Validating and Sanitizing headers :  This techniques is useful against cross site scripting or XSS, this technique includes validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values to reduce XSS attacks

163) Explain what is Keylogger Trojan?

Keylogger Trojan is malicious software that can monitor your keystroke, logging them to a file and sending them off to remote attackers.  When the desired behaviour is observed, it will record the keystroke and captures your login username and password.

164) Explain what is Enumeration?

The process of extracting machine name, user names, network resources, shares and services from a system. Under Intranet environment enumeration techniques are conducted.

165) Explain what is NTP?

To synchronize clocks of networked computers, NTP (Network Time Protocol) is used.  For its primary means of communication UDP port 123 is used.  Over the public internet NTP can maintain time to within 10 milliseconds

166) Explain what is MIB?

MIB ( Management Information Base ) is a virtual database.  It contains all the formal description about the network objects that can be managed using SNMP.  The MIB database is hierarchical and in MIB each managed objects is addressed through object identifiers (OID).

167) Mention what are the types of password cracking techniques?

The types of password cracking technique includes

  • AttackBrute Forcing
  • AttacksHybrid
  • AttackSyllable
  • AttackRule

168) Explain what are the types of hacking stages?

The types of hacking stages are

  • Gaining AccessEscalating
  • PrivilegesExecuting
  • ApplicationsHiding
  • FilesCovering Tracks

169) Explain what is CSRF (Cross Site Request Forgery)? How you can prevent this?

CSRF or Cross site request forgery is an attack from a malicious website that will send a request to a web application that a user is already authenticated against from a different website. To prevent CSRF you can append unpredictable challenge token to each request and associate them with user’s session.  It will ensure the developer that the request received is from a valid source.


Top 50 Network Administrator & Security Interview Questions Divided Using Layers


Level 1- The User

For most people growing up in a certain time period, networks seemed like a magical thing. All of a sudden things that had been completely isolated could see each other- communicate with each other- and thus interact with each other. In the late 90s and early 2000s, the LAN party was an art form. Being able to bring together people across a wide variety of backgrounds to a place that they all shared a common goal: to blow up pixels. Quite a number of dedicated locations were built for this purpose, and many of them still exist to this day. For me however, the ability to bring your own system over to somebody else’s house and create a network from nothing was amazing. Network cables strewn across the house, tvs and monitors in every possible corner, cheering and trash talk echoing from room to room- it was truly rewarding if you could make it work. Thus it became more important to learn more about troubleshooting systems, getting them to talk to each other across common protocols, watching as all of a sudden instead of a collection of noisy arguing computers, you had a cohesive network. Everyone starts as a User- having a need to learn more about networks, and something pushing them to discover what’s needed to make that work. Regardless of whether that need was a specific application such as Starcraft or Halo, or more important concepts such as sharing company files and hardware, at the beginning there is a spark that says “How do I make this work?”

1- What is the difference between a hub and a switch?

At first glance it may be difficult to judge the difference between a hub and a switch since both look roughly the same. They both have a large number of potential connections and are used for the same basic purpose- to create a network. However the biggest difference is not on the outside, but on the inside in the way that they handle connections. In the case of a hub, it broadcasts all data to every port. This can make for serious security and reliability concerns, as well as cause a number of collisions to occur on the network. Old style hubs and present-day wireless access points use this technique. Switches on the other hand create connections dynamically, so that usually only the requesting port can receive the information destined for it. An exception to this rule is that if the switch has its maintenance port turned on for an NIDS implementation, it may copy all data going across the switch to a particular port in order to scan it for problems. The easiest way to make sense of it all is by thinking about it in the case of old style phone connections. A hub would be a ‘party line’ where everybody is talking all at the same time. It is possible to transmit on such a system, but it can be very hectic and potentially release information to people that you don’t want to have access to it. A switch on the other hand is like a phone operator- creating connections between ports on an as-needed basis.

2- What is HTTP and what port does it use?

HTTP or HyperText Transfer Protocol, is the main protocol responsible for shiny content on the Web. Most webpages still use this protocol to transmit their basic website content and allows for the display and navigation of ‘hypertext’ or links. While HTTP can use a number of different carrier protocols to go from system to system, the primary protocol and port used is TCP port 80.

3- What is HTTPS and what port does it use?

HTTPS or Secure HTTP (Not to be confused with SHTTP, which is an unrelated protocol), is HTTP’s big brother. Designed to be able to be used for identity verification, HTTPS uses SSL certificates to be able to verify that the server you are connecting to is the one that it says it is. While there is some encryption capability of HTTPS, it is usually deemed not enough and further encryption methods are desired whenever possible. HTTPS traffic goes over TCP port 443.

CCNA Resources Salary

4- What is FTP and what port does it use?

FTP or File Transfer Protocol, is one of the big legacy protocols that probably should be retired. FTP is primarily designed for large file transfers, with the capability of resuming downloads if they are interrupted. Access to an FTP server can be accomplished using two different techniques: Anonymous access and Standard Login. Both of these are basically the same, except Anonymous access does not require an active user login while a Standard Login does. Here’s where the big problem with FTP lies however- the credentials of the user are transmitted in cleartext which means that anybody listening on the wire could sniff the credentials extremely easily. Two competing implementations of FTP that take care this issue are SFTP (FTP over SSH) and FTPS (FTP with SSL). FTP uses TCP ports 20 and 21.

5- What is SSH and what port does it use?

SSH or Secure Shell is most well known by Linux users, but has a great deal that it can be used for. SSH is designed to create a secure tunnel between devices, whether that be systems, switches, thermostats, toasters, etc. SSH also has a unique ability to tunnel other programs through it, similar in concept to a VPN so even insecure programs or programs running across unsecure connections can be used in a secure state if configured correctly. SSH runs over TCP port 22.

6- What is DHCP?

Dynamic Host Configuration Protocol is the default way for connecting up to a network. The implementation varies across Operating Systems, but the simple explanation is that there is a server on the network that hands out IP addresses when requested. Upon connecting to a network, a DHCP request will be sent out from a new member system. The DHCP server will respond and issue an address lease for a varying amount of time. If the system connects to another network, it will be issued a new address by that server but if it re-connects to the original network before the lease is up- it will be re-issued that same address that it had before. To illustrate this point, say you have your phone set to wifi at your home. It will pick up a DHCP address from your router, before you head to work and connect to your corporate network. It will be issued a new address by your DHCP server before you go to starbucks for your mid-morning coffee where you’ll get another address there, then at the local restaurant where you get lunch, then at the grocery store, and so on and so on.

7- What is TCP?

Even if you don’t recognize anything else on this list, you like have heard of TCP/IP before. Contrary to popular believe, TCP/IP is not actually a protocol, but rather TCP is a member of the IP protocol suite. TCP stands for Transmission Control Protocol and is one of the big big mindbogglingly massively used protocols in use today. Almost every major protocol that we use on a daily basis- HTTP, FTP and SSH among a large list of others- utilizes TCP. The big benefit to TCP is that it has to establish the connection on both ends before any data begins to flow. It is also able to sync up this data flow so that if packets arrive out of order, the receiving system is able to figure out what the puzzle of packets is supposed to look like- that this packet goes before this one, this one goes here, this one doesn’t belong at all and looks sort of like a fish, etc. Because the list of ports for TCP is so massive, charts are commonplace to show what uses what, and Wikipedia’s which can be found here is excellent for a desk reference.

8- What is UDP?

The twin to TCP is UDP- User Datagram Protocol. Where TCP has a lot of additional under-the-hood features to make sure that everybody stays on the same page, UDP can broadcast ‘into the dark’- not really caring if somebody on the other end is listening (and thus is often called a ‘connectionless’ protocol). As a result, the extra heavy lifting that TCP needs to do in order to create and maintain its connection isn’t required so UDP oftentimes has a faster transmission speed than TCP. An easy way to picture the differences between these two protocols is like this: TCP is like a CB radio, the person transmitting is always waiting for confirmation from the person on the other end that they received the message. UDP on the other hand is like a standard television broadcast signal. The transmitter doesn’t know or care about the person on the other end, all it does care about is that its signal is going out correctly. UDP is used primarily for ‘small’ bursts of information such as DNS requests where speed matters above nearly everything else. The above listing for TCP also contains counterparts for UDP, so it can be used as a reference for both.

9- What is ICMP?

ICMP is the Internet Control Message Protocol. Most users will recognize the name through the use of tools such as ping and traceroute, as this is the protocol that these services run over among other things. Its primary purpose is to tell systems when they are trying to connect remotely if the other end is available. Like TCP and UDP, it is a part of the IP suite and uses IP port number 1. Please note, this is not TCP port 1 or UDP port 1 as this is a different numbering scheme that for reference can be located here (For your reference, TCP uses IP port 6, while UDP uses IP port 17). That being said, different functions of ICMP use specific ports on TCP and UDP. For example, the ‘echo’ portion of ping (the part where someone else is able to ping you) uses TCP port 7.

10- What are IP Classes?

For the IP address that most people are familiar with (IPv4), there are 4 sets (octets) of numbers, each with values of up to 255. You likely have run into this when troubleshooting a router or a DHCP server, when they are giving out addresses in a particular range- usually 192.x or 10.x in the case of a home or commercial network. IP classes are primarily differentiated by the number of potential hosts they can support on a single network. The more networks supported on a given IP class, the fewer addresses are available for each network. Class A networks run up to 127.x.x.x (with the exception of, which is reserved for loopback or localhost connections). These networks are usually reserved for the very largest of customers, or some of the original members of the Internet and xkcd has an excellent map (albeit a bit dated) located here showing who officially owns what. Class B (128.x to 191.x) and Class C (192.x to 223.x) networks are much more fuzzy at the top level about who officially owns them. Class C addresses are primarily reserved for in-house networks which is as we mentioned above why so many different manufacturers use 192.x as their default setting. Class D and E are reserved for special uses and normally are not required knowledge.

Level 2- The Cowboy

Like any frontier, there is a different kind of law on the network. Discovering a new untapped area can lead to a wealth of information, experience, profit and prosperity while it can also lead to corruption, abuse and tyranny. At this stage, everything is wide open and wonderous- a joy to explore and poke around in, but also extremely dangerous. There is very little in the way of defending yourself, and if you are caught unawares going into a dark corner of the web you could leave with far more than you bargained for- this usually doesn’t involve a movie contract unfortunately.

11- What is DNS?

In plain English, DNS is the Internet’s phone book. The Domain Name System is what makes it possible to only have to remember something like “cnn.com” instead of (at this particular moment) “”. IP address change all the time however, although less so for mega-level servers. Human friendly names allow users to remember a something much easier and less likely to change frequently, and DNS makes it possible to map to those new addresses under the hood. If you were to look in a standard phone book and you know the name of the person or business you’re looking for, it will then show you the number for that person. DNS servers do exactly the same thing but with updates on a daily or hourly basis. The tiered nature of DNS also makes it possible to have repeat queries responded to very quickly, although it may take a few moments to discover where a brand new address is that you haven’t been to before. From your home, say that you wanted to go to the InfoSec Institute’s home page. You know the address for it, so you punch it in and wait. Your computer will first talk to your local DNS server (likely your home router) to see if it knows where it is. If it doesn’t know, it will talk to your ISP’s DNS server and ask it if it knows. If the ISP doesn’t know, it will keep going up the chain asking questions until it reaches one of the 13 Root DNS Servers. The responding DNS server will send the appropriate address back down the pipe, caching it in each location as it does so to make any repeat requests much faster.

12- What is IPX?

If you did any multiplayer PC gaming in the 90s and early 2000s, you likely knew of the IPX protocol as ‘the one that actually works’. IPX or Internetwork Packet Exchange was an extremely lightweight protocol, which as a result for the limits of computers of the age was a very good thing. A competitor to TCP/IP, it functions very well in small networks and didn’t require elements like DHCP and required little to no configuration, but does not scale well for applications like the Internet. As a result, it fell by the wayside and is now not a required protocol for most elements.

13- What is Bonjour?

Although you may never have heard of this program, but if you have ever dealt with Apple devices you’ve seen its effects. Bonjour is one of the programs that come bundled with nearly every piece of Apple software (most notably iTunes) that handles a lot of its automatic discovery techniques. Best described as a hybrid of IPX and DNS, Bonjour discovers broadcasting objects on the network by using mDNS (multicast DNS) with little to no configuration required. Many admins will deliberately disable this service in a corporate environment due to potential security issues, however in a home environment it can be left up to the user to decide if the risk is worth the convenience.

14- What is Appletalk?

While we’re on the subject of Apple, Appletalk is a protocol developed by Apple to handle networking with little to no configuration (you may be sensing a pattern here). It reached its peak in the late 80s and early 90s, but there are still some devices that utilize this protocol. Most of its core technology has been moved over to Bonjour, while UPnP (Universal Plug and Play) has picked up on its ideology and moved the concept forward across many different hardware and software packages.

15- What is a Firewall?

A Firewall put simply keeps stuff from here talking to stuff over there. Firewalls exist in many different possible configurations with both hardware and software options as well as network and host varieties. Most of the general user base had their first introduction to Firewalls when Windows XP SP2 came along with Windows Firewall installed. This came with a lot of headaches, but to Microsoft’s credit it did a lot of good things. Over the years it has improved a great deal and while there are still many options that go above and beyond what it does, what Windows Firewall accomplishes it does very well. Enhanced server-grade versions have been released as well, and have a great deal of customization available to the admin.

16- What is a Proxy Server?

Similar to how a DNS server caches the addresses of accessed websites, a proxy server caches the contents of those websites and handles the heavy lifting of access and retrieval for users. Proxy servers can also maintain a list of blacklisted and whitelisted websites so as to prevent users from getting easily preventable infections. Depending on the intentions of the company, Proxy servers can also be used for monitoring web activity by users to make sure that sensitive information is not leaving the building. Proxy servers also exist as Web Proxy servers, allowing users to either not reveal their true access point to websites they are accessing and/or getting around region blocking.

17- What are Services?

Services are programs that run in the background based on a particular system status such as startup. Services exist across nearly all modern operating systems, although vary in their naming conventions depending on the OS- for example, services are referred to as daemons in Unix/Linux-type operating systems. Services also have the ability to set up actions to be done if the program stops or is closed down. In this way, they can be configured to remain running at all times.

18- What is a subnet mask?

A subnet mask tells the network how big it is. When an address is inside the mask, it will be handled internally as a part of the local network. When it is outside, it will be handled differently as it is not part of the local network. The proper use and calculation of a subnet mask can be a great benefit when designing a network as well as for gauging future growth.

19- What are and localhost?

Being able to ping out to a server and see if its responding is a great way to troubleshoot connectivity issues. But what if you’re not able to ping ANY server? Does that mean that your entire network is down? Does it mean that your network cable needs to be replaced? Does it mean that your network card is going bad? Or could it possibly be that sunspots, magnets, aliens and the Men In Black are all conspiring against you? The answers to these questions could be very difficult, but at the very least you can rule out if your network card is going bad. is the loopback connection on your network interface card (NIC)- pinging this address will see if it is responding. If the ping is successful, then the hardware is good. If it isn’t, then you might have some maintenance in your future. and localhost mean the same thing as far as most functions are concerned, however be careful when using them in situations like web programming as browsers can treat them very differently.

20- What is the difference between a Workgroup and a Domain?

A workgroup is a collection of systems each with their own rules and local user logins tied to that particular system. A Domain is a collection of systems with a centralized authentication server that tells them what the rules are. While workgroups work effectively in small numbers, once you pass a relatively low threshold (usually anything more than say 5 systems), it becomes increasingly difficult to manage permissions and sharing effectively. To put this another way, a workgroup is very similar to a P2P network- each member is its own island and chooses what it decides to share with the rest of the network. Domains on the other hand are much more like a standard client/server relationship- the individual members of the domain connect to a central server which handles the heavy lifting and standardization of sharing and access permissions.

Level 3- The Navigator

By now you’ve gotten quite a bit of virtual dust under your boots and have mapped out ‘safe zones’ that you frequent. You also have gotten used to the idea of being able have a safe zone in your home network and mapped out the lay of the land that falls under your domain. As a result, it now falls to you to help guide new arrivals around your resources, and make recommendations for those trying to traverse the wilderness of the Web. There are safe harbors and there are bandit territories, pirates and police, settlers and rustlers- and knowing which is which is a survival skill that must be mastered quickly. Otherwise you could end up making friends with a very nice Nigerian Prince, that oh so badly needs to find a partner in <insert country name here> and just needs some good faith collateral along with your bank account numbers, social security number, mother’s maiden name, her account numbers, etc.

21- How does Tracert work and what protocol does it use?

Tracert or traceroute depending on the operating system allows you to see exactly what routers you touch as you move along the chain of connections to your final destination. If you end up with a problem where you can’t connect or can’t ping your final destination, a tracert can help in that regard as you can tell exactly where the chain of connections stop. With this information, you can contact the correct people- whether it be your own firewall, your ISP, your destination’s ISP or somewhere in the middle. Tracert, like ping, uses the ICMP protocol but also has the ability to use the first step of the TCP three-way handshake to send out SYN requests for a response.

22- What is Two-Factor Authentication?

The three basic ways to authenticate someone are: something they know (password), something they have (token), and something they are (biometrics). Two-factor authentication is a combination of two of these methods, oftentimes using a password and token setup, although in some cases this can be a PIN and thumbprint.

23- What is an IDS?

An IDS is an Intrusion Detection System with two basic variations: Host Intrusion Detection Systems and Network Intrusion Detection Systems. An HIDS runs as a background utility in the same as an anti-virus program for instance, while a Network Intrusion Detection System sniffs packets as they go across the network looking for things that aren’t quite ordinary. Both systems have two basic variants- signature based and anomaly based. Signature based is very much like an anti-virus system, looking for known values of known ‘bad things’ while anomaly looks more for network traffic that doesn’t fit the usual pattern of the network. This requires a bit more time to get a good baseline, but in the long term can be better on the uptake for custom attacks.

24- What are the main differences between Windows Home, Windows Pro and Windows Server?

If you were to ask a Microsoft Sales Rep this question, they would no doubt have hundreds of tweaks and performance boosts from system to system. In reality however there are two main differences between the Windows Home edition and Windows Professional: Joining a domain and built-in encryption. Both features are active in Professional only, as joining a domain is nearly a mandatory requirement for businesses. EFS (Encrypted File System) in and its successor Bitlocker are both also only present in Pro. While there are workarounds for both of these items, they do present a nice quality-of-life boost as well as allow easier standardization across multiple systems. That being said, the jump from Windows Pro to Windows Server is a monumental paradigm shift. While we could go through all of the bells and whistles of what makes Windows Server…Windows Server, it can be summed up very briefly as this: Windows Home and Pro are designed to connect outwards by default and are optimized as such. Windows Server is designed to have other objects connect to it, and as a result it is optimized severely for this purpose. Windows Server 2012 has taken this to a new extreme with being able to perform an installation style very similar to that of a Unix/Linux system with no GUI whatsoever. As a result, they claim that the attack vector of the Operating System has been reduced massively (when installing it in that mode)

25- What is the difference between ifconfig and ipconfig?

ipconfig is one of the primary network connection troubleshooting and information tools available for Windows Operating Systems. It allows the user to see what the current information is, force a release of those settings if set by DHCP, force a new request for a DHCP lease, and clear out the local DNS cache among other functions it is able to handle. ifconfig is a similar utility for Unix/Linux systems that while at first glance seems to be identical, it actually isn’t. It does allow for very quick (and thorough) access to network connection information, it does not allow for the DHCP functions that ipconfig does. These functions in fact are handled by a separate service/daemon called dhcpd.

26- What are the differences between PowerShell, Command Prompt and Bash?

At a very basic level, there really isn’t one. As you progress up the chain however, you start to realize that there actually are a lot of differences in the power available to users (and admins) depending on how much you know about the different interfaces. Each of these utilities is a CLI- Command Line Interface- that allows for direct access to some of the most powerful utilities and settings in their respective operating systems. Command Prompt (cmd) is a Windows utility based very heavily on DOS commands, but has been updated over the years with different options such as long filename support. Bash (short for Bourne-Again Shell) on the other hand is the primary means of managing Unix/Linux operating systems and has a great deal more power than many of its GUI counterparts. Any Windows user that is used to cmd will recognize some of the commands due to the fact that DOS was heavily inspired by Unix and thus many commands have versions that exist in Bash. That being said, they may not be the best ones to use; for example while list contents (dir) exists in Bash, the recommended method would be to use list (ls) as it allows for much easier-to-understand formatting. Powershell, a newer Windows Utility, can be considered a hybrid of these two systems- allowing for the legacy tools of the command prompt with some of the much more powerful scripting functions of Bash.

27- What is root?

If you as a Linux admin “What is root”, you may very well get the response “root, god, what’s the difference?” Essentially root is THE admin, but in a Linux environment it is important to remember that unlike in a Windows environment, you spend very little time in a “privileged” mode. Many Windows programs over the years have required that the user be a local admin in order to function properly and have caused huge security issues as a result. This has changed some over the years, but it can still be difficult to remove all of the programs asking for top level permissions. A Linux user remains as a standard user nearly all the time, and only when necessary do they change their permissions to that of root or the superuser (su). sudo (literally- superuser do …) is the main way used to run one-off commands as root, or it is also possible to temporarily have a root-level bash prompt. UAC (User Account Control) is similar in theme to sudo, and like Windows Firewall can be a pain in the neck but it does do a lot of good. Both programs allow the user to engage higher-level permissions without having to log out of their current user session- a massive time saver.

28- What is telnet?

Also known as the program that can give your admin nightmares, telnet is a very small and versatile utility that allows for connections on nearly any port. Telnet would allow the admin to connect into remote devices and administer them via a command prompt. In many cases this has been replaced by SSH, as telnet transmits its data in cleartext (like ftp). Telnet can and does however get used in cases where the user is trying to see if a program is listening on a particular port, but they want to keep a low profile or if the connection type pre-dates standard network connectivity methods.

29- What are sticky ports?

Sticky ports are one of the network admin’s best friends and worst headaches. They allow you to set up your network so that each port on a switch only permits one (or a number that you specify) computer to connect on that port by locking it to a particular MAC address. If any other computer plugs into that port, the port shuts down and you receive a call that they can’t connect anymore. If you were the one that originally ran all the network connections then this isn’t a big issue, and likewise if it is a predictable pattern then it also isn’t an issue. However if you’re working in a hand-me-down network where chaos is the norm then you might end up spending a while toning out exactly what they are connecting to.

30- Why would you add local users when on a domain machine?

Giving a user as few privileges as possible tends to cause some aggravation by the user, but by the same token it also removes a lot of easily preventable infection vectors. Still, sometimes users need to have local admin rights in order to troubleshoot issues- especially if they’re on the road with a laptop. Therefore, creating a local admin account may sometimes be the most effective way to keep these privileges separate.


Level 4- (You’ve got) The Touch

The Doctor Effect- it always seems like whenever you go to the doctor to have something checked on, you can’t reproduce it. Many times its just bad timing, but other times its because whatever has you sick is so scared of dealing with the doctor that it just vanishes. Admins at this level can make some problems disappear just by walking into a room or touching the box. You are the person that gets called when everything else goes wrong, when the server is melting and when the CEO hasn’t backed up their data in 4 years to light their darkest hour. You may or may not have 80s rock ballads play whenever problems are resolved however.

31- What is ARP?

ARP, or Address Resolution Protocol can be likened to DNS for MAC Addresses. Standard DNS allows for the mapping of human-friendly URLs to IP addresses, while ARP allows for the mapping of IP addresses to MAC addresses. In this way it lets systems go from a regular domain name down to the actual piece of hardware it resides upon.

32- What is EFS?

The Encrypted File System, Microsoft’s built-in file encryption utility has been around for quite some time. Files that have been encrypted in such a way can appear in Windows Explorer with a green tint as opposed to the black of normal files or blue for NTFS compressed files. Files that have been encrypted are tied to the specific user, and it can be difficult to decrypt the file without the user’s assistance. On top of this, if the user loses their password it can become impossible to decrypt the files as the decryption process is tied to the user’s login and password. EFS can only occur on NTFS formatted partitions, and while it is capable of encrypting entire drives it is most often reserved to individual files and folders. For larger purposes, Bitlocker is a better alternative.

33- What is Boot to LAN?

Boot to LAN is most often used when you are doing a fresh install on a system. What you would do is setup a network-based installer capable of network-booting via PXE. Boot to LAN enables this by allowing a pre-boot environment to look for a DHCP server and connect to the broadcasting network installation server. Environments that have very large numbers of systems more often than not have the capability of pushing out images via the network. This reduces the amount of hands-on time that is required on each system, and keeps the installs more consistent.

34- What are Terminal Services?

The ability to remote into servers without having to actually be there is one of the most convenient methods of troubleshooting or running normal functions on a server- Terminal Services allow this capability for admins, but also another key function for standard users: the ability to run standard applications without having to have them installed on their local computers. In this way, all user profiles and applications can be maintained from a single location without having to worry about patch management and hardware failure on multiple systems.

35- What are Shadow Copies?

Shadow copies are a versioning system in place on Windows operating systems. This allows for users to go back to a previously available version of a file without the need for restoring the file from a standard backup- although the specific features of shadow copies vary from version to version of the OS. While it is not necessary to use a backup function in conjunction with Shadow Copies, it is recommended due to the additional stability and reliability it provides. Please note- Shadow Copies are not Delta Files. Delta files allow for easy comparison between versions of files, while Shadow Copies store entire previous versions of the files.

36- Why would you use external media such as Tapes or Hard Disks for Backups?

External Media has been used for backups for a very long time, but has started to fall out of favor in the past few years due to its speed limitations. As capacities continue to climb higher and higher, the amount of time it takes to not only perform a backup but also a restore skyrockets. Tapes have been particularly hit hard in this regard, primarily because they were quite sluggish even before the jump to the terabyte era. Removable hard disks have been able to pick up on this trend however, as capacity and price have given them a solid lead in front of other options. But this takes us back to the question- why use EXTERNAL media? Internal media usually is able to connect faster, and is more reliable correct? Yes and no. While the estimated lifetime of storage devices has been steadily going up, there is always the chance for user error, data corruption, or hiccups on the hard disk. As a result, having regular backups to external media is still one of the best bang-for-buck methods available. Removable hard disks now have the capability to connect very rapidly, even without the use of a dedicated hot-swap drive bay. Through eSATA or USB3, these connections are nearly as fast as if they were plugged directly into the motherboard.

37- What is the difference between RDP and KVM?

RDP or Remote Desktop Protocol is the primary method by which Windows Systems can be remotely accessed for troubleshooting and is a software-driven method. KVM or Keyboard Video and Mouse on the other hand allows for the fast-switching between many different systems, but using the same keyboard, monitor and mouse for all. KVM is usually a hardware-driven system, with a junction box placed between the user and the systems in question- but there are some options that are enhanced by software. KVM also doesn’t require an active network connection, so it can be very useful for using the same setup on multiple networks without having cross-talk.

38- What is the difference between a print server and a network attached printer?

A print server can refer to two different options- an actual server that shares out many different printers from a central administration point, or a small dedicated box that allows a legacy printer to connect to a network jack. A network attached printer on the other hand has a network card built into it, and thus has no need for the latter option. It can still benefit from the former however, as network attached printers are extremely useful in a corporate environment since they do not require the printer to be connected directly to a single user’s system.

39- What is /etc/passwd?

/etc/passwd is the primary file in Unix/Linux operating system that stores information about user accounts and can be read by all users. /etc/shadow many times is used by the operating system instead due to security concerns and increased hashing capabilities. /etc/shadow more often than not is highly restricted to privileged users.

40- What is port forwarding?

When trying to communicate with systems on the inside of a secured network, it can be very difficult to do so from the outside- and with good reason. Therefore, the use of a port forwarding table within the router itself or other connection management device, can allow for specific traffic to be automatically forwarded on to a particular destination. For example, if you had a web server running on your network and you wanted access to be granted to it from the outside, you would setup port forwarding to port 80 on the server in question. This would mean that anyone putting in your IP address in a web browser would be connected up to the server’s website immediately. Please note, this is usually not recommended to allow access to a server from the outside directly into your network.

Level 5- The Guardian


“The Grid. A digital frontier. I tried to picture clusters of information as they moved through the computer. What do they look like? Ships, motorcycles; Were the circuits like freeways?” There comes a point in the career of a Network Admin when you look at the network that you have been administering and troubleshooting and realize that they can visualize every connection into and out of the network. They feel protective of the network by instinct, and want to guard against any unwanted abuse of it. Engineering the perfect system is impossible, but it is sometimes possible to get close. Predicting the needs of your users 3 steps ahead of what they believe they could use, knowing how long particular hardware is going to last, futureproofing for future iterations of the network, the skillset is absolutely massive. Just try not to get sucked in without a way out.

41- Why would you virtualize systems?

Virtual Machines have only recently come into mainstream use, however they have been around under many different names for a long time. With the massive growth of hardware outstripping software requirements, it is now possible to have a server lying dormant 90% of the time while having other older systems at max capacity. Virtualizing those systems would allow the older operating systems to be copied completely and running alongside the server operating system- allowing the use of the newer more reliable hardware without losing any information on the legacy systems. On top of this, it allows for much easier backup solutions as everything is on a single server.

42- Why would you create logon scripts?

Logon scripts are, surprisingly enough, scripts that run at logon time. These are used most times to allow for the continued access to share and device mapping as well as forcing updates and configuration changes. In this way, it allows for one-step modifications if servers get changed, shares get renamed, or printers get switched out for example.

43- What is the difference between Single Mode and Multimode Fiber?

The simple answer is that Multimode is cheaper but can’t transmit as far. Single Mode has a smaller core (the part that handles light) than Multimode, but is better at keeping the light intact. This allows it to travel greater distances and at higher bandwidths than Multimode. The problem is that the requirements for Single Mode are very specific and as a result it usually is more expensive than Multimode. Therefore for applications, you will usually see Multimode in the datacenter with Single Mode for long-haul connections.

44- What does it mean when you receive an NTFS Error: 5?

Error 5 is very common when dealing with files and directories that have very specific permissions. When trying to copy elements from areas that have restricted permissions, or when trying to copy files to an area that has restricted permissions, you may get this error which basically means “Access denied”. Checking out permissions, making sure that you have the appropriate permissions to both the source and destination locations, and making yourself the owner of those files can help to resolve this issue. Just remember that if you are not intended to be able to view these files to return the permissions back to normal once you are finished.

45- What are 755 and 644 Unix/Linux Permissions?

Unix/Linux permissions operate on much simpler methodology than Windows does, but as a result when you’re trying to figure out how they work it can feel like you’ve been hit by a slice of lemon wrapped around a large gold brick: It should be simple, but the way you’re used to is incompatible with what you are trying to do so it makes your brain hurt. Linux permissions are normally visible using the following scale: d | rwx | rwx | rwx. This stretch of characters actually represents four distinct sections of binary switches- directory, owner, group, other. The first value (d)- asks ‘is this a directory’, while the next group (rwx) represents what permissions the owner of the file has- read (r), write (w), and execute (x). The next set of values (rwx), represent what members of the group can do for the same permissions- read, write and execute. The final set (rwx), say what everybody else can do for those same permissions. Fairly straightforward, but where do the 755 and 644 values come into play? These actually are the real-world simplified values the permission scale listed above. For example, when reading permissions with the value of drwxr-xr-x, it would mean that it is a directory, the owner has full permissions, and while everybody else can read and execute, nobody else can write to it. So if we were to look at this as a basic yes/no (1/0) system, we would see something like this:

rwx rwx rwx
111 101 101

So now we have binary values for each of these fields- 1 for yes, 0 for no. Now what do we do with them? We can actually calculate out the values based on what we see here, based on binary.

0000 = 0
0001 = 1
0010 = 2
0011 = 3
0100 = 4
0101 = 5
0110 = 6
0111 = 7

rwx rwx rwx
111 101 101
7 5 5

This would give us 755 as shorthand for owner read, write and execute, and everybody else is read and execute. Let’s try this again with the 644 values. Let’s work out the following string: rw-r–r–:

rwx rwx rwx
110 100 100
6 4 4

This would give us 644 as shorthand for owner read and write, with everybody else read-only.

46- Why is it easier to maintain permissions via groups instead of individually?

As you can see from the demonstration up above, if you try to work out permissions for every single person in your organization individually you can give yourself a migraine pretty quickly. Therefore, trying to simplify permissions but keep them strong is critical to administering a large network. Groups allow users to be pooled by their need to know and need to access particular information. In this way, it allows the administrator to set the permissions once- for the group- then add users to that group. When modifications to permissions need to be made, its one change that affects all members of that group.

47- What is the difference between a Forest, a Tree, and a Domain?

When you’re working in Active Directory, you see a tree-type structure going down through various organizational units (OU’s). The easiest way to explain this is to run through a hypothetical example.

Say that we had a location reporting for CNN that dealt with nothing but the Detroit Lions. So we would setup a location with a single domain, and computers for each of our users. This would mean starting at the bottom: OU’s containing the users, groups and computers are at the lowest level of this structure. A Domain is a collection of these OU’s as well as the policies and other rules governing them. So we could call this domain ‘CNNDetroitLions”. A single domain can cover a wide area and include multiple physical sites, but sometimes you need to go bigger.

A tree is a collection of domains bundled together by a common domain trunk, rules, and structure. If CNN decided to combine all of its football team sites together in a common group, so that its football sports reporters could go from one location to the next without a lot of problems, then that would be a tree. So then our domain could be joined up into a tree called ‘football’, and then the domain would be ‘CNNDetroitLions.football’ while another site could be called ‘CNNChicagoBears.football’.

Sometimes you still need to go bigger still, where a collection of trees is bundled together into a Forest. Say CNN saw that this was working great and wanted to bring together all of its reporters under a single unit- any reporter could login to any CNN controlled site and call this Forest ‘cnn.com’ So then our domain would become ‘CNNDetroitLions.football.cnn.com’ with another member of this same Forest could be called ‘CNNNewYorkYankees.baseball.cnn.com’, while yet another member could be ‘CNNLasVegas.poker.cnn.com’. Typically the larger an organization, the more complicated it becomes to administer, and when you get to something as large as this it becomes exponentially more difficult to police.

48- What are the differences between Local, Global and Universal Groups?

Microsoft themselves answer very succinctly here.

“A domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. You can give domain local security groups rights and permissions on resources that reside only in the same domain where the domain local group is located.

A global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those locations, you can give a global group rights and permissions and the global group can become a member of local groups. However, a global group can contain user accounts that are only from its own domain.

A universal group is a security or distribution group that contains users, groups, and computers from any domain in its forest as members. You can give universal security groups rights and permissions on resources in any domain in the forest. Universal groups are not supported.”

49- What are Strong Password Requirements?

An excellent guide to password strength can be found on Wikipedia’s password strength entry located here.

  • “Use a minimum password length of 12 to 14 characters if permitted.
  • Include lowercase and uppercase alphabetic characters, numbers and symbols if permitted.
  • Generate passwords randomly where feasible.
  • Avoid using the same password twice (eg. across multiple user accounts and/or software systems).
  • Avoid character repetition, keyboard patterns, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past) and biographical information (e.g. ID numbers, ancestors’ names or dates).
  • Avoid using information that is or might become publicly associated with the user or the account.
  • Avoid using information that the user’s colleagues and/or acquaintances might know to be associated with the user.
  • Do not use passwords which consist wholly of any simple combination of the aforementioned weak components.”

50- What is SNMP?

SNMP is the “Simple Network Management Protocol”. Most systems and devices on a network are able to tell when they are having issues and present them to the user through either prompts or displays directly on the device. For administrators unfortunately, it can be difficult to tell when there is a problem unless the user calls them over. On devices that have SNMP enabled however, this information can be broadcast and picked up by programs that know what to look for. In this way, reports can be run based on the current status of the network, find out what patches are current not installed, if a printer is jammed, etc. In large networks this is a requirement, but in any size network it can serve as a resource to see how the network is fairing and give a baseline of what its current health is.


Duration: 45 Days

Support: 24x7

Video: Yes

Cyber security Certified Professional