CSRF (Cross-Site Request Forgery) is a security vulnerability where an attacker tricks an authenticated user into performing unintended actions on a web application. This document also discusses other cybersecurity concepts including XSS (Cross-Site Scripting), IOC (Indicators of Compromise), and differences between security measures like antivirus versus EDR, and firewalls versus intrusion prevention systems. It covers various topics related to cybersecurity, such as misconfigurations, web application firewalls, and network protocols, to enhance organizational security.

2. What is CSRF?
CSRF stands for Cross-Site Request Forgery. It is a type of
security vulnerability that occurs when an attacker tricks a victim into
performing an unwanted action on a website or web application in
which the victim is authenticated. The attack takes advantage of the
trust a website has in the authenticated user's browser
01

3. What is CSRF?
Website
Website Visitor
01

4. Difference between XSS and CSRF?
XSS (Cross-Site Scripting) and CSRF (Cross-Site Request
Forgery) are both common web application vulnerabilities, but they
differ in their nature and the risks they pose
02

5. Difference between XSS and CSRF?
02
XSS is a vulnerability that occurs when
an attacker injects malicious scripts into
a trusted website, which is then
executed by the user's browser. This
can happen when the website does not
properly validate or sanitize user input.
The injected scripts can be used to
steal sensitive information, such as
login credentials or
session cookies
XSS
CSRF is a type of attack where an
attacker tricks a user's browser into
making unintended and unauthorized
requests to a website. This attack relies
on the fact that many websites use
cookies or other mechanisms for
session management, and these
cookies are automatically sent with
every request made to the website
CSRF

6. Is XSS Client Side Attack or Server Side Attack?
The XSS (Cross-Site Scripting) attack can occur on the client side,
which means it targets vulnerabilities in the user's web browser or
the client application. This type of attack takes advantage of security
weaknesses in the client-side code, allowing an attacker to inject
malicious scripts into a trusted website or web application
03

7. Is XSS Client Side Attack or Server Side Attack?
It's important to note that while XSS attacks primarily target the
client side, they can have significant consequences on the server
side as well. The injected script may interact with the server or
exploit vulnerabilities in the server-side code to perform actions on
behalf of the attacker
03

8. What is IOC?
In cybersecurity, IOC stands for Indicators of Compromise. These
are pieces of evidence or artifacts that suggest the presence of
malicious activity or a security breach within a system or network.
IOCs are used to identify, detect, and respond to potential security
incidents.
04

9. What is IOC?
When organizations collect and analyze IOCs, they can proactively
detect and respond to security incidents. By monitoring for these
indicators, security teams can identify potential threats, investigate
the scope of an attack, and take appropriate measures to mitigate
the risks
04
File-based IOCs
Network-based IOCs
Behavioral IOCs
Registry or System
Configuration IOCs
Threat Intelligence IOCs

10. Can you explain the difference between Antivirus and EDR
in Cyber Security?
Antivirus and Endpoint Detection and Response (EDR) are both
important components in cybersecurity, but they serve different
purposes
05

11. Can you explain the difference between Antivirus and EDR
in Cyber Security?
05
• Antivirus, also known as anti-malware
software, is designed to detect, prevent, and
remove known types of malicious software,
such as viruses, worms, Trojans, and
ransomware
• It relies on signature-based detection, where it
compares the code patterns of files or
programs against a database of known
malware signatures
Antivirus
• EDR goes beyond traditional antivirus
solutions by providing real-time monitoring,
detection, and response capabilities at the
endpoint level
• EDR solutions are designed to detect and
respond to sophisticated and advanced threats
that may evade traditional antivirus software
EDR

12. Can you explain the difference between IPS and a Firewall
in cybersecurity?
An IPS (Intrusion Prevention System) and a Firewall are two
distinct but complementary security mechanisms
06

13. Can you explain the difference between IPS and a Firewall
in cybersecurity?
06
A firewall acts as a barrier between an internal
network and external networks, typically the
internet
Its primary function is to enforce access controls
and permit or deny network traffic based on
factors such as IP addresses, ports, protocols,
and application types
Firewall
An IPS is designed to detect and prevent
network-based attacks. It goes beyond the basic
access control functions of a firewall
It can detect and block unauthorized access
attempts, malware, network intrusions, and other
malicious activities
IPS

14. What is Security Misconfiguration?
Security Misconfiguration refers to the improper or insecure
configuration of systems, software, applications, or network
components that can lead to potential security vulnerabilities. It
occurs when security settings, permissions, or configurations are not
appropriately defined or implemented, leaving systems and data
exposed to potential attacks or unauthorized access
07

15. What is Security Misconfiguration?
Security Misconfiguration can take various forms, such as using
default or weak passwords, leaving unnecessary services or ports
open, not applying necessary security patches or updates,
misconfiguring access controls, or failing to implement secure
communication protocols. These misconfigurations can provide
attackers with entry points into a system, allowing them to exploit
vulnerabilities, gain unauthorized access, or carry out malicious
activities
07

16. What is WAF and its Types?
WAF stands for Web Application Firewall. It is a security measure
used to protect web applications from various types of cyber attacks.
A WAF acts as a filter between the web application and the external
network, monitoring and analyzing incoming and outgoing web traffic
08

17. What is WAF and its Types?
Both network-based and host-based WAFs have their strengths
and can complement each other for enhanced security. Network-
based WAFs are suitable for large-scale protection across multiple
applications and servers, while host-based WAFs offer more
precise control and visibility into application-specific vulnerabilities
and attacks
08
Network-based WAF
Host-based WAF

18. Could you Please Explain the Difference Between Blue
Teaming and Red Teaming
Blue Teaming and Red Teaming are two distinct approaches used
in cybersecurity to enhance the overall security posture of an
organization
09

19. Could you Please Explain the Difference Between Blue
Teaming and Red Teaming
09
Blue teaming primarily focuses on defense and
proactive measures. Blue teams are responsible
for protecting the organization's assets, systems,
and data from potential threats and attacks
They also monitor security systems, analyze logs,
and use various tools to detect and mitigate
threats
Blue Teaming
Red teaming takes an offensive approach. Red
teams are independent individuals who simulate
real-world cyberattacks to evaluate the
effectiveness of the organization's security
controls and practices
Red teams use tactics like those of real attackers,
such as social engineering, penetration
testing, and vulnerability assessments, to
uncover potential security flaws
Red Teaming

20. What is false positive and false negative in case
of IDS
In the context of Intrusion Detection Systems, false positive and
false negative are two important terms used to describe the
accuracy of the system in identifying and classifying security events
10

21. What is false positive and false negative in case
of IDS
10
A false positive occurs when an IDS incorrectly
identifies a benign activity or event as malicious.
In other words, it flags an activity as an intrusion
or attack when it is actually harmless. This can
lead to unnecessary alerts and may waste the
security team's time and resources investigating
false alarms
False Positive
A false negative happens when an IDS fails to
detect an actual malicious activity or event. It
occurs when an intrusion or attack goes
unnoticed and is not flagged by the system. This
can be quite dangerous as it allows malicious
activities to go undetected, potentially causing
harm to the
system or network
False Negative

22. What is TLD?
TLD stands for Top-Level Domain in the field of cybersecurity. In
the context of the internet, a top-level domain refers to the last
segment of a domain name, located after the final dot. It is also
commonly known as the domain extension. Examples of TLDs
include .com, .org, .net, .gov, .edu, and country-specific TLDs like
.uk, .fr, or .au
11

23. What is TLD?
TLDs play a significant role in cybersecurity as they help identify the
purpose or category of a website. Cybersecurity professionals often
analyze TLDs to assess potential security risks or determine the
legitimacy of a domain. Malicious actors may exploit certain TLDs,
such as those associated with phishing, malware distribution, or
fraudulent activities
11

24. Can you explain what Name Servers are in the context of
cybersecurity
In the realm of cybersecurity, name servers play a crucial role in the
functioning of the internet. A name server, also known as a DNS server
(Domain Name System), is responsible for translating human-readable
domain names, such as www.example.com, into IP addresses, which
are numerical representations that computers use to communicate
with each other
12

25. Can you explain what Name Servers are in the context of
cybersecurity
From a cybersecurity perspective, name servers are vital because
they act as authoritative sources for domain name resolution.
However, they can also be targeted by malicious actors in various
attacks, such as DNS spoofing or DNS hijacking, which aim to
manipulate the translation process
12

26. What is the concept of a Canonical Name in
Cyber Security
A canonical name refers to a standardized and authoritative name
assigned to a network resource, such as a domain, host, or IP
address. It is used to establish a consistent and unambiguous naming
convention across different systems and networks. The canonical
name serves as a unique identifier for the resource, ensuring that it
can be accurately located and accessed within a network or across the
internet
13

27. What is the concept of a Canonical Name in
Cyber Security
The concept of canonical name is particularly relevant when dealing
with activities such as network monitoring, access control, and threat
detection. It allows security administrators to establish policies and
rules based on the canonical names of resources, ensuring consistent
enforcement and effective security measures
13

28. What details you find when you searched IP/Domain for
DNS lookup?
When performing a DNS lookup for an IP/domain in the field of
cybersecurity, there are several key details that can be obtained.
These details provide valuable information for assessing the security
posture and potential risks associated with the IP or domain in
question
14

29. What details you find when you searched IP/Domain for
DNS lookup?
By analyzing these details obtained from a DNS lookup, cybersecurity
professionals can assess the potential security risks associated with
an IP or domain and take appropriate measures to protect their
systems and networks
14
IP/Domain Ownership
IP/Domain Reputation
IP/Domain Geolocation
IP/Domain History
DNS Records
IP/Domain Blacklisting

30. Can you explain what DHCP is and its role in Cyber
Security?
DHCP stands for Dynamic Host Configuration Protocol. It is a
network protocol commonly used in computer networks to
automatically assign IP addresses and network configuration settings
to devices within a network. DHCP plays a crucial role in cybersecurity
as it helps in managing and securing network resources effectively
15

31. Can you explain what DHCP is and its role in Cyber
Security?
One of the primary functions of DHCP is to provide IP addresses
dynamically to devices when they join the network. By assigning IP
addresses dynamically, DHCP prevents the need for manual
configuration, making it easier to manage a large number of devices in
a network
15

32. What is CVE, and Which Authority is Responsible
for Generating CVEs
CVE stands for Common Vulnerabilities and Exposures. It is a
system used in the field of cybersecurity to identify and track known
vulnerabilities in software and hardware. The purpose of CVE is to
provide a standardized way of referencing and discussing security
vulnerabilities across different organizations, vendors, and researchers
16

33. What is CVE, and Which Authority is Responsible
for Generating CVEs
The authority responsible for generating CVEs is the MITRE
Corporation. MITRE is a nonprofit organization that operates the CVE
program under contract with the National Cybersecurity FFRDC
(Federally Funded Research and Development Center). They maintain
the official CVE list, assign unique identifiers to vulnerabilities, and
facilitate the sharing of vulnerability information among cybersecurity
professionals and organizations
16

34. Can you Explain What a Loopback Address is?
A loopback address refers to a special network address that allows a
device to send and receive data to itself. It is commonly represented
by the IP address 127.0.0.1 in IPv4 or ::1 in IPv6. The loopback
address is often used for testing and troubleshooting purposes, as it
enables a device to simulate network communication without actually
sending data over a physical network
17

35. Can you Explain What a Loopback Address is?
The loopback address can be valuable during the development and
testing of security measures, such as firewalls, intrusion detection
systems, or antivirus software. It allows security professionals to
assess the effectiveness of these measures by emulating attacks or
monitoring the device's response to simulated malicious activities, all
within the controlled environment of the loopback interface
17

36. Can you Explain the concepts of Threads and Processes
Threads and Processes are important concepts that relate to the
execution and management of software and how they can impact the
security of a system
18

37. Can you Explain the concepts of Threads and Processes
18
A process can be understood as an instance of a
computer program that is being executed. It
represents a set of resources, such as memory,
files, and system state, allocated by the operating
system to execute the program. Each process
runs independently, with its own memory space
and resources, and can perform various tasks.
Processes can communicate with each other
through inter-process communication
mechanisms provided by the operating system
Process
A thread is a unit of execution within a process. A
process can have multiple threads, and each
thread represents an independent flow of control
within the process. Threads within a process
share the same memory space, allowing for
efficient communication and data sharing. By
utilizing threads, a program can execute multiple
tasks concurrently, improving performance and
responsiveness
Thread

38. What is Kerberos?
Kerberos is a widely used network authentication protocol that plays a
crucial role in ensuring secure communication in computer networks. It
was developed by the Massachusetts Institute of Technology (MIT)
and has become a fundamental component of many security
infrastructures
19

39. What is Kerberos?
When a client requests access to a network resource, the Kerberos
protocol enables the client to authenticate itself to the KDC using its
credentials, typically a username and password. The KDC then verifies
the client's identity and issues a time-limited ticket, also known as a
"ticket-granting ticket" (TGT), which serves as proof of authentication
19

40. Can you explain the significance of 0x18 and 0x12 in
Kerberos authentication?
In Kerberos authentication, the values 0x18 and 0x12 represent
specific message types within the Kerberos protocol. The Kerberos
protocol is a widely used authentication protocol designed to provide
secure authentication for network services
20

41. Can you explain the significance of 0x18 and 0x12 in
Kerberos authentication?
20
0x18 corresponds to the message type KRB_AS_REQ which
stands for Kerberos Authentication Service Request. This
message is sent by the client to request a Ticket Granting
Ticket (TGT) from the KDC. The TGT is then used to request
service tickets
for specific services
0x18

42. Can you explain the significance of 0x18 and 0x12 in
Kerberos authentication?
20
0x12 represents the message type KRB_TGS_REQ, which
stands for Kerberos Ticket-Granting Service Request. This
message is sent by the client to the KDC to request a service
ticket for a particular service. The client includes the TGT
obtained from the KRB_AS_REQ message and specifies the
desired service
0x12

43. Define Unicasting, Multicasting, and Broadcasting
21
It sends the information from a
single user to a single receiver.
We use this for point-to-point
communications
Unicast
Here, data is sent from one or
more sources to multiple
destinations
Multicast
Broadcast is known as one-to-
all, i.e., the communication is
between a single user and
several receivers
Broadcast

44. Explain SSL Encryption
22
Secure Sockets Layer (SSL) is the standard followed in the
security knowledge industry to develop encrypted connections
between the browser as well as the web server. This standard
ensures that data privacy is maintained and that online
transactions are protected from external attacks

45. Explain SSL Encryption
22
• The browser will connect to the web server which is secured by
SSL
• The browser will send a copy of the SSL certificate
• The browser verifies if the SSL certificate is trustworthy. If
trustworthy, the browser will send a message to the server
requesting to establish an encrypted connection
• The web server acknowledges and starts to build an SSL
encrypted connection
• The encrypted SSL communication begins between the browser
and the web server

46. What steps will you take to secure a Server?
23
The Secure Socket Layer (SSL) is a protocol where data
encryption and decryption will protect it from being intercepted by
authorized users

47. What steps will you take to secure a Server?
23
• Ensure that the password for root and administrative users is
secured
• New users can be included in the system now. They will
manage the system as per the policies established
• Remote access is removed for default administrator accounts
• The following steps have to be followed to configure Firewall
rules for remote access

48. What is Data Protection in transit vs Data Protection at
rest?
24
When data is protected in transit the data goes only from the
server to the client. The effectiveness of data protection is critical
for ensuring that there is no loss of data. Data protection at test- is
when the database is on the hard drive. The data at rest is
sometimes less vulnerable than the data in transit

49. What is the difference between VPN and VLAN?
25
VPN the group workstations are within the same locations and in
the same broadcast, the main logically segregated networks and
have no physical connection. VLAN - this is related to remote
access to the company network. The connection of two points
within a secured and encrypted tunnel. There is no encryption
technique involved and it slices the logical network into different
sections to manage and secure different aspects