Top Interview Questions on Cyber-attacks


 Today we are going to see top 16 interview questions on cyber attack.

 Following are frequently asked questions in interviews for freshers as well as experienced cyber security certification candidates.
Cyber SOC As A Service | Cyber Security Services |

1. What is SQL injection?

SQL Injection is a vulnerability base on a code system that allows an attacker to read and access sensitive data from the database. Attackers can detour security measures of apps and can allow them to view, edit, and delete tables in a database.

2. What is a Distributed Denial of Service attack (DDoS)?

DDoS attack is a malicious attempt to flood networks and systems with traffic to exhaust resources and bandwidth. When hackers use multiple systems to launch this attack, it is known as a Distributed Denial of Service (DDOS) attack.

3. Define Ransom ware

Ransom ware is a form of malware that essentially holds a computer system captive while demanding a ransom.

The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer.

4. What is Cross-Site Scripting and how it can be prevented?

Cross-Site Scripting is also known as a client-side injection attack, which aims at implementing  malicious actions  on  the target’s web browser by injecting malicious code.

The following practices can prevent Cross-Site Scripting:

  • Encoding special characters
  • Using XSS HTML Filter
  • Validating user inputs
  • Using Anti-XSS services/tools

 5. How to prevent ‘Man-in-the-Middle Attack’?

The following practices prevent the ‘Man-in-the-Middle Attacks’:

  1. Have stronger WAP/WEP Encryption on wireless access points avoids unauthorized users.
  2. Use a VPN for a secure environment to protect sensitive information. It uses key-based encryption.
  3. Public key pair-based authentication must be used in various layers of a stack for ensuring whether you are communicating the right things are not.
  4. HTTPS must be employed for securely communicating over HTTP through the public-private key exchange.

6. What are the techniques used in preventing a Brute Force Attack?

Brute Force Attack is a trial and error method that is used for web programs to decode encrypted data such as passwords using a force called brute force rather than using intellectual ways. It’s a way to identify the correct credentials by continuously trying all the possible methods.

Brute Force attacks can be avoided by the following practices:

  • Adding password complexity: Include different formats of characters to make passwords stronger.
  • Limit login attempts: set a limit on login failures.
  • Two-factor authentication: Add this layer of security to avoid brute force attacks.

 7. What is a social engineering attack?

Social engineering attacks manipulate people so that they are forced to share their confidential information. This attack has three categories:

  • Phishing Attack: Here, the user opens the mail with the attachment and unknowingly downloads the virus.
  • Spear Phishing Attack: Here, the attacker targets a specific individual or a group of people.
  • Whaling Phishing Attack: Whaling Phishing attack is a type of attack that specifically targets wealthy, powerful, and prominent individuals.

8. What are honey pots?

Honey pots are computer systems that are used to attract attackers. It is used to cheat attackers and defend the real network from any attack.

9. What is the difference between active and passive cyber attacks?

In an active attack, the attacker attempts to disrupt a network’s normalcy, edits data, and alters the system resources. In a passive attack, the hacker intercepts the data traveling through the network.

10. What is Spoofing? Give an example

In spoofing, an attacker personates to be another person or organization and sends you an email that appears to be legitimate. The email looks almost genuine, and it is hard to spot such a fake one.


Hi Andrews,

I got the message that your computer system has been adjusted. Please share the password of the system in this email to make it secure




XYZ Company

11. What does XSS stand for?

XSS stands for Cross-site scripting. Cross-site scripting allows an attacker to copy a victim user and implement any actions that the target is capable of, as well as access any of the user’s data. If the victim user has privacy access to the application, the attacker may be able to take complete control of the app’s secrecy and data.

12. What Is Meant By Malware? Name some types of Malware

It is software used or created to interrupt a computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts and other software. Malware’ is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.

Types are as follows-

  • Viruses
  • Trojan horses
  • Worms
  • Spyware
  • Zombie
  • Phishing

13. Explain Phishing.

Phishing is a form of cybercrime in which the sender appears to be a legal entity such as PayPal, eBay, financial institutions, or friends, etc. They send an email, phone call, or text message to a target with a link to convince them to click on the link.

This link takes users to a fake website where they will be asked to enter sensitive information such as personal information, banking and credit card information, social security numbers, usernames, and passwords. By clicking the link, malware will be installed on the target machines, which allow the hackers to remotely control the sensitive information.

14. What do you mean by Domain Name System (DNS) Attack?

DNS attack is a cyber attack in which cyber attackers  access negative consequences  in the Domain Name System to redirect users to malicious websites and steal data.

15. What do you mean by ARP poisoning?

Address Resolution Protocol Poisoning is a kind of cyber-attack that uses a network device to convert IP addresses to physical addresses. On the network, the host sends an ARP broadcast, and the receiver machine responds with its physical address.

It is the practice of sending bogus addresses to a switch so that it can associate them with the IP address of a legitimate machine on the network and hijack traffic.

16. What form of cookie might be used in a spyware attack?

A tracking cookie, instead of a session cookie, would be used in a spyware attack because it would last through multiple sessions rather than just one.

Frequently Asked Questions-

1.  What are the ways that a malicious user would crack any  password?

The most common password cracking techniques are –

  • Dictionary attacks
  • Brute forcing attacks
  • Hybrid attacks
  • Syllable attacks
  • Rule based attacks
  • Phishing
  • Social engineering

2. What is DNS spoofing?

DNS poisoning, also known as DNS cache poisoning or DNS spoofing, is a highly deceptive cyber attack in which hackers redirect web traffic toward fake web servers and phishing websites.

3. What is DNS Tunneling?

DNS Tunneling is a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses.

4. What are Zero Day Attacks?

If a hacker manages to exploit the vulnerability before software developers can find a fix, that exploit becomes known as a zero day attack.

Do read more interview questions on



Best of Luck!

Share the Post...

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence


This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here
Open chat
Hello 👋
How can we help you?