 CRA – What is the difference between them? Mistaken with CIA?

CIA stands for Confidentiality Integrity and Availability. It is basically a concept that is used to focus
on information security and data protection for Information Security.
Confidentiality means keeping the data secure and confidential. We should not let the confidential
data exposed outside.
Integrity means to have a clean data – and the data received at the receiver’s end should not be a
modified or an altered data
Availability refers to the up-time of a system being available. In case of highly sensitive environment,
the downtime of a system is not acceptable and the system needs to be available everytime. We can
achieve this with BCP/DR test plans.

 AAA (Authentication, Authorization, Accounting) – What does is stand for?

AAA is considered a security framework protocol used to protect any resource access, enforces
policies and audits
Authentication is used to verify the identity of a resource, Authorization is basically what an
individual has access to and the privilege assigned to an individual for accessing any resource. And
the Accounting is recording the individual access by logging their audit log information

 What is the difference between Encoding, Hashing and Encryption?

Encoding is a process of converting a plain text into ciphered text. For eg: HTML encoding, Base64
encoding. The encoded text can be decoded back using online decoders.
Hashing is the process of adding or appending an extra sequence of encrypted texts called hashes in
a string so that it can be reversed back. Eg- MD5, SHA256, SHA128 bit hashing
Encryption is encrypting a data or replacing the text with the encrypted data. Eg – AES, DES, RSA
encryption. The encrypted data can be decrypted using private keys and other sort of decryption
algorithms.

 What is the difference between Static and Dynamic Malware Analysis?

Static malware analysis is done by validating the malware signatures and hashes to identify where it
is actually a malware. There is no dedicated environment needed to perform a static analysis,
however in dynamic malware analysis it includes running the malware test and noticing its conduct
on the framework to eliminate the contamination or prevent it from spreading into different
frameworks
 What is your familiarity with OSI?
OSI is a 7 layered model that describes how a data is flowed from a system down from a physical
layer to the application layer.
For eg- when we browse www.facebook.com, how the information in the background in processed
on the system and how the request facebook.com is actually hit on the browser and what response
is received. In involves various protocols exchange and the traffic is routed between many layers to
reach finally at the application layer

 What is the Man in the Middle attack and how can you protect against it?

Man in the middle is actually referred to evesdropping a communication between a client and a
server. The data or the request when sent to the server, an attacker can actually run some payloads
to listen to the existing connection to extract some meaningful information, or also can alter the
information being sent.
We can protect this by sending the data over the encrypted channel communication (TLS preferred)
and also following the security best practices to strengthen security controls.

 Three-way handshake – what are the 3 steps?

TCP 3 way handshake is the process of securely exchanging data between a client and a server.

3 steps are as follows:

SYN -> Used to initiate and establish a connection also helps in synchronizing sequence numbers
between devices.

SYN-ACK -> Helps to confirm to the other side that it has received the SYN with an acknowledgment
packet

ACK - SYN message from local device and ACK of the earlier packet.

And finally sends a FIN packet if the handshake is completed

If the packet is dropped then a RST packet is received.

This all packet data can be captured in Wireshark to inspect a traffic.