Anti Abuse Risk Interview Questions

1 What is the difference between stored and reflected XSS?

  • Stored XSS Attacks – The attacks where the injected scripts are stored on the target servers permanently. In this, the victim retrieves the malicious script from the server when requests the stored information.
  • Reflected XSS Attacks – In this, the user has to send the request first, then it will start running on the victim’s browser and reflects results from the browser to the user who sent the request.
  • 4 What is Remote Desktop Protocol (RDP)?

  • RDP (Remote Desktop Protocol) is a Microsoft protocol specifically designed for application data transfer security and encryption between client devices, users, and a virtual network server.
  • It allows administrators to remotely evaluate and resolve issues individual subscribers encounter.
  • It supports up to 64,000 separate data channels with a provision for multipoint transmission.
  • 1 What are the techniques used in preventing a Brute Force Attack?

    Brute Force Attack is a trial and error method that is employed for application programs to decode encrypted data such as data encryption keys or passwords using brute force rather than using intellectual strategies. It’s a way to identify the right credentials by repetitively attempting all the possible methods.

    Brute Force attacks can be avoided by the following practices:

  • Adding password complexity: Include different formats of characters to make passwords stronger.
  • Limit login attempts: set a limit on login failures.
  • Two-factor authentication: Add this layer of security to avoid brute-force attacks.
  • What is the difference between IDS and IPS?

    Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS)
    It only detects intrusions but is unable to prevent intrusions. It detects and prevents intrusions.
    Its a monitoring system. It’s a control system.
    It needs a human or another system to look at the results. It needs a regularly updated database with the latest threat data.

    A Botnet is a group of internet-connected devices such as servers, PCs, mobile devices, etc., that are affected and controlled by malware.

    It is used for stealing data, sending spam, performing distributed denial-of-service attack (DDoS attack), and more, and also to enable the user to access the device and its connection.

    3 What are the seven layers of the OSI model?

    The main objective of the OSI model is to process the communication between two endpoints in a network.

    The seven open systems interconnection layers are listed below:

  • Application layer (layer 7) – It allows users to communicate with network/application whenever required to perform network-related operations.
  • Presentation layer (layer 6) – It manages encryption and decryption of data required for the application layer. It translates or formats data for the application layer based on the syntax of the application that accepts.
  • Session layer (layer 5) – It determines the period of a system that waits for other applications to respond.
  • Transport layer (layer 4) – It is used for sending data across a network and also offers error checking practices and data flow controls.
  • Network layer (layer 3) – It is used to transfer data to and fro through another network.
  • Data-link layer (layer 2) – It handles the flow of data to and fro in a network. It also controls problems that occur due to bit transmission errors.
  • Physical layer (layer 1) – It transfers the computer bits from one device to another through the network. It also controls how physical connections are set up to the network and also bits represented into signals while transmitting either optically, electrically, or radio waves.
  • RISK ANALYST Interview Questions and ANSWERS!

    Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *