I recently had an interview for an infosec position. Although those in front of me were very friendly, however I stammered when asked to describe the steps involved in Incidence Response.
In fact when they finished asking the question, I thought that is easy for me to answer, but as soon as I started to answer, it was like the fog in my head. I was so surprised to not be able to clearly answer the question. Which was normal because on my resume, Incidence Response appears as key competences 😦 .
So to save face, I started explain informally the procedure, instead of clearly list the steps as requested. It was not wrong what I said, but I would preferred better answer.
This experience made me think about the file 300 InfoSec Interview questions certainly known by some infosec professionals. I downloaded it a few months ago on piratebay . I amuse myself to give some answers , some questions are basics and others more subtle.
Let’s Go !!!
Question 253 : What’s the difference between encoding, encryption, and hashing?
1-Encoding is the process of converting data into a format required for a number of information processing needs, including:
- Program compiling and execution
- Data transmission, storage and compression/decompression
- Application data processing, such as file conversion
In computer technology, encoding is the process of applying a specific code, such as letters, symbols and numbers, to data for conversion into an equivalent cipher.
For example Encoding is used to reduce the size of audio and video files. Each audio and video file format has a corresponding coder-decoder (codec) program that is used to code it into the appropriate format and then decodes for playback
2-Encryption provides confidentiality and prevents unauthorized disclosure of data. Encrypted data is in a cipher text format that is unreadable. Attackers can’t read encrypted traffic sent over a network, or encrypted data stored on a system. In contrast, if data is sent in clear text, an attacker can capture and read the data using a protocol analyzer.
The two primary encryption methods are symmetric and asymmetric. Symmetric encryption encrypts and decrypts data with the same key. Asymmetric encryption encrypts and decrypts data using a matched key pair of a public key and a private key.
These encryption methods include two elements:
- Algorithm. The algorithm performs mathematical calculations on data. The algorithm is always the same.
- Key. The key is a number that provides variability for the encryption. It is either kept private and/or changed frequently
3-Hashing is an algorithm performed on data such as a file or message to produce a number called a hash (sometimes called a checksum). The hash is used to verify that data is not modified, tampered with, or corrupted. In other words, you can verify the data has maintained integrity.
A key point about a hash is that no matter how many times you execute the hashing algorithm against the data, the hash will always be the same as long as the data is the same.
Hashes are created at least twice so that they can be compared. For example, you can create a hash on a message at the source before sending it, and then again at the destination. If the hashes are the same, you know that the message has not lost integrity. Message Digest 5 (MD5) and the Secure Hash Algorithm (SHA) family are popular hashing algorithms.
Remember this : Encoding involves the use of a code to change original data into a form that can be used by an external process so it should not be confused with encryption, which hides content and Hashing is an algorithm used to verify data integrity.
Question 71. What’s the difference between a threat, vulnerability, and a risk?
Question 101. Cryptographically speaking, what is the main method of building a shared secret over a public medium?
Question 132. What’s the difference between Diffie-Hellman and RSA?
Question 162. What kind of attack is a standard Diffie-Hellman exchange vulnerable to?
Question 164. Take me through the process of pen testing a system.