Google Interview Hacks

What does Latency mean? Latency is a networking term to describe the total time it takes a data packet to travel from one node to another. In other contexts, when a data packet is transmitted and returned back to its source, the total time for the round trip is known as latency. Latency refers to time interval or delay when a system component is waiting for another system component to do something. This duration of time is called latency.

What does Proxy Server mean? A proxy server verifies and forwards incoming client requests to other servers for further communication. A proxy server is located between a client and a server where it acts as an intermediary between the two, such as a Web browser and a Web server. The proxy server's most important role is providing security.

What is a ping? Ping is a network diagnostic tool used primarily to test the connectivity between two nodes or devices. To ping a destination node, an Internet Control Message Protocol (ICMP) echo request packet is sent to that node. If a connection is available, the destination node responds with an echo reply. Ping calculates the round-trip time of the data packet's route from its source to the destination and back, and determines whether any packets were lost during the trip.

What is Wireshark? Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

What are the HTTP methods? GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE These method names are case sensitive and they must be used in uppercase.

What are the 6 TCP flags? (Mnemonic) Unskilled Attackers Pester Real Security Folks Unskilled = URG Attackers = ACK Pester = PSH Real = RST Security = SYN Folks = FIN

What are parts of the IP header in an e-mail? Version, IHL, DSCP, ECN, Total Length, Identification, Flags, Fragment Offset, Time to Live, Protocol, Header Checksum, Source Address, Destination Address, and Options.

What is a WHOIS search? A WHOIS search will provide information regarding a domain name, such as example.com. It may include information, such as domain ownership, where and when registered, expiration date, and the nameservers assigned to the domain.

What is ifconfig? ifconfig is a system administration utility in Unix-like operating systems for network interface configuration. The utility is a command line interface tool and is also used in the system startup scripts of many operating systems. It has features for configuring, controlling, and querying TCP/IP network interface parameters. Ifconfig originally appeared in 4.2BSD as part of the BSD TCP/IP suite.

What is Dig? Dig (domain information groper) is a network administration command-line tool for querying Domain Name System (DNS) name servers. Dig is useful for network troubleshooting and for educational purposes. It can operate in interactive command line mode or in batch mode by reading requests from an operating system file.

What does Cross-Site Request Forgery (CSRF) mean? Cross-site request forgery (CSRF) is a type of website exploit carried out by issuing unauthorized commands from a trusted website user. CSRF exploits a website's trust for a particular user's browser, as opposed to cross-site scripting, which exploits the user's trust for a website. This term is also known as session riding or a one-click attack.

What is Cross Site Scripting (XSS)? Cross Site Scripting (XSS) is the process of addition of malicious code to a genuine website to gather user's information with a malicious intent. XSS attacks are possible through security vulnerabilities found in Web applications and are commonly exploited by injecting a client-side script. Although JavaScript is usually employed, some attackers also use VBScript, ActiveX or Flash.

What is the NIC and on what layer(s) does it reside? The network interface controller (NIC) implements the electronic circuitry required to communicate using a specific physical layer and data link layer standard such as Ethernet, Fiber Channel, Wi-Fi or Token Ring. This provides a base for a full network protocol stack, allowing communication among small groups of computers on the same LAN and large-scale network communications through routable protocols, such as IP. The NIC allows computers to communicate over a computer network, either by using cables or wirelessly. The NIC is both a physical layer and data link layer device.

What are the subnet masks for ITv4 network in dotted decimal for A, B, and C? A= 255.0.0.0 B=255.255.0.0 C=255.255.255.0

What is a MAC address? A media access control address (MAC address) is a unique identifier for an Ethernet or network adapter over a network. It distinguishes different network interfaces and is used for a number of network technologies, particularly most IEEE 802 networks, including Ethernet. In the OSI model, MAC addresses occur in the Media Access Control Protocol sub-layer. A MAC address is also known as physical address, hardware address and burned-in address.

What is ARP poisoning? Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user.

What is ARP? Address Resolution Protocol (ARP) is a low-level network protocol for translating network layer addresses into link layer addresses. ARP lies between layers 2 and 3 of the OSI model, although ARP was not included in the OSI framework and allows computers to introduce each other across a network prior to communication. Because protocols are basic network communication units, address resolution is dependent on protocols such as ARP, which is the only reliable method of handling required tasks.

What Is a Trojan horse? The Trojan Horse will appear to be useful software but will do damage once installed or run on the computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source and results vary. Some Trojans are designed to be more annoying than malicious or they can cause serious damage by deleting files and destroying information on the system. Trojans can create a backdoor on the computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised.

What Is a Worm? A worm is similar to a virus by design and is considered to be a sub-class of a virus. It self-replicates and travels unaided, often sending massive quantities of itself out often through infiltration of an e-ail address book. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding.

What is a virus? A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program.

What is common between a virus, worm, and Trojan and which can spread to other computers? Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer. A virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email. A worm can replicate and transmit without human action. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.

What is a reserved IP address? In the Internet addressing architecture, the IETF and the IANA have reserved various IP addresses for special purposes. These IP addresses may be used for maintenance of routing tables, multicast, operation under failure modes, or to provide addressing space for public, unrestricted uses. Reserved IP Address 0.0.0.0/8 Used for broadcast messages to the current ("this") network. Reserved IP Address 10.0.0.0/8 Used for local communications within a private network. Reserved IP Address 100.64.0.0/10 Used for communications between a service provider and its subscribers when using a Carrier-grade NAT. Reserved IP Address 127.0.0.0/8 Used for loopback addresses to the local host.

What is Snort? Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS). Snort's open source NIDS has the ability to perform real-time traffic analysis and packet logging on IP networks. Snort performs protocol analysis, content searching, and content matching. These basic services have many purposes including application-aware triggered quality of service, to de-prioritize bulk traffic when latency-sensitive applications are in use.

If you attacked a web server, would you go 80 or 443 and why? 443, ultimately like the HeartBleed attack. But I would use an SSL attack using Netcat or Open SSL to create a simple two-line SSL proxy. Then I would listen on port 80 and redirect request to port 443 on a remote host through SSL. HeartBleed is simply a coding error exploit in the OpenSSL package versions up to and including 1.0.1f. The vulnerability allows an attacker to target SSL on port 443 and manipulate SSL heartbeats in order to read the memory of a system running a vulnerable version of OpenSSL.

What is NetBIOS? Network Basic Input Output System is a system service that acts on the session layer of the OSI model and controls how applications residing in separate hosts/nodes communicate over a local area network. NetBIOS is an application programming interface (API), not a networking protocol as many people falsely believe. The NetBIOS API allows programmers to use predefined network functions and commands and incorporate them into applications. This makes development easier by removing the need to create code for network communications.

What is OWASP? Open Web Application Service (OWASP) is an organization committed to the security of web applications for the benefit of organizations and individuals. OWASP produces updated lists of top ten threats, developed by a worldwide community of security experts, free to users in an effort to raise awareness regarding application security issues that pose the biggest threats to organizations. These lists are a reference tool for other organizations and in books and tools as well.

What is traceroute? Traceroute is a network diagnostic tool used to track the pathway taken by a packet on an IP network from source to destination. Traceroute also records the time taken for each hop the packet makes during its route to the destination. Traceroute uses Internet Control Message Protocol (ICMP) echo packets with variable time to live (TTL) values. The response time of each hop is calculated. To guarantee accuracy, each hop is queried multiple times (usually three times) to better measure the response of that particular hop.

What is Nessus? The world's most popular vulnerability scanning software. Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment.

What is Nmap? Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Nmap is a security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

What does DNS Server mean? A DNS server is a type of name server that manages, maintains and processes Internet domain names and their associated records. In other words, a DNS server is the primary component that implements the DNS (Domain Name System) protocol and provisions domain name resolution services to Web hosts and clients on an IP-based network.

What is the OSI Model?  The Open System Interconnection 7 Layer Model, a project of the International Organization for Standardization (OSI), provides a clear picture of the network framework by defining each layer and implementing corresponding protocols. Understanding the network framework is an essential part of implementing appropriate security protocols on the network. The framework begins with layer seven on the application layer or top layer then continues to the bottom layer, or layer one, which is the physical layer. Each layer, starting with layer one, serves the layer above it in the hierarchy. Name the layers of the 7-Layer OSI Model. (Mnemonic)=All People Seem to Need Data Processing These correspond to the Application Layer, Presentation Layer, Session Layer, Transport Layer, Network Layer, Data-Link Layer, and Physical Layer. This layer system differs from the TCP/IP model, as it is not based on a hierarchal system.

What s a DDoS Attack? Is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

What is the difference between a DoS and DDoS Attack? In a DoS attack, one computer and one internet connection is used to flood a server with packets, with the aim of overloading the targeted server's bandwidth and resources. DDoS attack, uses many devices and multiple Internet connections, often distributed globally into what is referred to as a botnet. A DDoS attack is, therefore, much harder to deflect, simply because there is no single attacker to defend from, as the targeted resource will be flooded with requests from many hundreds and thousands of multiple sources.

What is a Denial of Service Attack (DoS)? A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet. The most common type of Denial of Service attack involves flooding the target resource with external communication requests. This overload prevents the resource from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable.

What is SQL Code Poisoning/SQL Injection? A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

What is Asymmetric Encryption (Public-Key Cryptography)? A type of cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely. Initially, a network user receives a public and private key pair from a certificate authority.

What is Symmetric Encryption? Utilizes algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys.

What language makes a site vulnerable to a buffer overflow attack and why? Javascript, because constraints may not be appropriately set to prevent user input from overwhelming the site. For example, e-mail address field may not list the data type as VARCHAR(50) and a hacker may input massive characters into the field rather than being limited to 50.

Explain the "Three-Way Handshake" via TCP/IP (also called the TCP-handshake; three message handshake and/or SYN-SYN-ACK). A three-way-handshake is a method used in a TCP/IP network to create a connection between a local host/client and server. It is a three-step method that requires both the client and server to exchange SYN (synchronized) and ACK (acknowledgment) packets before actual data communication begins. A three-way-handshake is primarily used to create a TCP socket connection. It works when: 1. A client node sends a SYN data packet over an IP network to a server on the same or an external network. The objective of this packet is to ask/infer if the server is open for new connection. 2. The target server must have open ports that can accept and initiate new connections. When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt - the ACK packet or SYN/ACK packet. 3. The client node receives the SYN/ACK f...

What is IPSec VPN? Internet Protocol security (IPSec) is a framework of open standards for helping to ensure private, secure communications over Internet Protocol (IP) networks through the use of cryptographic security services. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. Internet Protocol Security (IPsec) VPN refers to the process of creating and managing VPN connections or services using an IPsec protocol suite. It is a secure means of creating VPN that adds IPsec bundled security features to VPN network packets. IPsec VPN is also known as VPN over IPsec.

What is the difference between TCP and UDP? TCP is reliable, connection-oriented, segment retransmission and flow control through windowing, segment sequencing, acknowledges segments and is stateful. UDP is unreliable, connectionless, no windowing or retransmission, no sequencing, no acknowledgment, and is stateless.

What is UDP? UDP is a connectionless, stateless, and unreliable protocol. User Datagram Protocol (UDP) is used to send short messages called datagrams. User datagram protocol is an open systems interconnection (OSI) transport layer protocol for client- server network applications. UDP is widely used in video conferencing and real-time computer games.

What is TCP/IP? TCP (Transmission Control Protocol), in contrast to UDP, is stateful. The basic communication language or protocol of the Internet, but can also be used in private networks. TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. TCP/IP is considered a stateless protocol suite because each client connection is newly made without regard to whether a previous connection had been established.

What is Stateless? Stateless means there is no record of previous interactions and each interaction request has to be handled based entirely on information that comes with it. A stateless protocol is akin to a TV broadcast - the broadcast doesn't care if you watch it, if you like it, if you talk to it, etc. The TV broadcast has no expectations! Basically, nothing is expected.

What Is Stateful? A stateful protocol expects a response and implies a memory. Stateful means the item you are describing is aware of its "state." the computer or program keeps track of the state of interaction, usually by setting values in a storage field designated for that purpose. Basically, something is expected.

What is encapsulation? Is the process of taking data from one protocol and translating it into another protocol, so the data can continue across a network.

What is encryption? Uses an encryption algorithm and an encryption key. This process generates ciphertext that can only be viewed in its original form if decrypted with the correct key.

What is encoding? The process of putting a sequence of characters into a special format for transmission or storage purposes.

What is buffer overflow attack? A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine.

What is LDAP? It is a directory service that runs above the TCP/IP stack and provides the mechanism used to connect to, search, and modify Internet directories.