← Interview Prep Portal | Cyberspace Tech Solutions Main Site Book 1-on-1
Module 01 · Cyberspace Tech Solutions Cybersecurity Curriculum

Introduction to Cybersecurity

~60 minutes of structured interview prep, MCQs, and hands-on simulations aligned to the curriculum learning outcomes.

20
Interview Q&As
25
MCQ Questions
4
Simulations
60
Minutes

Learning Outcomes

  • Understand the significance of cybersecurity in the digital age
  • Identify various types of cyber threats and attack vectors
  • Recognize the foundational domains within cybersecurity

Topics Covered

#TopicTimeType
1Core Concepts (CIA Triad, Definitions)10 minReading
2Interview Questions & Answers20 minQ&A
3MCQ Quiz (25 questions)15 minQuiz
4Phishing Email Simulation5 minSimulation
5CIA Triad Mapper4 minSimulation
6Threat Classifier3 minSimulation
7Password Strength Analyser3 minSimulation
💡 Tip: Use the sidebar to navigate. The session timer tracks your total time. Your MCQ score is tracked live in the bottom-left badge. Mark each section done as you go.
Core Concepts · ~10 min

Cybersecurity Fundamentals

Essential theory before tackling interview questions.

What is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, programs, and data from digital attacks, unauthorized access, damage, or destruction. It encompasses technologies, processes, and practices designed to defend against threats targeting information systems.

The global cost of cybercrime is projected to exceed $10.5 trillion annually by 2025. Every 39 seconds, a cyber attack occurs somewhere in the world.

The CIA Triad — The Foundation

🔐
Confidentiality

Ensuring data is accessible only to authorized parties. Tools: Encryption, Access Controls, MFA.

✔️
Integrity

Ensuring data is accurate and unaltered. Tools: Hashing, Digital Signatures, Checksums.

🟢
Availability

Ensuring systems/data are accessible when needed. Tools: Redundancy, DDoS protection, Backups.

Key Terminology

TermDefinition
ThreatAny potential danger that could exploit a vulnerability to harm a system or organization.
VulnerabilityA weakness in a system that can be exploited by a threat actor.
RiskThe likelihood that a threat will exploit a vulnerability × the impact. Risk = Threat × Vulnerability × Impact.
AssetAnything of value that needs protection (data, hardware, software, reputation).
Attack VectorThe path or means by which an attacker gains unauthorized access.
ExploitCode or technique used to take advantage of a vulnerability.
PayloadThe component of malware that performs the malicious action.
Zero-DayA vulnerability unknown to the vendor with no available patch.

Common Threat Categories

CategoryExamplesTarget
MalwareVirus, Worm, Trojan, Ransomware, Spyware, Adware, RootkitDevices, Data
Social EngineeringPhishing, Spear Phishing, Vishing, Smishing, Pretexting, BaitingHumans
Network AttacksDDoS, Man-in-the-Middle, DNS Spoofing, Packet Sniffing, ARP PoisoningNetwork
Application AttacksSQL Injection, XSS, CSRF, Buffer Overflow, Broken AuthenticationWeb Apps
Insider ThreatsMalicious employees, Negligent users, Compromised credentialsOrganization
Physical AttacksTailgating, Shoulder surfing, Hardware theft, USB dropsPhysical assets

Threat Actor Types

ActorMotivationSkill Level
Script KiddiesFun, notorietyLow
HacktivistsPolitical/social agendaMedium
CybercriminalsFinancial gainMedium–High
Nation-State ActorsEspionage, disruptionVery High (APT)
Insider ThreatsRevenge, money, negligenceVaries
White Hat HackersAuthorized security testingHigh
🎯 Interview Angle: Interviewers love the CIA Triad, Threat vs Vulnerability vs Risk distinction, and being able to classify attack types. Memorize these cold.
Interview Q&A · ~20 min · 20 Questions

Interview Questions & Model Answers

Click any question to reveal the model answer. Difficulty badges: Easy Medium Hard

1 What is cybersecurity and why is it important? Easy
Cybersecurity is the discipline of protecting computer systems, networks, programs, and data from unauthorized access, damage, or attack. It is important because:
  • We live in a digitally connected world where sensitive data (financial, medical, personal) is stored online.
  • Cyberattacks can cause massive financial losses — the average cost of a data breach in 2024 was $4.88 million.
  • Critical infrastructure (power grids, hospitals, banking) depends on secure systems.
  • Regulatory compliance (GDPR, HIPAA, IT Act) requires organizations to protect data.
  • Reputational damage from breaches can be irreversible.
💡 Interview Tip: Always mention both the technical AND business impact. Interviewers want to see you think beyond just "protecting computers."
2 Explain the CIA Triad. Easy
The CIA Triad is the core model for information security:
  • Confidentiality: Only authorized users can access the data. Enforced via encryption, access controls, MFA. Violated by: data breaches, eavesdropping.
  • Integrity: Data is accurate and has not been tampered with. Enforced via hashing (SHA-256), digital signatures, checksums. Violated by: man-in-the-middle attacks, unauthorized modifications.
  • Availability: Systems and data are accessible when authorized users need them. Enforced via redundancy, failover, DDoS protection. Violated by: DoS/DDoS attacks, ransomware, hardware failure.
💡 Example scenario: A ransomware attack primarily violates Availability. A data breach violates Confidentiality. An attacker modifying financial records violates Integrity.
3 What is the difference between a threat, vulnerability, and risk? Medium
  • Threat: Any potential event or action that could cause harm. (e.g., a hacker trying to break into a system, a hurricane, a disgruntled employee).
  • Vulnerability: A weakness or gap in protection that a threat can exploit. (e.g., unpatched software, weak passwords, open ports).
  • Risk: The probability that a specific threat will exploit a specific vulnerability and the resulting impact. Risk = Threat × Vulnerability × Impact
💡 Analogy: An unlocked door (vulnerability) + a burglar in the neighbourhood (threat) = risk of burglary. If you live in a gated community, the threat is lower, reducing risk even if the vulnerability exists.
4 What is phishing? What are its different types? Easy
Phishing is a social engineering attack where attackers impersonate legitimate entities to trick victims into revealing sensitive information (credentials, credit card numbers) or installing malware.
  • Phishing: Mass email campaign targeting many users.
  • Spear Phishing: Targeted phishing directed at a specific person/organization using personal details.
  • Whaling: Spear phishing targeting executives (CEO, CFO).
  • Vishing (Voice): Phone-based phishing pretending to be IT support or banks.
  • Smishing (SMS): Phishing via text messages.
  • Clone Phishing: Duplicating a legitimate email, replacing links with malicious ones.
💡 Red flags: urgency, generic greetings, mismatched URLs, requests for credentials, unexpected attachments.
5 What is the difference between a virus, worm, and Trojan? Medium
TypeNeeds Host?Self-Replicates?Spreads?User Action?
VirusYes (file)YesVia infected filesYes (run infected file)
WormNoYesOver networks autonomouslyNo
TrojanNoNoVia deceptionYes (install fake software)
💡 Worms are particularly dangerous because they spread without any user interaction — e.g., the WannaCry ransomware used worm behaviour to propagate across networks in 2017.
6 What is a DDoS attack and how does it work? Medium
A Distributed Denial of Service (DDoS) attack floods a target (server, website, network) with massive traffic from multiple compromised machines (a botnet), making it unavailable to legitimate users.
  • Volumetric attacks: Flood bandwidth (UDP floods, ICMP floods).
  • Protocol attacks: Exploit weaknesses in protocols (SYN flood, Ping of Death).
  • Application layer attacks: Target web application resources (HTTP floods).
Mitigations: Rate limiting, traffic scrubbing services (Cloudflare, Akamai), Anycast network diffusion, firewalls, CDN distribution.
💡 A DoS uses a single machine; a DDoS uses thousands — much harder to block by IP.
7 What is social engineering? Why is it so effective? Easy
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information, rather than exploiting technical vulnerabilities.

It is effective because:
  • Humans are the weakest link — technical controls can be bypassed if the human is tricked.
  • Attackers exploit emotions: fear, urgency, curiosity, greed, authority, trust.
  • No software patch can fix human behavior.
  • Social context is trusted — impersonating IT, HR, or management is easy to believe.
Common techniques: Pretexting, Baiting, Quid pro quo, Tailgating/Piggybacking.
💡 Kevin Mitnick, once the world's most wanted hacker, said: "The human side of computer security is easily exploited and very difficult to defend."
8 What is ransomware? How should an organization respond? Medium
Ransomware is malware that encrypts the victim's files and demands payment (ransom) for the decryption key.

Response steps (NIST IR framework):
  • Isolate: Immediately disconnect affected systems from the network.
  • Identify: Determine the ransomware variant using tools like ID Ransomware.
  • Notify: Alert management, legal, and law enforcement (FBI, CERT-In).
  • Restore: Restore from clean, offline backups.
  • Do not pay the ransom — paying funds criminal activity and does not guarantee data recovery.
  • Post-incident: Patch the entry point, update policies, conduct training.
💡 Prevention: Regular backups (3-2-1 rule), network segmentation, patching, email filtering, user training.
9 What is a Man-in-the-Middle (MitM) attack? Medium
A Man-in-the-Middle attack occurs when an attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.
  • ARP Spoofing: Attacker sends fake ARP messages to link their MAC to a legitimate IP.
  • DNS Spoofing: Attacker corrupts DNS cache to redirect users to fake sites.
  • SSL Stripping: Downgrading HTTPS to HTTP to intercept traffic.
  • Wi-Fi Eavesdropping: Fake hotspots (Evil Twin) capture traffic.
Defenses: Use HTTPS/TLS, VPNs, certificate pinning, HSTS, avoid public Wi-Fi without VPN.
10 What is the difference between authentication and authorization? Easy
  • Authentication (AuthN): Verifying who you are. Proving identity. Methods: passwords, biometrics, tokens, MFA. "Are you who you say you are?"
  • Authorization (AuthZ): Determining what you are allowed to do. Permissions and access control. "What are you allowed to do?"
💡 Example: You swipe your badge (authentication) to enter an office, but can only access your own floor (authorization). Both are separate processes — a user can be authenticated but still denied authorization to certain resources.
11 What is a zero-day vulnerability? Hard
A zero-day vulnerability is a software flaw that is unknown to the vendor and has no available patch. The term "zero-day" means developers have had zero days to fix it. When exploited before a patch is released, it is called a zero-day exploit or zero-day attack.
  • Nation-state actors and APT groups hoard zero-days for strategic use.
  • They are traded on dark web markets for hundreds of thousands of dollars.
  • Examples: EternalBlue (used in WannaCry), Log4Shell (Log4j, 2021).
Defenses (since you can't patch what's unknown): Defence in depth, network segmentation, threat intelligence, anomaly detection, application whitelisting, endpoint behavior monitoring.
12 What is multi-factor authentication (MFA) and why is it important? Easy
MFA requires users to verify identity using two or more independent factors:
  • Something you know: Password, PIN, security question.
  • Something you have: OTP token, authenticator app, smart card, hardware key.
  • Something you are: Fingerprint, face scan, retina scan (biometrics).
  • Somewhere you are: Geographic location / IP-based.
Why important: Even if a password is stolen, the attacker cannot log in without the second factor. MFA blocks over 99.9% of account compromise attacks (Microsoft, 2019).
💡 2FA is a subset of MFA using exactly two factors. SMS OTPs are MFA but weakest (SIM swapping risk). Prefer TOTP apps (Google Authenticator) or hardware keys (YubiKey).
13 What is the Principle of Least Privilege (PoLP)? Medium
The Principle of Least Privilege states that every user, process, or system component should have access to only the minimum resources necessary to perform its intended function — nothing more.
  • Limits blast radius if credentials are compromised.
  • Reduces insider threat impact.
  • Constrains malware propagation.
Implementation: Role-Based Access Control (RBAC), time-limited access, Just-In-Time (JIT) access, regular access reviews, privileged access management (PAM).
💡 Related concept: Need-to-know basis — you only see information relevant to your role, not everything the organization knows.
14 What are common attack vectors in cybersecurity? Medium
An attack vector is the path or method an attacker uses to gain unauthorized access:
  • Email: Phishing, malicious attachments, embedded links.
  • Web: Drive-by downloads, watering hole attacks, malicious ads (malvertising).
  • Network: Exploiting open ports, unencrypted traffic, rogue Wi-Fi.
  • Removable media: Infected USB drives dropped in car parks (USB baiting).
  • Supply chain: Compromising software updates or third-party vendors (SolarWinds, 2020).
  • Physical: Tailgating, dumpster diving, shoulder surfing.
  • Insider: Malicious or negligent employees with legitimate access.
15 What is encryption? Explain symmetric vs asymmetric. Medium
Encryption converts plaintext into ciphertext using a mathematical algorithm and key, making it unreadable without the key.
FeatureSymmetricAsymmetric
KeysSame key for encrypt/decryptPublic key + Private key pair
SpeedFastSlower
Key sharingKey sharing problemPublic key freely shareable
AlgorithmsAES-256, DES, 3DESRSA, ECC, Diffie-Hellman
Use caseBulk data encryptionKey exchange, digital signatures
💡 TLS/HTTPS uses both: asymmetric encryption to exchange a symmetric session key, then symmetric encryption for the actual data transfer (best of both worlds).
16 What is a firewall and how does it work? Easy
A firewall is a network security device (hardware or software) that monitors and controls incoming and outgoing network traffic based on predefined security rules — acting as a barrier between a trusted internal network and untrusted external networks.
  • Packet Filtering: Inspects packet headers (IP, port, protocol) — fastest but basic.
  • Stateful Inspection: Tracks connection states — understands context.
  • Application Layer (WAF): Inspects HTTP/HTTPS traffic for web attacks.
  • Next-Generation Firewall (NGFW): Deep packet inspection, IDS/IPS, SSL inspection.
💡 A firewall cannot protect against insider threats, encrypted malware passing through allowed ports, or attacks that originate from trusted internal hosts.
17 What are the main domains of cybersecurity? Hard
Cybersecurity is broad and spans many domains (aligned to common frameworks like CISSP):
  • Network Security: Protecting network infrastructure (firewalls, IDS/IPS, VPNs).
  • Application Security: Securing software and APIs against vulnerabilities (OWASP).
  • Endpoint Security: Protecting devices (AV, EDR, MDM).
  • Identity & Access Management (IAM): Managing who can access what.
  • Cloud Security: Securing cloud infrastructure (IAM, CSPM, encryption).
  • Cryptography: Encryption, hashing, PKI.
  • Security Operations (SOC): Monitoring, detection, incident response.
  • Governance, Risk & Compliance (GRC): Policies, standards, regulations.
  • Physical Security: Access control to facilities.
  • Digital Forensics & Incident Response (DFIR): Investigating and recovering from incidents.
18 What is defence in depth? Medium
Defence in depth (DiD) is a layered security strategy where multiple independent security controls are stacked so that if one layer fails, others still protect the asset. It originated from military strategy.

Layers (outside → inside):
  • Perimeter (firewall, DMZ)
  • Network (IDS/IPS, segmentation, VLANs)
  • Host (endpoint AV, patching, host firewall)
  • Application (input validation, WAF, secure coding)
  • Data (encryption, DLP, access controls)
  • Human (security awareness training)
💡 No single security control is perfect. DiD ensures redundancy — an attacker who bypasses the firewall still faces IDS, then endpoint controls, then encryption.
19 What is the OWASP Top 10? Hard
OWASP (Open Web Application Security Project) Top 10 is a standard awareness document for the most critical web application security risks (updated 2021):
  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection (SQL, NoSQL, OS, LDAP)
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable and Outdated Components
  7. Identification and Authentication Failures
  8. Software and Data Integrity Failures
  9. Security Logging and Monitoring Failures
  10. Server-Side Request Forgery (SSRF)
💡 SQL Injection used to be #1 but dropped to #3 in 2021. Broken Access Control moved to #1 — it's the most prevalent risk today.
20 How would you explain cybersecurity to a non-technical business stakeholder? Hard
This tests communication skills. A strong answer avoids jargon and uses relatable analogies:

"Think of our digital systems like a physical office building. Cybersecurity is the combination of locks on the doors, security cameras, ID badge readers, security guards, and safes for valuables. Cyber threats are like criminals trying to break in, tailgate through a door, or steal documents. We invest in cybersecurity the same way we invest in building security — to protect our people, data, and reputation, and to avoid the massive costs of a break-in."

Key points to make:
  • Frame it as business risk, not a technical problem.
  • Quantify: "A breach costs on average $4.88M and takes 194 days to detect."
  • Connect to regulation and legal liability.
  • Emphasize that cybersecurity enables the business to operate safely.
💡 This type of question is common for cybersecurity analyst/architect roles. Demonstrating business acumen alongside technical knowledge is a differentiator.

MCQ Quiz · ~15 min · 25 Questions

Multiple Choice Questions

Select an answer then click Check. Explanations are shown after each submission.

MCQ Progress:
0 / 25
Simulation 1 · ~5 min

Phishing Email Detector

Examine each email carefully and classify it as Phishing or Legitimate. There are 5 emails.

Score: 0 / 5
Simulation 2 · ~4 min

CIA Triad Scenario Mapper

Drag each scenario chip into the correct CIA Triad category it primarily violates.

A hacker reads encrypted emails by intercepting network traffic
An attacker modifies financial records in a database
A DDoS attack takes down a hospital's booking system
An employee emails patient records to the wrong recipient
Ransomware corrupts all files on a server
A power outage takes a data centre offline

🔐 Confidentiality

Unauthorized disclosure of data

✔️ Integrity

Data tampered or corrupted

🟢 Availability

System/data inaccessible

Simulation 3 · ~3 min

Threat Type Classifier

Classify each scenario into the correct threat category using the dropdown.

Simulation 4 · ~3 min

Password Strength Analyser

Type a password to see its strength, time-to-crack estimate, and criteria breakdown.

Strength: —
Estimated crack time: —
✗ At least 12 characters
✗ Uppercase letter
✗ Lowercase letter
✗ Number
✗ Special character (!@#$...)
✗ Not a common password
💡 Best practice: Use a passphrase (e.g., Purple$Rain!Falls7) — long, memorable, mixed-character strings are harder to crack than short complex passwords. Consider a password manager.
Domains Explorer · Reference

Cybersecurity Domains

Click any domain card to expand details. Aligned to the Cyberspace Tech Solutions Cybersecurity Curriculum.


🎉

Session Complete!

You've completed 1 hour of Introduction to Cybersecurity content.
Review any section using the sidebar. Your MCQ score is in the bottom-left.