1
0
mirror of https://github.com/bregman-arie/devops-exercises.git synced 2024-11-27 08:30:52 +02:00

Add a couple of AWS exercises

Questions as well were added.
This commit is contained in:
abregman 2021-11-12 14:05:05 +02:00
parent af7e1a9007
commit 43d714fa12
15 changed files with 971 additions and 545 deletions

556
README.md
View File

@ -42,14 +42,14 @@
<td align="center"><a href="#azure"><img src="images/azure.png" width="75px;" height="75px;" alt="azure"/><br /><b>Azure</b></a></td>
<td align="center"><a href="#gcp"><img src="images/googlecloud.png" width="80px;" height="75px;" alt="Google Cloud Platform"/><br /><b>Google Cloud Platform</b></a></td>
<td align="center"><a href="#openstack"><img src="images/openstack.png" width="75px;" height="75px;" alt="openstack"/><br /><b>OpenStack</b></a></td>
<td align="center"><a href="#security"><img src="images/security.png" width="75px;" height="75px;" alt="security"/><br /><b>Security</b></a></td>
<td align="center"><a href="exercises/security/README.md"><img src="images/security.png" width="75px;" height="75px;" alt="security"/><br /><b>Security</b></a></td>
</tr>
<tr>
<td align="center"><a href="#operating-system"><img src="images/os.png" width="75px;" height="75px;" alt="Operating System"/><br /><b>Operating System</b></a></td>
<td align="center"><a href="#monitoring"><img src="images/monitoring.png" width="75px;" height="75px;" alt="Monitoring"/><br /><b>Monitoring</b></a></td>
<td align="center"><a href="#elastic"><img src="images/elastic.png" width="110px;" height="75px;" alt="Elastic"/><br /><b>Elastic</b></a></td>
<td align="center"><a href="#virtualization"><img src="images/virtualization.png" width="75px;" height="75px;" alt="Virtualization"/><br /><b>Virtualization</b></a></td>
<td align="center"><a href="#dns"><img src="images/dns.png" width="75px;" height="75px;" alt="DNS"/><br /><b>DNS</b></a></td>
<td align="center"><a href="exercises/dns/README.md"><img src="images/dns.png" width="75px;" height="75px;" alt="DNS"/><br /><b>DNS</b></a></td>
<td align="center"><a href="#Misc"><img src="images/general.png" width="110px;" height="75px;" alt="Misc"/><br /><b>Misc</b></a></td>
</tr>
<tr>
@ -192,9 +192,6 @@ You can read more about the OSI model in [penguintutor.com](http://www.penguintu
* 3 way handshake - Transport
</b></details>
<details>
</b></details>
<details>
<summary>What delivery schemes are you familiar with?</summary><br><b>
@ -372,6 +369,27 @@ For example, your computer's private IP could be 192.168.1.100, but your router
<summary>Which factors affect network performances</summary><br><b>
</b></details>
<details>
<summary>Which port number is used in each of the following protocols?:
* SSH
* SMTP
* HTTP
* DNS
* HTTPS
* FTP
* SFTP
</summary><br><b>
* SSH - 22
* SMTP - 25
* HTTP - 80
* DNS - 53
* HTTPS - 443
* FTP - 21
* SFTP - 22
</b></details>
#### Network - Data and Control planes
<details>
@ -1610,23 +1628,6 @@ False
Technically, yes.
</b></details>
<details>
<summary>Which port is used in each of the following protocols?:
* SSH
* SMTP
* HTTP
* DNS
* HTTPS
</summary><br><b>
* SSH - 22
* SMTP - 25
* HTTP - 80
* DNS - 53
* HTTPS - 443
</b></details>
<details>
<summary>What is telnet and why is it a bad idea to use it in production? (or at all)</summary><br><b>
@ -6572,410 +6573,6 @@ A list of services and their endpoints
* Horizon provides templates and core classes from which one can build its own dashboard
</b></details>
## Security
<details>
<summary>What is DevSecOps? What its core principals?</summary><br><b>
</b></details>
<details>
<summary>What the "Zero Trust" concept means? How Organizations deal with it?</summary><br><b>
[Codefresh definition](https://codefresh.io/security-testing/codefresh-runner-overview): "Zero trust is a security concept that is centered around the idea that organizations should never trust anyone or anything that does not originate from their domains. Organizations seeking zero trust automatically assume that any external services it commissions have security breaches and may leak sensitive information"
</b></details>
<details>
<summary>What it means to be "FIPS compliant"?</summary><br><b>
</b></details>
<details>
<summary>What is a Certificate Authority?</summary><br><b>
</b></details>
<details>
<summary>Explain RBAC (Role-based Access Control)</summary><br><b>
Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.
- RBAC mapped to job function, assumes that a person will take on different roles, overtime, within an organization and different responsibilities in relation to IT systems.
</b></details>
#### Security - Authentication and Authorization
<details>
<summary>Explain Authentication and Authorization</summary><br><b>
Authentication is the process of identifying whether a service or a person is who they claim to be.
Authorization is the process of identifying what level of access the service or the person have (after authentication was done)
</b></details>
<details>
<summary>What authentication methods are there?</summary><br><b>
</b></details>
<details>
<summary>Give an example of basic authentication process</summary><br><b>
A user uses the browser to authenticate to some server. It does so by using the authorization field which is constructed from the username and the password combined with a single colon. The result string is encoded using a certain character set which is compatible with US-ASCII. The authorization method + a space is prepended to the encoded string.
</b></details>
<details>
<summary>Explain Token-based authentication</summary><br><b>
</b></details>
<details>
<summary>Explain Risk-based authentication</summary><br><b>
</b></details>
<details>
<summary>Explain what is Single Sign-On</summary><br><b>
SSO (Single Sign-on), is a method of access control that enables a user to log in once and gain access to the resources of multiple software systems without being prompted to log in again.
</b></details>
<details>
<summary>Explain MFA (Multi-Factor Authentication)</summary><br><b>
Multi-Factor Authentication (Also known as 2FA). Allows the user to present two pieces of evidence, credentials, when logging into an account.
- The credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Credentials must come from two different categories to enhance security.
</b></details>
#### Security - Passwords
<details>
<summary>How do you manage sensitive information (like passwords) in different tools and platforms?</summary><br><b>
</b></details>
<details>
<summary>What password attacks are you familiar with?</summary><br><b>
* Dictionary
* Brute force
* Password Spraying
* Social Engineering
* Whaling
* Vishing
* Phising
* Whaling
</b></details>
<details>
<summary>How to mitigate password attacks?</summary><br><b>
* Strong password policy
* Do not reuse passwords
* ReCaptcha
* Training personnel against Social Engineering
* Risk Based Authentication
* Rate limiting
* MFA
</b></details>
#### Security - Cookies
<details>
<summary>What are cookies? Explain cookie-based authentication</summary><br><b>
</b></details>
<details>
<summary>True or False? Cookie-based authentication is stateful</summary><br><b>
True. Cookie-based authentication session must be kept on both server and client-side.
</b></details>
<details>
<summary>Explain the flow of using cookies</summary><br><b>
1. User enters credentials
2. The server verifies the credentials -> a sessions is created and stored in the database
3. A cookie with the session ID is set in the browser of that user
4. On every request, the session ID is verified against the database
5. The session is destroyed (both on client-side and server-side) when the user logs out
</b></details>
#### Security - SSH
<details>
<summary>What is SSH how does it work?</summary><br><b>
[Wikipedia Definition](https://en.wikipedia.org/wiki/SSH_(Secure_Shell)): "SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network."
[Hostinger.com Definition](https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work): "SSH, or Secure Shell, is a remote administration protocol that allows users to control and modify their remote servers over the Internet."
[This site](https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work) explains it in a good way.
</b></details>
<details>
<summary>What is the role of an SSH key?</summary><br><b>
</b></details>
#### Security - Cryptography
<details>
<summary>Explain Symmetrical encryption</summary><br><b>
A symmetric encryption is any technique where a key is used to both encrypt and decrypt the data/entire communication.
</b></details>
<details>
<summary>Explain Asymmetrical encryption</summary><br><b>
A asymmetric encryption is any technique where the there is two different keys that are used for encryption and decryption, these keys are known as public key and private key.
</b></details>
<details>
<summary>What is "Key Exchange" (or "key establishment") in cryptography?</summary><br><b>
[Wikipedia](https://en.wikipedia.org/wiki/Key_exchange): "Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm."
</b></details>
<details>
<summary>True or False? The symmetrical encryption is making use of public and private keys where the private key is used to decrypt the data encrypted with a public key</summary><br><b>
False. This description fits the asymmetrical encryption.
</b></details>
<details>
<summary>True or False? The private key can be mathematically computed from a public key</summary><br><b>
False.
</b></details>
<details>
<summary>True or False? In the case of SSH, asymmetrical encryption is not used to the entire SSH session</summary><br><b>
True. It is only used during the key exchange algorithm of symmetric encryption.
</b></details>
<details>
<summary>What is Hashing?</summary><br><b>
</b></details>
<details>
<summary>How hashes are part of SSH?</summary><br><b>
Hashes used in SSH to verify the authenticity of messages and to verify that nothing tampered with the data received.
</b></details>
<details>
<summary>Explain the following:
* Vulnerability
* Exploits
* Risk
* Threat</summary><br><b>
</b></details>
<details>
<summary>Are you familiar with "OWASP top 10"?</summary><br><b>
Read about it [here](https://owasp.org/www-project-top-ten)
</b></details>
<details>
<summary>What is XSS?</summary><br><b>
Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affact the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site 
You can test by detecting user-defined variables and how to input them. This includes hidden or non-obvious inputs such as HTTP parameters, POST data, hidden form field values, and predefined radio or selection values. You then analyze each found vector to see if their are potential vulnerabilities, then when found you craft input data with each input vector. Then you test the crafted input and see if it works.
</b></details>
<details>
<summary>What is an SQL injection? How to manage it?</summary><br><b>
SQL injection is an attack consists of inserts either a partial or full SQL query through data input from the browser to the web application. When a successful SQL injection happens it will allow the attacker to read sensitive information stored on the database for the web application. 
You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the tisk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure
</b></details>
<details>
<summary>What is Certification Authority?</summary><br><b>
</b></details>
<details>
<summary>How do you identify and manage vulnerabilities?</summary><br><b>
</b></details>
<details>
<summary>Explain "Privilege Restriction"</summary><br><b>
</b></details>
<details>
<summary>How HTTPS is different from HTTP?</summary><br><b>
</b></details>
<details>
<summary>What types of firewalls are there?</summary><br><b>
</b></details>
<details>
<summary>What is DDoS attack? How do you deal with it?</summary><br><b>
</b></details>
<details>
<summary>What is port scanning? When is it used?</summary><br><b>
</b></details>
<details>
<summary>What is the difference between asynchronous and synchronous encryption?</summary><br><b>
</b></details>
<details>
<summary>Explain Man-in-the-middle attack</summary><br><b>
</b></details>
<details>
<summary>Explain CVE and CVSS</summary><br><b>
</b></details>
<details>
<summary>What is ARP Poisoning?</summary><br><b>
</b></details>
<details>
<summary>Describe how do you secure public repositories</summary><br><b>
</b></details>
<details>
<summary>What is DNS Spoofing? How to prevent it?</summary><br><b>
DNS spoofing occurs when a particular DNS server’s records of “spoofed” or altered maliciously to redirect traffic to the attacker. This redirection of traffic allows the attacker to spread malware, steal data, etc.
**Prevention**
- Use encrypted data transfer protocols - Using end-to-end encryption vian SSL/TLS will help decrease the chance that a website / its visitors are compromised by DNS spoofing.
- Use DNSSEC - DNSSEC, or Domain Name System Security Extensions, uses digitally signed DNS records to help determine data authenticity.
- Implement DNS spoofing detection mechanisms - it’s important to implement DNS spoofing detection software. Products such as XArp help product against ARP cache poisoning by inspecting the data that comes through before transmitting it.
</b></details>
<details>
<summary>What can you tell me about Stuxnet?</summary><br><b>
Stuxnet is a computer worm that was originally aimed at Iran’s nuclear facilities and has since mutated and spread to other industrial and energy-producing facilities. The original Stuxnet malware attack targeted the programmable logic controllers (PLCs) used to automate machine processes. It generated a flurry of media attention after it was discovered in 2010 because it was the first known virus to be capable of crippling hardware and because it appeared to have been created by the U.S. National Security Agency, the CIA, and Israeli intelligence.
</b></details>
<details>
<summary>What can you tell me about the BootHole vulnerability?</summary><br><b>
</b></details>
<details>
<summary>What can you tell me about Spectre?</summary><br><b>
Spectre is an attack method which allows a hacker to “read over the shoulder” of a program it does not have access to. Using code, the hacker forces the program to pull up its encryption key allowing full access to the program
</b></details>
<details>
<summary>Explain OAuth</summary><br><b>
</b></details>
<details>
<summary>Explain "Format String Vulnerability"</summary><br><b>
</b></details>
<details>
<summary>Explain DMZ</summary><br><b>
</b></details>
<details>
<summary>Explain TLS</summary><br><b>
</b></details>
<details>
<summary>What is CSRF? How to handle CSRF?</summary><br><b>
Cross-Site Request Forgery (CSRF) is an attack that makes the end user to initate a unwanted action on the web application in which the user has a authenticated session, the attacker may user an email and force the end user to click on the link and that then execute malicious actions. When an CSRF attack is successful it will compromise the end user data 
You can use OWASP ZAP to analyze a "request", and if it appears that there no protection against cross-site request forgery when the Security Level is set to 0 (the value of csrf-token is SecurityIsDisabled.) One can use data from this request to prepare a CSRF attack by using OWASP ZAP
</b></details>
<details>
<summary>Explain HTTP Header Injection vulnerability</summary><br><b>
HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.
</b></details>
<details>
<summary>What security sources are you using to keep updated on latest news?</summary><br><b>
</b></details>
<details>
<summary>What TCP and UDP vulnerabilities are you familiar with?</summary><br><b>
</b></details>
<details>
<summary>Do using VLANs contribute to network security?</summary><br><b>
</b></details>
<details>
<summary>What are some examples of security architecture requirements?</summary><br><b>
</b></details>
<details>
<summary>What is air-gapped network (or air-gapped environment)? What its advantages and disadvantages?</summary><br><b>
</b></details>
<details>
<summary>Explain what is Buffer Overflow</summary><br><b>
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.
</b></details>
<details>
<summary>What is Nonce?</summary><br><b>
</b></details>
<details>
<summary>What is SSRF?</summary><br><b>
SSRF (Server-side request forgery) it's a vulnerability where you can make a server make arbitrary requests to anywhere you want.
Read more about it at [portswigger.net](https://portswigger.net/web-security/ssrf)
</b></details>
<details>
<summary>Explain MAC flooding attack</summary><br><b>
MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address.
</b></details>
<details>
<summary>What is port flooding?</summary><br><b>
</b></details>
<details>
<summary>What is "Diffie-Hellman key exchange" and how does it work?</summary><br><b>
</b></details>
<details>
<summary>Explain "Forward Secrecy"</summary><br><b>
</b></details>
<details>
<summary>What is Cache Poisoned Denial of Service?</summary><br><b>
CPDoS or Cache Poisoned Denial of Service. It poisons the CDN cache. By manipulating certain header requests, the attacker forces the origin server to return a Bad Request error which is stored in the CDN’s cache. Thus, every request that comes after the attack will get an error page.
</b></details>
#### Security - Threats
<details>
<summary>Explain "Advanced persistent threat (APT)"</summary><br><b>
</b></details>
<details>
<summary>What is a "Backdoor" in information security?</summary><br><b>
</b></details>
## Puppet
<details>
@ -7351,113 +6948,6 @@ False. One harvester harvests one file.
You can generate certificates with the provided elastic utils and change configuration to enable security using certificates model.
</b></details>
## DNS
<details>
<summary>What is DNS? What is it used for?</summary><br><b>
DNS (Domain Name Systems) is a protocol used for converting domain names into IP addresses.<br>
As you know computer networking is done with IP addresses (layer 3 of the OSI model) but for as humans it's hard to remember IP addresses, it's much easier to remember names. This why we need something such as DNS to convert any domain name we type into an IP address. You can think on DNS as a huge phonebook or database where each corresponding name has an IP.
</b></details>
<details>
<summary>What is DNS resolution?</summary><br><b>
The process of translating IP addresses to domain names.
</b></details>
<details>
<summary>What is a DNS record?</summary><br><b>
A mapping between domain name and an IP address.
</b></details>
<details>
<summary>How DNS works?</summary><br><b>
In general the process is as follows:
* The user types an address in the web browser (some_site.com)
* The operating system gets a request from the browser to translate the address the user entered
* A query created to check a local entry of the address exists in the system. In case it doesn't, the request is forwarded to the DNS resolver
* The Resolver is a server, usually configured by your ISP when you connect to the internet, that responsible for resolving your query by contacting other DNS servers
* The Resolver contacts the root nameserver (aka as .)
* The root nameserver responds with the address of the relevant Top Level Domain DNS server (if your address ends with org then the org TLD)
* The Resolver then contacts the TLD DNS and TLD DNS responds with the IP address that matches the address the user typed in the browser
* The Resolver passes this information to the browser
* The user is happy :D
</b></details>
<details>
<summary>Explain the resolution sequence of: www.site.com</summary><br><b>
It's resolved in this order:
1) .
2) .com
3) site.com
4) www.site.com
</b></details>
<details>
<summary>What types of DNS records are there?</summary><br><b>
* A
* PTR
* MX
* AAAA
...
A more detailed list, can be found [here](https://www.nslookup.io/learning/dns-record-types)
</b></details>
<details>
<summary>What is a A record?</summary><br><b>
A (Address) Maps a host name to an IP address. When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
</b></details>
<details>
<summary>What is a AAAA record?</summary><br><b>
An AAAA Record performs the same function as an A Record, but for an IPv6 Address.
</b></details>
<details>
<summary>What is a PTR record?</summary><br><b>
While an A record points a domain name to an IP address, a PTR record does the opposite and resolves the IP address to a domain name.
</b></details>
<details>
<summary>What is a MX record?</summary><br><b>
MX (Mail Exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain.
</b></details>
<details>
<summary>Is DNS using TCP or UDP?</summary><br><b>
DNS uses UDP port 53 for resolving queries either regular or reverse. DNS uses TCP for zone transfer.
</b></details>
<details>
<summary>True or False? DNS can be used for load balancing</summary><br><b>
True.
</b></details>
<details>
<summary>Which techniques a DNS can use for load balancing?</summary><br><b>
</b></details>
<details>
<summary>What is DNS Record TTL? Why do we need it?</summary><br><b>
</b></details>
<details>
<summary>What is a zone? What types of zones are there?</summary><br><b>
</b></details>
## Distributed
<details>

View File

@ -6,18 +6,34 @@
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Create a User | IAM | [Exercise](create_user.md) | [Solution](solutions/create_user.md) | |
| Password Policy | IAM | [Exercise](password_policy_and_mfa.md) | [Solution](solutions/password_policy_and_mfa.md) | |
| Create a role | IAM | [Exercise](create_role.md) | [Solution](solutions/create_role.md) | |
| Credential Report | IAM | [Exercise](credential_report.md) | [Solution](solutions/credential_report.md) | |
| Access Advisor | IAM | [Exercise](access_advisor.md) | [Solution](solutions/access_advisor.md) | |
| Create a User | IAM | [Exercise](create_user.md) | [Solution](solutions/create_user.md) | Easy |
| Password Policy | IAM | [Exercise](password_policy_and_mfa.md) | [Solution](solutions/password_policy_and_mfa.md) | Easy |
| Create a role | IAM | [Exercise](create_role.md) | [Solution](solutions/create_role.md) | Easy |
| Credential Report | IAM | [Exercise](credential_report.md) | [Solution](solutions/credential_report.md) | Easy |
| Access Advisor | IAM | [Exercise](access_advisor.md) | [Solution](solutions/access_advisor.md) | Easy |
#### AWS - EC2
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Launch EC2 web instance | EC2 | [Exercise](launch_ec2_web_instance.md) | [Solution](solutions/launch_ec2_web_instance.md) | Easy |
| Security Groups | EC2 | [Exercise](security_groups.md) | [Solution](solutions/security_groups.md) | Easy |
| IAM Roles | EC2 + IAM | [Exercise](ec2_iam_roles.md) | [Solution](solutions/ec2_iam_roles.md) | Easy |
#### AWS - Lambda
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Hello Function | Lambda | [Exercise](hello_function.md) | [Solution](solutions/hello_function.md) | |
| URL Function | Lambda | [Exercise](url_function.md) | [Solution](solutions/url_function.md) | |
| Hello Function | Lambda | [Exercise](hello_function.md) | [Solution](solutions/hello_function.md) | Easy |
| URL Function | Lambda | [Exercise](url_function.md) | [Solution](solutions/url_function.md) | Easy |
#### AWS - Misc
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Budget Setup | Budget | [Exercise](budget_setup.md) | [Solution](solutions/budget_setup.md) | Easy |
| No Application :'( | Troubleshooting | [Exercise](no_application.md) | [Solution](solutions/no_application.md) | Easy |
### AWS Self Assessment
@ -151,7 +167,7 @@ There can be several reasons for that. One of them is lack of policy. To solve t
</b></details>
<details>
<summary>What statements AWS IAM policies support?</summary><br><b>
<summary>What statements AWS IAM policies are consist of?</summary><br><b>
* Sid: identifier of the statement (optional)
* Effect: allow or deny access
@ -194,7 +210,7 @@ This policy permits to perform any action on any resource. It happens to be the
IAM Access Advisor
</b></details>
#### AWS - Compute
#### AWS - EC2
<details>
<summary>What is EC2?</summary><br><b>
@ -209,6 +225,17 @@ Read more [here](https://aws.amazon.com/ec2)
True. As opposed to IAM for example, which is a global service, EC2 is a regional service.
</b></details>
<details>
<summary>What are some of the properties/configuration options of EC2 instances that can be set or modified?</summary><br><b>
* OS (Linux, Windows)
* RAM and CPU
* Networking - IP, Card properties like speed
* Storage Space - (EBS, EFS, EC2 Instance Store)
* EC2 User Data
* Security groups
</b></details>
<details>
<summary>What is AMI?</summary><br><b>
@ -225,12 +252,22 @@ Read more [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)
</b></details>
<details>
<summary>What is instance type?</summary><br><b>
<summary>What is an instance type?</summary><br><b>
"the instance type that you specify determines the hardware of the host computer used for your instance"
Read more about instance types [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html)
</b></details>
<details>
<summary>Explain the instance type naming convention</summary><br><b>
Let's take for example the following instance type: m5.large
`m` is the instance class
`5` is the generation
`large` is the size of the instance (affects the spec properties like vCPUs and RAM)
</b></details>
<details>
<summary>True or False? The following are instance types available for a user in AWS:
@ -241,6 +278,30 @@ Read more about instance types [here](https://docs.aws.amazon.com/AWSEC2/latest/
False. From the above list only compute optimized is available.
</b></details>
<details>
<summary>Explain each of the following instance types:
* "Compute Optimized"
* "Memory Optimized"
* "Storage Optimized"</summary><br><b>
Compute Optimized:
* Used for compute-intensive tasks
* It has high performance processors
* Use cases vary: gaming serves, machine learning, batch processing, etc.
Memory Optimized:
* Used for processing large data sets in memory
* Other use cases: high performance, databases, distributed cache stores
Storage Optimized:
* Used for storage intensive tasks - high read and write access to large data sets
* Use cases: databases, OLTP system, distributing file systems
</b></details>
<details>
<summary>What is EBS?</summary><br><b>
@ -257,6 +318,73 @@ Spot - Enables you to bid whatever price you want for instances or pay the spot
Dedicated Hosts - physical EC2 server dedicated for your use.
</b></details>
<details>
<summary>True or False? Reserved instance has to be used for a minimum of 1 year</summary><br><b>
True.
</b></details>
<details>
<summary>Explain the following types of reserved instances:
* Convertible Reserved Instances
* Scheduled Reserved Instances</summary><br><b>
* Convertible Reserved Instances: used for long running workloads but used when instance type might change during the period of time it's resreved
* Scheduled Reserved Instances: when you need to reserve an instance for a long period but you don't need it continuously (so for example you need it only in the morning)
</b></details>
<details>
<summary>True or False? In EC2 On Demand, you pay per hour when using Linux or Windows and per second (after first minute) when using any other operating system</summary><br><b>
False. You pay per second (after the first minute) when using Windows or Linux and per hour for any other OS.
</b></details>
<details>
<summary>You need an instance for short-term and the workload running on instance must not be interrupted. Which pricing model would you use?</summary><br><b>
On Demand is good for short-term non-interrupted workloads (but it also has the highest cost).
</b></details>
<details>
<summary>You need an instance for running an application for a period of 2 years continuously, without changing instance type. Which pricing model would you use?</summary><br><b>
Reserved instances: they are cheaper than on-demand and the instance is yours for the chosen period of time.
</b></details>
<details>
<summary>You need an instance for two years, but only between 10:00-15:00 every day. Which pricing model would you use?</summary><br><b>
Reserved instances from the "Scheduled Reserved Instances" type which allows you to reserve for specific time window (like 10:00-15:00 every day).
</b></details>
<details>
<summary>You need an instance for running workloads. You don't care if they fail for a given moment as long as they run eventually. Which pricing model would you use?</summary><br><b>
Spot instances. The discount potential is the highest compared to all other pricing models. The disadvantage is that you can lose the instance at any point so, you must run only workloads that you are fine with them failing suddenly.
</b></details>
<details>
<summary>You need a physical server only for your use. Which pricing model are you going to use?</summary><br><b>
EC2 Dedicated Host
</b></details>
<details>
<summary>What are some of the differences between dedicated hosts and dedicated instances?</summary><br><b>
In dedicated hosts you have per host billing, you have more visibility (sockets, cores, ...) and you can control where instance will be placed.<br>
In dedicated instances the billing is per instance but you can't control placement and you don't have visibility of sockets, cores, ...
</b></details>
<details>
<summary>For what use cases, EC2 dedicated hosts are useful for?</summary><br><b>
* Compliance needs
* When the software license is complex (Bring Your Own License) and doesn't support cloud or multi-tenants
* Regulatory requirements
</b></details>
<details>
<summary>What are Security Groups?</summary><br><b>
@ -264,6 +392,37 @@ Dedicated Hosts - physical EC2 server dedicated for your use.
More on this subject [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)
</b></details>
<details>
<summary>True or False? Security groups only contain deny rules</summary><br><b>
False. Security groups only contain allow rules.
</b></details>
<details>
<summary>True or False? One security group can be attached to multiple instances</summary><br><b>
True
</b></details>
<details>
<summary>True or False? Security groups are not locked down to a region and VPC (meaning you don't have to create a new one when switching regions)</summary><br><b>
False. They are locked down to regions and VPC.
</b></details>
<details>
<summary>True or False? By default, when using security groups, all inbound traffic to an EC2 instance is blocked and all outbound traffic is allowed</summary><br><b>
True
</b></details>
<details>
<summary>What is the advantage of referencing security groups from a given security group?</summary><br><b>
Imagine you have an instance referencing two security groups, allowing to get inbound traffic from them.<br>
Now imagine you have two instances, each using one of the security groups referenced in the instance we've just mentioned. This means you can get traffic from these two instances because they use security groups which referenced in the instance mentioned at the beginning. No need to use IPs.
</b></details>
<details>
<summary>How to migrate an instance to another availability zone?</summary><br><b>
</b></details>
@ -285,9 +444,42 @@ Learn more about EC2 RI [here](https://aws.amazon.com/ec2/pricing/reserved-insta
</b></details>
<details>
<summary>You would like to invoke a function every time you enter a URL in the browser. Which service would you use for that?</summary><br><b>
<summary>What bootstrapping means and how to use it in AWS EC2?</summary><br><b>
AWS Lambda
Bootstrapping is about launching commands when a machine starts for the first time.
In AWS EC2 this is done using the EC2 user data script.
</b></details>
<details>
<summary>You get time out when trying reach your application which runs on an EC2 instance. Specify one reason why it would possibly happen</summary><br><b>
Security group isn't configured properly.
</b></details>
<details>
<summary>What is the AWS Instance Connect?</summary><br><b>
[AWS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html): "Amazon EC2 Instance Connect provides a simple and secure way to connect to your Linux instances using Secure Shell (SSH)."
</b></details>
<details>
<summary>You try to run EC2 commands in an EC2 instance you've just created but it fails due to missing credentials. What would you do?</summary><br><b>
DO NOT configure AWS credentials on the instance (this means anyone else in your account would be able to use and see your credentials).<br>
The best practice is to attach an IAM role with sufficient permissions (like `IAMReadOnlyAccess`)
</b></details>
<details>
<summary>True or False? Cancelling a Spot instance request terminates the instance</summary><br><b>
False. When you cancel a Spot instance request, you are not terminating the instances created by it.<br>
To terminate such instances, you must cancel the Spot instance request first.
</b></details>
<details>
<summary>What are Spot Flees?</summary><br><b>
Set of Spot instance and if you want, also on-demand instances.
</b></details>
#### AWS - Lambda
@ -914,6 +1106,12 @@ Allows you to connect your corporate network to AWS network.
AWS CodeDeploy
</b></details>
<details>
<summary>You would like to invoke a function every time you enter a URL in the browser. Which service would you use for that?</summary><br><b>
AWS Lambda
</b></details>
<details>
<summary>What would you use for easily creating similar AWS environments/resources for different customers?</summary><br><b>

View File

@ -0,0 +1,5 @@
## AWS - Budget Setup
### Objectives
Setup a cost budget in your AWS account based on your needs.

View File

@ -0,0 +1,11 @@
## AWS EC2 - IAM Roles
### Requirements
1. Running EC2 instance without any IAM roles (so you if you connect the instance and try to run AWS commands, it fails)
2. IAM role with "IAMReadOnlyAccess" policy
### Objectives
1. Attach a role (and if such role doesn't exists, create it) with "IAMReadOnlyAccess" policy to the EC2 instance
2. Verify you can run AWS commands in the instance

View File

@ -0,0 +1,15 @@
## AWS - Launch EC2 Web Instance
### Objectives
Launch one EC2 instance with the following requirements:
1. Amazon Linux 2 image
2. Instance type: pick up one that has 1 vCPUs and 1 GiB memory
3. Instance storage should be deleted upon the termination of the instance
4. When the instance starts, it should install:
1. Install the httpd package
2. Start the httpd service
3. Make sure the content of /var/www/html/index.html is `I made it! This is is awesome!`
5. It should have the tag: "Type: web" and the name of the instance should be "web-1"
6. HTTP traffic (port 80) should be accepted from anywhere

View File

@ -0,0 +1,8 @@
## No Application :'(
### Objectives
Explain what might be possible reasons for the following issues:
1. Getting "time out" when trying to reach an application running on EC2 instance
2. Getting "connection refused" error

View File

@ -0,0 +1,16 @@
## AWS EC2 - Security Groups
### Requirements
For this exercise you'll need:
1. EC2 instance with web application
2. Security group inbound rules that allow HTTP traffic
### Objectives
1. List the security groups you have in your account, in the region you are using
2. Remove the HTTP inbound traffic rule
3. Can you still access the application? What do you see/get?
4. Add back the rule
5. Can you access the application now?

View File

@ -0,0 +1,18 @@
## AWS - Budget Setup
### Objectives
Setup a cost budget in your AWS account based on your needs.
### Solution
1. Go to "Billing"
2. Click on "Budgets" in the menu
3. Click on "Create a budget"
4. Choose "Cost Budget" and click on "Next"
5. Choose the values that work for you. For example, recurring monthly budget with a specific amount
6. Insert a budget name and Click on "Next"
7. Set up an alert but clicking on "Add an alert threshold"
1. Set a threshold (e.g. 75% of budgeted amount)
2. Set an email where a notification will be sent
8. Click on "Next" until you can click on "Create a budget"

View File

@ -0,0 +1,21 @@
## AWS EC2 - IAM Roles
### Requirements
1. Running EC2 instance without any IAM roles (so you if you connect the instance and try to run AWS commands, it fails)
2. IAM role with "IAMReadOnlyAccess" policy
### Objectives
1. Attach a role (and if such role doesn't exists, create it) with "IAMReadOnlyAccess" policy to the EC2 instance
2. Verify you can run AWS commands in the instance
### Solution
#### Console
1. Go to EC2 service
2. Click on the instance to which you would like to attach the IAM role
3. Click on "Actions" -> "Security" -> "Modify IAM Role"
4. Choose the IAM role with "IAMReadOnlyAccess" policy and click on "Save"
5. Running AWS commands now in the instance should work fine (e.g. `aws iam list-users`)

View File

@ -0,0 +1,39 @@
## AWS - Launch EC2 Web Instance
### Objectives
Launch one EC2 instance with the following requirements:
1. Amazon Linux 2 image
2. Instance type: pick up one that has 1 vCPUs and 1 GiB memory
3. Instance storage should be deleted upon the termination of the instance
4. When the instance starts, it should install:
1. Install the httpd package
2. Start the httpd service
3. Make sure the content of /var/www/html/index.html is `I made it! This is is awesome!`
5. It should have the tag: "Type: web" and the name of the instance should be "web-1"
6. HTTP traffic (port 80) should be accepted from anywhere
### Solution
1. Choose a region close to you
2. Go to EC2 service
3. Click on "Instances" in the menu and click on "Launch instances"
4. Choose image: Amazon Linux 2
5. Choose instance type: t2.micro
6. Make sure "Delete on Termination" is checked in the storage section
7. Under the "User data" field the following:
```
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>I made it! This is is awesome!</h1>" > /var/www/html/index.html
```
8. Add tags with the following keys and values:
* key "Type" and the value "web"
* key "Name" and the value "web-1"
9. In the security group section, add a rule to accept HTTP traffic (TCP) on port 80 from anywhere
10. Click on "Review" and then click on "Launch" after reviewing.
11. If you don't have a key pair, create one and download it.

View File

@ -0,0 +1,21 @@
## No Application :'(
### Objectives
Explain what might be possible reasons for the following issues:
1. Getting "time out" when trying to reach an application running on EC2 instance
2. Getting "connection refused" error
### Solution
1. 'Time out' Can be due to one of the following:
* Security group doesn't allow access
* No host (yes, I know. Not the first thing to check and yet...)
* Operating system firewall blocking traffic
2. 'Connection refused' can happen due to one of the following:
* Application didn't launch properly or has some issue (doesn't listens on the designated port)
* Firewall replied with a reject instead of dropping the packets

View File

@ -0,0 +1,55 @@
## AWS EC2 - Security Groups
### Requirements
For this exercise you'll need:
1. EC2 instance with web application
2. Security group inbound rules that allow HTTP traffic
### Objectives
1. List the security groups you have in your account, in the region you are using
2. Remove the HTTP inbound traffic rule
3. Can you still access the application? What do you see/get?
4. Add back the rule
5. Can you access the application now?
### Solution
#### Console
1. Go to EC2 service - > Click on "Security Groups" under "Network & Security"
You should see at least one security group. One of them is called "default"
2. Click on the security group with HTTP rules and click on "Edit inbound rules".
Remove the HTTP related rules and click on "Save rules"
3. No. There is a time out because we removed the rule allowing HTTP traffic.
4. Click on the security group -> edit inbound rules and add the following rule:
* Type: HTTP
* Port range: 80
* Source: Anywhere -> 0.0.0.0/0
5. yes
#### CLI
1. `aws ec2 describe-security-groups` -> by default, there is one security group called "default", in a new account
2. Remove the rule:
```
aws ec2 revoke-security-group-ingress \
--group-name someHTTPSecurityGroup
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
```
3. No. There is a time out because we removed the rule allowing HTTP traffic.
4. Add the rule we remove:
```
aws ec2 authorize-security-group-ingress \
--group-name someHTTPSecurityGroup
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
```
5. yes

View File

@ -303,3 +303,23 @@ UI:
1. In the repository page, click on "Actions"
2. Choose workflow and click on "Set up this workflow"
</b></details>
#### Zuul
<details>
<summary>In Zuul, What are the <code>check</code> pipelines?</summary><br><b>
`check` pipeline are triggered when a patch is uploaded to a code review system (e.g. Gerrit).<br>
</b></details>
<details>
<summary>In Zuul, What are the <code>gate</code> pipelines?</summary><br><b>
`gate` pipeline are triggered when a code reviewer approves the change in a code review system (e.g. Gerrit)
</b></details>
<details>
<summary>True or False? <code>gate</code> pipelines run after the <code>check</code> pipelines</summary><br><b>
True. `check` pipeline run when the change is uploaded, while the `gate` pipelines run when the change is approved by a reviewer
</b></details>

106
exercises/dns/README.md Normal file
View File

@ -0,0 +1,106 @@
## DNS
<details>
<summary>What is DNS? What is it used for?</summary><br><b>
DNS (Domain Name Systems) is a protocol used for converting domain names into IP addresses.<br>
As you know computer networking is done with IP addresses (layer 3 of the OSI model) but for as humans it's hard to remember IP addresses, it's much easier to remember names. This why we need something such as DNS to convert any domain name we type into an IP address. You can think on DNS as a huge phonebook or database where each corresponding name has an IP.
</b></details>
<details>
<summary>What is DNS resolution?</summary><br><b>
The process of translating IP addresses to domain names.
</b></details>
<details>
<summary>What is a DNS record?</summary><br><b>
A mapping between domain name and an IP address.
</b></details>
<details>
<summary>How DNS works?</summary><br><b>
In general the process is as follows:
* The user types an address in the web browser (some_site.com)
* The operating system gets a request from the browser to translate the address the user entered
* A query created to check a local entry of the address exists in the system. In case it doesn't, the request is forwarded to the DNS resolver
* The Resolver is a server, usually configured by your ISP when you connect to the internet, that responsible for resolving your query by contacting other DNS servers
* The Resolver contacts the root nameserver (aka as .)
* The root nameserver responds with the address of the relevant Top Level Domain DNS server (if your address ends with org then the org TLD)
* The Resolver then contacts the TLD DNS and TLD DNS responds with the IP address that matches the address the user typed in the browser
* The Resolver passes this information to the browser
* The user is happy :D
</b></details>
<details>
<summary>Explain the resolution sequence of: www.site.com</summary><br><b>
It's resolved in this order:
1) .
2) .com
3) site.com
4) www.site.com
</b></details>
<details>
<summary>What types of DNS records are there?</summary><br><b>
* A
* PTR
* MX
* AAAA
...
A more detailed list, can be found [here](https://www.nslookup.io/learning/dns-record-types)
</b></details>
<details>
<summary>What is a A record?</summary><br><b>
A (Address) Maps a host name to an IP address. When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
</b></details>
<details>
<summary>What is a AAAA record?</summary><br><b>
An AAAA Record performs the same function as an A Record, but for an IPv6 Address.
</b></details>
<details>
<summary>What is a PTR record?</summary><br><b>
While an A record points a domain name to an IP address, a PTR record does the opposite and resolves the IP address to a domain name.
</b></details>
<details>
<summary>What is a MX record?</summary><br><b>
MX (Mail Exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain.
</b></details>
<details>
<summary>Is DNS using TCP or UDP?</summary><br><b>
DNS uses UDP port 53 for resolving queries either regular or reverse. DNS uses TCP for zone transfer.
</b></details>
<details>
<summary>True or False? DNS can be used for load balancing</summary><br><b>
True.
</b></details>
<details>
<summary>Which techniques a DNS can use for load balancing?</summary><br><b>
</b></details>
<details>
<summary>What is DNS Record TTL? Why do we need it?</summary><br><b>
</b></details>
<details>
<summary>What is a zone? What types of zones are there?</summary><br><b>
</b></details>

View File

@ -0,0 +1,403 @@
## Security
<details>
<summary>What is DevSecOps? What its core principals?</summary><br><b>
</b></details>
<details>
<summary>What the "Zero Trust" concept means? How Organizations deal with it?</summary><br><b>
[Codefresh definition](https://codefresh.io/security-testing/codefresh-runner-overview): "Zero trust is a security concept that is centered around the idea that organizations should never trust anyone or anything that does not originate from their domains. Organizations seeking zero trust automatically assume that any external services it commissions have security breaches and may leak sensitive information"
</b></details>
<details>
<summary>What it means to be "FIPS compliant"?</summary><br><b>
</b></details>
<details>
<summary>What is a Certificate Authority?</summary><br><b>
</b></details>
<details>
<summary>Explain RBAC (Role-based Access Control)</summary><br><b>
Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.
- RBAC mapped to job function, assumes that a person will take on different roles, overtime, within an organization and different responsibilities in relation to IT systems.
</b></details>
#### Security - Authentication and Authorization
<details>
<summary>Explain Authentication and Authorization</summary><br><b>
Authentication is the process of identifying whether a service or a person is who they claim to be.
Authorization is the process of identifying what level of access the service or the person have (after authentication was done)
</b></details>
<details>
<summary>What authentication methods are there?</summary><br><b>
</b></details>
<details>
<summary>Give an example of basic authentication process</summary><br><b>
A user uses the browser to authenticate to some server. It does so by using the authorization field which is constructed from the username and the password combined with a single colon. The result string is encoded using a certain character set which is compatible with US-ASCII. The authorization method + a space is prepended to the encoded string.
</b></details>
<details>
<summary>Explain Token-based authentication</summary><br><b>
</b></details>
<details>
<summary>Explain Risk-based authentication</summary><br><b>
</b></details>
<details>
<summary>Explain what is Single Sign-On</summary><br><b>
SSO (Single Sign-on), is a method of access control that enables a user to log in once and gain access to the resources of multiple software systems without being prompted to log in again.
</b></details>
<details>
<summary>Explain MFA (Multi-Factor Authentication)</summary><br><b>
Multi-Factor Authentication (Also known as 2FA). Allows the user to present two pieces of evidence, credentials, when logging into an account.
- The credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Credentials must come from two different categories to enhance security.
</b></details>
#### Security - Passwords
<details>
<summary>How do you manage sensitive information (like passwords) in different tools and platforms?</summary><br><b>
</b></details>
<details>
<summary>What password attacks are you familiar with?</summary><br><b>
* Dictionary
* Brute force
* Password Spraying
* Social Engineering
* Whaling
* Vishing
* Phising
* Whaling
</b></details>
<details>
<summary>How to mitigate password attacks?</summary><br><b>
* Strong password policy
* Do not reuse passwords
* ReCaptcha
* Training personnel against Social Engineering
* Risk Based Authentication
* Rate limiting
* MFA
</b></details>
#### Security - Cookies
<details>
<summary>What are cookies? Explain cookie-based authentication</summary><br><b>
</b></details>
<details>
<summary>True or False? Cookie-based authentication is stateful</summary><br><b>
True. Cookie-based authentication session must be kept on both server and client-side.
</b></details>
<details>
<summary>Explain the flow of using cookies</summary><br><b>
1. User enters credentials
2. The server verifies the credentials -> a sessions is created and stored in the database
3. A cookie with the session ID is set in the browser of that user
4. On every request, the session ID is verified against the database
5. The session is destroyed (both on client-side and server-side) when the user logs out
</b></details>
#### Security - SSH
<details>
<summary>What is SSH how does it work?</summary><br><b>
[Wikipedia Definition](https://en.wikipedia.org/wiki/SSH_(Secure_Shell)): "SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network."
[Hostinger.com Definition](https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work): "SSH, or Secure Shell, is a remote administration protocol that allows users to control and modify their remote servers over the Internet."
[This site](https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work) explains it in a good way.
</b></details>
<details>
<summary>What is the role of an SSH key?</summary><br><b>
</b></details>
#### Security - Cryptography
<details>
<summary>Explain Symmetrical encryption</summary><br><b>
A symmetric encryption is any technique where a key is used to both encrypt and decrypt the data/entire communication.
</b></details>
<details>
<summary>Explain Asymmetrical encryption</summary><br><b>
A asymmetric encryption is any technique where the there is two different keys that are used for encryption and decryption, these keys are known as public key and private key.
</b></details>
<details>
<summary>What is "Key Exchange" (or "key establishment") in cryptography?</summary><br><b>
[Wikipedia](https://en.wikipedia.org/wiki/Key_exchange): "Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm."
</b></details>
<details>
<summary>True or False? The symmetrical encryption is making use of public and private keys where the private key is used to decrypt the data encrypted with a public key</summary><br><b>
False. This description fits the asymmetrical encryption.
</b></details>
<details>
<summary>True or False? The private key can be mathematically computed from a public key</summary><br><b>
False.
</b></details>
<details>
<summary>True or False? In the case of SSH, asymmetrical encryption is not used to the entire SSH session</summary><br><b>
True. It is only used during the key exchange algorithm of symmetric encryption.
</b></details>
<details>
<summary>What is Hashing?</summary><br><b>
</b></details>
<details>
<summary>How hashes are part of SSH?</summary><br><b>
Hashes used in SSH to verify the authenticity of messages and to verify that nothing tampered with the data received.
</b></details>
<details>
<summary>Explain the following:
* Vulnerability
* Exploits
* Risk
* Threat</summary><br><b>
</b></details>
<details>
<summary>Are you familiar with "OWASP top 10"?</summary><br><b>
Read about it [here](https://owasp.org/www-project-top-ten)
</b></details>
<details>
<summary>What is XSS?</summary><br><b>
Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affact the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site 
You can test by detecting user-defined variables and how to input them. This includes hidden or non-obvious inputs such as HTTP parameters, POST data, hidden form field values, and predefined radio or selection values. You then analyze each found vector to see if their are potential vulnerabilities, then when found you craft input data with each input vector. Then you test the crafted input and see if it works.
</b></details>
<details>
<summary>What is an SQL injection? How to manage it?</summary><br><b>
SQL injection is an attack consists of inserts either a partial or full SQL query through data input from the browser to the web application. When a successful SQL injection happens it will allow the attacker to read sensitive information stored on the database for the web application. 
You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the tisk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure
</b></details>
<details>
<summary>What is Certification Authority?</summary><br><b>
</b></details>
<details>
<summary>How do you identify and manage vulnerabilities?</summary><br><b>
</b></details>
<details>
<summary>Explain "Privilege Restriction"</summary><br><b>
</b></details>
<details>
<summary>How HTTPS is different from HTTP?</summary><br><b>
</b></details>
<details>
<summary>What types of firewalls are there?</summary><br><b>
</b></details>
<details>
<summary>What is DDoS attack? How do you deal with it?</summary><br><b>
</b></details>
<details>
<summary>What is port scanning? When is it used?</summary><br><b>
</b></details>
<details>
<summary>What is the difference between asynchronous and synchronous encryption?</summary><br><b>
</b></details>
<details>
<summary>Explain Man-in-the-middle attack</summary><br><b>
</b></details>
<details>
<summary>Explain CVE and CVSS</summary><br><b>
</b></details>
<details>
<summary>What is ARP Poisoning?</summary><br><b>
</b></details>
<details>
<summary>Describe how do you secure public repositories</summary><br><b>
</b></details>
<details>
<summary>What is DNS Spoofing? How to prevent it?</summary><br><b>
DNS spoofing occurs when a particular DNS server’s records of “spoofed” or altered maliciously to redirect traffic to the attacker. This redirection of traffic allows the attacker to spread malware, steal data, etc.
**Prevention**
- Use encrypted data transfer protocols - Using end-to-end encryption vian SSL/TLS will help decrease the chance that a website / its visitors are compromised by DNS spoofing.
- Use DNSSEC - DNSSEC, or Domain Name System Security Extensions, uses digitally signed DNS records to help determine data authenticity.
- Implement DNS spoofing detection mechanisms - it’s important to implement DNS spoofing detection software. Products such as XArp help product against ARP cache poisoning by inspecting the data that comes through before transmitting it.
</b></details>
<details>
<summary>What can you tell me about Stuxnet?</summary><br><b>
Stuxnet is a computer worm that was originally aimed at Iran’s nuclear facilities and has since mutated and spread to other industrial and energy-producing facilities. The original Stuxnet malware attack targeted the programmable logic controllers (PLCs) used to automate machine processes. It generated a flurry of media attention after it was discovered in 2010 because it was the first known virus to be capable of crippling hardware and because it appeared to have been created by the U.S. National Security Agency, the CIA, and Israeli intelligence.
</b></details>
<details>
<summary>What can you tell me about the BootHole vulnerability?</summary><br><b>
</b></details>
<details>
<summary>What can you tell me about Spectre?</summary><br><b>
Spectre is an attack method which allows a hacker to “read over the shoulder” of a program it does not have access to. Using code, the hacker forces the program to pull up its encryption key allowing full access to the program
</b></details>
<details>
<summary>Explain OAuth</summary><br><b>
</b></details>
<details>
<summary>Explain "Format String Vulnerability"</summary><br><b>
</b></details>
<details>
<summary>Explain DMZ</summary><br><b>
</b></details>
<details>
<summary>Explain TLS</summary><br><b>
</b></details>
<details>
<summary>What is CSRF? How to handle CSRF?</summary><br><b>
Cross-Site Request Forgery (CSRF) is an attack that makes the end user to initate a unwanted action on the web application in which the user has a authenticated session, the attacker may user an email and force the end user to click on the link and that then execute malicious actions. When an CSRF attack is successful it will compromise the end user data 
You can use OWASP ZAP to analyze a "request", and if it appears that there no protection against cross-site request forgery when the Security Level is set to 0 (the value of csrf-token is SecurityIsDisabled.) One can use data from this request to prepare a CSRF attack by using OWASP ZAP
</b></details>
<details>
<summary>Explain HTTP Header Injection vulnerability</summary><br><b>
HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.
</b></details>
<details>
<summary>What security sources are you using to keep updated on latest news?</summary><br><b>
</b></details>
<details>
<summary>What TCP and UDP vulnerabilities are you familiar with?</summary><br><b>
</b></details>
<details>
<summary>Do using VLANs contribute to network security?</summary><br><b>
</b></details>
<details>
<summary>What are some examples of security architecture requirements?</summary><br><b>
</b></details>
<details>
<summary>What is air-gapped network (or air-gapped environment)? What its advantages and disadvantages?</summary><br><b>
</b></details>
<details>
<summary>Explain what is Buffer Overflow</summary><br><b>
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.
</b></details>
<details>
<summary>What is Nonce?</summary><br><b>
</b></details>
<details>
<summary>What is SSRF?</summary><br><b>
SSRF (Server-side request forgery) it's a vulnerability where you can make a server make arbitrary requests to anywhere you want.
Read more about it at [portswigger.net](https://portswigger.net/web-security/ssrf)
</b></details>
<details>
<summary>Explain MAC flooding attack</summary><br><b>
MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address.
</b></details>
<details>
<summary>What is port flooding?</summary><br><b>
</b></details>
<details>
<summary>What is "Diffie-Hellman key exchange" and how does it work?</summary><br><b>
</b></details>
<details>
<summary>Explain "Forward Secrecy"</summary><br><b>
</b></details>
<details>
<summary>What is Cache Poisoned Denial of Service?</summary><br><b>
CPDoS or Cache Poisoned Denial of Service. It poisons the CDN cache. By manipulating certain header requests, the attacker forces the origin server to return a Bad Request error which is stored in the CDN’s cache. Thus, every request that comes after the attack will get an error page.
</b></details>
#### Security - Threats
<details>
<summary>Explain "Advanced persistent threat (APT)"</summary><br><b>
</b></details>
<details>
<summary>What is a "Backdoor" in information security?</summary><br><b>
</b></details>