MASTERING CYBERSECURITY WITH EDUREKA

TABLE OF CONTENTS

1. INTRODUCTION TO CYBERSECURITY 3
What is Cybersecurity?
Need for Cybersecurity

2. CIA TRIAD 5
Con dentiality
Integrity
Availability

3. INTRODUCTION TO CRYPTOGRAPHY 7

4. ETHICAL HACKING 10
Types of Ethical Hackers
Types of Hacking

5. PHASES OF ETHICAL HACKING 12

Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks
Reporting

sales@edureka.co IN: 9606058406

US: 18338555775
 MASTERING CYBERSECURITY WITH EDUREKA

TABLE OF CONTENTS

6. CYBERSECURITY FRAMEWORKS 13
Types of Cybersecurity Framework
Components of Cybersecurity Framework
Cybersecurity Framework’s Functions

7. CYBERSECURITY TOOLS 15

8. CYBER THREATS 16

9. TOP 30 INTERVIEW QUESTIONS 17

10. CAREER GUIDANCE 18

How to Become a Cybersecurity Professional?
Edureka's Structured Training Programs

sales@edureka.co IN: 9606058406

US: 18338555775
 3 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 1

INTRODUCTION TO
CYBERSECURITY
Cybercrime is a global problem that’s been dominating the news cycle. It
poses a threat to individual security and an even bigger threat to large
international companies, banks, and governments. Today’s organized
cybercrimes out shadow lone hackers of the past, now large organized crime
rings function like start-ups and often employ highly-trained developers who
are constantly innovating online attacks. With so much data to exploit out
there, Cybersecurity has become essential.

1.1 What is Cybersecurity?

Cybersecurity refers to a set of techniques
used to protect the integrity of networks,
programs and data from attack, damage or
unauthorized access. From a computing point
of view, security comprises cybersecurity and
physical security — both are used by
enterprises to protect against unauthorized
access to data centers and other computerized
systems.
Information security, which is designed to maintain the confidentiality, integrity, and availability of
data, is a subset of Cybersecurity.    The term 'Cybersecurity' refers to techniques and practices
designed to protect digital data. Effective cybersecurity reduces the risk of cyber-attacks and
protects organizations and individuals from the unauthorized exploitation of systems, networks,
and technologies.

sales@edureka.co IN: 9606058406

US: 18338555775
 4 WWW.EDUREKA.CO/CYBERSECURITY

1.2 Need for Cybersecurity

With each passing year, the sheer volume of threats is increasing rapidly. According to the report by
McAfee, cybercrime now stands at over $400 billion, while it was $250 billion two years ago.

Cyberattacks can be extremely expensive for businesses to endure. In addition to financial damage
1 suffered by the business, a data breach can also inflict untold reputational damage.

Cyberattacks these days are becoming progressively destructive. Cybercriminals are using more
2 sophisticated ways to initiate cyber attacks.

Regulations such as GDPR are forcing organizations into taking better care of the personal data they
3 hold.

cybersecurity benefits

Business Protection Protection For Data And Prevention Of

Networks Unauthorized User Access

Improved Recovery Protection For End Regulatory Compliance

Time Users

sales@edureka.co IN: 9606058406

US: 18338555775
 5 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 2

CIA TRIAD
Confidentiality, Integrity, and Availability,
also known as the CIA Triad, is a model
designed to guide companies and
organizations to form their security policies.
It is also known as the AIC triad to avoid
confusion with Central Intelligence Agency
(CIA). The components of the triad are
considered to be the most important and
fundamental components of security.

2.1 Confidentiality
Confidentiality is about preventing the disclosure of data to unauthorized parties. It also means
trying to keep the identity of authorized parties involved in sharing and holding data private and
anonymous. Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-
middle (MITM) attacks, and disclosing sensitive data. Standard measures to establish confidentiality
include:

Confidentiality Measures

Data Biometric
Encryption Verification

Two-Factor Security
Authentication Tokens

sales@edureka.co IN: 9606058406

US: 18338555775
 6 WWW.EDUREKA.CO/CYBERSECURITY

2.2 Integrity
Integrity refers to protecting information from being modified by unauthorized parties. It is a
requirement that information and programs are changed only in a specified and authorized manner.
Challenges that could endanger integrity include turning a machine into a “zombie computer”,
embedding malware into web pages, etc. Standard measures to guarantee integrity include:

integrity Measures

Cryptographic Uninterrupted
Checksums Power Supplies

Using File Data

Permissions Backups

2.3 Availability
Availability is making sure that authorized parties are able to access the information when needed.
Data only has value if the right people can access it at the right time. Information unavailability can
occur due to security incidents such as DDoS attacks, hardware failures, programming errors,
human errors. Standard measures to guarantee availability include:

Availability Measures

Backing up Data to Having Backup

External Drives Power Supplies

Implementing Data
Firewalls Redundancy

sales@edureka.co IN: 9606058406

US: 18338555775
 7 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 3

INTRODUCTION TO
CRYPTOGRAPHY
Cryptography is the practice and study of techniques for securing communication and data in the
presence of adversaries.

Based on the type of keys and encryption algorithms, cryptography is classified under various categories.
Cryptography is broadly classified into two categories: Symmetric key Cryptography and Asymmetric
key Cryptography (popularly known as public-key cryptography).

So, let’s understand these algorithms with examples.

sales@edureka.co IN: 9606058406

US: 18338555775
 8 WWW.EDUREKA.CO/CYBERSECURITY

3.1 Symmetric Key Encryption

An encryption system in which the sender and receiver of a message share a single, common key that is
used to encrypt and decrypt the message. The most popular symmetric–key system is the Data
Encryption Standard (DES)

TRANSPOSITION CIPHERS
1 In Cryptography, a Transposition Cipher is a method of encryption by which the positions held by units
of plaintext (which are commonly characters or groups of characters) are shifted according to a regular
system so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is
changed (the plaintext is reordered). Mathematically, a bijective function is used on the characters’
positions to encrypt and an inverse function to decrypt.

SUBSTITUTION CIPHER
2 Method of encryption by which units of plaintext are replaced with ciphertext, according to a fixed
system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures
of the above, and so forth.

sales@edureka.co IN: 9606058406

US: 18338555775
 9 WWW.EDUREKA.CO/CYBERSECURITY

STREAM CIPHER
3 Symmetric or secret-key encryption algorithm that encrypts a single bit at a time. With a Stream Cipher,
the same plaintext bit or byte will encrypt to a different bit or byte every time it is encrypted.

BLOCK CIPHER
4
An encryption method that
applies a deterministic
algorithm along with a
symmetric key to encrypt a
block of text, rather than
encrypting one bit at a time
as in stream ciphers.

3.2 Asymmetric Key Encryption

The encryption process where different keys are used for encrypting and decrypting the information.
Keys are different but are mathematically related, such that retrieving the plain text by decrypting
ciphertext is feasible.

RSA ALGORITHM
RSA stands for Rivest,
Shamir, and Adelman,
inventors of this
technique. Both public
and private key are
interchangeable.
Variable Key Size (512,
1024, or 2048 bits)

sales@edureka.co IN: 9606058406

US: 18338555775
 10 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 4

ETHICAL HACKING
Hacking is the process of finding vulnerabilities in a system and using these found vulnerabilities to gain
unauthorized access into the system to perform malicious activities ranging from deleting system files
to stealing sensitive information. Hacking is illegal and can lead to extreme consequences if you are
caught in the act. People have been sentenced to years of imprisonment because of
hacking. Nonetheless, hacking can be legal if done with permission. Computer experts are often hired
by companies to hack into their systems to find vulnerabilities and weak endpoints so that they can be
fixed. This is done as a precautionary measure against legitimate hackers who have malicious intent.
Such people, who hack into a system with permission, without any malicious intent, are known as
Ethical Hackers and the process is known as Ethical Hacking.

4.1 Types of Ethical Hackers

WHITE HAT HACKER

It is another name for an Ethical Hacker. They hack into a system with prior
permission to find out vulnerabilities so that they can be fixed before a person
with malicious intent finds them.

BLACK HAT HACKER

They are also known as Crackers, who hack in order to gain unauthorized access
to a system & harm its operations or steal sensitive information. It’s always
illegal because of its malicious intent which includes stealing corporate data,
violating the privacy, damaging the system, etc.

GREY HAT HACKER

They are a blend of both Black Hat and White Hat Hackers. They mostly hack for
fun and exploit a security weakness in a computer system or network without
the owner’s permission or knowledge. Their intent is to bring the weakness to
the attention of the owners & earning some bug bounty.

sales@edureka.co IN: 9606058406

US: 18338555775
 11 WWW.EDUREKA.CO/CYBERSECURITY

SUICIDE HACKER
A Suicide Hacker is a person who works with the intent to bring down major
corporations and infrastructure. These kinds of hackers are not scared of the
consequences of their actions as they mostly work with a vengeance in their
minds. These people are also known as hacktivists.

4.2 Types of Hacking

Now that we have discussed the various types of Hackers, let’s go over the different types of hacking.
We can segregate hacking into different types depending on what the hacker is trying to achieve.

WEBSITE HACKING
1 Hacking a website means taking unauthorized control over a web server
and its associated software such as databases and other interfaces.

NETWORK HACKING
2 Hacking a network means gathering information about a network by
using tools like Telnet, NS lookup, Ping, Tracert, Netstat, etc. with the
intent to harm the network system and hamper its operation.

EMAIL HACKING
3
This includes gaining unauthorized access to an Email account and using
it without taking the consent of its owner for sending out spam links,
third-party threats, and other such harmful activities.

PASSWORD HACKING
4 This is the process of recovering secret passwords from data that has
been stored in or transmitted by a computer system.

COMPUTER HACKING
5 This is the process of stealing computer ID and password by applying
hacking methods and getting unauthorized access to a computer system.

sales@edureka.co IN: 9606058406

US: 18338555775
 12 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 5

PHASES OF ETHICAL
HACKING
Ethical hacking has 6 distinct phases which are not strict rules, but more like a guidelines to be followed.

P RECONNAISSANCE
H
A Reconnaissance is the process of information gathering. In this phase, the hacker gathers relevant information
S regarding the target system. These include detecting services, operating systems, packet-hops to reach the
E system, IP configuration, etc. Various tools like Nmap, Hping, Google Dorks, etc are used for reconnaissance
1 purposes.

P
SCANNING H
A
In the scanning phase, the hacker begins to actively probe the target machine or network for vulnerabilities S
that can be exploited. Tools like Nessus, Nexpose, and NMAP are widely used by hackers in this process. E
2

P
H GAINING ACCESS
A
S In this phase, the vulnerability located during scanning is exploited using various methods and the hacker tries
E to enter the target system without raising any alarms. The primary tool that is used in this process is
Metasploit.
3

P
MAINTAINING ACCESS H
This is one of the most integral phases. In this phase, the hacker installs various backdoors and payloads onto A
S
the target system. Just in case you don’t know, Payload is a term used for activities performed on a system E
after gaining unauthorized access. Backdoors help the hacker gaining quicker access onto the target system
in the future. 4
P
H CLEARING TRACKS
A
S This process is an unethical activity. It has to do with the deletion of logs of all the activities that take place
E during the hacking process. Nonetheless, Ethical Hackers still have to perform this phase to demonstrate how a
Black Hat Hacker would go about his activities.
5

P
REPORTING H
A
Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report S
with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and E
the exploit processes.
6

sales@edureka.co IN: 9606058406

US: 18338555775
 13 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 6

CYBERSECURITY FRAMEWORKS
The Framework is voluntary guidance, based on
existing guidelines, and practices for organizations
to better manage and reduce cybersecurity
risk.  Developed through coordinated effort
amongst business and government, the intentional
Framework comprises measures, rules, and
practices to showcase the safety of imperative
foundation. The organized, adaptable, repeatable,
and effective approach of the Framework helps
house proprietors and administrators of critical
foundations to oversee cybersecurity-related
hazards. The shown image represents the
objectives of the Cybersecurity Framework.

6.1 Types of Cybersecurity Framework

PCI DSS (PAYMENT CARD INDUSTRY DATA SECURITY STANDARD)

1 It is a set of security controls required to implement to protect payment account security. It is designed to
protect credit card, debit card, and cash card transactions.

ISO 27001/27002 (INTERNATIONAL ORGANIZATION FOR STANDARDIZATION)

2 Best practice recommendations for information security management and information security program
elements.

CIS CRITICAL SECURITY CONTROLS

3 A prescribed arrangement of activities for cyber protection that give particular and noteworthy approaches
to stop the present most inescapable and perilous attacks. A key advantage of the Controls is that they
organize and center fewer activities with high outcomes.

NIST FRAMEWORK
4 A Framework for improving critical infrastructure Cybersecurity with a goal to improve organization’s
readiness for managing cybersecurity risk by leveraging standard methodologies and processes.

sales@edureka.co IN: 9606058406

US: 18338555775
 14 WWW.EDUREKA.CO/CYBERSECURITY

6.2 Components of Cybersecurity Framework

01 Framework Core 02 Implementation tiers 03 Profiles

It gives an arrangement of It helps associations setting Profiles are an association’s novel
required Cybersecurity exercises instructions on how an association arrangement of their
and results utilizing normal should see Cybersecurity risk organizational prerequisites,
understandable language. The management. The tiers manage goals, and assets against the
Core guides associations in associations to consider the suitable coveted results of the Framework
overseeing and decreasing their level of thoroughness for their Core. Profiles are principally used
Cybersecurity chances in a way cybersecurity program and are to recognize and organize open
that supplements an association’s regularly utilized as a specialized doors for enhancing
current Cybersecurity and risk device to talk about hazard hunger, Cybersecurity at an association.
management processes. mission need, and spending plan.

6.3 Cybersecurity Framework’s Functions

IDENTIFY
1 The Identify Function helps with building up a hierarchical comprehension in overseeing cybersecurity to
frameworks, individuals, resources, information, and capacities.

PROTECT
2 The Protect Function diagrams proper shields to guarantee the conveyance of basic foundation
administrations. This underpins the capacity to restrict or contain the effect of a potential Cybersecurity
occasion.

DETECT
3 The Detect Function characterizes the fitting exercises to recognize the event of a Cybersecurity occasion.
This empowers opportune revelation of Cybersecurity occasions.

RESPOND
4 The Respond Function incorporates proper activities to make a move in regards to a distinguished
Cybersecurity occurrence. It bolsters the capacity to contain the effect of a potential Cybersecurity
occurrence.

RECOVER
5 The Recover Function distinguishes proper exercises to keep up plans for versatility and to re-establish
any abilities or administrations that were impeded because of a Cybersecurity event.

sales@edureka.co IN: 9606058406

US: 18338555775
 15 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 7

CYBERSECURITY AND
ETHICAL HACKING TOOLS
Threats are constantly evolving and, just like everything else, tend to follow certain trends. The best
defenses need to mirror those trends so users get the most robust protection against the newest
wave of threats. This chapter lists the Cybersecurity tools that have stood still through thick and thin
against various kinds of cyber-attacks. Since there is a multitude of tools spread out across the
various domains of Cybersecurity, here we have listed down one tool from each domain.

best tools

sales@edureka.co IN: 9606058406

US: 18338555775
 16 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 8

CYBER THREATS AND STATE

OF OUR DIGITAL PRIVACY
Cybercrime is a global problem that’s been dominating the news cycle. It poses a threat to individual
security and an even bigger threat to large international companies, banks, and governments. Today’s
organized cybercrime out shadow lone hackers of the past, now large organized crime rings function
like start-ups and often employ highly-trained developers who are constantly innovating online
attacks.  Cybersecurity is a domain that has stayed in the shadows for most of its lifetime. Only a
handful of leading organizations have dedicated teams that preserve their privacy and secure their
systems. But, there was never a large-scale global adoption of cybersecurity as a profession or even
as an IT domain.  Until as recently as 2010, security and privacy of data in organizations was the
responsibility of each and every professional working there. Unfortunately, this approach has
become outdated in today’s fast-paced world where hackers are years ahead when compared to tech
professionals.

8.1 Types of Cyber Threats

sales@edureka.co IN: 9606058406

US: 18338555775
 17 WWW.EDUREKA.CO/CYBERSECURITY

Chapter 9

FREQUENTLY
ASKED
INTERVIEW
QUESTIONS
Cybersecurity is the only domain in IT that has not faced a
recession yet. With the increased demand, there is also
competition, and to get a job as Cybersecurity Professional,
you need to be one of the best. While having the necessary
Cybersecurity skills is half job done, cracking the interview
is another chapter altogether. To help you crack the
Cybersecurity interview, we’ve compiled this list of top
Cybersecurity interview questions.

1. What is Cryptography? 18. What is Port Scanning?

2. What is the difference between Symmetric and 19. What are the different layers of the OSI model?
Asymmetric Encryption? 20. What is a VPN?
3. What is the difference between IDS and IPS? 21. What do you understand by Risk, Vulnerability & Threat in a
4. Explain CIA Triad. network?
5. How is Encryption different from Hashing? 22. How can Identity Theft be prevented?
6. What is a Firewall and why is it used? 23. What are Black Hat, White Hat and Grey Hat Hackers?
7. What is the difference between VA(Vulnerability 24. How often should you perform Patch management?
Assessment) and PT(Penetration Testing)? 25. How would you reset a password-protected BIOS
8. What is a three-way handshake? configuration?
9. What are the response codes that can be received from a 26. Explain the MITM attack and how to prevent it?
Web Application? 27. Explain DDOS attack and how to prevent it?
10. What is a traceroute? Why is it used? 28. Explain XSS attack and how to prevent it?
11. What is the difference between HIDS and NIDS? 29. What is an ARP and how does it work?
12. What are the steps to set up a firewall? 30. What is port blocking within LAN?
13. Explain SSL Encryption. 31. What protocols fall under TCP/IP internet layer?
14. What steps will you take to secure a server? 32. What is a Botnet?
15. Explain Data Leakage. 33. What are Salted Hashes?
16. What are some of the common Cyberattacks? 34. Explain SSL and TLS.
17. What is a Brute Force Attack? How can you prevent it? 35. What is Data Protection in Transit vs Data Protection at rest?

100+ CYBERSECURITY INTERVIEW QUESTIONS & ANSWERS

sales@edureka.co IN: 9606058406

US: 18338555775
18 WWW.EDUREKA.CO/CYBERSECURITY

CAREER WHO IS A CYBERSECURITY PROFESSIONAL?

Cybersecurity Professional is somebody who is trained to find weaknesses in
networks, databases, hardware, firewalls, encryption, etc. Their main priority is

GUIDANCE
to prevent attacks by 'fixing' potential threats before they are exploited by
malicious users.

Cybersecurity Architects
Cybersecurity The job of Cybersecurity Architect
Specialists is a senior-level position
responsible for planning, designing,
testing, implementing and
By monitoring, detecting, maintaining an organization's
investigating, analyzing, and computer and network security
responding to security events, infrastructure.
Cybersecurity Specialists protect
systems from cybersecurity risks,
threats, and vulnerabilities.
Cybersecurity specialists work in Security Administrator
IT teams that are dedicated to
protecting the integrity of the A Security Administrator is the
business's network and data. point person for a cybersecurity
team. They are typically
responsible for installing,
administering and troubleshooting
an organization's security
Cybersecurity solutions. They also write up
security policies and training
Engineers
documents about security
procedures for colleagues.
Cybersecurity Engineers,
sometimes called information
security engineers, identify
threats and vulnerabilities in
Penetration Testers
systems and software, then
apply their skills to developing A Penetration Tester, often known
and implementing high-tech as an IT Pen Tester or Ethical
solutions to defend against Hacker, is responsible for probing
hacking, malware and and exploiting any IT security
ransomware, insider threats and vulnerabilities in a client's IT
all types of cybercrime. networks, systems and websites.

NEED EXPERT Talk to our experts and explore 08035068110

GUIDANCE? the right career opportunities! +1415 682 6002
 EDUREKA CYBERSECURITY PROGRAMS

CYBERSECURITY CERTIFICATION COURSE

Weekend/Weekday Live Class 24 x 7 Technical Assistance

www.edureka.co/cybersecurity-certification-training

COMPTIA SECURITY+ TRAINING

Weekend/Weekday Live Class 24 x 7 Technical Assistance

www.edureka.co/comptia-security-plus-certification-training

ADVANCED EXECUTIVE PROGRAM IN CYBERSECURITY

Weekend Live Class/SP NIT Rourkela | Edureka

www.edureka.co/post-graduate/cybersecurity

LEARNER'S REVIEWS

Abdulaziz Farhan K Mohan BS

A FK MBS

Had great time at Classes. "Edureka aptly named, gives Detailed and extensive course
Cybersecurity is such a the students a Eureka" content, Harsha has depth of
complicated course. Moment during the course. knowledge of subject with practical
Learning is a world to explore experience, explaining the content
Instrcutor-Fahad is well-
and Edureka provides us with and demo, also the support team
resourced and Excellent
the navigation maps. I never are awesome providing necessary
communication which made for a minute felt that I am and support as and when needed,
the Learning Easier doing this course online away definitely recommend to some one,
from the faculty and the staff. who is looking forward to sharpen
skill set.

sales@edureka.co IN: 9606058406

US: 18338555775
Free
Resources

2500+ Technical
Blogs
3000+
Video Tutorials on
YouTube

30+
Active
Free Monthly
Community Webinars
 WWW.EDUREKA.CO/CYBERSECURITY

About Us
There are countless online education marketplaces on the internet. And there’s us. We
are not the biggest. We are not the cheapest. But we are the fastest growing. We have
the highest course completion rate in the industry. We aim to become the largest
online learning ecosystem for continuing education, in partnership with corporates
and academia. To achieve that we remain ridiculously committed to our students. Be it
constant reminders, relentless masters or 24 x 7 online technical support - we will
absolutely make sure that you run out of excuses to not complete the course.

Contact Us IN: 08035068110 | US: +1415 682 6002

www.instagram.com/edureka.co/
IndiQube ETA, 3rd Floor, www.facebook.com/edurekaIN
No.38/4, www.linkedin.com/company/edureka/
Adjacent to Dell EMC2, www.youtube.com/user/edurekaIN
Dodanekundi, t.me/s/edurekaupdates
Outer Ring Road, Bengaluru, twitter.com/edurekaIN
Karnataka - 560048 in.pinterest.com/edurekaco/

News & Media

Edureka partners with
Edureka (Brain4ce Education
NIT Warangal to upskill
Solutions) tops Deloitte Tech
IT professionals in AI and
Fast 50 2014 rankings
Machine Learning