IT Security Mentor
Latest Modules & Technolgies Coverage
Result Oriented & Focused
professional Grooming & Development
Who We Are?…
ITSM is a team of network professionals who possess more than 10 years of real time experience and subject matter expert on these skills. We at ITSM strive towards your success by enforcing real time work skills. In a nut shell we make professionals right from the students which is a real need of today’s world.
Our Mission is to provide you a solid understanding of Network and Security concepts which will help you to work in any organization, Also to fill the huge gap between you and real world with our excellent and epic real time trainings on Network support and network security.
At ITSM we focus on hard core technical aspects as well as real time working aspects which are very private to organizations and no training institute can offer to make you learn. We Dont belive in just getting certificates because certificates are not a guarantee of knowledge or success.
Cyber Security Training
Foundation of Cyber Security
Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices.
What do you mean by cyber security in corporate sense?
What is importance of CIA model?
Online Courses Available at ITSM
Palo Alto – EAD-100 and 210
This module will talk about real time aspects of Palo-Alto next generation firewall. We will be covering fundamental knowledge Palo-Alto “EDU-100” and “EDU-210 exam” in this course. There is a lot of GAP between what we learn in books and what happens in the real world.
Cyber Security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, or exposure could have negative consequences.
Complete network security module
This course module will talk about the daily job roles and responsibilities of a network engineer in any corporate. There is a big Gap between what we learn in books and what happens in the real world. This module covers all the aspects of CCNA + Network Security + fundamental knowledge of ITIL V3 + Good understanding of load balancer.
This course module will talk about the daily job roles and responsibilities of a network security engineer in any corporate. There is a big Gap between what we learn in books and what happens in the real world. This module will talk about the fundamental principles of F5 load-balancer and its importance in corporate network.
The Implementing Cisco Network Security (IINS) exam (210-260) is a 90-minute assessment with 6070 questions. This exam tests the candidate’s knowledge of secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention..
This course module will talk about Cisco 200-125 CCNA Routing and Switching exam. This course is designed in a way that fulfills all the requirements of Cisco Certified professional.
Cyber Security Course
I have received many questions and queries related to cyber security course in past few days especially from the students who are looking for career in IT security. In this article, I am trying to cover most of the questionnaires which are frequently asked by the students and will also suggest you best cyber security course / training as per my knowledge.
This article will give you a brief understanding and importance of cyber security course from career point of view. So, please feel free to reach me at firstname.lastname@example.org for any doubts/concerns.
What is Cyber Security and what is best cyber security course material?
Cyber Security talks about securing our business assists from various attacks such as viruses, malwares, trojans etc.The process of mitigating security threats of an organization and taking preventive approach is called as ‘cyber security’.
Cyber security course is not specific to any one domain. Many training institutes are claiming to train cyber security course but the reality is ‘there is no cyber security course designed or officially accepted’ by any organization so far. Hence i’d recommend you to concentrate on learning real time aspects of cyber security such as SIEM tool, malware analysis, IPS/IDS functions rather then taking any bookish cyber security course.
How cyber-security experts find out virus, malware, trojans and what are the tools and techniques they use to mitigate it?
First of all, we need to understand that virus, worms, trojan, malware are different with each other that’s why their mitigation techniques are also different.
Virus normally are executable program which will come in picture once that software is installed in system or activated in system whereas worms are kind of self ‘multiplicative program’ which replicate themselves in victim machine and eats up all the resources.
Trojan are hidden attack which is performed by hiding the actual exploit under some other content (like picture, graphic, file etc) whereas Malware are malicious software which is created to perform some attack or harm to a device. Endpoint protection, antivirus solutions and IPS/IDS system is most recommended solutions for these attacks.
There are lots of tools available in market which can detect various types of attacks which can be performed by a hacker.
I have given a list of most common tools in the last segment of this article you can go through that.
What are different aspects of Cyber Security?
The term ‘Cyber Security’ itself has a very wide scope and it has many layers which are directly or indirectly connected to it.
For example ‘SOC – Security operation Centre’ is also covers major aspects of Cyber Security.
Crime investigation in terms of cyber-crime is also part of cyber security.
Cyber forensics also plays a critical role in Cyber Security. IT governance policies and compliance also connected to cyber security.
So majorly these are the main components of cyber security. If you are new to this field and trying to explore, I’d recommend you guys to go towards ‘malware analysis’ and threat intelligence.
As far as ‘job portfolio’ is concerned, Security Operation Centre is considered as most popular platform in cyber security domain.
What is future of Cyber Security as a career option?
Security is getting a biggest concern for all organization now a day. That’s the reason why cyber security is getting much popularity as a carrier option in IT world. You are recommended to take cyber security course which contains real time examples and scenarios rather then bookish knowledge.
You can expect a tremendous growth and a flying career in Cyber Security.
There is a dedicated video that I have made on cyber security as a career option. Click on below link to check the video, which will through some more lights on this topic as well.
https://www.youtube.com/watch?v=MchYqrbcwLE (in hindi)
I will upload a new video in English very soon, and will add that link in this article as well.
Why cyber security is getting so popular now a days and what is importance of a cyber-security field in IT world?
Big MNCs and corporates are heaving their offices worldwide. They also have centralized or decentralized datacentres (where they keep their infrastructure devices). All users are accessing these servers (infrastructure devices and services) from worldwide, that’s why there is high potential of risk of getting the ‘security system compromised’.
Cyber security plays an important role in detecting and mitigating external and internal threats and also ensures that adequate amount of security measures are in place to cover the cyber security threats.
Security is biggest concern for all organization in today’s world that the reason why cyber security is getting so much importance in IT field.
What is VAPT and how it is connected to cyber security?
VAPT means Vulnerability assessment and penetration testing which is inherent part of cyber security course as well and cyber security as a proffesion.
The process of finding out loop holes in customer’s infrastructure using some standard tools and techniques is called vulnerability assessment and the process of making an attack on customer environment to make sure that this vulnerability is ‘real’ and can be compromised is called Penetration Testing.
We do a deep analysis on customer infrastructure devices and services from security point of view and give them a proper report of his current security level. The process of making a security assessment of client’s current security system is called as VAPT.
In Vulnerability assessment we use to assess their internal assets or IPs and find out the chances of getting these assists compromised or getting exploited by any hacker.
We often use some of advanced tools like Qualisguard or Nessus etc. which will run scan in the LAN/WAN and gives us prompt results.
Penetration Testing is a step beyond vulnerability assessment.
In PT, we try to make an attack on target system and test all the reported risks and vulnerabilities and give a solid proof of ‘getting that exploited’. Penetration testing is considered as a practise to make sure that we have enough security ‘in place’ to cope up with existing threats and also to take preventive approach to PT report.
Pen test is very goal oriented practise where everything is discussed, decided and document in a very clear way in agreement called ‘Scope of work’.
Both the parties will discuss and decide, what is the purpose of this test, when will we do that, what is the scope of this test and what would be the end result etc.
What is SIEM tools and what they do?
What is difference between network monitoring tools and SIEM tool?
Well, SIEM tools is nothing but security monitoring tool. It works the same way how a network monitoring tools works but the only difference is the ‘point of view’ or ‘point of focus’ of both of these tools. Network Monitoring tool monitor the hardware component and uptime of device whereas SIEM tool monitors the threats and risk that are exists in the device.
Network monitoring tool focuses more on availability of devices as well as services configured on device. It also focuses on the hardware component of the device like interface status, threshold value, memory utilization etc.
SIEM tool on the other hand focuses on security aspects of those devices and generates only alerts which have some potential risk or security concerns.
Let’s understand both the tools by an real-time example.
For example :- We have configured a router and a firewall on both SIEM tool as well as on monitoring tool. Below is the strighline comparison of both the monitoring tools.
|Network Monitoring tool||SIEM tool|
|a) Device uptime, device down||a) Device traffic flow / traffic monitoring|
|b) Interfaces down, CPU utilization etc.||b) Virus scan, malware scans etc.|
|c) Alerts related to device administration like device down, link utilization, bandwidth etc|| c) Alerts related to all attacks like
bruteforce, SQL injection etc.
How can we start learning cyber security from job prospective and what are the steps to complete the training?
Job market in cyber-security is going very nice right now. Below are the steps which you need to follow to become cyber security analyst.
Step 1 -> Learn basics of networking because this is ‘baseline’ of cyber security. You need to have a good understanding of routing/switching and should also have some idea about layer 1, layer 2 and layer 3 security as well.
Step 2 -> Learn firewall as a practice. You need to have some idea about firewall. What is firewall, how it works and what the different application layer security features firewall has is and how to use them?
You can learn any firewall whether it is cisco or checkpoint or Fortinet anything, doesn’t matter but understand the application layer function of firewall such as url filtering, content filtering, identity management, VPN set-up, IPS/IDS etc. is very important.
Step 3 -> Learn any SIEM tools. SIEM tools means security incident and event management tool which takes data logs from various data sources i.e. router, switches, firewall etc. and send alerts for all unusual traffic to monitoring centre.
Some of the common tools are Qradar, Splunk, Allienvoult etc.
Step 4 -> Learn hacking in real sense.
You need to have fair idea of different types of attacks and mitigation techniques. Some of the common attack which you should be aware of are below:-
Bruteforce attack :- If someone is trying to by-pass authentication process (username password)
Sql injection :- If some attacker is trying to manipulate the sql entries in your webserver or application server.
This type of attacks are very common in organization and considered as ‘most dangerous attack’ from security point of view as the attacker can get access to entire database of the system.
Malwares :- Malicious software is called as Malware. In other words, an software which is designed for attacking purpose is called as malware. Virus, vermes, Trojans are adjacent to malware.
Step 5 -> Learn some aspects of ITIL V3 process as well. Now a days every organization is focusing on ‘work processes’ along with technical aspects. So if you have basic idea about ‘event management’, incident management, change management etc. it will help a lot in clearing job interview.
What kind of tools and techniques used in cyber security
What kind of certification we should do to get job in cyber security field?
First of all I’d say that Cyber Security is all about using your sense of logic in investigation. Therefore you need to have more of analytical skills rather then bookish knowledge or certification.
For example, an event occurs for multiple login attempt to a server. So in order to resolve that, you need to use your analytical skills to find out what went wrong there? Is this is genuine user trying to access the server or some hacker is trying brute-force attack in your system.
That’s the reason why i believe that there is no certification or training which can claim to make you a cyber-security expert in real sense.
However I’d definitely recommend you all to read more and more material related to malware analysis or threat intelligence rather then going for bookish training.
a) CCNA Security Operations (new course introduced by Cisco recently)
b) Certified Ethical Hacking
c) CCNA Security
d) CCNA Routing Switching (to get strong base on networking).
Some of the most common tools sued in cyber security are below:-
01) Qualisguard – scanning tool
02) Nessus – Scanning tool
03) Brub-suite – Pen testing tool
04) Acunetix – for web application testing
05) MCAfee – endpoint security solution
06) Qradar – SIEM tool
07) Splunk – SIEM tool
08) Allienvoult – SIEM tool
09) Proofpoint – Email security.
10) SNORT – IPS/IDS solution
I hope this information would be useful for you all. Please reach out to me at email@example.com if you have any other queries.
Thanks and Regards,
Founder of IT Security Mentor,
Email :- firstname.lastname@example.org
Website :- www.itsecuritymentor.com
Phone :- +91-77995-83079
CCNA, CCNA Security, CCIE Security,
CCSA, CCSE (checkpoint), ITIL V3,
ISO 27001 Lead Auditor, CEH, Prince 2.
Sky is the Limit !!
This article talks about CCNA Interview questions which are mostly asked in job interviews.
Everyone prefers to have certified people as network engineer in there organization and CCNA is best certification to prove your competency as a network professional.
Once you complete the CCNA examination, people expects you to understand networking in real time fashion and they also expects you to resolve there daily operational issue (related to networking).
I have took many interviews in my life. So based out of my experience, I am going to describe CCNA interview questions which will definitely help you guys to clear any interview in any organization. Best of luck 🙂
What is difference or correlation between spanning tree protocol and trunk link?
Spanning tree protocol is a layer 2 protocol which is used to avoid switching loop and to create redundant path between switch to switch link. Trunk link is a link which carry traffic of multiple vlans.
STP and trunk are very much related to each other because if we connect two switches with two different links, STP will block one path and keep the traffic moving from first path only. That’s where trunk link will come in picture.
when you have multiple vlans configured on switch 1 and switch 2 but you have only 1 link active between the two switch (as STP will block the other link)
We have to use that link only for sending traffic of all the vlans. That is why trunk port comes in picture.
Why do you need Vlans and what is difference between vlans and subnet?
Both Vlans and subnet are used to reduce unnecessary broadcast in network. As we know switch default function is to send broadcast for all unknown destinations so if we device our switch ports in small segment, broad will reduce to that respective port only.
For example :- we have a 24 port switch, so whenever any machine wants to send data to machine which is not in these 24 ports, this will go as a broadcast packet to all ports and will effect on switch performance (create bottleneck).
Now, if we device these 24 ports into 3 vlans (vlan 1 for port 1 to 8, vlan 2 for port 9 to 16, vlan 3 for port 17 to 24), all broadcast from all vlans will be limited to those 8 ports only.
Another advantage of heaving vlans and subnet is to make sure, authorise people will have access to authorise resources. For example, if we keep port 1 to 6 in one vlan for team A and port 6 to 12 in another vlan team B, you will have security layer in your LAN network. All users from team a (port 1 to 6) will never be able to access any data or resources from another team members.
Eventually vlans and subnet does the same function. Only difference is vlan mostly work on layer 2 but subnet is a layer 3 functionality.
We use vlans to separate LAN traffic but subnet is used to diversify connection from source to destination based on its IP and class it belongs to.
What is your daily roles and responsibilities?
I am working as a network engineer in …. Organization. We monitor and manage customer network remotely via network monitoring tool solarwinds.
We get alerts for all small or major events in our monitoring tool. So based on severity / priority of event, we need to work upon fix the issue.
We follow ITIL V3 best practises for incident management and change management. So once the alert comes in, we will recheck and verify its priority based on number of users effected, business impact and reassign the correct priority to the ticket.
We work to fix the issue within given time frame in SLA (for example critical issue needs to be resolved in 2 hours, major in 4 hours minor in 10 hours etc)
Why would you recommend EIGRP and what are its features?
EIGRP has complete picture of entire network running with EIGRP autonomous number.
It maintains 3 tables in his database i.e. topology table which consists of ‘connectivity diagram of entire EIGRP AS’, Neighbour table, which talks about the directly connected routers to EIGRP protocol and Routing table which saves all best path for all the destinations.
EIGRP protocol take bandwidth and delay as matrix for calculating best path but it has BW, load, reliability, delay and cost as option for best route selection.
As we all know EIGRP runs only on cisco router that’s why it has fastest convergence time compare to all other protocols.
If a router learns route from EIGRP, OSPF and IGRP which router it will prefer and why?
It will prefer EIGRP because it’s AD value is lesser then OSPF and IGRP.
Explain the Root bridge selection in STP ?
STP decides the root bridge based in lowest priority value (which is by default 32768 + no. of vlans) or with COST which is mostly same if we using same interface all round between switches.
Maximum time the MAC address becomes the tie breaker in winning the STP election. Whomever has lower MAC address will become Root Bridge.
How do you explain different stages of a switch port (explain with regards to STP)?
Switch has four different stages, listening, learning, forwarding and blocking.
Listening stage – delete all the information which the port has with it.
Learning stage – learn all new updates from new topology where it is connected now.
Forwarding – start sending data from the port
Block – stop sending any data from port.
What is duplex mismatch error and how will you resolve it as a network engineer?
We normally see duplex mismatch very often in our monitoring tool.
Duplex mismatch talks about the situation where the speed from switch port to the other end device (may be router or end point or server) is not matching.
We normally calls site contact to check the port status and make it same on both the direction to resolve the issue.
For example :-
Switch port fast Ethernet 0/1 is connected to server eth 0 port. We will check if the switch port is configured as half duplex or full duplex on switch port. If it is half duplex then the server port should also be half and vise versa.
Once we see this alert, we raise a change request to change the duplex setting on switch side, in case server admin has to change the port speed to full duplex from server, we will ask them to do it.
Most likely interview will ask this question next
What other issues you see on LAN side apart from duplex mismatch and how do you resolve that? (CCNP – Switching level question)
We often see port in error disable mode which normally comes in if we have configured port security on switches.
We call the site contact to verify if the port is connected to the right device or not. Once he verifies that there is some device change happened and now we need to connect this switch port to another device, we raise a change request to configure port security for another device.
Can you create an ACL on a router? If yes then why do you need a firewall?
What is actual need of Firewall?
Router works as L3 device which is responsible for making successful connection between two different networks. Whereas firewall works mostly on layer 4 which is responsible for disconnecting the unauthorized access from any source to any destination.
Router’s primary function is to process routing data which is continuously passing from internal/external world. That’s why router doesn’t hold or maintain any session table or connection table.
We can create ACLs on router as well but each time when data would be passing through router, it will check the corresponding ALCs each and every time.
Firewall maintains connection table which contains details of all incoming/outgoing traffic from all source to destination. Once data passes through firewall it saves that ‘as active connection’ in database so that when the destination packet comes back to firewall it doesn’t need to check ALCs again, it simply allows it seeing connection table.
Apart from these Firewall can inspect traffic till application layer which router can’t do, that’s another reason of keeping FW within a network.
What is a MPLS network and why do we need it? (Explain in brief)
(ccnp routing level question)
MPLS is mostly used in ISP where the source machine (MPLS switch) will generate a binary number for each packet called as label to send packet across the MPLS environment.
The reason of MPLS getting so much popularity is because ISP has to deal with multiple customer all the time and all customer has their own type of traffic. For example, customer 1 is sending IPX packet and customer 2 sending appletalk packet, customer 3 is sending multicast traffic etc.
And ISP has to customize its routing for all of them which was always an overhead and also creates latency over internet. That’s the main reason of heaving MPLS on internet links.
MPLS traffic talks about encapsulating all types of packet coming from different origins such as IP packet or IPX or appletalk packet or a multicast packet and converting it into a new packet which will flow within MPLS network with very fast speed.
MPLS ignores IP address in the packet and forward the packet based on the LABLE which is given by MPLS.
When you use frame based MPLS is called as frame mode which works on
Ethernet and whenever you use cell based MPLS (like ATM) is called as cell
What is Network Address translation and types of NAT?
Since we have private IP series which can be used by anyone in his LAN, sending those IPs over internet will create confusion.
For example :- 10.10.10.0/24 is a private IP address any one can use it.
If organization A, organization B and Organization C is using it in LAN, it has to be limited to the internal network only.
10.10.10.10 can be used in many organization and if we allow it to talk to internet on www.google.com , many request from same IP will go to google which will lead to traffic manipulation. That’s why we use NAT to translate private IP to public IP.
Mostly people are using port address translation (PAT) using the source port as mechanism to identify origin and destination of request.
If an organization is looking for 12 host for his network and you have 192.168.1.0/24 subnet. How many bits you will borrow from network?
We need to borrow 4 bits from network portion as they looking for only 12 host in their network.
2 power N – 2 , that is 2 power 4 – 2 that is 16 – 2 equals to 14.
His network will look like below :-
Network IP First host IP Last host IP Broadcast IP
192.168.1.0/28 192.168.1.1 192.168.1.14 192.168.1.15
How can you trouble shoot and isolate LAN issue and WAN issue?
Steps to follow for trouble shooting
1) Source IP and mask
2) destination IP and mask
3) if source and destination are in same network then it can’t be a network
4) ping from source to destination (if it works then network is UP)
5) traceroute the destination and see where packet is dropping.
6) Check the corresponding port where switch is connected and check & verify
L2 configuration on it (like port security/vlan status etc)
7) Check if the duplex setting is proper on port or not.
1) If the packet dropping after our network over the internet than it’s an ISP
2) Check the serial link status (or whatever port we terminated internet link).
3) If you have eigrp routing protocol running, check the neighbour status by
putting sh eigrp nei command
4) If the queue count is high that means we have issues in the link between the
two EIGRP routers.
Thanks & Best of Luck,
Founder of IT Security Mentor (ITSM),
CCNA, CCNA Security, CCIE Security,
CCSA, CCSE (Checkpoint), ITIL V3,
ISO 27001 Lead Auditor, CEH, Prince 2
Email :- email@example.com
Don't Be Shy
Drop us a line anytime, and one of our customer service reps will respond to you as soon as possible