Top 50 Cybersecurity Interview Questions And Answers for Freshers

1. Provide a definition for the term cybersecurity.

Cybersecurity refers to the protection of internet-connected systems, including hardware, software, and data, from theft, damage, or unauthorized access. It involves the use of various technologies, processes, and practices to safeguard networks, devices, and sensitive information from cyber threats such as hacking, viruses, and other malicious activities. Cybersecurity measures aim to maintain the confidentiality, integrity, and availability of digital assets and protect against cyberattacks that can result in financial loss, data theft, or damage to reputation. Effective cybersecurity requires a multi-layered approach that includes prevention, detection, and response strategies.

2. Can you explain the distinction between IDS and IPS?

IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) are both security mechanisms used in computer networks to detect and respond to malicious activities.

An IDS is a system that monitors network traffic, analyzing it for signs of suspicious behavior or activity that may indicate an intrusion. It operates in a passive mode, meaning it only detects and alerts the network administrator about the intrusion, but does not take any action to prevent it. The primary goal of an IDS is to identify and report on suspicious activity, so that the network administrator can take action to mitigate the threat.

On the other hand, an IPS is an active system that not only detects but also prevents malicious activity from occurring. An IPS uses a set of predefined rules to inspect network traffic in real-time, and when it detects an attack, it automatically blocks the offending traffic or takes other actions to stop the attack. Unlike an IDS, which simply alerts the administrator, an IPS can prevent attacks from being successful by stopping them before they reach their target.

3.What is meant by the term Botnet?

A botnet is a network of compromised computers, also known as “bots,” that are under the control of a single entity or command-and-control (C&C) server. The computers that are part of a botnet are typically infected with malware that allows an attacker to control them remotely without the knowledge of their owners. Once a botnet is established, the attacker can use it to carry out a variety of malicious activities.

4. Can you clarify the difference between stored and reflected XSS?

5. What are some examples of HTTP response codes?

HTTP response codes are status codes returned by web servers to indicate the status of a client’s request. Here are some examples of HTTP response codes:

• 200 OK: The server successfully processed the request, and the response is a representation of the requested resource.
• 301 Moved Permanently: The requested resource has been permanently moved to a new URL.
• 302 Found (or 303 See Other): The requested resource is temporarily moved to a different URL.
• 400 Bad Request: The server was unable to process the request due to invalid syntax.
• 401 Unauthorized: The request requires user authentication.
• 403 Forbidden: The server understood the request, but is refusing to fulfill it.
• 404 Not Found: The requested resource could not be found on the server.
• 500 Internal Server Error: The server encountered an unexpected condition that prevented it from fulfilling the request.
• 503 Service Unavailable: The server is currently unable to handle the request due to a temporary overload or maintenance of the server.

6. Enumerate some of the most prevalent forms of cybersecurity attacks.

There are many different types of cybersecurity attacks that can be used to compromise computer systems, steal sensitive data, or cause disruption. Here are some of the most prevalent forms of cybersecurity attacks:

• Malware attacks: Malware is a type of software designed to cause harm to computer systems or steal data. Common types of malware include viruses, Trojans, ransomware, and spyware.
• Phishing attacks: Phishing is a social engineering attack that involves tricking users into providing sensitive information, such as login credentials or credit card numbers, by posing as a legitimate organization or individual.
• DDoS attacks: Distributed Denial of Service (DDoS) attacks involve flooding a website or network with traffic in order to make it unavailable to legitimate users.
• Man-in-the-middle attacks: These attacks involve intercepting communications between two parties in order to steal data or modify messages.
• SQL injection attacks: SQL injection involves exploiting vulnerabilities in web applications to inject malicious SQL code into a database, allowing an attacker to view or modify data.
• Password attacks: These attacks involve attempting to guess or crack a user’s password in order to gain unauthorized access to a system or account.
• Insider attacks: Insider attacks involve malicious activity carried out by individuals within an organization, such as employees or contractors.
• Advanced persistent threats (APTs): APTs are long-term targeted attacks that involve sophisticated techniques to compromise systems and steal data over an extended period of time.

 7. What is a cybersecurity risk assessment and how is it carried out?

A cybersecurity risk assessment is a process of identifying, evaluating, and prioritizing potential vulnerabilities and threats to an organization’s information systems and assets. The goal of a risk assessment is to identify areas where security measures can be improved and to prioritize those improvements based on the level of risk they pose to the organization.

Know More: Future of cybersecurity and importance of SC-100 certification

The following are the steps involved in carrying out a cybersecurity risk assessment:

Define the scope of the assessment: Determine the scope of the assessment, including the assets to be assessed, the potential threats to those assets, and the impact of those threats on the organization.

• Identify assets: Identify all the assets within the scope of the assessment, including hardware, software, data, and personnel.
• Identify threats: Identify potential threats to each asset, including threats from internal and external sources.
• Assess vulnerabilities: Identify vulnerabilities that could be exploited by attackers to exploit the identified threats.
• Analyze risk: Analyze the likelihood and potential impact of each identified risk to determine the level of risk posed to the organization.
• Prioritize risk: Prioritize the risks based on their level of impact and likelihood, and determine which risks should be addressed first.
• Develop a risk mitigation plan: Develop a plan to mitigate the highest-priority risks, including a timeline for implementing security measures and assigning responsibilities to team members.
• Implement and monitor security measures: Implement the security measures identified in the risk mitigation plan and monitor their effectiveness over time.

8. What is the purpose of Patch Management?

The purpose of patch management is to ensure that software and systems are kept up-to-date with the latest security patches and updates, thereby reducing the risk of security vulnerabilities and data breaches.

9. Difference between SSL or HTTPS?

10. What measures can be implemented to safeguard data in transit and at rest?

There are several measures that can be implemented to safeguard data in transit and at rest:

• Encryption: Encryption is the process of converting data into a coded language that can only be understood by authorized parties. Encryption should be used to protect data both in transit and at rest.
• Access controls: Access controls should be implemented to restrict access to sensitive data to authorized individuals only. This can include measures such as password protection, multi-factor authentication, and role-based access controls.
• Firewalls: Firewalls should be used to protect networks and systems from unauthorized access and to prevent unauthorized access to data in transit.
• Virtual Private Networks (VPNs): VPNs should be used to create secure tunnels for data to pass through when transmitted over public networks. This can help to prevent interception of data in transit by unauthorized parties.
• Data backup and disaster recovery: Regular data backups and disaster recovery plans should be implemented to ensure that data can be restored in the event of a breach or data loss.
• Data masking: Data masking involves replacing sensitive data with fictitious data or symbols to protect it from unauthorized access. This technique can be used to protect data at rest.
• Physical security: Physical security measures, such as surveillance cameras, locked doors, and access control systems, should be implemented to protect data storage facilities.
• Regular audits: Regular audits should be conducted to ensure that security measures are being properly implemented and to identify potential vulnerabilities that need to be addressed.

 11. Describe the differences between VPN and VLAN?

12. What is a MITM attack and what measures can be taken to prevent it?

A Man-in-the-Middle (MITM) attack is a type of cyber attack in which the attacker intercepts the communication between two parties, allowing them to eavesdrop, modify, or inject their own messages into the conversation. The goal of a MITM attack is to steal sensitive information or to manipulate communication for malicious purposes.

Measures that can be taken to prevent a MITM attack include:

• Using encryption protocols such as SSL/TLS to secure the communication between the two parties.
• Implementing strong authentication mechanisms to ensure the identity of the parties involved.
• Regularly monitoring network traffic for any signs of a suspicious activity or unauthorized access.
• Educating users about the risks of MITM attacks and how to identify and avoid them.

13. Explain the concept of Cognitive Cybersecurity?

Cognitive cybersecurity is a field of cybersecurity that focuses on using artificial intelligence (AI) and machine learning (ML) to detect and respond to cyber threats. The concept is based on the idea that computers can be trained to recognize patterns in data that may indicate a cyber attack, and then use that knowledge to make better decisions about how to respond.

Cognitive cybersecurity involves the use of advanced algorithms and models that can analyze vast amounts of data in real-time, identify anomalies or potential threats, and take appropriate action to mitigate the risk. This approach is more proactive than traditional cybersecurity methods, which rely on manual intervention to identify and respond to threats.

14. What is an XSS attack and what measures can be taken to prevent it?

An XSS (Cross-Site Scripting) attack is a type of cyber attack that exploits vulnerabilities in web applications by injecting malicious code into a website’s HTML code or JavaScript code. The attacker can then use this injected code to steal user data, such as login credentials or personal information, or to perform unauthorized actions on behalf of the user, such as making unauthorized purchases or manipulating user data.

15. What is a DDoS attack and how can it be prevented?

A DDoS (Distributed Denial of Service) attack is a type of cyber attack that floods a website or network with a large volume of traffic or requests from multiple sources, making it unavailable to legitimate users. This can cause disruption to business operations, financial loss, and reputational damage.

To prevent a DDoS attack, organizations can take several measures, including:

• Investing in DDoS protection services or software, such as cloud-based DDoS mitigation services, firewalls, or intrusion prevention systems.
• Setting up rate limiting and throttling to prevent excessive traffic.
• Monitoring network traffic and behavior patterns to identify and mitigate DDoS attacks early.
• Creating a DDoS response plan to quickly mitigate and recover from an attack.

 16. What are the methods for resetting a password-protected BIOS configuration?

To reset a password-protected BIOS configuration, there are a few methods that can be used, including:

• Removing the CMOS battery: This involves opening the computer case and removing the CMOS battery from the motherboard for a few minutes to reset the BIOS settings to their default state.
• Using a BIOS reset jumper: Many motherboards have a jumper that can be used to reset the BIOS settings. This involves moving the jumper from its default position to its reset position for a few seconds and then moving it back.
• Using a BIOS password cracking tool: There are several third-party software tools that can be used to crack or bypass a BIOS password.

 17. Can you explain the difference between data protection in transit and data protection at rest?

Data protection in transit and data protection at rest are two important concepts in information security that refer to different stages of data handling.

Data protection in transit refers to the security measures used to protect data while it is being transmitted or moved between different locations or devices. This includes data that is being transmitted over a network, such as an internet, local area network (LAN), or wide area network (WAN). Examples of data protection measures used during transit include encryption, secure protocols such as HTTPS or SSH, and virtual private networks (VPNs).

On the other hand, data protection at rest refers to the security measures used to protect data that is stored or archived on a device or system, such as a hard drive, USB drive, or cloud storage. Data at rest can be vulnerable to various threats, including theft, loss, or unauthorized access. Examples of data protection measures used for data at rest include encryption, access controls, secure deletion, and physical security measures such as locks or biometric authentication.

18. What are SSL and TLS, and how do they work?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols used to secure communication over the internet. They provide a secure and encrypted connection between a client and a server, ensuring that data transmitted between them is protected from eavesdropping and tampering.

SSL was developed by Netscape in the 1990s, and TLS is its successor. Both protocols operate in a similar manner, but TLS is considered more secure and up-to-date. SSL has been deprecated and is no longer considered safe for use.

Here’s how SSL and TLS work:

• A client initiates a connection to a server using SSL/TLS.
• The server sends its SSL/TLS certificate to the client, which contains the server’s public key.
• The client verifies the certificate to ensure it is valid and issued by a trusted Certificate Authority (CA).
• The client generates a random session key and encrypts it using the server’s public key, then sends it to the server.
• The server decrypts the session key using its private key.
• Both the client and server use the session key to encrypt and decrypt data transmitted between them. This ensures that the data is secure and cannot be intercepted by an attacker.

SSL/TLS can use different algorithms to encrypt the data, such as AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman). The protocol also provides options for the level of security and encryption used, such as the choice of cipher suites, key exchange protocols, and hashing algorithms.

19. What are salted hashes?

Salted hashes are a common technique used to secure passwords and other sensitive data. A hash function is a mathematical function that takes an input (such as a password) and produces a fixed-size output (the hash value).

20. Which protocols are included in the TCP/IP Internet layer?

The Internet layer of the TCP/IP protocol suite includes two main protocols:

Internet Protocol (IP): This protocol is responsible for delivering packets of data from one computer to another over the Internet. IP provides a connectionless, best-effort delivery service, which means that it does not guarantee that data packets will arrive at their destination or arrive in the order they were sent.

Internet Control Message Protocol (ICMP): This protocol is used to report errors and other messages concerning the status of the network. ICMP is typically used by network devices, such as routers, to communicate with each other about network congestion or other issues.

21. Can you define port blocking within a LAN?

In general, port blocking refers to action carried out by an Internet Service Provider and it is done for blocking the traffic on the internet with the help of Transfer Protocol and Port Number.

Port blocking within LAN means restriction of the users from retrieving the services within LAN. It may include blocking of the physical ports such as USB, DVD/CD-ROM, smartphones, removable devices, floppy and many plug and play devices. 

22. What is ARP and how does it function?

The main usage of ARP protocol such as to map the network IP address to the physical address, which is known as Ethernet address.

It can be able to translate a 32-bit address into a 48-bit address and vice versa. This type of translation is required because most common internet protocols used today were 32 bits and MAC addresses are 48-bits long.

23. What are the different layers that make up the OSI model?

The OSI model mainly functions to process the data between the two endpoints in the network. The seven layers can make OSI model and they are briefly described below:

Application layer: It can allow the users to communicate with the application or network whenever needed to carry out network related activities.

Presentation layer: It can be able to manage the data encryption and decryption needed for the application layer. It can be able to translate the information for the application layer on the basis of application syntax.

Session layer: The period of the system can be determined in this layer and it can be estimated by waiting time of application to respond for others.

Transport layer: It can be used for data transfer across the network and offers services such as error checking and data flow controls.

Network layer: This layer is used for transferring the data to and from another network or application.

Data link layer: The flow of data was completely taken care of by the data link layer. In addition, the problem occurs when the bit transmission errors can be controlled.

Physical layer: In this layer, bit transfer is carried out from one device to another via the network. It also controls network physical connection and representation of bits into signals while transferring data either electrically or optically or radio waves.

24. Explain the distinction between HIDS and NIDS?

HIDS involved in traffic monitoring and keep track of suspicious activities on specific hosts installed. On the other hand, NIDS can be involved in network traffic and events monitoring. HIDS were priorly informed about the incoming security attacks due to integrity monitoring and system file functions, keeping an eye on files and processes targeted by the attacks.

In contrast, NIDS can be able to monitor the network events and traffic. Both the NIDS and HIDS can be operated by surveillance of the log files and event data that are generated by the system. NIDS involves analysis of packed data when the data travels through a network. 

Both the intrusion detection systems were diverse in nature as most of the NIDS gets to operate majorly in real-time and tracking of the live data for the sign tampering purpose. On the other hand, HIDS analysis engages in record logging for proof of the malicious activity.

25. Outline the process of firewall configuration?

Firewall plays a major role in the network security and it must be properly secured to retain the data in safer mode against the cybersecurity threats.

It can be made possible by the configuration of domain names and IP addresses. Firewall policy configuration was completely done on the basis of the network type and can be set up with the help of security rules that can be used for blocking or allowing access to defend against the potential attacks from the malware or intruders.

Improper firewall configuration results in attackers gaining unauthorized access to secure the internal resources and networks.

Here are some steps to configure firewall:

• Securing the firewall is the first step to ensure that only authorized people only have access to it. 
• Establishment of firewall zones and IP address structure
• Configuration of the  access control lists
• Configuration of firewall services and logging
• Testing firewall configuration
• Managing firewall

26. Define a brute force attack and suggest measures to mitigate it?

In the brute force attack, the attacker tries to target the network by guessing the password by means of trial and error method. It is commonly implemented with usage of automated software that is used for login with usage of the credentials.

There are some ways to mitigate the brute force attack and they are:

• Setting lengthy password
• Limiting login failures
• Usage of complex passwords

27. Mention the difference between symmetric and asymmetric encryption.

28. Explain SQL injection. How to prevent it?

SQL injection attacks can be made by the execution of the malicious SQL commands in database servers such as MySQL, Oracle, SQL server that are executed behind web applications. 

The main intention of this attack is to gain unauthorized access into the sensitive information such as client data, personal data, intellectual property data and so on. In this attack, the intruder can be able to alter, append and delete the records in the database and it significantly results in the loss of integrity.

To defend against the SQL injection attacks, there are some ways exists and they are:

• Limiting the access to the database
• Cleansing the data by limiting the special characters
• Validation of the user inputs
• Usage of prepared statements
• Checking for active patches and updates

29. What is Phishing and how to defend it?

In the phishing attack, the intruder acts as a legitimate person of an organization to retrieve the sensitive data by the manipulation of the victim. It can be attained by making interaction with the user, such as asking the victim to click on a malicious link and if the user attempts to click it, then the user data will be at high risk. The confidential data of the users such as credit card data, usernames, passwords and so on will be stolen by the hackers.

Following are some of the methods to defend against phishing attack:

• Installation of the firewalls
• Changing the passwords frequently
• Usage of free anti-phishing tools
• Don’t click on or download from the unknown sources
• Don’t share your personal data on unknown or unsecured websites

30. What is the difference between VPN and VLAN?

31. How frequently should patch management be carried out?

The patch management needs to be done immediately once every update to the software has been made. In a month, all network devices in an organization need to undergo patch management. 

32. What are the methods to reset a BIOS configuration that is password-protected?

There are three methods to reset a BIOS password:

1. Reset by removing CMOS battery: You can unplug the PC and remove the CMOS battery from the cabinet for 15-30 minutes, and then put it back. This will reset the BIOS settings.
2. Use third-party software: There are software programs like CmosPwd and Kiosk that can help reset the BIOS password.
3. Reset using MS-DOS commands: If you have access to the operating system installed on the PC, you can run commands from the MS-DOS prompt using the debug tool to reset the BIOS password. However, this method will reset all BIOS configurations, and you will need to re-enter the settings after resetting.

33. Can you explain port blocking within a LAN?

Port blocking within a local area network (LAN) involves restricting users from accessing certain services or applications through specific ports. The purpose of port blocking is to prevent the source from providing access to destination nodes via those ports, in order to prevent unauthorized access that may pose security vulnerabilities in the network infrastructure. 

By blocking ports, it is possible to control which services or applications can be accessed within the LAN, ensuring better security and preventing potential security breaches.

34. Which protocols are classified under the TCP/IP Internet layer?

35. What are the various scheduling algorithms used in operating systems?

Some of various scheduling algorithms used in operating systems:

• First-Come, First-Served (FCFS) Scheduling.
• Shortest-Job-Next (SJN) Scheduling.
• Priority Scheduling.
• Shortest Remaining Time.
• Round Robin(RR) Scheduling.
• Multiple-Level Queues Scheduling

36. What are the different sniffing tools used in cybersecurity?

Sniffers are networking tools that can inspect data packets as they travel through a network. They can be either software programs designed to capture data packets or physical hardware devices that are connected directly to a network. Sniffers are used to analyze network traffic, capture data for troubleshooting, monitoring, or security purposes, and gain insights into the communication patterns and protocols used in a network environment.

Some of the sniffing tools used in cybersecurity are:

• Wireshark
• Mitmproxy
• Burp Suite
• Zaproxy

37. What is the difference between microkernel and macrokernel in operating systems?

38. Can you distinguish between logical address space and physical address space?

Logical address space refers to the virtual address space that a process sees or uses, which is typically larger than the physical address space. It is the address space that a process uses to access memory, and it is managed by the operating system. Logical addresses are generated by the CPU, and they are translated into physical addresses before accessing actual memory. Logical address space provides an abstraction layer to processes, allowing them to operate independently of the underlying physical memory.

On the other hand, physical address space refers to the actual physical addresses of memory cells in the physical memory or RAM. These are the physical locations where data is stored in the computer’s memory. Physical address space is the actual hardware-level memory that is available in the computer and is managed by the memory management unit (MMU) in the CPU.

39. What are the different process states in Linux?

In Linux, a process can have various states, which describe the current condition or progress of the process. The different process states in Linux are:

Running: The process is currently being executed by one of the CPU cores.

Sleeping: The process is waiting for an event or a resource, such as user input or data from a disk, to become available. It is not executing any instructions and is in a suspended state.

Zombie: The process has completed its execution, but its entry still remains in the process table until its parent process acknowledges its termination. It does not execute any instructions and is waiting to be cleaned up.

Stopped: The process has been stopped by a signal, such as when a user presses Ctrl+Z in the terminal. It can be resumed or terminated by the user or another process.

Waiting: The process is waiting for a specific event to occur, such as a child process completing its execution or a timer expiring.

Dead: The process has terminated or exited, and its resources have been released.

40. How would you define the terms “Risk, Vulnerability & Threat” in a network context?

Risk: Risk refers to the potential for harm or loss resulting from the exploitation of vulnerabilities by threats. It is the likelihood of a threat exploiting a vulnerability and the impact it could have on the network or system. Risks can arise from various sources, such as human errors, software vulnerabilities, or external attacks.

 Vulnerability: A vulnerability is a weakness or flaw in a system or network that can be exploited by a threat to gain unauthorized access, disrupt normal operation, or steal data. Vulnerabilities can result from programming errors, misconfigurations, or design flaws in hardware or software.

Threat: A threat is any potential danger or harmful event that can exploit a vulnerability in a network or system. Threats can be intentional, such as malicious hackers or malware, or unintentional, such as natural disasters or accidental errors. Threats pose risks to the security and integrity of a network or system.

41. Please explain what is meant by Data Leakage.

The unauthorized exchange of data from within an organization to a specific location or recipient outside of it is known as data leakage. The phrase can be used to refer to both physical and electronic data transfers.

42. What is the purpose of traceroute? How is it used?

An internet traceroute shows the route taken by data as it moves from its point of origin to its destination. The information that is received from a website connection must pass through a number of networks and devices along the way, most notably routers.

To find the route between two connections, the traceroute command can be used. The link to another device frequently needs to pass via several routers. The names or IP addresses of any router that exists between two devices will be returned by the traceroute command.

43. Can you list the various response codes that can be obtained from a Web Application?

These are the response codes that are obtained from a Web Application:

• Informational responses ( 100 – 199 )
• Successful responses ( 200 – 299 )
• Redirection messages ( 300 – 399 )
• Client error responses ( 400 – 499 )
• Server error responses ( 500 – 599 )

44. If you observe unusual activity of the mouse pointer, such as it moving around on its own and clicking on things on the desktop, the appropriate actions to take are:

a) Call your co-workers over so they can see

b) Disconnect your computer from the network

c) Unplug your mouse

d) Tell your supervisor

e) Turn your computer off

f) Run anti-virus

g) All of the above

Select all the options that apply.

The solutions are (D) and (E). The fact that an unidentified authority appears to be able to remotely manage the computer and this kind of behavior seems to be suspicious. In such circumstances, you should notify the relevant supervisor right away. Until help arrives, you can keep the machine off the network.

45. Mention the steps on how to install a firewall.

The actions you must take in order to set up a firewall are as follows:

• Username/password: Change the firewall device’s factory-set password.
• Remote administration: Whenever possible, turn off the feature.
• Port Forward: Configure the correct ports for the web server, FTP, and other programmes to function properly.
• DHCP Server: To prevent conflicts when installing a firewall, disable the DHCP server.
• Logging: Enable logging to inspect logs and to debug the firewall.
• Policies: Robust security policies should be set up with the firewall.

46. Select the passwords from the database list below, which are compliant with UCSC’s password requirements:

a). Password1

b). @#$)*&^%

c). UcSc4Evr!

d). akHGksmLN

The answer to this question is C(UcSc4Evr!) . According to UCSC specifications, a password ought to be:

• Must have minimum 8 characters 
• A combination of any three of the following four character types such as lowercase, capital letters, numerals, and special characters.

47. In a situation where an employee’s bank account has an error during direct deposit, two different offices need to collaborate to resolve the issue. One office contacts the other through email to provide valid account information for the deposit, and the employee confirms to the bank that the error is fixed. What issues can arise from this scenario?

Any sharing of sensitive information over email must be avoided since it can result in identity theft. This is so because emails typically aren’t safe or private. It is not advised to share or transfer private information via the network because the path can be simply tracked.

In such cases, the parties concerned should get in touch over the phone and cooperate with ITS to deliver the information securely.

48.What does it mean when you receive an email from your bank stating that there is an issue with your account, and the email contains instructions and a link to log in and fix the issue? Please explain.

This email seems to be unsolicited. In the appropriate online client you prefer, you should immediately transfer the message you received to the trash and report it as spam. Call the bank to confirm the message is authentic and is from the bank before entering any bank-related credentials online.

49. What is the difference between ciphertext and cleartext?

Information that has been encrypted or ciphered is known as ciphertext, rendering it unintelligible. Data theft, alterations, destruction, unauthorized transmission, unauthorized disclosure, and similar actions are made easier when it is stored in cleartext.

50. What is a three-way handshake?

A TCP/IP network connection procedure known as the 3-Way handshake links the server and client. Both the client and the server need to send synchronization and acknowledgment packets before the actual data transmission begins.

Prior to data transmission, the 3-way handshake process is intended to allow both communication ends to simultaneously determine and establish the network TCP socket connection specifications. It enables the simultaneous transport of a large number of TCP socket connections in both directions.