Top 84 Cybersecurity / Web Security Interview Questions & Answers (2026)

01 What is cybersecurity? 02 What is the CIA triad in security? 03 What is a firewall? 04 What is encryption? 05 What is HTTPS and how does it differ from HTTP? 06 What is SQL injection? 07 What is Cross-Site Scripting (XSS)? 08 What is Cross-Site Request Forgery (CSRF)? 09 What is the OWASP Top 10? 10 What is authentication vs authorization? 11 What is multi-factor authentication (MFA)? 12 What is a VPN? 13 What is hashing and how does it differ from encryption? 14 What is a salt in cryptography? 15 What is a DDoS attack? 16 What is a man-in-the-middle (MITM) attack? 17 What is phishing? 18 What is a penetration test? 19 What is social engineering in cybersecurity? 20 What is a zero-day vulnerability? 21 What is the principle of least privilege? 22 What is a SSL/TLS certificate? 23 What is a cookie and how are cookies secured? 24 What is an IDS vs IPS? 25 What is HTTPS Strict Transport Security (HSTS)? 26 What is Content Security Policy (CSP)? 27 What is the difference between symmetric and asymmetric encryption? 28 What is a vulnerability assessment? 29 What is a security misconfiguration? 30 What are HTTP security headers? 31 What is input validation and why is it important? 32 What is broken access control? 33 What is a CVE? 34 What is defense in depth? 35 What is a security audit? 36 What is data encryption at rest and in transit? 37 What is a Security Operations Center (SOC)? 38 What is GDPR and why does it matter for security? 39 What is malware? 40 What is a security patch and why should patches be applied promptly? 41 What is a password policy and what makes a strong password? 42 What is OAuth 2.0? 43 What is JWT (JSON Web Token)? 44 What is two-factor authentication (2FA)? 45 What is network segmentation?

01 What is SSRF (Server-Side Request Forgery)? 02 What is XXE (XML External Entity) injection? 03 What is insecure deserialization? 04 What is a WAF (Web Application Firewall)? 05 How do you prevent SQL injection? 06 What is broken authentication and how do you prevent it? 07 What is DKIM, SPF, and DMARC in email security? 08 What is the difference between a white-hat, grey-hat, and black-hat hacker? 09 What is threat modeling? 10 What is certificate pinning? 11 What is a SIEM system? 12 What is a buffer overflow attack? 13 What is path traversal? 14 What is clickjacking? 15 What is an open redirect vulnerability? 16 What is command injection? 17 What is LDAP injection? 18 What is security in the software development lifecycle (SDLC)? 19 What is SAST vs DAST? 20 What is the difference between a virus, worm, and trojan? 21 What is an API security best practice? 22 What is the principle of defense-in-depth applied to web applications? 23 What is ransomware and how do you defend against it? 24 What is security hardening? 25 What is a supply chain attack? 26 What is privilege escalation?

01 What is Zero Trust security architecture? 02 What is the MITRE ATT&CK framework? 03 What is a penetration testing methodology? 04 What is a PKI (Public Key Infrastructure)? 05 What is the difference between IDS/IPS, SIEM, and EDR? 06 What is an APT (Advanced Persistent Threat)? 07 What is cryptographic key management? 08 What is fuzzing in security testing? 09 What is side-channel attack? 10 What is a honeypot in cybersecurity? 11 What is the OWASP API Security Top 10? 12 What is a security incident response plan? 13 What are common cryptographic weaknesses and pitfalls?