Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,520 --> 00:00:07,180 Scenario based questions plays a very vital role during the interview, because I interview always ask 2 00:00:07,180 --> 00:00:09,880 some questions related to scenario based questions. 3 00:00:10,690 --> 00:00:12,610 Now here a very important thing. 4 00:00:12,610 --> 00:00:16,450 Is that how you reply all those questions? 5 00:00:16,450 --> 00:00:20,920 Let's say we have just an example or definitely these type of questions. 6 00:00:20,920 --> 00:00:26,380 They always ask that if there is some DDoS attack, then how you can mitigate how what will be your 7 00:00:26,380 --> 00:00:27,510 plan, right? 8 00:00:27,820 --> 00:00:33,580 So you can read out these things that we can document the Australians plan, recognize the DDoS attack 9 00:00:33,580 --> 00:00:41,470 activity and we cannot assume that only largescale volumetric attacks are the problem site and we can't 10 00:00:41,470 --> 00:00:47,260 even rely on the traffic monitoring thresholds and we even IP or firewall and definitely there is a 11 00:00:47,260 --> 00:00:52,420 very special thing is that we can we have to engage the mitigation provider. 12 00:00:53,710 --> 00:00:57,520 And pair time to mitigation with successful attack protection. 13 00:00:57,610 --> 00:01:04,690 So apart from that, guys, we can we can make one of the scrubbing center to mitigate the DDoS attack. 14 00:01:05,020 --> 00:01:07,390 So now what is that scrubbing center? 15 00:01:08,280 --> 00:01:14,520 So scrubbing silver, we can say, is one of the dedicated machines that receives all network traffic 16 00:01:15,120 --> 00:01:18,750 and it filters all the network traffic. 17 00:01:19,680 --> 00:01:21,720 In the form of good traffic and bad. 18 00:01:22,410 --> 00:01:31,840 So generally it passes only the good traffic, which is not malicious in respect to this data packets. 19 00:01:32,670 --> 00:01:36,490 Now in our second we have suppose the server is compromised with the malware. 20 00:01:36,510 --> 00:01:39,570 What steps will you take to secure a server? 21 00:01:40,320 --> 00:01:43,380 Well, these are the protections you can take. 22 00:01:43,830 --> 00:01:47,340 These are the protection you can take just after. 23 00:01:49,590 --> 00:01:52,980 Before that compromise version of the server. 24 00:01:53,010 --> 00:01:53,550 Right. 25 00:01:54,090 --> 00:01:56,680 And even after the confirmation of the server. 26 00:01:56,700 --> 00:02:03,390 But along with that, you will have to, you know, isolate that machine, that server machine. 27 00:02:03,390 --> 00:02:05,160 You will have to isolate that server machine. 28 00:02:05,160 --> 00:02:11,430 I forgot to mention here those points here, you have to isolate it and you have to investigate whether 29 00:02:11,430 --> 00:02:13,380 there is something malicious or not. 30 00:02:13,380 --> 00:02:20,340 If there is something malicious found, you will have to clear all those things and you will have to 31 00:02:20,340 --> 00:02:24,420 check other parts of the network which machines were connected to this server. 32 00:02:24,840 --> 00:02:25,380 Right. 33 00:02:25,380 --> 00:02:27,180 And you have to clear all those things. 34 00:02:27,180 --> 00:02:33,810 So once you you get to know all those things, then you have to secure again, make a secure password. 35 00:02:33,810 --> 00:02:37,290 You can make the user that you use to manage the system. 36 00:02:37,290 --> 00:02:40,170 You can remove or remove the remote access from default. 37 00:02:40,170 --> 00:02:42,690 You can configure firewalls for remote access. 38 00:02:42,840 --> 00:02:44,340 These are the things you can do. 39 00:02:44,340 --> 00:02:50,790 And after doing these things, you can take that away in the you in your network. 40 00:02:52,960 --> 00:02:57,430 One more saw this scenario based questions we have. 41 00:02:57,430 --> 00:03:01,000 Suppose there is a no use case for BitTorrent, right? 42 00:03:01,030 --> 00:03:02,290 There is no quality. 43 00:03:03,310 --> 00:03:07,510 We have made any use cases for BitTorrent. 44 00:03:07,540 --> 00:03:09,430 Then how we can analyze that traffic. 45 00:03:09,430 --> 00:03:10,990 So that is quite very simple. 46 00:03:11,000 --> 00:03:14,350 We see BitTorrent or you can say peer to peer. 47 00:03:15,430 --> 00:03:21,280 This software generally works on port number 688126, eight, eight, nine, and sometimes it's six 48 00:03:21,580 --> 00:03:22,060 nine. 49 00:03:23,510 --> 00:03:24,830 So now what you can do. 50 00:03:24,860 --> 00:03:30,320 You can check the sim locks directly and you can filter out the port numbers with the help of port number, 51 00:03:30,380 --> 00:03:31,220 obviously. 52 00:03:31,670 --> 00:03:34,370 And you can also check the firewall logs. 53 00:03:34,370 --> 00:03:40,460 And there also you will you will have to keep the filter with the help of port number. 54 00:03:40,610 --> 00:03:48,230 And then you will get to know in the in the raw data or you can see the payload that the IP address, 55 00:03:48,230 --> 00:03:51,980 the URL and the port number, these things you will get. 56 00:03:51,980 --> 00:03:57,820 And with the help of these, that will be very easy to know that whether it's a torrent or not because 57 00:03:57,830 --> 00:04:02,690 you once you will search on the Google, you will get to know that this IP is delivered through some 58 00:04:02,690 --> 00:04:02,930 tools. 59 00:04:02,960 --> 00:04:04,910 Something appear to be a connection. 60 00:04:06,920 --> 00:04:09,500 Now let's say our data breach on the network. 61 00:04:09,620 --> 00:04:13,610 So what is the first thing you do when the attack occurs on the network? 62 00:04:14,090 --> 00:04:16,010 So this one is very important one. 63 00:04:16,190 --> 00:04:21,140 Basically, they they just ask this question just to know that what action you can take. 64 00:04:21,140 --> 00:04:25,820 So what was the incident response plan in place or your organization? 65 00:04:26,560 --> 00:04:26,680 Right. 66 00:04:26,750 --> 00:04:29,020 So investigate the incident. 67 00:04:29,030 --> 00:04:30,230 That is the first part. 68 00:04:30,260 --> 00:04:33,800 If the breach is valid, then we have to inform the management. 69 00:04:33,830 --> 00:04:35,150 That's quite very simple. 70 00:04:35,420 --> 00:04:39,560 And then identify the suspected, you know, the root cause of the incident. 71 00:04:40,100 --> 00:04:42,200 So this one, we have to find out. 72 00:04:42,200 --> 00:04:48,710 And then if we get to know where something is malicious and something is affected, then we need to 73 00:04:48,710 --> 00:04:52,430 isolate that effective system and get the cause of the breach. 74 00:04:53,150 --> 00:04:58,520 Then implement policy, procedure, procedures, procedures, whatever the things they is there, perform 75 00:04:58,520 --> 00:05:04,220 period technology, audit or risk assessment combined with network penetration testing to identify weaknesses 76 00:05:04,220 --> 00:05:05,090 in the system. 77 00:05:05,480 --> 00:05:08,930 So that's what comes in the role. 78 00:05:10,530 --> 00:05:14,820 Now, how do you keep devices secure if they are on public Wi-Fi? 79 00:05:14,850 --> 00:05:22,950 So, well, the first prescription for this is users should use their own mobile hotspot. 80 00:05:23,250 --> 00:05:29,820 If they can't use it, then just tell to the user that they are they should connected with the VPN because 81 00:05:29,820 --> 00:05:36,540 once they will connect with European, every data is going to be encrypt through it and it will communicate 82 00:05:36,540 --> 00:05:38,070 through a tunnel. 83 00:05:38,100 --> 00:05:42,210 So through that, the communication will be secure. 84 00:05:43,800 --> 00:05:49,530 So that's it, guys, and we'll meet in the next video with the roles and responsibilities and same 85 00:05:49,530 --> 00:05:51,150 questions, which is very important. 86 00:05:51,150 --> 00:05:52,890 This part is very important. 8386