Cyber Security Interview Q&A

[vc_row][vc_column css_animation=”fadeInLeft”][vc_column_text css=”.vc_custom_1561976733397{background-color: #1e73be !important;}”]

Cyber Security Interview Questions & Answers

[/vc_column_text][/vc_column][/vc_row][vc_row equal_height=”yes” css_animation=”fadeInLeft”][vc_column css_animation=”fadeInLeft” width=”1/2″][vc_tta_accordion color=”peacoc” active_section=”1″ css_animation=”none”][vc_tta_section title=”Explain risk, vulnerability and threat?” tab_id=”1561976410639-72191c00-b0eb”][vc_column_text]Vulnerability (weakness) is a gap in the protection efforts of a system, a threat is an attacker who exploits that weakness. Risk is the measure of potential loss when that the vulnerability is exploited by the threat e.g. Default username and password for a server – An attacker can easily crack into this server and compromise it.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is the difference between Asymmetric and Symmetric encryption and which one is better?” tab_id=”1561976410655-0983d07c-edaf”][vc_column_text]Symmetric encryption uses the same key for both encryption and decryption, while Asymmetric encryption uses different keys for encryption and decryption.

Symmetric is usually much faster but the key needs to be transferred over an unencrypted channel.

Asymmetric on the other hand is more secure but slow. Hence, a hybrid approach should be preferred. Setting up a channel using asymmetric encryption and then sending the data using symmetric process.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is an IPS and how does it differs from IDS?” tab_id=”1561976471866-df87d894-6083″][vc_column_text]IDS is an intrusion detection system whereas an IPS is an intrusion prevention system. IDS will just detect the intrusion and will leave the rest to the administrator for further action whereas an IPS will detect the intrusion and will take further action to prevent the intrusion. Another difference is the positioning of the devices in the network. Although they work on the same basic concept but the placement is different.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is XSS, how will you mitigate it?” tab_id=”1561976475866-83f629d2-15da”][vc_column_text]Cross site scripting is a JavaScript vulnerability in the web applications. The easiest way to explain this is a case when a user enters a script in the client side input fields and that input gets processed without getting validated. This leads to untrusted data getting saved and executed on the client side.

Countermeasures of XSS are input validation, implementing a CSP (Content security policy)[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is the difference between encryption and hashing?” tab_id=”1561976478613-01242363-7af8″][vc_column_text]Encryption is reversible whereas hashing is irreversible. Hashing can be cracked using rainbow tables and collision attacks but is not reversible.

Encryption ensures confidentiality whereas hashing ensures Integrity.[/vc_column_text][/vc_tta_section][vc_tta_section title=”Are you a coder/developer or know any coding languages?” tab_id=”1561976480085-34836ba4-051b”][vc_column_text]Although this is not something an information security guy is expected to know but the knowledge of HTML, JavaScript and Python can be of great advantage. HTML and JavaScript can be used in web application attacks whereas python can be used to automate tasks, exploit development etc. A little knowledge of the three can be of great advantage – both in the interview and on the floor.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is CSRF?” tab_id=”1561976480773-146b1a05-7268″][vc_column_text]Cross Site Request Forgery is a web application vulnerability in which the server does not check whether the request came from a trusted client or not. The request is just processed directly. It can be further followed by the ways to detect this, examples and countermeasures.[/vc_column_text][/vc_tta_section][vc_tta_section title=” What is a Security Misconfiguration?” tab_id=”1561976481632-c53c842d-7327″][vc_column_text]Security misconfiguration is a vulnerability when a device/application/network is configured in a way which can be exploited by an attacker to take advantage of it. This can be as simple as leaving the default username/password unchanged or too simple for device accounts etc.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is a Black hat, white hat and Grey hat hacker?” tab_id=”1561976482200-f0eb94aa-0e97″][vc_column_text]Black hat hackers are those who hack without authority. White hat hackers are authorised to perform a hacking attempt under signed NDA. Grey hat hackers are white hat hackers which sometimes perform unauthorised activities.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is a firewall?” tab_id=”1561976482876-35c522e5-90b6″][vc_column_text]A firewall is a device that allows/blocks traffic as per defined set of rules. These are placed on the boundary of trusted and untrusted networks.[/vc_column_text][/vc_tta_section][vc_tta_section title=”How do you keep yourself updated with the information security news?” tab_id=”1561976483564-83c05a3f-98a1″][vc_column_text]Be sure to check and follow a few security forums so that you get regular updates on what is happening in the market and about the latest trends and incidents.[/vc_column_text][/vc_tta_section][vc_tta_section title=”The world has recently been hit by ……. Attack/virus etc. What have you done to protect your organisation as a security professional?” tab_id=”1561976484192-e980f17d-41b8″][vc_column_text]Different organisations work in different ways, the ways to handle incident is different for all. Some take this seriously and some not. The answer to this should be the process to handle an incident. Align this with one you had and go on… just don’t exaggerate.[/vc_column_text][/vc_tta_section][vc_tta_section title=”CIA triangle?” tab_id=”1561976485640-6bc28bcf-9df2″][vc_column_text]

  • Confidentiality: Keeping the information secret.
  • Integrity: Keeping the information unaltered.
  • Availability: Information is available to the authorised parties at all times.

[/vc_column_text][/vc_tta_section][vc_tta_section title=”HIDS vs NIDS and which one is better and why?” tab_id=”1561976486328-3499836c-c92e”][vc_column_text]HIDS is host intrusion detection system and NIDS is network intrusion detection system. Both the systems work on the similar lines. It’s just that the placement in different. HIDS is placed on each host whereas NIDS is placed in the network. For an enterprise, NIDS is preferred as HIDS is difficult to manage, plus it consumes processing power of the host as well.[/vc_column_text][/vc_tta_section][vc_tta_section title=” What is port scanning?” tab_id=”1561976487112-a7e8dcb3-553b”][vc_column_text]Port scanning is process of sending messages in order to gather information about network, system etc. by analysing the response received.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is the difference between VA and PT?” tab_id=”1561976488516-236ad7c4-d510″][vc_column_text]Vulnerability Assessment is an approach used to find flaws in an application/network whereas Penetration testing is the practice of finding exploitable vulnerabilities like a real attacker will do. VA is like travelling on the surface whereas PT is digging it for gold.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What are the objects that should be included in a good penetration testing report?” tab_id=”1561976489293-65067fbf-e6b9″][vc_column_text]A VAPT report should have an executive summary explaining the observations on a high level along with the scope, period of testing etc. This can be followed by no of observations, category wise split into high, medium and low. Also include detailed observation along with replication steps, screenshots of proof of concept along with the remediation.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is compliance?” tab_id=”1561976490041-a32e63d9-35eb”][vc_column_text]Abiding by a set of standards set by a government/Independent party/organisation. E.g. An industry which stores, processes or transmits Payment related information needs to be complied with PCI DSS (Payment card Industry Data Security Standard). Other compliance examples can be an organisation complying with its own policies.[/vc_column_text][/vc_tta_section][vc_tta_section title=”Tell us about your Personal achievements or certifications?” tab_id=”1561976490672-bd2bd0b5-7dec”][vc_column_text]Keep this simple and relevant, getting a security certification can be one personal achievement. Explain how it started and what kept you motivated. How you feel now and what are your next steps.[/vc_column_text][/vc_tta_section][vc_tta_section title=”Various response codes from a web application?” tab_id=”1561976491352-9eec3516-d27f”][vc_column_text]1xx – Informational responses
2xx – Success
3xx – Redirection
4xx – Client side error
5xx – Server side error[/vc_column_text][/vc_tta_section][/vc_tta_accordion][/vc_column][vc_column width=”1/2″][vc_tta_accordion color=”peacoc” active_section=”1″][vc_tta_section title=”When do you use tracert/traceroute?” tab_id=”1561976532017-dc1a0882-053c”][vc_column_text]In case you can’t ping the final destination, tracert will help to identify where the connection stops or gets broken, whether it is firewall, ISP, router etc.[/vc_column_text][/vc_tta_section][vc_tta_section title=”DDoS and its mitigation?” tab_id=”1561976532036-10d57b78-bd8c”][vc_column_text]DDoS stands for distributed denial of service. When a network/server/application is flooded with large number of requests which it is not designed to handle making the server unavailable to the legitimate requests. The requests can come from different not related sources hence it is a distributed denial of service attack. It can be mitigated by analysing and filtering the traffic in the scrubbing centres. The scrubbing centres are centralized data cleansing station wherein the traffic to a website is analysed and the malicious traffic is removed.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is a WAF and what are its types?” tab_id=”1561976535615-b41c8ffc-224f”][vc_column_text]WAF stands for web application firewall. It is used to protect the application by filtering legitimate traffic from malicious traffic. WAF can be either a box type or cloud based.[/vc_column_text][/vc_tta_section][vc_tta_section title=”Explain the objects of Basic web architecture?” tab_id=”1561976536468-c57d251a-c03f”][vc_column_text]A basic web architecture should contain a front ending server, a web application server, a database server.[/vc_column_text][/vc_tta_section][vc_tta_section title=”How often should Patch management be performed?” tab_id=”1561976538409-91957ced-306f”][vc_column_text]Patch should be managed as soon as it gets released. For windows – patches released every second Tuesday of the month by Microsoft. It should be applied to all machines not later than 1 month. Same is for network devices, patch as soon as it gets released. Follow a proper patch management process.[/vc_column_text][/vc_tta_section][vc_tta_section title=”How do you govern various security objects?” tab_id=”1561976539191-166dc6da-f671″][vc_column_text]Various security objects are governed with the help of KPI (Key Performance Indicators). Let us take the example of windows patch, agreed KPI can be 99%. It means that 99% of the PCs will have the latest or last month’s patch. On similar lines various security objects can be managed.[/vc_column_text][/vc_tta_section][vc_tta_section title=”How does a Process Audit go?” tab_id=”1561976539736-9e89c913-0706″][vc_column_text]The first thing to do is to identify the scope of the audit followed by a document of the process. Study the document carefully and then identify the areas which you consider are weak. The company might have compensatory controls in place. Verify they are enough.[/vc_column_text][/vc_tta_section][vc_tta_section title=” What is the difference between policies, processes and guidelines?” tab_id=”1561976540424-fe2420f2-b136″][vc_column_text]As security policy defines the security objectives and the security framework of an organisation. A process is a detailed step by step how to document that specifies the exact action which will be necessary to implement important security mechanism. Guidelines are recommendations which can be customised and used in the creation of procedures.[/vc_column_text][/vc_tta_section][vc_tta_section title=”How do you handle AntiVirus alerts?” tab_id=”1561976541189-0f4c8b1a-c78c”][vc_column_text]Check the policy for the AV and then the alert. If the alert is for a legitimate file then it can be whitelisted and if this is malicious file then it can be quarantined/deleted. The hash of the file can be checked for reputation on various websites like virustotal, malwares.com etc. AV needs to be fine-tuned so that the alerts can be reduced.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is a false positive and false negative in case of IDS?” tab_id=”1561976541820-87b1762b-3b37″][vc_column_text]When the device generated an alert for an intrusion which has actually not happened: this is false positive and if the device has not generated any alert and the intrusion has actually happened, this is the case of a false negative.

[/vc_column_text][/vc_tta_section][vc_tta_section title=”Which one is more acceptable?” tab_id=”1561976542535-d214fe07-254e”][vc_column_text]False positives are more acceptable. False negatives will lead to intrusions happening without getting noticed.[/vc_column_text][/vc_tta_section][vc_tta_section title=”Software testing vs. penetration testing?” tab_id=”1561976550312-8986f966-23fe”][vc_column_text]Software testing just focuses on the functionality of the software and not the security aspect. A penetration testing will help identify and address the security vulnerabilities.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What are your thoughts about Blue team and red team?” tab_id=”1561976551324-76861213-cbdb”][vc_column_text]Red team is the attacker and blue team the defender. Being on the red team seems fun but being in the blue team is difficult as you need to understand the attacks and methodologies the red team may follow.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is you preferred – Bug bounty or security testing?” tab_id=”1561976552567-91bd973c-8c7d”][vc_column_text]Both are fine, just support your answer like Bug Bounty is decentralised, can identify rare bugs, large pool of testers etc.[/vc_column_text][/vc_tta_section][vc_tta_section title=”Tell us about your Professional achievements/major projects?” tab_id=”1561976553312-28ff851a-75f8″][vc_column_text]This can be anything like setting up your own team and processes or a security practice you have implemented. Even if the achievement is not from a security domain just express it well.[/vc_column_text][/vc_tta_section][vc_tta_section title=”2 quick points on Web server hardening?” tab_id=”1561976553936-d2a4ab88-69b6″][vc_column_text]Web server hardening is filtering of unnecessary services running on various ports and removal of default test scripts from the servers. Although web server hardening is a lot more than this and usually organisations have a customised checklist for hardening the servers. Any server getting created has to be hardened and hardening has to be re-confirmed on a yearly basis. Even the hardening checklist has to be reviewed on a yearly basis for new add-ons.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What is data leakage? How will you detect and prevent it?” tab_id=”1561976554592-cb602b27-921d”][vc_column_text]Data leak is when data gets out of the organisation in an unauthorised way. Data can get leaked through various ways – emails, prints, laptops getting lost, unauthorised upload of data to public portals, removable drives, photographs etc. There are various controls which can be placed to ensure that the data does not get leaked, a few controls can be restricting upload on internet websites, following an internal encryption solution, restricting the mails to internal network, restriction on printing confidential data etc.[/vc_column_text][/vc_tta_section][vc_tta_section title=”What are the different levels of data classification and why are they required?” tab_id=”1561976555296-95676270-308e”][vc_column_text]Data needs to be segregated into various categories so that its severity can be defined, without this segregation a piece of information can be critical for one but not so critical for others. There can be various levels of data classification depending on organisation to organisation, in broader terms data can be classified into:

  • Top secret – Its leakage can cause drastic effect to the organisation, e.g. trade secrets etc.
  • Confidential – Internal to the company e.g. policy and processes.
  • Public – Publically available, like newsletters etc.

[/vc_column_text][/vc_tta_section][vc_tta_section title=” In a situation where a user needs admin rights on his system to do daily tasks, what should be done – should admin access be granted or restricted?” tab_id=”1561976559480-c332b93a-5228″][vc_column_text]Users are usually not provided with admin access to reduce the risk, but in certain cases the users can be granted admin access. Just ensure that the users understand their responsibility. In case any incident happens, the access should be provided for only limited time post senior management approval and a valid business justification.[/vc_column_text][/vc_tta_section][vc_tta_section title=” What are your views on usage of social media in office?” tab_id=”1561976574628-aa583351-1e65″][vc_column_text]Social media is acceptable, just ensure content filtering is enabled and uploading features are restricted. Read only mode is acceptable till the time it does not interfere with work.[/vc_column_text][/vc_tta_section][/vc_tta_accordion][/vc_column][/vc_row]

WhatsApp us