1. Do you know what is the 80/20 rule of networking?

80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain local while 20% is routed towards a remote network.

2. What is security Essentials (GSEC)?

It declares that candidate is expert in handling basic security issues- it is the basic certification in security

3. Explain me what's more secure, SSL or HTTPS?

Trick question: these are not mutually exclusive. Look for a smile like they caught you in the cookie jar. If they're confused, then this should be for an extremely junior position.

4. Tell me what's the difference between symmetric and public-key cryptography?

Standard stuff here: single key vs. two keys, etc, etc.

5. Tell me what port does ping work over?

A trick question, to be sure, but an important one. If he starts throwing out port numbers you may want to immediately move to the next candidate. Hint: ICMP is a layer 3 protocol (it doesn't work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols.

6. Do you know what's the difference between HTTP and HTML?

Obviously the answer is that one is the networking/application protocol and the other is the markup language, but again, the main thing you're looking for is for him not to panic.

7. Explain what is the primary reason most companies haven't fixed their vulnerabilities?

This is a bit of a pet question for me, and I look for people to realize that companies don't actually care as much about security as they claim to–otherwise we'd have a very good remediation percentage. Instead we have a ton of unfixed things and more tests being performed.

Look for people who get this, and are ok with the challenge.

8. Do you know what is XSS?

Cross-site scripting, the nightmare of Javascript. Because Javascript can run pages locally on the client system as opposed to running everything on the server side, this can cause headaches for a programmer if variables can be changed directly on the client's webpage. There are a number of ways to protect against this, the easiest of which is input validation.

9. Tell me what is data protection in transit vs data protection at rest?

When data is protected while it is just sitting there in its database or on its hard drive- it can be considered at rest. On the other hand, while it is going from server to client it is in-transit. Many servers do one or the other- protected SQL databases, VPN connections, etc, however there are not many that do both primarily because of the extra drain on resources. It is still a good practice to do both however, even if it does take a bit longer.

10. Do you know what is the CIA triangle?

Confidentiality, Integrity, Availability. As close to a ‘code' for Information Security as it is possible to get, it is the boiled down essence of InfoSec. Confidentiality- keeping data secure. Integrity- keeping data intact. Availability- keeping data accessible.

Download Interview PDF

11. Do you know what is social engineering?

“Social engineering” refers to the use of humans as an attack vector to compromise a system. It involves fooling or otherwise manipulating human personnel into revealing information or performing actions on the attacker's behalf. Social engineering is known to be a very effective attack strategy, since even the strongest security system can be compromised by a single poor decision. In some cases, highly secure systems that cannot be penetrated by computer or cryptographic means, can be compromised by simply calling a member of the target organization on the phone and impersonating a colleague or IT professional.

12. Tell me is there any difference between Information Security and IT Security? If yes, please explain the difference?

Yes. Information Security and IT Security are both different terms often used interchangeably. IT Security focuses on purely technical controls (like implementing antivirus, firewall, hardening systems etc) while Information Security is more wider term which implies securing “information” as an asset be it in any form. (ex shredding of paper documents to prevent dumpster driving etc). So IT security can be considered as a subset of Information Security.

13. Do you know what is residual risk?

I'm going to let Ed Norton answer this one: “A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.” Residual Risk is what is left over after you perform everything that is cost-effective to increase security, but to go further than that is a waste of resources. Residual risk is what the company is willing to live with as a gamble in the hopes that it won't happen.

14. Tell me what is the role of information security analyst?

From small to large companies role of information security analyst includes:

☛ Implementing security measures to protect computer systems, data and networks
☛ Keep himself up-to-date with on the latest intelligence which includes hackers techniques as well
☛ Preventing data loss and service interruptions
☛ Testing of data processing system and performing risk assessments
☛ Installing various security software like firewalls, data encryption and other security measures
☛ Recommending security enhancements and purchases
☛ Planning, testing and implementing network disaster plans
☛ Staff training on information and network security procedures

15. What is certified Security Leadership?

It declares the certification of management abilities and the skills that is required to lead the security team

16. Tell us can you describe rainbow tables?

Look for a thorough answer regarding overall password attacks and how rainbow tables make them faster.

17. Tell me why is DNS monitoring important?

If they're familiar with infosec shops of any size, they'll know that DNS requests are a treasure when it comes to malware indicators.

18. Tell me what are the various ways to handle account brute forcing?

Look for discussion of account lockouts, IP restrictions, fail2ban, etc.

19. Tell me what personal achievement are you most proud of?

For me at least, this one is easy- getting my CISSP. I studied for months, did every possible thing I could to improve my recall and asked for anybody and everybody to help ask questions and modify them in ways to make me try to think around corners. Everybody has at least one thing that they are proud of, and while this and the next question may be the same answer, all that matters is showing that you are willing to move forward and willing to be self-motivated.

20. Tell us you need to reset a password-protected BIOS configuration. What do you do?

While BIOS itself has been superseded by UEFI, most systems still follow the same configuration for how they keep the settings in storage. Since BIOS itself is a pre-boot system, it has its own storage mechanism for its settings and preferences. In the classic scenario, simply popping out the CMOS (complementary metal-oxide-semiconductor) battery will be enough to have the memory storing these settings lose its power supply, and as a result it will lose its settings. Other times, you need to use a jumper or a physical switch on the motherboard. Still other times you need to actually remove the memory itself from the device and reprogram it in order to wipe it out. The simplest way by far however is this: if the BIOS has come from the factory with a default password enabled, try ‘password'.

21. Explain me how do you protect your home Wireless Access Point?

This is another opinion question – there are a lot of different ways to protect a Wireless Access Point: using WPA2, not broadcasting the SSID, and using MAC address filtering are the most popular among them. There are many other options, but in a typical home environment, those three are the biggest.

By now you've seen more than a fair amount of troubles. You've got a toolkit of regularly used programs, a standard suite of protection utilities, you're comfortable with cleanups and you've spent quite a bit of time discovering that there are a lot of ways to make things go boom. You've also seen that it doesn't take much to have data disappear forever, and that you need help to protect and manage it. By this stage you are more than likely a member of a team rather than a lone figure trying to work out everything, and as a result you are now on the specialization track. You may or may not however have a pointed hat and a predisposition to rum.

22. Tell me what is the difference between Information Protection and Information Assurance?

Information Protection is just what it sounds like- protecting information through the use of Encryption, Security software and other methods designed to keep it safe. Information Assurance on the other hand deals more with keeping the data reliable – RAID configurations, backups, non-repudiation techniques, etc.

23. Tell me what makes a script fully undetectable (FUD) to antivirus software? How would you go about writing a FUD script?

A script is FUD to an antivirus when it can infect a target machine and operate without being noticed on that machine by that AV. This usually entails a script that is simple, small, and precise

To know how to write a FUD script, one must understand what the targeted antivirus is actually looking for. If the script contains events such as Hook_Keyboard(), File_Delete(), or File_Copy(), it's very likely it wil be picked up by antivirus scanners, so these events are not used. Further, FUD scripts will often mask function names with common names used in the industry, rather than naming them things like fToPwn1337(). A talented attacker might even break up his or her files into smaller chunks, and then hex edit each individual file, thereby making it even more unlikely to be detected.

As antivirus software becomes more and more sophisticated, attackers become more sophisticated in response. Antivirus software such as McAfee is much harder to fool now than it was 10 years ago. However, there are talented hackers everywhere who are more than capable of writing fully undetectable scripts, and who will continue to do so. Virus protection is very much a cat and mouse game.

24. Tell me how would you lock down a mobile device?

Another opinion question, and as usual a lot of different potential answers. The baseline for these though would be three key elements: An anti-malware application, a remote wipe utility, and full-disk encryption. Almost all modern mobile devices regardless of manufacturer have anti-malware and remote wipe available for them, and very few systems now do not come with full-disk encryption available as an option directly within the OS.

Download Interview PDF

25. What is certified Forensic Analyst?

It certifies the ability of an individual to conduct formal incident investigation and manage advanced incident handling scenarios including external and internal data breach intrusions