View note:Security-Interview-Questions-Advanced



Questions of this subject!.

QuestionLikes!Dislikes!Answers!
1)How often should Patch management be performed?

000
2)How do you govern various security objects?

000
3)How does a Process Audit go?

000
4)What is the difference between policies, processes and guidelines?

000
5) How do you handle AntiVirus alerts?

000
6)What is a false positive and false negative in case of IDS?

000
7)Which one is more acceptable?

000
8)difference between Software testing and. penetration testing

000
9)What are your thoughts about Blue team and red team?

000
10)What do you prefer - Bug bounty or security testing?

000
11)Tell us about your Professional achievements/major projects?

000
12)2 quick points on Web server hardening?

000
13)What is data leakage? How will you detect and prevent it?

000
14)What are the different levels of data classification and why are they required?

000
15)In a situation where a user needs admin rights on his system to do daily tasks, what should be done – should admin access be granted or restricted?

000
16)What are your views on usage of social media in office?

000
17)What are the various ways by which the employees are made aware about information security policies and procedures?

000
18)In a situation where both Open source software and licensed software are available to get the job done. What should be preferred and why?

001
19)When should a security policy be revised?

000
20)What all should be included in a CEO level report from a security standpoint?

000
21)How do you report risks?

000
22)What is an incident and how do you manage it?

000
23)Is social media secure?

000
24)what is Chain of custody?

000
25)How should data archives be maintained?

000
26)What are your thoughts on BYOD?

000
27)Describe the process of a TLS session being set up when someone visits a secure website.

001
28)What are some common ways that TLS is attacked, and/or what are some ways it’s been attacked in the past?

001
29)Cryptographically speaking, what is the main method of building a shared secret over a public medium?

001
30)What is Forward Secrecy?

001
31)What is an IV used for in encryption?

001
32)What are block and stream ciphers? What are the differences, and when would you use one vs. the other?

002
33)What’s the main difference in security between ECB and CBC?

002
34)What port does ping work over?

001
35)Do you prefer filtered ports or closed ports on your firewall?

001
36)How does a buffer overflow work?

001
37)Describe the last program or script that you wrote. What problem did it solve?

001
38)How would you implement a secure login field on a high traffic website where performance is a consideration?

001
39)How does HTTP handle state?

001
40)What is the primary reason most companies haven’t fixed their vulnerabilities?

001
41)What’s the goal of information security within an organization?

001
42)What is 2FA and how can it be implemented for public websites?

001