300 InfoSec Interview questions..
Hacking Madrid..defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction
If you are an infosec expert should know each and every one of the answers to these questions .. It's simple, responds!
If you are an infosec expert should know each and every one of the answers to these questions .. It's simple, responds!
300 InfoSec
Interview questions
1 What is the
extent of your web application development experience?
2 Aside from
taking courses, what sorts of things have you done to become better qualified
for your pursuits
as an IT Professional?
3 What port
does ping work over?
4 What’s the
difference between HTTP and HTML?
5 What does
RSA stand for?
6 What
conferences do you routinely attend?
7 How do you
create SSL certificates, generically speaking?
8 What is
meterpreter?
9 With regard
to forensics, what is physically different about how the
platters are used in a
3.5” and
a 2.5” HDD?
10 Describe
the last program or script that you wrote. What problem did it solve?
11 What’s the
difference between a router, a bridge, a hub and a switch?
12 What’s port
scanning and how does it work?
13 What’s the
better approach setting up a firewall: dropping or rejecting
unwanted packets
and
why?
14 Please
describe the steps to be taken by a company implementing an ISMS framework
15 Can we
perform VA remotely?
16 What
experience do you have with Data Loss Prevention (DLP)
17 Are you a
risk-taker. Would you risk our IT?
18 Give me an
example of when you thought outside of the box. How did it
help your employer?
19 Provide an
example of a time when you successfully organized a diverse group of people to accomplish a
task.
20 Share an
experience in which your understanding of a current or upcoming problem helped
your company to
respond to the problem.
21 Provide an
experience that demonstrates your ability to manage time effectively. What were
the challenges and
results?
22 Share an
experience in which you conducted a test of a product, service, or process and successfully
improved the quality or performance of the product, service, or process.
23 What is
Spyware?
24 Can a page
file hold sensitive data?
25 What do you
see as the most critical and current threats effecting Internet accessible
websites?
26 Is NT
susceptible to flood attacks?
27 Are some
Web server software programs more secure than others?
28 Have you
worked with building and maintaining networks?
29 What makes
you a good IT professional?
30 How does
HTTP handle state?
31 I have just
plugged in my network cable. How many packets must leave my NIC in order to complete a
trace route to twitter.com?
32 What is
DES?
33 What papers
have you written?
34 What is DNS
Hijacking?
35 What is
LDAP?
36 What are
DCO and HPA?
37 Can DCO and
HPA be changed?
38 Are there
limitations of Intrusion Detection Signatures?
39 What are
Linux’s strengths and weaknesses vs. Windows?
40 Please
explain how the SSL protocol works.
41 Please
explain how asymmetric encryption works
42 Please
detail 802.1x security vs. 802.11 security (don’t confuse the
protocols).
43 Why did you
become (Certified Ethical Hacker) certified?
44 If we want
to launch any new product or services in the market how will
you perform risk assessment
45 How can you
configure a network router from the CLI?
46 Is it
possible to use packet filters on an NT machine?
47 What do you
see as the most critical and current threats effecting Internet accessible
websites?
48 Would you
consider analyzing data or information a strength? How so?
49 Share an
experience in which your attention to detail and thoroughness had an impact on
your last company.
50 How do you
determine when to update virus protection systems?
51 Describe an
effective method you have used to maintain permanent fleet cryptologic and carry-on
direct support systems.
52 Provide an
example when you were able to prevent a problem because you foresaw the
reaction of another
person.
53 How can I
avoid computer viruses?
54 What is
Stuxnet?
55 What is
WireShark?
56 What do you
see as challenges to successfully deploying/monitoring web intrusion detection?
57 What ports
must I enable to let NBT (NetBios over TCP/IP) through my firewall?
58 Are
server-side includes insecure?
59 In which
area of networking do you consider yourself most competent and why?
60 What
specific automated tools have you used to recover deleted files?
61 What
exactly is Cross Site Scripting?
62 How would
you build the ultimate botnet?
63 What is
Triple DES?
64 What is the
secret sauce to a Cisco command?
65 What are
IDA and/or Olly?
66 Why is LDAP
called Light weight?
67 What was
ISO 17799 originally called?
68 What’s the
difference between a threat, vulnerability, and a risk?
69 What is a
Syn Flood attack, and how to prevent it?
70 Can a
server certificate prevent SQL injection attacks against your
system? Please
explain.
71 What is stateful
packet inspection?
72 During an
audit, an interviewee is not disclosing the information being requested. How
would you over come this
situation?
73 How will
you implement BCP
74 What are
the ways to secure a Linux system?
75 What do you
see as challenges to successfully deploying/monitoring web intrusion detection?
76 Provide an
example when your ethics were tested.
77 Provide an
example of when you were persistent in the face of obstacles.
78 What have
you found
79 Share an
experience in which your diligence of inspecting equipment, structures, or
materials
helped you
identify a problem or the cause of a problem.
80 Tell me
about the last time you oversaw the work of someone else. How did you
effectively motivate,
develop, and direct the worker(s)?
81 What is
computer impersonation?
82 Where do I
get patches, or, what is a Service Pack or a Hot Fix?
83 What is
Authenticode?
84 Intrusion
Detection and Recovery questions
85 What are
the most important steps you would recommend for securing a
new web server?
86 What should
I think about when using SNMP?
87 How do I
secure Windows 2000 and IIS 5.0?
88 Give two
examples of things you’ve done on the job or in school that
demonstrate your willingness to
work hard.
89 When
solving a problem, tell me about the steps you go through to ensure your
decisions are correct
/effective.
90 What’s the
difference between stored and reflected XSS?
91 What is
NMAP?
92 How is
session management handled with both HTTP and HTTPS request/responses?
93 Have you
hacked any system?
94 What are
the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?
95 Describe a
time when you implemented defense in depth.
96 What areas
does ISO 27001 and 27002 cover?
97
Cryptographically speaking, what is the main method of building a shared secret
over a public medium?
98 Your
network has been infected by malware. Please walk me through the process of
cleaning up the
environment.
99 Do you have
a home lab? If so, how do you use it to perfect your skills.
100 What is
NAT and how does it work?
101 Within the
PCI-DSS sphere, what is a compensating control?
102 How will
you take approval from management to implement security control.
103 Tell me
about cross site request forgery and why should I care.
104 What are
the most important steps you would recommend for securing a new web server? Web application?
105 Name a
time when your patience was tested. How did you keep your emotions in check?
106 Share an
example of when you established and accomplished a goal that was personally challenging.
What helped you succeed?
107 Name a
time when your creativity or alternative thinking solved a problem in your
workplace.
108 Describe a
time when you successfully persuaded another person to change his/her way of thinking or
behavior.
109 What are
privileges (user rights)?
110 What is a
SID (Security ID)?
111 What
servers have TCP ports opened on a NT system?
112 Current
Awareness of Security Issues questions
113 What are
some examples of you how you would attempt to gain access?
114 What are
giant packets?
115 Is Windows
NT susceptible to the PING attack?
116 What is
the IIS Lockdown Tool?
117 What is
the most difficult task you have performed or learned about with group policy
with a Windows
Server?
118 Which do
you prefer, Windows, Mac, or Linux and why?
119 What are
the common defenses against XSS?
120 Describe a
session fixation vulnerabilities and when it occurs?
121 What is
the primary difference between traceroute on Unix/Linux and tracert on Windows?
122 What is
the security threat level today at the Internet Storm Center (ISC)?
123 Have you
released any worm/ trojan/ malicious code in the wild?
124 How will
you determine if a file is packed or not?
125 Define an
incident?
126 What’s the
difference between Diffie-Hellman and RSA?
127 What kind
of authentication does AD use?
128 What is a
Man In The Middle attack?
129 What is a
buffer overflow?
130 Who is the
ultimate responsible to classify a company’s information:
the Infosec Team or
the information
owner?
131 How will
you communicate VA and PT report to higher management?
132 What are
the 7 layers of the OSI model?
133 If you
were not using Apache as the reverse proxy, what Microsoft application/tool
could you use to mitigate this attack?
134 What are some long-range objectives that you
developed in your last job? What did you do to achieve them?
135 How would you rate your writing skills?
136 Share an experience in which you successfully
modified computer security files.
137 Tell me
about a time when you developed your own way of doing things or were
self-motivated to finish an
important task.
138 What is
this (X) IDS signature mean?
139 What is an
ACE (Access Control Entry)?
140 What is a
NULL session?
141 What is
there to worry about Web Security?
142 How could
you identify what the contents are of the hacked.htm file that the attacker is
trying to upload?
143 What is
Rollback.exe?
144 What is
the Microsoft Baseline Security Analyzer?
145 It is very
important to build good relationships on the job, but sometimes it doesn’t
always work out.
146 If you
can, tell me about a time when you were not able to build a successful
relationship with a difficult person.
147 What are
you most proud of?
148 What’s the
difference between symmetric and public-key cryptography
149 What is
Cross-site scripting (XSS)?
150 What kind
of lab do you have at home?
151 Explain
SOX, HIPAA, PCI and GLB (if applicable). What do you see as the most critical
and current threats
effecting Internet accessible websites?
152 If i give
you two DLLs of different versions, one has the vulnerability and another is
patched for that
vulnerability then how will you find the vulnerability?
153 Do you
have Rainbow tables?
154 What was
the last training course you attend? Where? When? Why?
155 What is
the difference between Encrypting and Encoding?
156 What kind
of attack is a standard Diffie-Hellman exchange vulnerable to?
157 What’s the
difference between a Proxy and a Firewall?
158 Take me
through the process of pen testing a system.
159 What are
the most common application security flaws?
160 Please
describe the process of evaluating and analyzing risks.
161 What is
CSRF attack?
162 What is
your vision for our security organization?
163 Tell me
how you organize, plan, and prioritize your work.
164 Share a
time when you willingly took on additional responsibilities or
challenges. How
did you successfully
meet all of the demands of these responsibilities?
165 Provide an
example of a time when you were able to demonstrate excellent listening skills.
What was the
situation and outcome?
166 Share an
experience in which your ability to consider the costs or benefits of a
potential action helped you
choose the most appropriate action.
167 Please
share with me an example of how you helped coach or mentor someone. What improvements
did you see in the person’s knowledge or skills?
168 Share an
experience in which you used new training skills, ideas, or a method to adapt
to a new situation or
improve an ongoing one.
169 What is an
ACL (Access Control List)?
170 What is
SRM (Security Reference Monitor)?
171 What is
Shutdown.exe?
172 Are some
operating systems more secure to use as platforms for Web servers than others?
173 I am new
to the Internet and have been hearing a lot about viruses. I am not exactly
sure what they are. Can
you help?
174 What is
AFTP, NVAlert and NVRunCmd?
175 What
online resources do you use to keep abreast of web security issues?
176 Can you
give an example of a recent web security vulnerability or threat?
177 What are
three characteristics of a good manager?
178 What are
your best qualities when looking at your job experience?
179 In
public-key cryptography you have a public and a private key, and you often
perform both encryption and
signing functions. Which key is used for which function?
180 In a
public key infrastructure (PKI), the authority responsible for the
identification and authentication
of an applicant for a digital certificate (i.e., certificate subjects) is
called what?
181 What is a
Buffer Overflow?
182 What do
you see as challenges to successfully deploying/monitoring web intrusion
detection?
183 What is
the latest security breach you’re aware of?
184 What is
dsniff?
185 Describe
the last security implementation you were involved with.
186 What can protect
you 100% from attack?
187 What’s the
goal of information security within an organization?
188 What is
Cross-Site Scripting and how can it be prevented?
189 What is
vulnerability test and how do you perform it?
190 What is a
false positive?
191 What
actions would you take to change end user behavior towards
InfoSec?
192 what is
the difference of pen testing and vulnerability assessment?
193 What do
you think about security convergence and its effect on our
company?
194 Share an
effective method you have used to prevent violations of computer security
procedures.
195 Provide a
time when you dealt calmly and effectively with a high-stress situation.
196 Provide a
time when you worked in a rapidly evolving workplace. How did you deal with the change?
197 Describe
an effective method you have used to ensure functioning of data processing
activities and security
measures.
198 Share an
experience in which personal connections to coworkers or others helped you to
be successful in
your work.
199 Provide an
experience in which your ability to actively find ways to help people improved
your company or
your own work ethic.
200 What makes
a strong password?
201 What is
SAM (Security Account Manager)? and ADAM?
202 What is
CryptoAPI?
203 Are CGI
scripts insecure?
204 What is
the security threat level today at the Internet Storm Center (ISC)?
205 There are
a number of things to do to get better security on remote connections
206 Imagine
that we are running an Apache reverse proxy server and one of the servers we
are proxy
for is a
Windows IIS server. What does the log entry suggest has happened?
207 Tell us
about a time when you took responsibility for an error/mistake and were held
personally accountable.
208 What kind
of network do you have at home?
209 What’s the
difference between encryption and hashing?
210 What is a
NOP Sled?
211 What are
the most important steps you would recommend for securing a new web server?
212 Can a
Virtual Operating System be compromised?
213 Have you
ever used FTK, Encase, dc3dd, dd_rescue or dcfldd?
214 Design a
RADIUS infrastructure for 802.11 security and authentication.
215 How
exactly does traceroute/tracert work at the protocol level?
216 Are
open-source projects more or less secure than proprietary ones?
217 What’s the
difference between symmetric and asymmetric encryption?
218 What are
the latest threats you foresee for the near future?
219 What is
ISO 27001 and why should a company adopt it?
220 How do you
ensure a secure software development?
221 What are
the best practices to be followed?
222 what is
the security implication of using mobile devices for enterprises?
223 How do you
sell security to other executives?
224 Name a
time when you identified strengths and weaknesses of
alternative solutions to
problems.What was the
impact?
225 Share an
example of when you went above and beyond the “call of duty”.
226 Provide a
successful method you have used to monitor the use of data files and regulate
access to safeguard
information in computer files.
227 Share an
effective method you have used to ensure system security and improve server and network
efficiency.
228 How do you
promote security awareness?
229 Please
share an experience in which you successfully taught a difficult principle or
concept. How were you able
to be successful?
230 Describe
an experience in which your ability to work well with others and reconcile
differences helped your
company or employer.
231 How can I
avoid Spyware?
232 What is an
access token?
233 How do we
“lock down” a new system?
234 What
general security precautions should I take?
235 What is
LSA (Local Security Authority)? And DEP? and ASLR?
236 Can I
grant access to someone to view or change the logfiles?
237 What
applications can generate log files?
238 What do
you know about our company and why are you interested in working/interning with
us?
239 Can an
attacker place a virus within BIOS?
240 What is a
Certificate Authority?
241 What is
CHAP: Challenge Handshake Authentication Protocol?
242 What is a
Cyclical Redundancy Check?
243 What is a
Certification Revocation List?
244 Can a
distributed denial of service be prevented?
245 What are
the Digital Encryption Standards?
246 What is a
Dynamic Host Configuration Protocol?
247 What is a
Dynamic Link Library?
248 What is a
demilitarized zone?
249 Explain
what exactly a Domain Name Service (Server) is?
250 How do you
make a disaster recovery plan?
251 What is a
Digital Signature Algorithm?
252 What is
the Extensible Authentication Protocol?
253 What is a
Elliptic Curve Cryptography?
254 Can all
file systems be encrypted?
255 What is a
Electromagnetic Interference?
256 What is an
Encapsulated Security Payload?
257 Is the
File Transfer Protocol a hack-proof protocol?
258 What is a
Hashed Message Authentication Code?
259 What is
the difference between IPv4 and IPv6?
260 Do you
ever use Internet Relay Chat?
261 ISP: Internet
service provider?
262 What is
the Lightweight Directory Access Protocol?
263 What is
Mandatory Access Control?
264 What is
the Master Boot Record?
265 What is
the Message Digest 5?
266 What is
the Microsoft Challenge Handshake Authentication Protocol?
267 What is
the Maximum Transmission Unit?
268 What is a
Network Based Intrusion Detection System?
269 What is
the National Institute of Standards & Technology?
270 What is a
network operating system?
271 What is
the New Technology File System?
273 What is
the Open Vulnerability and Assessment Language?
274 What is
the Password Authentication Protocol?
275 What is
the Port Address Translation?
276 What is
the Private Branch Exchange?
277 What is
the Protected Extensible Authentication Protocol?
278 What is a
Personal Electronic Device?
279 What is
Pretty Good Privacy?
280 What does
Personally Identifiable Information mean?
281 What is a
Public Key Infrastructure?
282 Explain
the Point-to-point Protocol?
283 Explain
the Point to Point Tunneling Protocol?
284 What is a
Pre-Shared Key?
285 What is a
Recovery Agent?
286 What is a
Rapid application development?
287 What is a
Remote Authentication Dial-In User Service?
288 What is a
Rapid Application Development?
289 What are
Redundant Array of Inexpensive Disks?
290 What is a
Role-Based Access Control?
291 RSA:
Rivest, Shamir, and Adleman?
292 What is a
Real-Time Transport Protocol?
293 What are
Secure Multipurpose Internet Mail Extensions?
294 Explain
Software as a Service?
295 What is
the Security Content Automation Protocol?
296 What is a
Small Computer System Interface
297 What is a
Software Development Life Cycle?
298 How does a
Secure Hashing Algorithm work?
299 What is
the Secure Hypertext Transfer Protocol?
300 What is a
service-level agreement?
If you answered all, you still do not know anything .. You must practice the theory;)
Live Free of Die Hacking