25 DXC Technology Interview Questions & Answers
1. Tell me the key to ensuring your company or client complies with all laws, regulations, and standards when leadership defines a business integration strategy?
How to Answer
Companies often require enterprises to proactively mitigate risk and ensure that business executives are acting in a responsible manner. Compliance, Regulations, and Laws are words that hover around business leaders all the time. They not only have to be mindful of these words, but to be shining examples of how to act according to these mandates.
Hiring managers are looking for candidates who can talk about examples of compliance, regulations, and laws that apply to business strategies. A hiring manager is asking this question for three reasons. 1. Do you understand and follow your company's compliance laws? 2. What are the keys to ensuring everyone complies with these laws and regulations? 3. How are these regulations and standards applied to integration strategies at the executive level? It would be advisable to look up and better understand these five corporate compliance mandates an organization has to adhere to.
1. GDPR - General Data Protection Regulation
2. PCI-DSS - Payment Card Industry Data Security Standards
3. HIPPA - Health Insurance Portability and Accountability Act
4. SOX - Sarbanes-Oxley Act
5. FIPS - Federal Information Processing Standard
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"Adhering to compliance standards, and various business laws and regulations can be a challenge. I understand that our clients and we are held to a high standard to perform, and at the same time be accountable for our actions. As part of my role, I was required to set corporate governance policies like regulations, standards, and business laws. I was responsible for making sure that once policies were set, they were periodically reviewed and enforced across the company. Since a lot of compliance regulations govern various industries, it often requires enterprises to proactively take risk mitigation measures that safeguard the organizations health and well being. I know it's a tough task and often means going through a lot of red tape to meet every single regulation that applies to a business. Because of my vast knowledge with compliance, I've also been assigned as the liaison for all audits conducted by external regulatory consultants."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"When leadership outlines standards and regulatory policy, it comes to my attention. I then review all policies to ensure we are complying with all related business standards, procedures, and laws. There are five compliance standards that I have experience implementing.
1. General Data Protection Regulation - (Standardizes data protection while extending strict rules on controlling identifiable information).
2. Payment Card Industry Data Security Standards - (Protect stored cardholder information, and provide a secure network to facilitate transactions).
3. Health Insurance Portability and Accountability Act - (To safeguard patient privacy, to protect personal data, and to govern sensitive medical patient data).
4. Sarbanes-Oxley Act - (Ensures end-to-end security of financial data throughout IT departments.)
5. Federal Information Processing Standard - (A cryptography standard that is designed to protect data within government agencies and financial institutions)."
2. Can you tell me what the difference is between stored and reflected XSS, and the common defenses against XSS?
How to Answer
To better understand why an interviewer would ask a question about an XXS script, let's examine what it is, and how you might be positioned to best answer this question. XSS, also known as Cross Site Scripting is a script that is used to attack a network or system with a malicious virus. There are two versions of this script, the first one is a stored XSS, and the other is a reflected XSS. The stored XSS is an attack that permanently injects a script on a server or database that allows the attacker to access confidential information. The reflected XSS is similar in that it also injects a malicious script into a web server or email in the form of an error. The attacker can then access confidential information after an unsuspecting victim clicks or opens up that link.
The reason the interviewer is asking this question is to see how familiar you are with XSS scripts. Many organizations make it a policy to train their employees on how to spot malicious or harmful viruses that come in the form of an email or web browser errors. Your answer to this question should address your level of expertise in this area, and what you have done to combat these attacks in the past. Mentioning that you were a part of a training program that educated employees on how to spot malicious emails and fake links will help give the interviewer a higher level of confidence in your technical abilities in this area. It also doesn't hurt if you mention some before and after improvements of how the company is doing as a result of your training initiative. This will also show that you are pro-active as well.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"When I address Cross-Site Scripting (XSS), or more specifically Stored XSS attacks, my first thought is how can I prevent future attacks from happening. Since Stored XSS attacks happen without the victim knowing they've been compromised, it's important for me to look at ways that we can inform our personnel about the various methods that attackers use to make you think that an email or browser plug-in, for example, is safe. I set up periodic informational training sessions to educate our personnel on how to spot these malicious attacks, and what to do if they come across any suspicious messages or errors. Another important part of my role is to cleanse Input validation and output sanitation."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"Reflected XSS attacks can occur at any time, so it's important for me to educate our employees, so they don't become a victim of these unsuspecting attacks. I always take a pro-active approach to these things, and have designed a series of educational classes to educate all employees on new attacks that have been discovered, and how to respond in case they may be targeted as an unsuspecting victim. One of the many things I cover in our training sessions is to show examples of what these emails and errors look like, and how to report them as soon as you notice them. In my role, I also have to make sure that I sanitize requests from the server side scripts to further reduce or eliminate vulnerabilities."
3. What's the difference between a threat, vulnerability, and a risk, and how do you assess the severity of a threat for example?
How to Answer
If you're a (CISSP) Certified Information Systems Security Professional, then you should know the difference between a threat, a vulnerability, and a risk. When you're starting a new job, you don't know the new environment, so you need to gather some basic information about where everything is, and how things were operating before you came along.
One of the first things you'll need to do is assess the landscape. You'll probably need to locate where the data resides, who is or was managing the data, and what the network diagram looks like. The hiring manager wants to see if you are experienced enough to ask these questions so that they know they're not dealing with a junior level candidate with limited experience in these areas.
After you have outlined what you would do when you start, they will dig a little deeper and ask you to explain the differences between threat, vulnerability and risk, and how you assess threats. As a general rule, you should talk about the differentiators among the three first, and then the process you follow to assess a threat. The interviewer's attention will be focused on how you assess a threat.
Here are a few items you may want to research further regarding assessments. Visibility touch points, Ingress and Egress filtering, and Vulnerability Assessments.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"My answer is that vulnerabilities should usually be the main focus of an organization since there is little control over the volume and consistency of threats that come in daily. In past roles when I started with a new company, the first thing that was on my task list was to perform a vulnerability assessment. This revealed a lot about the current state of risks and vulnerabilities to the network, and what needed to be done to close those gaps and secure all entry ports into the network. After doing a full assessment, I recorded visibility touch points to monitor where threats came from, and the strength and weakness of our vulnerabilities which helped me map out a long-term IT Security strategy plan."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"I've always been a strong believer that the best defense is a good offense. Companies are always under network security attacks, and if you leave yourself vulnerable, it's almost like playing whack-a-mole. You're constantly on the defensive when you should be pro-actively offensive. One of the methods I implemented in my last company was a Defense Threat Modeling method. This method takes monitoring to a new level by pro-actively seeking out methods that hackers use to infiltrate systems while being undetected. At the same time, I keep up to date with online periodicals from IT Security sources to learn about new threats and the risks they represent. Another way that I combat threats is by using Ingress and Egress Filtering. The Ingress method is used to prevent suspicious traffic from entering a network, and the Egress method is used to monitor or restrict data by means of a firewall that blocks packets that fail to meet the established security requirements."
4. What is the differences between 'scalability' and 'elasticity' when speaking in terms of cloud hosting?
How to Answer
If you are asked this type of question, the interviewer is attempting to confirm that you really understand the concepts of cloud hosting. They may also be genuinely trying to clarify this information for their own benefit. You should answer the question as clearly and succinctly as possible.
Written by William Swansen on March 25th, 2019
1st Answer Example
"Scalability is a characteristic of cloud computing which is used to handle the escalating workload by escalating in proportion amount of resource capacity. Using scalability, the service provider can easily and quickly add resources when the requirements are being raised by the client. On the other hand, Elasticity is a characteristic that provides for the concept of provisioning and de-provisioning a large amount of resource capacity dynamically. It is usually measured by the speed by which the resources are coming on demand and the usage of those resources. Scalability often refers to a permanent increase in resources whereas Elasticity is temporary, based on fluctuating demands or business activity."
Written by William Swansen on March 25th, 2019
2nd Answer Example
"That's a great question. People often confuse the concepts of scalability and elasticity. Scalability refers to the ability to easily increase the IT resources used by the organization. This is accomplished by using technology that can be increased quickly and with no disruption in service or downtime. Another characteristic of scalability is that it is typically permanent, and based on the growth of the organizations business. On the other hand, elasticity refers to the ability to dynamically add (provision) or remove (de-provision) IT resources based on fluctuations in business cycles or customer activity. Service providers in hosted clouds accomplish this by having "standby" resources on hand which can be turned on or off as needed. These resources are typically shared by multiple clients, who are only billed when they actually use them."
5. If a client is considering moving from an internal data center environment to our platform. What are the key issues you would recommend them addressing before making this move?
How to Answer
By asking this question, the interviewer is attempting to understand the depth of your knowledge about a hosted cloud computing environment and your ability to plan and manage client's transitions to the cloud without causing any disruption in their business.
Written by William Swansen on March 25th, 2019
1st Answer Example
"When transitioning to a hosted cloud environment, there are several things you need to consider. The first and most important is business continuity. You need to make sure that there is no downtime during and after moving to the cloud and that no data is lost or compromised. Another key consideration it the integrity of the data; you don't want it to be hacked or lost between the user and the cloud. Maintaining availability and access to the cloud is also important. Capacity planning is critical, and measures need to be taken to ensure there are enough computing and storage resources available to the users, and that additional resources can be provisioned or de-provisioned as needed. Finally, the company needs to be aware of any regulatory or compliance issues around data integrity and privacy when utilizing cloud hosting."
Written by William Swansen on March 25th, 2019
2nd Answer Example
"The key considerations when moving to a cloud hosted environment center around data integrity, availability, and compliance. You need to take measures to ensure that the company's data is secure, can't be compromised when communicating with the cloud, and can be recovered if lost. Most cloud hosting service providers can assist with this through the transition planning and execution process. Having a good backup and disaster recovery plan is also important. Availability of the information, applications and computing resources is the next most critical issue. Selecting the right cloud hosting service provider is the first step. They should offer SLA guarantees and have contingencies in place when issues occur. Finally, it is the company's responsibility to make sure that they are in compliance with any regulations and customer privacy requirements when they move to a cloud environment. Again, although not primarily responsible, the service provider can assist in providing the guarantees and documentation necessary to address this issue."
6. Explain what the difference is between Data Mining and Data Analytics, and tell me how you have used both in your recent projects?
How to Answer
Data Mining and Data Analytics go hand In hand in the world of big data. Data Mining is used to find patterns among large datasets, while Data Analytics is used to test hypothetical models on particular datasets. Over a period of time, you acquire skills that companies see as valuable to their organization. It's these skills that set you apart in the market. As you hone these skills over time, you become good at many different soft skills that accompany the technical skills. Here's where you can use a combination of these skills to articulate a compelling message that explains the differences between Data Mining and Data Analytics.
A very important question that might come from an interviewer is how much data do you analyze, and how do you manage that data without risking a security breach. Large scale big data projects use tools like Hadoop as a repository for this data. The reason I mention it is the hiring manger might ask what repository you use to store it, and what your level of confidence using this tool is.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"Data Mining and Data Analytics data is compiled by a number of different sources throughout a company. This data comes into the organization in many different forms from different formats, platforms, media, etc. It comes in different shapes, sizes, and venues like social media, social activity reports, customer surveys, emails, weblogs, sensors and bots related to the Internet of Things. I take this data and put it in the correct silos of a data warehouse, then break it down into data points that have relevant and usable data that the business can understand and use it to make business decisions. I was responsible for a data mining project that needed data to calculate operational expenses within the marketing group. They needed to know what it cost the Marketing department to run lead generation campaigns, and what the customer acquisition costs were."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"To me, comparing and contrasting two things like Data Mining and Data Analytics is an exercise that I enjoy a lot. I'm very passionate about data in general. Let me give you an example of these two, and how I used them in my current and past projects. Let's examine the difference between the two, and my experience using both. The Data Analytics process goes into the following steps: Project Definition, Data Collection, Data Analysis, Statistical Analysis, Data Modeling, and Deployment. The Data Mining process is a little different. The steps are Problem Definition, Data Collection, Data Analysis, Statistical Analysis, Data Modeling, Verification and Validation, and Insights. Now for my experience: In a recent project, I collected data from our websites to look at patterns in user behavior and website traffic for all our pages. This data was helpful to the Search Engine Optimization team so they could focus on redeveloping pages that were getting inquires and orders."
7. How does data drive a business' success?
How to Answer
Data-driven decision making is becoming a more significant topic every year. Companies can leverage data analytics to determine:
- Productivity
- Competitive analysis
- How, when, and where products are used
- Customer demographics
- Pattern analysis
- Business growth
Talk to the interviewer about the ways that you feel companies can best use data to drive the success of their business.
Written by Helen Lee on March 25th, 2019
1st Answer Example
"When I take a hard look at the many uses of data, I see that data can be collected in a plethora of ways to determine the success of a new product launch, competitive analysis, or patterns that occur, which may not be seen by the human eye. In my career, I have the most experience using data to help drive employee productivity and onboarding solutions which can save a company thousands of dollars."
Written by Helen Lee on March 25th, 2019
2nd Answer Example
"Data can drive every aspect of a business' success if approached and utilized correctly. In my experience, I have seen that companies underutilize what a full data analysis approach can do for them. Analytics programs should be set up for marketing, sales, employee productivity, product efficiency, competitive analysis and more."
8. Please share an experience in which you recommended a technology improvement, which helped the process, service, and performance of your company or your clients'?
How to Answer
Productivity is a critical aspect of any company. If you look at labor statistics, from the Bureau of Labor Statistics, it shows that there's been a constant drop in productivity from employees since the mid 2000s. That's why companies are so concerned about this issue. Hiring managers are well aware of this too.
Many experts are debating whether technology has caused this productivity to decline. At this point, the jury is still out. Hiring managers will hone in on this question and dig deep into your productivity, and the role you play in recommending technology to your company as a productivity improvement solution. Explain what types of technology you recommended and if it was implemented. If so, talk about how it has helped the company become more productive, or if there were other benefits as a result of your recommendation, like increased sales, reduced waste, better data insights, etc. Hiring managers love to hear this stuff.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"I've seen that using the right technology can make the difference between someone being productive and performing well at a company, and someone who abuses technology and isn't very productive at all. Whenever I have recommended a technology improvement solution to my organization, I did thorough research on that technology to make sure it works as advertised and that it's going to improve the performance of your company as a whole. I actually recommended a productivity app for the company that the project team and field reps would use while on the road. It was a planning tool with reminders so everyone would provide project notes, status, and updates on the part of the project each person was working on. It was easy to manage and is now being used throughout the company. It has improved productivity and performance for everyone in the company."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"Depending on how technology is used, it can be a blessing or a curse. I recommended a scheduling app that allows all team members to reserve conference rooms in any location that our company has offices in. It also provides notices to team participants to add notes, slide decks, and other pertinent information that will be helpful for the meetings. I also recommended an automation software that helps our accounting department make automatic payments to our vendors who provide consistent services and products with the same monthly billing amounts. As a result, this has saved the accounting team lots of time and effort on mailing bills and invoices. These are just a couple of examples of my recommendations. I take great pride in the way I analyze something to make sure it's the best solution for our company."
9. How would you convince a company that is still undecided about whether or not they should continue managing their own data center or move to a hosted cloud?
How to Answer
Being able to convince potential clients to join DXC Technology's cloud services is a key skill that hiring managers are looking for. By asking this question, the interviewer is attempting to determine your knowledge of a hosted cloud and your opinion of the benefits.
Written by William Swansen on March 25th, 2019
1st Answer Example
"There are several benefits to moving to a hosted cloud. The key benefit is cost, based on the ability to only providing the resources you need. You can scale up the resources during peak business periods and then de-provision them when they are no longer needed. This is difficult in a self-managed data center environment. Other advantages include more secure data and backup, built-in disaster recovery, more flexible software licensing by using Software as a Service (SaaS) and it is platform and OS agnostic. These features provide the organization with greater flexibility. The final benefit is increased productivity. The company can focus on its business rather than running an IT department."
Written by William Swansen on March 25th, 2019
2nd Answer Example
"Hosted Cloud service providers provide an organization like yours several benefits. The key benefit is cost savings. Moving to a hosted environment allows you to 'rent' your computer resources and only use what you need. This includes compute, storage and even software, using the SaaS model. You pay for what you need when you need it, then put it back on the shelf and don't pay when you're not using it. Other advantages include focusing on your core business vs. running an IT department, being platform and OS agnostic, and being able to use the most productive or popular technologies. Finally, you will be operating in a secure computing environment with SLAs, backups and disaster recovery included with the services."
10. Big Data can be an efficient tool to monitor and grow a business, but can have challenges if not properly implemented. What challenges have you encountered while working with big data?
How to Answer
Any implementation if not monitored and managed correctly can turn into a complete disaster. This is especially true of Big Data. When you're dealing with large volumes of sales data, customer data, even confidential data, it makes it that much more important to ensure that you mitigate risk at every level of the implementation process. Having prior experience with successful implementations in the big data space will give you a distinct advantage.
A hiring manager wants to hear about the challenges you had with past big data implementations. Managers know that implementations don't always go as planned, so they will be listening carefully to see if you own up to your mistakes or blame others for things that go wrong. It goes without saying, but you never badmouth your company, subordinates or colleagues. A good way to turn this question around is to give an example of a big data implementation that didn't go as planned, but that you were able to get it back on track by re-evaluating the process, the requirements and your team's ability and experience to get this implementation completed successfully.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"I have used Business Intelligence tools like ETL, Informatica, Tableau, QLIK, and Power BI. These tools have helped me shape my knowledge base and career path over the years. I enjoy working with data because it's fun to work with, and I get enjoyment out of it. It has been my experience that big data doesn't always work as advertised. I did have some set-backs on a couple of projects that I managed, and the way I was able to resolve some of the impending issues was I had to re-assess the overall situation, and after doing that, was able to figure out that there was miscommunication between team members and the understanding of the final delivery of the implementation. The issue was the data wasn't being analyzed thoroughly enough to use it as accurate data for the business."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"A lot of technologies are used simultaneously in the implementation process of a big data project. One area that can't be overlooked is storage. My experience with implementations is that if you have the right infrastructure in place like software-defined storage, compression, duplication, and tiering; it can reduce the amount of space and costs associated with big data implementations. If you don't have these in place before you start the implementation, then you're setting yourself up for failure. I was involved in a project that was delayed for a few reasons. One was that the data wasn't validated, another reason was we were working with disparate data sources, and lastly, we came across organizational resistance (Insufficient alignment and lack of middle management understanding)."
11. What actions do you take when you recognize project deadlines will not be met?
How to Answer
Sometimes, due to confounding factors that are not in control of the project manager or the project team, deadlines for project deliverables are missed. This is not uncommon in project management, but it is important for the project manager to inform project leadership and stakeholders of potential delays as soon as possible, along with information on the cause of the delay, and what the project team is doing to mitigate the situation. Through regular communication, project leadership and stakeholders should already be aware of many of the details of the project, but it is still important for the project manager to provide a thorough explanation of the cause of the delay. The interviewer is asking this question to assess the candidate's ability to articulate how they would respond and react in a situation where they may have to deliver difficult news concerning what may be viewed as a failure in their performance. To appropriately answer this question, the candidate must confidently answer and provide details about how they would immediately respond to a situation where there is a project delay.
Written by Kelly Burlison on March 25th, 2019
1st Answer Example
"Unfortunately in project management, delays in project deliverables sometimes happen. I find the best approach to a project delay is immediately notifying project leadership and stakeholders of a potential delay, even if there is a possibility that the team may catch up as the final deadline approaches. I would rather project leadership be aware of a delay than being surprised by one in the end. When communicating a potential delay, which I know can be extremely frustrating for project leaders and stakeholders, I try to provide as much information as I can, so they can understand what is happening, and so they will know that as a project manager, I am doing everything I can to prevent further delays in the project. As project manager at DXC Technology, I will do everything I can to prevent project delays, but if and when they happen, I will be sure to keep project leaders and stakeholders fully informed of what is going on, so they are aware of the status of their project."
Written by Kelly Burlison on March 25th, 2019
2nd Answer Example
"One of the projects I am managing recently got off schedule, and I had to deliver the frustrating news that the delivery of the final software application will be delayed. While this was not easy news to communicate, it was necessary for me to inform project leadership and stakeholders of the delay, and I did so immediately after we discovered the programming bug that sent the application back to development. In my communication with project leaders and stakeholders, I was sure to provide them as much information as possible, rather than just telling them there was a delay. While project leaders and stakeholders were not happy with the news, they appreciated that I notified them immediately, and that provided such a detailed account of what took place. This is the type of open communication I use in project management, even when I have to deliver what is considered bad news, and I will maintain this type of communication style when managing projects at DXC Technology."
12. As part of the IT team, how do you approach your role in the implementation and roll out of new software and technical programs?
How to Answer
The interviewer is asking this question to determine if the candidate is ready and willing to provide training and operational support to employees and users of new software and technical programs when they are being rolled out by the IT department. While it is the role of other individuals within the IT department to lead the development and/or selection of these programs, when it is time to roll them out to end users, these users will rely on the business process and operations staff for training, technical assistance, and best-practice information. The candidate can successfully answer this question by providing details on how they would develop and execute a training plan, and a stronger answer would include an example of how they have approached a similar situation in the past in one of their professional positions.
For example, "As a business process and operations professional, I understand it is my responsibility to assist with the training of staff and end users when a new software program or application is being rolled out. When faced with this type of situation at DXC Technology, I will do everything I can to ensure the software implementation goes smoothly, and that includes learning all the ins-and-outs of the software application, developing user manuals and process flows, hosting user training, and ensuring help desk staff has in-depth training so they can offer adequate support to users. I understand that effective training on new software applications is key to getting staff and users to adopt the new systems, and in my business process and operations role, I will do everything I can to ensure employees at DXC Technology feel supported."
Written by Kelly Burlison on March 25th, 2019
1st Answer Example
"As a business process and operations professional, I understand it is my responsibility to assist with the training of staff and end users when a new software program or application is being rolled out. When faced with this type of situation at DXC Technology, I will do everything I can to ensure the software implementation goes smoothly, and that includes learning all the ins-and-outs of the software application, developing user manuals and process flows, hosting user training, and ensuring help desk staff has in-depth training so they can offer adequate support to users. I understand that effective training on new software applications is key to getting staff and users to adopt the new systems, and in my business process and operations role, I will do everything I can to ensure employees at DXC Technology feel supported."
Written by Kelly Burlison on March 25th, 2019
2nd Answer Example
"My current company recently went through a software upgrade that made a significant impact on daily staff operations, and because of the significant impact the upgrade had, I stepped in and supported the upgrade by hosting training sessions, developing user manuals, process flows, and best practice guides help sheets. By preparing these documents and offering the training sessions, I was able to help staff adjust to the upgraded software much more quickly, which prevented our overall operations from suffering. Helpdesk staff was prepared to receive a massive influx of calls once the upgrade went live, they found that their call volumes were light, compared to what they were anticipating. The ease of transition to the upgraded software has been attributed to the thorough training I provided to staff. This is only an example of when I supported a software rollout, as I have supported many in the past, and with my experience, I know I will be able to successfully support such rollouts at DXC Technology."
13. Can you explain what a public and private key is in the world of public-key cryptography, and which key is used for which function?
How to Answer
In an age where companies face breaches and intrusions on a daily basis, they need to make sure that their intellectual property and various confidential data is protected at every security level of the company. This is why private and public encryption and cryptography is implemented to safeguard that information.
Here's a great opportunity to craft a response that showcases your knowledge about public and private keys, and taking it a step further to give an example of how each key is used and for which function. Without going too deep, the hiring manager wants to hear you articulate the definitions of each, and how well you understand them. While you describe both keys, and what they represent, it would also be helpful to the hiring manager to explain the manner in which you use them in your current role. This helps the hiring manger gauge your level of expertise, and how involved you are with cryptography in your current role.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"My experience with private and public cryptographic keys goes very deep. I use private key cryptography where a single private key can encrypt and decrypt information. I'm very mindful that this key is only to be used with management's authority and approval since the data is very sensitive to the organization. If this key were leaked to the outside, this could potentially cause irreparable damage to the company. One of the responsibilities I had was to encrypt data so that the mobile devices used by our field consultants were secure. In addition to data encryption, I was also tasked with managing the security of our internal intranet websites that were used by everyone in the company to communicate and share data."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"Understanding that encryption uses an algorithm to transform information (data) into an unreadable format is one of the most important cryptographic elements of public and private keys. I believe that it's important to designate where private and public keys are used. Every company has safeguards in place to monitor and manage these keys so that they don't fall into the wrong hands. Anyone given this responsibility should have extensive knowledge of encryption and cryptography, with the core elements being Secure Socket Layer (SSL) and Public Key Infrastructure ((PKI) for secure online purchase transactions as well."
14. There are many different definitions of a 'Cloud' in the IT industry. In order to make sure we are on the same page can you provide your definition of a cloud hosting environment and describe its components?
How to Answer
The purpose of this question is to make sure you define a cloud hosting environment in the same way the employer does and that you have familiarity with what elements constitute an IT cloud.
Written by William Swansen on March 25th, 2019
1st Answer Example
"A cloud is an amalgamation of computer hardware, software, network, storage, and services. It can be managed by the organization or by a third-party service provider, such as Amazon or Microsoft. It is also known as 'computing as a service'. End users are unaware of where the components are located and where their applications and data reside. They access the cloud via an interface. This creates an environment in which they do their work."
Written by William Swansen on March 25th, 2019
2nd Answer Example
"A cloud environment is a collection of IT assets and services that are accessed by the users through a portal or dedicated interface. The cloud can reside or be hosted on the same physical premise as the users, offsite or by a third-party service provider. The components of the cloud are the same as a standard data center. They include hardware, software, storage, network, applications, and services. Many cloud environments are designed for specific businesses, including customer service, financial services, application development, and healthcare, to name just a few. These are typically hosted by third party service providers who specialize in the individual market segments."
15. Tell me what your favorite security assessment tools are, and why you prefer them over others?
How to Answer
There are several good software security assessment tools in the market that can get the job done very efficiently. Here are just a few that are among the more popular in the market: Metasploit, Wireshark, Nikto, Retina CS, and Aircraft.
The goal of the hiring manager is to get you to talk about your favorites so they can accurately assess your knowledge and competency with these tools. When you talk about your favorites, start from the one you like most, and try to limit it to no more than three. Ideally, you should have used all three extensively and can talk at a detailed level about what these tools can do better than others in the market. If you enjoyed working with these tools, and are passionate, let the manager know how excited you are about these tools, and why they are your favorites.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"Since there are so many good software security assessment tools in the market, it's hard to pick from the bunch. I do however have some favorites that I will talk about and why I like them so much. Let's start with Metasploit; in my eyes, it's considered one of the best tools for penetration testing. It helps identify vulnerabilities, it manages security assessments and improves security awareness. The next one is Wireshark; this is one I've been using for a while, and one of the reasons I like it so much is that it also serves as a network analyzer, and troubleshooter. It's flexible and operates across multiple platforms like MasOS, Windows, Linux, etc. Lastly, we have Nikto; this one I use quite a bit to scan websites for potential vulnerabilities. It has a really nice feature that allows you to find loopholes like cross-scripting, improper cookie handling, etc."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"Even though I have used several software security assessment tools, I'm certainly not discounting others that are not on my favorites list. Here are a couple I have used and I have a high comfort level with. Retina CS; is an open source product that handles vulnerability management very well. Aircrack is another worth mentioning. It can be used to recover lost keys by capturing data packets, and it also supports multiple platforms like Windows, Linux, Solaris, etc. It's important to keep in mind that when selecting a software security assessment tool, you need to first look at whether it's a fit for how a business model is set up. If an IT security department uses a lot of open source software and its part of how they work, you might tend to navigate towards open source software. The advantage here is that's it's free. The downside might be limited support and limited features. Something to ponder."
16. Give me an example of how you could solve a data migration security problem using a PaaS platform?
How to Answer
One of the most important areas of data governance is Cyber Security. Almost every company that offers a cloud platform solution has made significant investments in Cyber Security hardware appliances to protect their customer's data. There are many different solutions that security companies offer to safeguard client data. In this situational example, you can talk about the various encryption, replication policies, and unified storage solutions that are available to address data migration security concerns.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"I can speak for myself when I say that data migration security is a big deal. I know managers who lose sleep over it. My approach is to make sure every aspect of a cloud security initiative is secure at all levels. This includes data governance policies, encryption, and decryption security, systems framework, whether or not you are working with legacy systems and if this is part of the migration plan. Another important aspect is assessing staff and migration tools. If you don't have the staff to pull this off, take a step back and look at possibly bringing in a contractor to help. Make sure you do a testing of the final system, and be sure to do a thorough follow up and maintenance of your data migration plan to make sure you're on track with your timeline to migrate."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"I've seen cases where there's been no open communication among business users, and a lack of engagement that lead to a disastrous outcome. That's why I always avoid these pitfalls at all costs. First thing is to have an assessment plan, and understand the strengths and weaknesses of your current systems, so that you'll know how to plan accordingly. My unique approach is to validate and redefine business rules as needed based on project requirements. I found that putting stringent security policies in place eliminates any confusion or ambiguity. As part of my due diligence, I validate and test the data migration plans, and perform documentation and system audits at the conclusion of my security analysis."
17. What is your experience with Azure, AWS, and Google Cloud as a PaaS platform, and give me an example of how you used all three?
How to Answer
DXC Technology is looking for someone who has worked on setting up PaaS environments with three different platforms. Azure, AWS, and Google Cloud. Someone that has successfully implemented multiple cloud solutions, and requires little to no supervision. This position requires a senior level resource that can think outside the box, as well as evaluate the risks and rewards of using all three PaaS platforms and develop a long-range plan for migrating all data to one singular platform. In an interview, the hiring manager will give you an overview of the role like I just did, along with performance expectations for the position. If they don't tell you about the position that should be one of the most important questions that you ask.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"I have experience in all the mentioned areas. Azure, AWS, and Google as a PaaS platform. I believe I can be an asset to your organization since most people only have experience with one of the three, and I have experience with all three at an expert level. My Azure experience involves ASP.NET web development, setting up a virtual machine using Azure Resource Manager, and Active Directory using Identity manager. I was also credited for replicating application partitions as part of the Active Directory system and giving attributes and values for the application partitions.
My AWS experience is very solid as well. In my role, I was responsible for setting up EBS in AWS, deploying two-tier web applications, and sending Amazon S3 requests to set up REST API and SDK Wrapper Libraries. I also used best practices for security on Amazon EC2, such as securing AWS root accounts, define and review security group rules, and deploy anti-virus on the AWS network to protect it from various viruses."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"My Google experience has involved mostly setting up data hubs in the following Google Cloud Platform elements and creating service accounts. Here is a list of Google platform elements and Google service accounts that I have experience with:
1) Google Compute Engine
2) Google Cloud Container Engine
3) Google Cloud App Engine
4) Google Cloud Storage
5) Google Cloud Dataflow
6) Google BigQuery Service
7) Google Cloud Job Discovery
8) Google Cloud Endpoints
9) Google Cloud Test Lab
10) Google Cloud Machine Learning Engine
Service Accounts:
1) Google Cloud Platform Console service accounts
2) Google Compute Engine service accounts
While creating service accounts for each project, I was able to work behind the scenes to simplify the authentication process so end users could browse without interruption."
18. How do you approach your role in business processes and operations when your department or the Project Management Office (PMO) is operating smoothly or there are no pending improvement projects in the queue?
How to Answer
This question is very important to the interviewer, as it is important for them to know that the candidate understands that someone in the role of business processes and operations should be constantly looking for opportunities to improve their department and the PMO. Anticipating improvements and changes that can be made when operations are not in a state of flux will allow staff responsible for business processes and operations to work more effectively work project teams to make improvements to processes in order to eliminate waste and reduce variation. The candidate can successfully answer this question by providing examples of how they took initiative to make changes in their department or PMO when they were not specifically assigned a task or faced with a problem that needed an immediate solution.
Written by Kelly Burlison on March 25th, 2019
1st Answer Example
"If there are no immediate needs for improvement in my department or in the PMO that needs my attention, I look at the 'parking lot' of improvements that I maintain and determine what I have the capacity to take on at the time. Throughout the year, when requests or improvement projects that are not immediately needed are received, I put them on a parking lot to be addressed later. So, when there is additional time, I am able to prioritize the parking lot and choose an improvement project based on needs, capacity within my team, and the capacity each department has to take on an improvement project. I find this method very effective for continuously improving the department and PMO, and I can use the same or similar method at DXC Technology."
Written by Kelly Burlison on March 25th, 2019
2nd Answer Example
"In times where there are no improvement tasks or projects, I do not rest on my laurels. Instead, I take the opportunity to assess the various areas within the IT department, the PMO, and the company, by speaking with leadership to determine what improvement projects we can start during these down times. I find that these down times are much easier to implement new processes or streamline existing processes, because staff members are not already overburdened with a project, and they are more willing to take on change. In order for me to be a successful Business Process and Operations Manager, I feel that I must always be finding ways to help my colleagues improve, and I will always take the initiative to get a project started when my workload is less in order ensure I am contributing in my position as much as I can."
19. Your customer wants you to explain the benefits of the Big Data model you developed, how do you communicate the insights they can use for their business?
How to Answer
Everywhere you look in corporate America; you will find Big Data. It's fast becoming one of the most important facets of a business's operation. Big Data is used for data analytics and data management. If you want to know if your company is profitable or losing money, big data analytics can provide that. If you want to see what product sold best in a specific region of the country or world, big data analytics can provide that information. It's like having a dashboard with multiple screens in one that shows the performance of your company, people, processes, etc. Everyone talks about this concept, but very few can articulate the benefits of big data and how it can help a business. This is especially true for data consultants who are new to big data. Depending on the level of experience that you have, one of the most important areas that you should focus your response on is highlighting the insights that the customer is going to realize when they implement a big data solution.
The interviewer is interested in hearing about how you present benefits to the customer in a way that connects with the customer's pain and adds value to the company. Effective communication is key here. They might ask for a hypothetical scenario where you clearly presented a case for big data and it's benefits. It would help to mention that they would be able to calculate metrics for data gathered from multiple sources like social media, customer profile data, company website, etc.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"My expertise has been in Data Analysis, so Big Data to me was a pretty flat and easy learning curve. When you're working with large volumes of data, you need to make sure that the data is scrubbed (clean) so that the information can be interpreted by the organization so they can use that data to make better business decisions. I was able to do this by using data warehouse applications that broke down the data in smaller manageable groups that had relevant information about each customer or prospect. Based on my knowledge, there are a lot of benefits that a company can get out of big data. Here's a short list that I have compiled based on my experience:
1. Ability to acquire, extract, modify, analyze, and blend the data with various business intelligence tools in order to get the information you need to run your business.
2. You can evaluate risk by a portfolio of products or services.
3. Be able to customize customer experiences.
4. You can identify important information or performance data to improve decision making.
5. Real-time forecasting and monitoring across company-wide locations, divisions, and business units.
6. You can monitor sales and marketing campaigns, and track customer purchasing habits."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"In years past when I worked with data management tools, it was systems like ETL and Data Warehouses that I used to compile and structure data that the business could use. These were typical Business Intelligence solutions at the time, but they weren't as robust as they are now. My responsibility was to extract and cleanse data so I could present it in a way that was easy to understand to a non-technical person. Having a strong analytical background helped me to analyze different forms of data so I could optimize and index data structures in order to present the many benefits that big data has to offer."
20. In your opinion, what's the ultimate goal of information security to an organization, and why is it important?
How to Answer
This is a simple one to answer, and you should have several good examples of why this is important to an organization. Before we go into the purpose and goal of an IT Security organization, let's examine what you might encounter in a typical IT environment, and why a hiring manager is asking this question.
Depending on the size of the IT organization, the hierarchy might look something like this: CIO/CTO, VP(s), Director(s), Manager(s), Analysts, Developers, Testers, Project Managers, Architects, etc. Keep in mind that there will likely be non-technical team members in the IT department whose roles are to be a conduit or liaison between the business and the technology/security departments. You might be in a panel interview with three or more people from the company you are interviewing at, and one or two of those people might be a Business Analyst or Project Manager who may or may not have a technical background. The reason for this is to get a mix of technology/security and business personnel to participate and ask questions that might be relevant to their role. At the core of your response, your answer should be something like; helping the organization succeed, prosper or grow, and that security is needed to ensure the company runs smoothly and efficiently.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"Being mindful that a company's goal is to be successful and run a business is something that I always keep in the back of my mind. Information security performs three critically important functions for an organization. They are:
1. Enable the safe operation of applications implemented on the organization's IT Networks and Systems.
2. Protect the data the organization collects and uses.
3. Safeguard the technology assets of an organization.
As a top priority in my role, I ensure that all company information is stored and kept secure. My number one priority is to protect our company data from threats and provide a virus-free work environment."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"The goals of an Information security organization should align with the goals of the business organization. Knowing this, I can identify with what each is trying to achieve. The Information security organization wants to make sure that they have all the tools necessary to protect the interests of their company and ensure that they can conduct business as usual without interruption to their systems, networks, employees, products, services, and customers. At my last company, it was our policy to inform and train our employees to understand the importance of information security, and to keep confidential information private within the organization."
21. Can you explain to me the basic characteristics of a hosted cloud?
How to Answer
DXC Technology offers cloud hosting and wants candidates who understand the essential characteristics of a hosted cloud. It's key in your answer to point out the advantages of cloud hosting and how it is superior to standard server hosting.
If you are interviewing for a sales position at DXC Technology. Knowledge of the cloud vs on-premise hosting will come with training, but it is important to have a basic understanding of the differences before your interview.
Written by William Swansen on March 25th, 2019
1st Answer Example
"The basic characteristics of a hosted cloud are Provisioning, Scalability, Billing, and Interfaces. Provisioning refers to the ability to add additional services including computer and storage when necessary to support the company's business activity, and then remove them when they are not needed. Scalability is growing the hosted services as the business grows, without any interruptions or downtime. Billing is important because it needs to be flexible and adjust according to what services are provisioned during the billing period and what volume discounts are applied as the environment scales. Finally, the interface is how the users access computing services and resources. It needs to be both user-friendly and compatible with a variety of devices, including computers with different operating systems and mobile devices, from anywhere across the globe."
Written by William Swansen on March 25th, 2019
2nd Answer Example
"There are four basic characteristics of a hosted cloud. The first is Provisioning, which refers to adding or removing computing resources based on the needs of the organization. This eliminates the need to provision for peak operational periods which results in the resources being underutilized during off-peak periods. This is one of the key advantages of cloud computing. Another characteristic, Scalability is similar to provisioning but refers to the ability to permanently grow the environment without business interruption. Billing is the third characteristic and relates to both of the previous ones. The organization should only pay for the computing assets and services it is using and should receive a volume-based discount when they add additional resources. Finally, and most importantly is the User Interface. This is how the business accesses its applications and data, and manages the resources. Ideally, the interface is transparent to the users and they are unable to determine that the applications and data are being managed in a cloud hosted environment."
22. In your opinion, what is the most exciting collaboration between data analysis and artificial intelligence in the past year?
How to Answer
If you are up to date on the trends and happenings between data analysis and AI, you should have no problem answering this question. Discuss an exciting collaboration, project, or product release that you have heard of recently. Because this is an open-ended question, be careful not to ramble on.
Written by Helen Lee on March 25th, 2019
1st Answer Example
"I have taken a keen interest in how artificial intelligence and machine learning algorithms have been working together to optimize business workflows. The result appears to be better strategies for enterprises surrounding people management, effective operations, as well as culture and engagement."
Written by Helen Lee on March 25th, 2019
2nd Answer Example
"I recently read an article in Forbes on the top machine learning programs to watch. I was especially intrigued with a company called DataVisor which uses machine learning to uncover financial data issues, helping to protect against bank fraud, and other financial based criminal activity."
23. As a business process and operations expert, how do you approach a situation when a project is failing to progress and is not meeting its deliverables?
How to Answer
The interviewer is asking this question to determine how the candidate would approach a situation when a project is failing to progress, which often happens in IT and other professional environments. When a project is not meeting its goals or benchmarks, business process staff can assist project staff by analyzing the project plan and developing interventions to get the project back on track. There are a number of strategies the business process and operations staff member can use to ensure a project begins meeting its benchmarks, including but not limited to: redesigning the project plan or timeline, dedicating more resources to the project, introducing more efficient production strategies, such as LEAN methodologies, or reassigning project teams. The candidate can successfully answer this question by providing a specific example of how they have successfully turned a failing project around in the past.
Written by Kelly Burlison on March 25th, 2019
1st Answer Example
"As a business process and operations manager, I have often had to intervene on projects that were not meeting their benchmarks or goals for completion. In most of these cases, I have found that the failure to progress is not due to the lack of efforts of the project team, but because of misallocated or misused resources. For example, I recently had to assist a project manager on a project that was significantly behind on creating mapping logic for a data interface that we were preparing for. When the project manager came to me with her concerns, I took a look at the project plan and was able to find some essential steps in the project plan that were missing. After I identified these steps, I worked with the project manager to redesign her project plan and develop more detailed process flows, which helped the project get back on track."
Written by Kelly Burlison on March 25th, 2019
2nd Answer Example
"I was just dealing type of situation last month. There was a software development project in my department's Project Management Office (PMO) that was supposed to have been closed out three months ago, and when the PMO Director came to me for help, he said the program was being sent back to development, because a significant bug was found in the beta-testing phase. The PMO Director was extremely frustrated, as this bug should have been identified in the alpha-testing phase, and this error caused an even more significant setback. Because this software program is a significant deliverable for our department and overall organization, the additional delay affected more than just the PMO itself. As the PMO Director and I looked through the project plan and resources, I decided it would be best to allocate additional testing resources to the project by hiring a technical vendor to assist. This way, it could relieve the burden from our internal team, and provide the expertise needed to conduct the software testing. Once the vendor took over the testing of the software, the project was successfully tested and was able to be rolled out without further delay."
24. What tools do you use when managing a project?
How to Answer
The interviewer is asking this question to determine if the candidate uses electronic or manual tools throughout the project lifecycle. Throughout the project lifecycle, the project manager must create work plans, organize tasks, manage budgets and organize their project team, and this can be done manually or with the assistance of various software packages that are available. Common software packages that are available on the market include but are not limited to Microsoft Project, JIRA, Basecamp, and Podio. The candidate does not necessarily have to mention the use of a software tool to successfully answer this question, as many project managers or Project Management Offices (PMOs) have developed their own internal tools for project tracking. To successfully answer this question, the candidate must confidently explain standardized tools, whether they be manual or software-based, to describe how they assist them in managing projects. By providing an appropriate answer to this question, the candidate will be able to provide insights into how they will use or develop tools to manage projects for DXC Technology.
Written by Kelly Burlison on March 25th, 2019
1st Answer Example
"Throughout my career as a project manager, I have used multiple project management tools, depending on the type of project, the team members, and whether or not my organization is currently leading the project. For example, I currently manage multiple projects at my company, with some being spearheaded by my company, and some with my managing my company's role in another organization's project. For internal projects, those that are spearheaded by my company, I use both Microsoft Project and Basecamp as my primary project management tools. MS Project allows me to develop work plans, track tasks, assign resources, track budgets and workload, and perform other functions. In addition to MS Project, I use Basecamp to communicate with my project teams. Basecamp allows me to post announcements, set deadlines, share documents, and communicate in other ways. For projects run by external organizations, such as the government, JIRA is the primary project management tool used, so I use JIRA to communicate with project leadership and share documents for tasks that I have been assigned."
Written by Kelly Burlison on March 25th, 2019
2nd Answer Example
"While I have experience working with multiple project management tools in the past, such as MS project and Podio, I am currently employed by a small nonprofit organization, and funding is limited, so I have to design my own manual project management tools. While developing my own tools was a challenge at first, I now find it more efficient, because I have developed multiple templates that are tailored to my specific project needs, and I am not forced to use templates that do not specifically fit my needs. I use these templates to create work plans, track tasks, monitor budgets, and conduct other project management tasks. I also find it helpful to create a Gannt chart for every project to track tasks and ensure everything is staying on schedule."
25. Explain the difference between symmetric and public-key cryptography, and what their importance is to encryption technology?
How to Answer
This is a pretty basic question that most IT managers ask candidates when it comes to cryptology. If you have any level of expertise with encryption, you should be able to answer this question without too much difficulty.
The reason a hiring manager will ask this question is to get one or two easy questions out of the way, then proceed to more difficult questions. Keep in mind that some managers tend to drill down into this question pretty deep so if you get asked, be prepared to answer with a detailed response.
The basics here are going to be that symmetric uses a single key, and a public key uses two keys. Let's suppose that you took a document and placed it in a drawer, then locked it with a key. If anyone else wanted to access that document, they would need a key for that drawer. This is how Symmetric key encryption works. A public key, on the other hand, would require two keys to open up a drawer.
Written by Tom Dushaj on March 25th, 2019
1st Answer Example
"As a cryptology professional, it's important to know the differences between symmetric and public-key encryption. I have used both, and know that each has its own unique values. Symmetric key encryption generally speaking is fast and secure. If you're sending encrypted packets to be decrypted, they must use a key which means you must send along a key to enable them to have access. A risky problem that might come up is if you're sending a physical medium, then the packet becomes insecure. Another risk might be is if someone is monitoring the network, they could steal the encrypted packets and key and decrypt them."
Written by Tom Dushaj on March 25th, 2019
2nd Answer Example
"In my honest and humble opinion, public key encryption has equal importance to symmetric key. Actually, it's more secure because it has two keys, and work together to encrypt and decrypt packets. I like this one because of the extra security measure built into it. Because the private key is never sent across the network, it remains secure which gives it an extra measure of encryption. The only down side that I see is it tends to be quite slow, which makes it difficult to send larger amounts of data using a public key encryption."