How to Answer: Describe to me what encoding, encryption, and hashing are, how they work, and what the differences are between the three?
Advice and answer examples written specifically for a Tanium job interview.
24. Describe to me what encoding, encryption, and hashing are, how they work, and what the differences are between the three?
How to Answer
Let's walk through each of these, so there's a good understanding of the best way to respond to this question. You don't have to go into great detail on each and every one, but you do have to give a basic definition, and example of how they work in a security environment, and their distinct differences.
At the high level, encoding is designed to protect the integrity of data as it flows through networks and systems, while maintaining its primary security functions. It can be easily reversed by employing the same algorithm that encoded the content in the first place. Encryption is designed primarily for confidentiality and is also reversible only if you have the appropriate key/keys. The operation with hashing is one-way (non-reversible), and the output is a fixed length with a much smaller input.
It's easy to see why the hiring manager is asking this three-part question. They want to evaluate your mental processing capabilities, and how you compile and respond to information. Always respond with answers in the exact order the questions were asked. Example: Encoding, Encryption, then Hashing. This shows the interviewer that you listen carefully, and are detail oriented in your response.
1st Answer Example
"Being an accomplished IT Security professional, I understand that you can't take anything for granted, especially when it comes to applying security measures like encoding, encryption, and hashing. Having a deep understanding of encoding is extremely important since it transforms data into another format using a scheme so it can be easily reversed, and doesn't require a key. Some of the examples for encoding acronyms are Unicode, Base64, and ASCII. Encryption is equally important because the purpose of encryption is to transform data and keep it a secret from other entities within the network. It's like sending a secret letter to a friend who is the only one that should be reading that letter. When the recipient opens the letter, they can validate the signature of the sender."
2nd Answer Example
"I find that out of the three listed; encryption is probably one of the most important to a company's security and network infrastructure. Since encryption transforms data into another format using a private key, it's easy to maintain its integrity by keeping the key in a safe place outside of accessible means. To reverse the encryption operation, the ciphertext, algorithm and private key are required to return the status to plaintext. To go a bit deeper, there are three algorithms that are used for encryption. They are.....Blowfish, RSA, and AES. Hashing is also important because its purpose is to ensure integrity. Technically speaking, hashing takes inputs to produce a fixed-length string that has the following attributes:
1. Organized multiple disparate inputs that should not product the same outputs.
2. The same input should always produce the same output.
3. Any modification made to an output should reflect a change to the hash.
4. You cannot go from an output to an input."
Anonymous Interview Answers with Professional Feedback
Anonymous Answer
Rachelle's Feedback