26 Zscaler Interview Questions & Answers
Below is a list of our Zscaler, Inc. interview questions. Click on any interview question to view our answer advice and answer examples. You may view six answer examples before our paywall loads. Afterwards, you'll be asked to upgrade to view the rest of our answers.
1. There are different levels of data classification, how are they structured, and why are they required?
How to Answer
With a heightened level of data security taking place throughout the world, protecting customer data has never been more important. In this day and age, data has become a valuable commodity, and companies go to great lengths to protect it at all costs. When asked by the hiring manager, don't be afraid to offer examples of how you set data classification policies or reclassified data to a classified status with access limited to administrators for example. Also, highlight your knowledge about the different levels of data classification too (IE. Restricted, Private and Public).
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Setting data classification policy if very important, because if you don't have a policy in place, you won't know what your level of sensitivity is, which means you have no baseline or security controls to protect your data. This is an important topic to me, and I take it very seriously. My involvement goes deeper into data classification than any other team member, so I typically take the lead for data classification in three main levels. Restricted Data, Private Data, and Public Data classification. Here's how I classify these three into workable tasks.
1. Restricted Data - I apply the highest level of security to a restricted classification, because it has the highest level of risk.
2. Private Data - This one is a moderate risk level, but should still be treated as private data and protected nonetheless.
3. Public Data - Normally this level is low or no risk. While there are still controls in place, some level of control is still required."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"There are a number of different ways that classification of data can be performed. I've always had an interest in data collection and classification, which has led me into a Cyber Security occupation. Interestingly enough, many organizations collect and classify data in different ways. As a Data Steward, it is my obligation to reclassify data - this is conducted periodically - determine what frequency is most appropriate based on available - if after doing a data reclassification, it is determined that the data has changed or was modified, then I look at whether existing controls are consistent with the new data classification. If gaps are found within existing controls, they are immediately corrected."
2. What is the difference between Asymmetric and Symmetric encryption and which one is better?
How to Answer
When comparing Asymmetric and Symmetric encryption, there are many things you need to be aware of. Not only will you need to know the difference between the two, but how they are used, and which one is better in a particular situation. It's important that you can articulate to the hiring manager examples of how you used both in specific situations and what you did to put an air-tight security solution in place that is impenetrable. Cyber Security has become one of the most important topics in technology today. Anytime you're processing credit card transactions through a payment gateway online, or at a brick and mortar retail store, you're dealing with vital consumer information, and hiring managers are going to want to hear how you keep these things protected.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"When I work with Asymmetric encryption, I always take into account that there has to be a private key and a public key for anyone sending a message. I have to adhere to a decryption policy for where and how the public and private is stored and shared. The way I view the differences between the two are the execution of asymmetric encryption algorithms is slower than symmetric encryption algorithms. Although the asymmetric encryption is mostly used for exchanging keys in a secure manner, it is used for establishing a secure channel over a non-secure medium such as the internet. The most common form of an encryption algorithm is Diffie-Hellman."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"In my current role I do work with Symmetric encryption. Since Symmetric encryption which uses a single key for encryption and decryption, I am responsible for monitoring the data transmission of those communication messages to prevent a potential intrusion or breach alert. As with many symmetric encryption algorithms, they execute faster, and are less complex than Asymmetric encryption, and are a preferred method of encryption communication. The most commonly used symmetric encryption algorithms are 3 DES, AES, DES, and RC4."
3. Tell me what your favorite security assessment tools are, and why you prefer them over others?
How to Answer
There are several good software security assessment tools in the market that can get the job done very efficiently. Here are just a few that are among the more popular in the market: Metasploit, Wireshark, Nikto, Retina CS, and Aircraft.
The goal of the hiring manager is to get you to talk about your favorites so they can accurately assess your knowledge and competency with these tools. When you talk about your favorites, start from the one you like most, and try to limit it to no more than three. Ideally, you should have used all three extensively and can talk at a detailed level about what these tools can do better than others in the market. If you enjoyed working with these tools, and are passionate, let the manager know how excited you are about these tools, and why they are your favorites.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Since there are so many good software security assessment tools in the market, it's hard to pick from the bunch. I do however have some favorites that I will talk about and why I like them so much. Let's start with Metasploit; in my eyes, it's considered one of the best tools for penetration testing. It helps identify vulnerabilities, it manages security assessments and improves security awareness. The next one is Wireshark; this is one I've been using for a while, and one of the reasons I like it so much is that it also serves as a network analyzer, and troubleshooter. It's flexible and operates across multiple platforms like MasOS, Windows, Linux, etc. Lastly, we have Nikto; this one I use quite a bit to scan websites for potential vulnerabilities. It has a really nice feature that allows you to find loopholes like cross-scripting, improper cookie handling, etc."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"Even though I have used several software security assessment tools, I'm certainly not discounting others that are not on my favorites list. Here are a couple I have used and I have a high comfort level with. Retina CS; is an open source product that handles vulnerability management very well. Aircrack is another worth mentioning. It can be used to recover lost keys by capturing data packets, and it also supports multiple platforms like Windows, Linux, Solaris, etc. It's important to keep in mind that when selecting a software security assessment tool, you need to first look at whether it's a fit for how a business model is set up. If an IT security department uses a lot of open source software and its part of how they work, you might tend to navigate towards open source software. The advantage here is that's it's free. The downside might be limited support and limited features. Something to ponder."
4. One of the most prevalent types of attempts at intrusions we see when monitoring our clients' networks is a Distributed Denial of Service (DDoS) attack. Can you explain what a DDoS is and what you would recommend to clients to prevent it?
How to Answer
The interviewer is testing your knowledge of cybersecurity and attempting to ensure that you will be able to interface with clients on both a business and technical level when presenting them with the services their company offers. This type of question is best answered with a direct answer describing the topic and how you would discuss it with a client.
Written by William Swansen on March 7th, 2019
1st Answer Example
"DDoS is an attack by someone attempting to compromise your network by flooding it with a large number of requests. Many networks are unable to handle this and respond by denying service to all users, even legitimate ones. It is called a 'Distributed' attack since the flood of requests can come from many different sources. The best way to defend against a DDoS attack is to analyze and filter network traffic using 'scrubbing centers.' These are servers on the network dedicated to analyzing network traffic and removing malicious requests. Our company offers this service as part of your network security package."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"A Distributed Denial of Service or DDoS attack is when a threat emanates from multiple sources and attempts to overwhelm a network by creating more requests than the servers can respond to. The response is for the servers to deny all requests, both real and malicious, thereby shutting down the network. The purpose of this type of intrusion is not to hijack data, but rather to take the company offline for a period of time, which can be just as costly. The best way to defend against this type of attack is to set up scrubbing centers, which are servers that are dedicated to analyzing network traffic and blocking malicious requests while allowing legitimate traffic to cross the network. Reputable service providers like ours offer this service as part of their security package."
5. Can you name some open source cloud computing platform databases?
How to Answer
By asking this question, the interviewer is testing your knowledge of open source cloud databases and trying to learn if you are familiar with and can offer options to your customers. The best way to answer this question is to name the databases you have knowledge of and recommending which one is best for your customer's requirements.
Written by William Swansen on March 7th, 2019
1st Answer Example
"There are three main open source cloud computing databases. They are Couch, Lucid and Mongo. These differ from proprietary databases based on there being no licenses required to use them and the ability of the IT community to make revisions in them to improve their performance. Of these, I believe (insert the name of the one you recommend here) is best suited for most client's needs. Not only does it have the features they require, but they won't have to pay any licensing fees, and they can upgrade it at any time."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"The three main open source cloud databases are Couch DB, Lucid DB, and Mongo DB. For most situations I recommend (insert the one you recommend here.) In addition to having experience with this open-sourced cloud database, I have also worked with Oracle and SQL. This has given me a good perspective on the differences between these such as licensing requirements, scalability, reliability and stability of the platform. I'm comfortable recommending this one to my clients, but if you'd like, I can also discuss either open source or proprietary cloud databases with them."
6. Most of our clients believe they have taken the necessary steps to protect themselves against malware. However since they tend to focus on a small subset of threats, this isn't usually true. Can you list the types of malware clients should be aware of?
How to Answer
This question will test your knowledge of malware and the different types. You should answer this succinctly by listing the main types of malware. You can expect follow-up questions which will probe more into your knowledge of specific types of malware and what measures you recommend your clients take to protect themselves against them.
Written by William Swansen on March 7th, 2019
1st Answer Example
"There are nine major types of malware which most people are aware of. These are Viruses, Trojan Horses, Worms, Spyware, Zombie, Phishing, Spam, Adware, and Ransomware. All of these can cause damage to clients by either shutting down their systems, allowing hackers to take over the function of the computers, gain access to the data on the systems or cause the users to be subject to messages and advertising they didn't request. Each of these types of malware requires a specific type of defense strategy, but many of the strategies have common elements which can be repurposed for multiple types of malware."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Most people will agree that there are nine major types of malware. These are Viruses, Trojan Horses, Worms, Spyware, Zombie, Phishing, Spam, Adware, and Ransomware. Preventing each type of malware requires a specific type of defense. These can include but are not limited to firewalls, network monitoring, user authentication, and user education. The last strategy, user education is the most effective way to limit the impact of malware. Teaching users not to open emails from unknown sources, frequently update their passwords, don't open files they didn't request or weren't expecting and regularly scanning their systems for viruses will prevent the majority of malware attacks."
7. What are the various ways to inform employees about information security policies and procedures?
How to Answer
Anyone in IT leadership that is responsible for establishing and maintaining company policy and procedures for security needs to ensure that there's a system in place for monitoring corporate computers and mobile devices to protect against email viruses, malware, and data breaches. You'll find that hiring managers tend to spend a bit more time on this question because they want to gauge your level of confidence on how you implement these practices across the company and the way you communicate the procedures to all employees. The experience you share with the manager will be a reflection of your capabilities and will show that you can think outside the box. It's not uncommon for a manager to ask you to talk at length about communicating effective ways to identify phishing emails, transferring confidential files securely, password management tips, and applying privacy and security updates for all employees. This helps the manager see the level of detail that you go through to protect your company's employees.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"If you look at statistics on how attacks were established. You will find that over 50% of attacks came from employees within a company that inadvertently allowed access to a hacker, or simply disregarded company security policy. At my last company, I was directly involved in writing the security policies and procedures, as well as setting guidelines and conducting training sessions with employees to teach them to detect phishing emails and similar scams. I demonstrated in detail what a phishing email looks like, and what to look for when they receive one, and the procedure to follow once this type of scam is identified. I created an email account so that anyone who received these phishing emails,l could send them straight to that account."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"During my security training sessions with employees, I explained the importance of cyber security, and pointed out the risks of an attack and the negative impact it could have on our organization if personal employee or company information is compromised. As part of the training sessions, I discussed in detail the use of and management of strong passwords, and how to use unique characters when selecting new passwords. As a way of making sure all employees were adhering to our security policies, I set quarterly reminders for everyone to change their passwords. I also had everyone apply updates to their systems and privacy settings."
8. Can you explain the security requirements we must adhere to in order to confirm that our customers' data is secure in the cloud?
How to Answer
It is likely that the interviewer already knows these regulations or has been briefed on them enough to ask the question. You should be prepared to address this question directly with the specific requirements.
Written by William Swansen on March 7th, 2019
1st Answer Example
"There are a total of four security requirements that are generally implemented in order to be compliant with user privacy laws. These are:
- Validation of input; The input data must be controlled and transmitted securely
-Backup and Security; The data is stored and secured and not open to access from unauthorized parties
- Output reconciliation; Audits must be performed that the data output is the same as the data input
- Processing; Data used by an application is controlled throughout the process and not exposed to unauthorized users."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Data security is a key component of cloud security. Companies must comply with international data security regulations or they may be subject to fines or injunctions, which could ultimately cause the company to cease operations for a period of time or even permanently. Remaining in compliance with these laws is not difficult if you understand the four basic requirements common to all the laws. These are;
- Validation of input; The input data must be controlled and transmitted securely
-Backup and Security; The data is stored and secured and not open to access from unauthorized parties
- Output reconciliation; Audits must be performed that the data output is the same as the data input
- Processing; Data used by an application is controlled throughout the process and not exposed to unauthorized users"
9. What's the difference between a threat, vulnerability, and a risk, and how do you assess the severity of a threat for example?
How to Answer
If you're a (CISSP) Certified Information Systems Security Professional, then you should know the difference between a threat, a vulnerability, and a risk. When you're starting a new job, you don't know the new environment, so you need to gather some basic information about where everything is, and how things were operating before you came along.
One of the first things you'll need to do is assess the landscape. You'll probably need to locate where the data resides, who is or was managing the data, and what the network diagram looks like. The hiring manager wants to see if you are experienced enough to ask these questions so that they know they're not dealing with a junior level candidate with limited experience in these areas.
After you have outlined what you would do when you start, they will dig a little deeper and ask you to explain the differences between threat, vulnerability and risk, and how you assess threats. As a general rule, you should talk about the differentiators among the three first, and then the process you follow to assess a threat. The interviewer's attention will be focused on how you assess a threat.
Here are a few items you may want to research further regarding assessments. Visibility touch points, Ingress and Egress filtering, and Vulnerability Assessments.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"My answer is that vulnerabilities should usually be the main focus of an organization since there is little control over the volume and consistency of threats that come in daily. In past roles when I started with a new company, the first thing that was on my task list was to perform a vulnerability assessment. This revealed a lot about the current state of risks and vulnerabilities to the network, and what needed to be done to close those gaps and secure all entry ports into the network. After doing a full assessment, I recorded visibility touch points to monitor where threats came from, and the strength and weakness of our vulnerabilities which helped me map out a long-term IT Security strategy plan."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I've always been a strong believer that the best defense is a good offense. Companies are always under network security attacks, and if you leave yourself vulnerable, it's almost like playing whack-a-mole. You're constantly on the defensive when you should be pro-actively offensive. One of the methods I implemented in my last company was a Defense Threat Modeling method. This method takes monitoring to a new level by pro-actively seeking out methods that hackers use to infiltrate systems while being undetected. At the same time, I keep up to date with online periodicals from IT Security sources to learn about new threats and the risks they represent. Another way that I combat threats is by using Ingress and Egress Filtering. The Ingress method is used to prevent suspicious traffic from entering a network, and the Egress method is used to monitor or restrict data by means of a firewall that blocks packets that fail to meet the established security requirements."
10. Can you tell me what the difference is between stored and reflected XSS, and the common defenses against XSS?
How to Answer
To better understand why an interviewer would ask a question about an XXS script, let's examine what it is, and how you might be positioned to best answer this question. XSS, also known as Cross Site Scripting is a script that is used to attack a network or system with a malicious virus. There are two versions of this script, the first one is a stored XSS, and the other is a reflected XSS. The stored XSS is an attack that permanently injects a script on a server or database that allows the attacker to access confidential information. The reflected XSS is similar in that it also injects a malicious script into a web server or email in the form of an error. The attacker can then access confidential information after an unsuspecting victim clicks or opens up that link.
The reason the interviewer is asking this question is to see how familiar you are with XSS scripts. Many organizations make it a policy to train their employees on how to spot malicious or harmful viruses that come in the form of an email or web browser errors. Your answer to this question should address your level of expertise in this area, and what you have done to combat these attacks in the past. Mentioning that you were a part of a training program that educated employees on how to spot malicious emails and fake links will help give the interviewer a higher level of confidence in your technical abilities in this area. It also doesn't hurt if you mention some before and after improvements of how the company is doing as a result of your training initiative. This will also show that you are pro-active as well.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"When I address Cross-Site Scripting (XSS), or more specifically Stored XSS attacks, my first thought is how can I prevent future attacks from happening. Since Stored XSS attacks happen without the victim knowing they've been compromised, it's important for me to look at ways that we can inform our personnel about the various methods that attackers use to make you think that an email or browser plug-in, for example, is safe. I set up periodic informational training sessions to educate our personnel on how to spot these malicious attacks, and what to do if they come across any suspicious messages or errors. Another important part of my role is to cleanse Input validation and output sanitation."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"Reflected XSS attacks can occur at any time, so it's important for me to educate our employees, so they don't become a victim of these unsuspecting attacks. I always take a pro-active approach to these things, and have designed a series of educational classes to educate all employees on new attacks that have been discovered, and how to respond in case they may be targeted as an unsuspecting victim. One of the many things I cover in our training sessions is to show examples of what these emails and errors look like, and how to report them as soon as you notice them. In my role, I also have to make sure that I sanitize requests from the server side scripts to further reduce or eliminate vulnerabilities."
11. How will you detect an incident or data breach, and what steps do you take to prevent it from happening?
How to Answer
There are many software and hardware detection systems in the market that help prevent incidents and data breaches. Hiring managers will ask situational questions about detection and how they start. Explaining to the manager that organizations need to change their mindset about how detection is addressed will definitely give you points in the interview. Furthermore, Cyber experts should be able to articulate the procedures involved in tracking an intruder and where most companies fail with their detection systems. Don't be shy; tell the manager how much you enjoy your work, and how proud you are for setting up and maintaining an environment that that has 0% intrusion as a direct result of your security strategy and vision.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"An incident can happen at any time without warning, so being ready is critically important. I strongly believe that every company should have a plan B for attacks that take place without warning. Once a hacker gains access to a system, there are two main directives that they pursue. Doing reconnaissance, and exploring to understand the system. Their next steps are to find assets (Data), how to access them, all while acting in a stealth mode in the system. This is where I would be able to detect their movements, and track activity."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"The trick is having a strong detection system that finds an attacker early in the process to thwart or minimize data theft or other significant damage. In order to find an active attacker, there are two challenges must be addressed and solved:
1) You need to change your approach on what you look for and how you identify them
2) Look at full network activity, rather than limited packet routing
I find that the whole mindset has to change, because identifying an active attacker through the typical process of pre-defined signatures, entry behaviors, and other signs isn't the most efficient way of protecting your systems. These hackers are meticulous, and follow a step-by-step campaign to gain entry."
12. Malicious Software, or Malware, has many meaning and connotations. What is your definition of Malware and how would you explain it to a client?
How to Answer
This is a 'set the table' question which the interviewer is using to qualify you as a valid candidate and also to determine if you and the interviewer agree on the terminology used in their business. Your answer should be a straightforward definition of the term and some additional explanation of how people in your industry use it.
Written by William Swansen on March 7th, 2019
1st Answer Example
"Malware is any type of software which is disruptive to normal computer operations. Not only can it damage your systems, but it can cause a security risk by gaining access to your systems and gather private information. Malware comes in several different forms including code, scripts, content which is malicious or other types of software. Malware is often unintentionally downloaded by authorized users on the network when they visit a website or click on a link."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Malware is any malicious or intrusive software which is intended to disrupt a computer's operations by gaining control of the device or obtaining access to other software or private data. Malware comes in several different forms including a software program, malicious code, scripts which execute hidden commands or software which monitors the activity on a system. Malware can gain access to a system through unintentional actions by users who believe they are accessing legitimate websites or programs, or by bots and other automated programs which scan networks looking for areas of vulnerability."
13. If you were given the task of having to both encrypt and compress data during transmission, which would you do first, and why?
How to Answer
This is a typical situational and task-oriented interview question that asks you to explain how you perform a task, the step-by-step process you follow, and what your reasoning is behind the process that you followed. Please note that the interviewer will be observing how you respond to this question. They will be looking at whether or not you appear to be confident in your response, or get nervous and panic while answering this question. Always keep calm, and take a deep breath before answering each question. Even if you have to wait a few seconds to respond, that's fine. It also shows the interviewer that you think through the questions before answering.
In short, both data compression and data encryption are methods that transform data into a different format. When you're talking about the tasks, and what you do in the process, let the interviewer know that even though data compression and encryption are methods that transform data, it's the execution of the process and the minor details that are important and not overlooked.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Yes, there is a process that I follow that ensures safe transmission of data. When I design a data compression scheme, there are some important factors such as the level of compression required, the amount of distortion introduced by the compression, and the computational hardware/appliance resources required to compress and decompress the data.
This is especially true in the case of video compression because when you decompress, you will need to ensure that you get a stream fast enough so the viewing isn't interrupted by spooling or other latency issues. People often think that by decompressing video data, it will stream faster, but one of the issues is it requires a large amount of storage space, which could be a problem for many companies."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I've heard people say compress then encrypt. The problem here is that if you encrypt first, then you'll have nothing but random data to work with, which will destroy any potential benefit you will get from the compression process. With data encryption, I focus on developing encryption algorithms (ciphers) that are hard to break by an attacker due to the computational complexities, which makes it even more difficult to be broken. Since both the sender and receiver share a secret key, it needs to be protected so that data communication is kept private between those two parties."
14. Many companies are new to the cloud computing environment. How do you brief them about what security aspects come with a cloud?
How to Answer
The interviewer is testing your knowledge of security measures associated with the cloud environment and your ability to help customers manage their company's cloud.
Knowing how to advise Zscaler's clients on the benefits of the cloud, specifically on security issues, will be a huge selling point for you landing the job.
Written by William Swansen on March 7th, 2019
1st Answer Example
"Cloud environments can be as secure as computing environments hosted on-premise based on two key attributes. These are Authentication and authorization, and Control of access. Authentication allows only those users who are authorized to access the resources hosted in the cloud. These include data, applications, and storage. Control of access is a system administrator tool which enables them to allow or deny access to specific users. Together, these tools provide a safe and secure cloud environment."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"There are two control mechanisms which keep hosted cloud compute environments safe and secure. These are Authentication and authorization, and Control of access. Authentication and authorization prevent unauthorized parties from accessing a company's data and applications. This is also known as 'Hacking." Control of access is the methodology system administrators use to provide authorization to known users. By only allowing authorized users to enter the system and then requiring them to authenticate themselves, companies can be assured their data and other computing resources are safe from theft and misuse."
15. In a situation where a user needs admin rights on his system, what is the protocol that you follow to grant or restrict admin access?
How to Answer
I have seen on numerous occasions where someone needed an important document for a proposal, and the only place the data that was needed was on a server or drive that required administrative access. If you've ever needed to access folders or files that are locked or inaccessible, then you know what I mean. This is a common question asked by hiring managers to limit the number of users accessing sensitive data. They want to know if you follow security protocols and best practices for roles and privileges. In an interview, you might hear the term (Greenplum). Greenplum is a database system that manages access to those databases using roles. Giving an example of some challenges you had with restricting access for a good reason, and then granting access after approval was given shows the manager how well you followed protocol.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Managing roles and privileges has its challenges because the user could be a database administrator seeking access to specific tables or objects. As part of our security best practices, I assign rules by role membership by group. I find this to be the best way of managing privileges, this way privileges can be revoked or granted from a group as a whole. I'm intimately familiar with a Greenplum database and how it works. For example, Greenplum requires a UNIX user ID to initialize and access the Greenplum database. This protocol is pretty standard in the industry, and widely used for creating new rules, and protecting passwords in the Greenplum database."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"If you look at various network infrastructures and architectures within companies, you will find a variety of user/role attributes. One of the user roles that I keep a close watch on is giving access to SUPERUSERS. I like to limit access to SU's for a number of reasons, one of the biggest is SU's bypass all access privilege checks in Greenplum dataset. In my humble opinion, I think only administrators should have that access, since we are intimately involved in the protection and security of the organization."
16. Even though we have taken measures to protect our client's data and create a secure cloud environment, some of our clients have had incidents of potential intrusion from unauthorized sources. Tell me how you advise clients to prevent intrusions.
How to Answer
Since the word 'incident' can have many meanings, it is best to first define your interpretation of an incident, and then describe the steps you would take to address it. This will provide the interviewer with a context for your answer and will demonstrate that you have experience in this area. You should describe a process you recommend which can be replicated each time an incident occurs.
Written by William Swansen on March 7th, 2019
1st Answer Example
"As I understand it, you are using the word 'incident' to describe an event which may lead to a compromise in the security of your data. I recommend using a step-by-step process to respond to incidents and to make sure nothing is overlooked. The first step is to confirm that an incident has occurred. Next, I log it so other members of the team are aware of it and they have a record of it. Then I suggest the team investigate the incident and perform a root cause analysis. If necessary, they should escalate the incident to their management or other resources. This leads to recommendations for remediation of the incident and preventing from it recurring. Finally, a report should be generated with all of the above information and the status moved to closed."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"I use the word 'incident' to describe an event which may lead to a compromise in the security of a company's data. I have found that is is easier and more effective to develop a process to respond to incidents which can be used repeatedly. First I recommend confirming that an incident has occurred. Then I suggest creating a log of the incident so there is a record of it, and the team can determine if it is part of a trend. Next, I suggest they perform a root cause analysis to determine the causes and identify potential solutions. If necessary, they should escalate the incident to management to make them aware of it. The next step is to draft recommendations to resolve the incident and prevent from it recurring. Finally, a closure report is generated."
17. How would you educate our clients to recognize the symptoms of malware so they can notify us of an intrusion so we can begin to take measures to remediate it?
How to Answer
The interviewer is digging deeper and probing your knowledge of how to recognize and prevent malware intrusions. This is important since you will be the main person the customer interfaces with. Again, answer the question directly by listing the symptoms of a malware attack and providing some detail when appropriate.
Written by William Swansen on March 7th, 2019
1st Answer Example
"Malware is difficult to recognize since hackers intentionally mask it's presence and the damage it is creating. Additionally, the symptoms may be attributed to other causes.
Symptoms of malware include increased CPU usage, slow performance, network connectivity issues, computers freezing, crashing or rebooting, lost files, unfamiliar programs running in the background and file names being changed. All of these could have legitimate causes but should be investigated as possible symptoms of a malware attack."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Symptoms of malware come in many forms and can include increased memory usage, slow CPU performance, unusually high network activity, computers freezing, crashing or rebooting, modified or deleted files, unfamiliar programs running in the background and the appearance of strange files or icons on the computer. System administrators should educate their users about these symptoms and provide them with a process to report them. Not every symptom will be related to a malware attack, but should be investigated just in case"
18. Can you explain what a public and private key is in the world of public-key cryptography, and which key is used for which function?
How to Answer
In an age where companies face breaches and intrusions on a daily basis, they need to make sure that their intellectual property and various confidential data is protected at every security level of the company. This is why private and public encryption and cryptography is implemented to safeguard that information.
Here's a great opportunity to craft a response that showcases your knowledge about public and private keys, and taking it a step further to give an example of how each key is used and for which function. Without going too deep, the hiring manager wants to hear you articulate the definitions of each, and how well you understand them. While you describe both keys, and what they represent, it would also be helpful to the hiring manager to explain the manner in which you use them in your current role. This helps the hiring manger gauge your level of expertise, and how involved you are with cryptography in your current role.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"My experience with private and public cryptographic keys goes very deep. I use private key cryptography where a single private key can encrypt and decrypt information. I'm very mindful that this key is only to be used with management's authority and approval since the data is very sensitive to the organization. If this key were leaked to the outside, this could potentially cause irreparable damage to the company. One of the responsibilities I had was to encrypt data so that the mobile devices used by our field consultants were secure. In addition to data encryption, I was also tasked with managing the security of our internal intranet websites that were used by everyone in the company to communicate and share data."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"Understanding that encryption uses an algorithm to transform information (data) into an unreadable format is one of the most important cryptographic elements of public and private keys. I believe that it's important to designate where private and public keys are used. Every company has safeguards in place to monitor and manage these keys so that they don't fall into the wrong hands. Anyone given this responsibility should have extensive knowledge of encryption and cryptography, with the core elements being Secure Socket Layer (SSL) and Public Key Infrastructure ((PKI) for secure online purchase transactions as well."
19. Our company provides customers with details of our policies, processes, and guidelines for setting up and managing their hosted resources. However, often the clients are confused by this information. How would you help them better understand it?
How to Answer
By asking this question, the interviewer is seeking to understand how you define these three categories of information. They also want to determine if you can communicate each type of information to their clients to avoid issues down the road based on any misunderstandings the client may have had. An excellent way to address this is by defining each type of information, then describing how you would communicate this clearly to the clients.
Written by William Swansen on March 7th, 2019
1st Answer Example
"There are distinct differences between policies, processes, and guidelines and each one has a different impact on how service providers and their clients work together. Policies define both the security objectives and framework a company employs to protect its data. Processes, on the other hand, are step-by-step descriptions of the actions taken to secure the data. Finally, guidelines are recommendations and can be tailored to each company's specific situation. Policies are concrete and must be adhered to. Processes can be modified, but only to the extent that they don't violate the policies. Guidelines are suggestions and subject to changed based on the client's requirements, resources, and budget."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"When onboarding a new client, it is important to make sure they clearly understand the service provider's policies, processes and guidelines, and their requirement to comply with each one of these. Policies are rules which define how the client's data is secured and must be adhered to if SLAs are to be met. Processes, on the other hand, are descriptions of the steps taken to enforce the policies. These can be modified to fit individual client requirements, but only to the extent that they don't violate the security policies. Guidelines are suggestions for best practices, based on the service provider's expertise and experience. Clients can either follow these or modify them to suit their specific needs and the resources they have."
20. Give me your opinion on Blockchain technology, and how do you think it will revolutionize cyber security?
How to Answer
Ever since Blockchain was introduced to the market, security technologists have been busy trying to keep Blockchain transactions secure through distributed networks so people can use bitcoin or crypto-currency as a payment gateway. Hiring managers, especially in the finance/banking industries, are well aware of this technology, so when they ask this question, they are looking for your opinion on how it applies to cyber security. If you have experience working in an environment that uses Blockchain, showcase that experience in a way that makes you stand out from the crowd. For example, use a scenario (without giving away sensitive company information) where you used it, and how you were able to protect web servers and ID systems so the transactions were safe and secure. If you have limited knowledge in Blockchain, show your eagerness to learn the technology, and how your skills would apply in those situations.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"Anytime I see the introduction of a new technology or payment gateway, I take it upon myself to research that technology to see where it is relevant in the world of Cyber Security. When Blockchain came out, I did extensive research on where it might have vulnerabilities, and susceptible to attacks. According to my research, Blockchain has around for about a decade and was initially introduced to store and/or send crypto-currency like Bitcoin. Blockchains are distributed networks with millions of users all over the world. Since Blockchain uses cryptology, it's easier for businesses to authenticate devices and users without the need for a password. This definitely eliminates manual intervention in the process of authentication, thereby avoiding potential attacks."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"The way I view Blockchain revolutionizing Cyber Security is through decentralized storage, record keeping, and peer-to-peer sharing. Furthermore, Blockchain users will be able to store all their data on their network or computer if they choose to do so. Basically, a blockchain is a decentralized, digitized, public ledger of all cryptocurrency transactions known as Distributed Ledger Technology. One of the big reasons why I think blockchain is going to be an integral part of Cyber Security is (Distributed Denial of Service. In a nutshell, Blockchain transactions can be denied easily if the send-receive participants are impeded from sending transactions. Blockchains provide a non 'hackable' entrance point, thereby, provide more security when compared with database-driven transactional structures."
21. During the implementation of a hosted cloud environment, our IT team emphasizes that the most insecure component of a cloud infrastructure is the data transmission process. How do you recommend customers secure data while transferring it to the cloud?
How to Answer
A critical aspect of Zscaler's cloud security service is transferring or having knowledge of, transferring data to the cloud. In order to recommend the best approach to a client, you must be experienced in this area.
Providing a direct answer and citing your cloud security certifications is the right approach to answering this question.
Written by William Swansen on March 7th, 2019
1st Answer Example
"You are correct in your statement that data is at most risk while being transferred to and from the cloud. This is why measures must be taken to ensure that there is no leakage in the transmission. The best ways to accomplish this is to use strong encryption keys when transmitting data and to perform periodic audits to ensure the data in is the same as the data out. I learned how to work with clients to help them manage this during my preparation for my Certification of Cloud Security Knowledge exam preparation."
Written by William Swansen on March 7th, 2019
2nd Answer Example
"During my preparation for my Certification of Cloud Security Knowledge exam, I learned that data transmission is where most security breaches occur. It is easier for hackers to hijack the data while it is en route to the could than it is for them to breach the security perimeters provided by firewalls and user authentication measures. To prevent data leakage during transmission, I advise my customers that strong encryption keys be used to protect the data during transit. The effectiveness of their encryption measures can be verified by performing audits which compare the data into the data out."
22. In addition to monitoring our customer's online security, we provide them with periodic reports about threats and attempts to penetrate their network. What objects do you feel should be included in a security penetration report?
How to Answer
The purpose of this question is to make sure you have experience with security-related reporting and can have a dialog with your customers about their network security and the company's monitoring services. You should answer this question by providing an overview of a good security penetration report.
Written by William Swansen on March 7th, 2019
1st Answer Example
"A quality Vulnerability and Penetration Testing (VAPT) report should begin with an executive summary which explains the scope, testing process and period the report covers and a general assessment of the client's security status. Next, there should be details of the results of the tests, categorized by the level of the threat (low to high.) There should be a section about the type of tests performed and what they measured. Finally, there should be a set of recommendations for remediation of any threats which were discovered. Some reports also contain screenshots of the test results. "
Written by William Swansen on March 7th, 2019
2nd Answer Example
"Clients expect network security providers to perform periodic Vulnerability and Penetration Tests (VAPT) and provide reports of the results. The report should describe the type of tests performed, the results and recommendations for remediation of any threats which were discovered. The structure of the report is an executive overview summarizing the tests, results, and recommendations, followed by details of the tests and results. The details section should list the scope of the tests, what processes were used, the period the report covers and specific steps needed to address any threats or actual penetrations which were discovered during the testing. Some service providers include screenshots of the testing process in their reports. There are several software products which can be used for testing and which will generate the appropriate reports for the clients."
23. Can you describe the difference between a Black Hat, White Hat and Grey Hat hacker?
How to Answer
When it comes to cyber hackers, you will hear three terms used for hackers. They are Black Hat, White Hat, and Gray Hat hackers. These terms are also synonymous with Search Engine Optimization as well. For informational purposes, here's an overview of all three: Black Hat Hacker - Someone who has knowledge about breaking into or breaching computer systems and bypassing their security protocols. Their primary motivation is to financial or personal gain, and to spread malware or viruses in order to gain access to these computer systems. White Hat Hacker - Someone who is known to use their skills for good rather than evil. They typically work as Cyber Security consultants that are paid to find security vulnerabilities in systems, and work to strengthen those security holes for clients. In A hiring manager might pose a carefully crafted question to determine how well you know each one, and if you fall into one of the three categories. They want to know will you be able to defend against a cyber attack, and how you handle threats from hackers.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"When I think of Black Hat Hackers, a few things come to mind. An individual or group of hackers whose intent is to either maliciously penetrate a company's system by writing and distributing malware that leaves a company vulnerable and susceptible to further attacks. The others are cyber espionage and political persuasion. I am directly responsible for following our company protocol when we are alerted that a Black Hat attack is in progress. Much like a chess game, I carefully engage and monitor the activities of the Black Hat Hacker to see what steps and moves I must execute to prevent loss of data or a breach. One of the biggest motivations for Black Hat hackers is personal or financial gain."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"On the flip side of Black Hat Hackers is White Hat Hackers, which serve a completely different purpose and role. White Hat Hackers are what's called ethical hackers. I worked with a company that employed a White Hat Hacker, and I was assigned to work with this individual on a project to perform penetration testing and vulnerability assessments on the security systems to attempt to find weak spots and holes in our system via various hacking methods. I'm also familiar with how Gray Hat Hackers work, and I'm careful how I work and interface with them. The reason being is they don't fall within the Black Hat or White Hat Hacker category, thus the name Gray Hat hacker. I've found that they tend to look for vulnerabilities in a system without notifying the owner of the systems knowledge, and offer to fix those issues for a small fee. There are also instances where I have seen Gray Hat Hackers where Gray Hat hackers post a company's vulnerability in a public forum or social media platform for all to see. I've found that not all hackers are created equal, but I do take precautions with all hackers anyway."
24. There have been several virus attacks recently, what have you done to protect your organization from these cyber attacks?
How to Answer
This a great question from a manager and there are some very useful responses to this question. The very first thing is having an in-depth knowledge of how cyber security attacks occur. There are several situational examples that a hiring manager might ask you to walk through to see what you did to thwart those attacks. Some of the core questions will relate to what you did to identify those threats, what authentication you used to combat the threats, and how frequently you do risk assessments. A couple of other questions that may come up will cover how often you communicated your security and sign-off policy to employees if there was compliance corporate-wide, and what you did to maintain that compliance.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"I realize that attacks can happen at any time, and we need to be ready. One of the most important tasks that I'm involved in when I come into work every day is to look at our security dashboard which shows a real-time report of events, threats, intrusions, and possible breaches. This tells us what actions we need to take, or improvements that need to be addressed to strengthen our network further. The real-time report gives me a view of events that have occurred and are occurring in real-time. As a directive by our CIO, we are required to do research on public and private corporations that were hacked so we could analyze how those organizations handled data loss and what they did to remedy those issues."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"There are several steps that I take to safeguard our environment. Let me outline those steps and tasks to get you familiar with our process, planning and execution:
1.) The first step is to identify the threats - this involves the unauthorized access of our company networks. Since our company has sensitive information, we go to great lengths to protect it.
2.) I keep employees honest - Employees have access to a lot of valuable company information, and if leaked to the wrong people, could be disastrous for the company. It's part of my responsibility to have employees reset passwords, and have them use two-factor authentication for additional security.
3.) I keep up to date on Cybercrimes that have happened in the past - I always look at what types of data hackers are attracted to so I know what kind of strategy to put in place for those types of potential attacks.
4.) I carry out risk assessments and audits on a regular basis - This is done to mitigate risk, and data loss. I work closely with external Cyber Security consultants to implement a security that is successfully executed."
25. Explain the difference between symmetric and public-key cryptography, and what their importance is to encryption technology?
How to Answer
This is a pretty basic question that most IT managers ask candidates when it comes to cryptology. If you have any level of expertise with encryption, you should be able to answer this question without too much difficulty.
The reason a hiring manager will ask this question is to get one or two easy questions out of the way, then proceed to more difficult questions. Keep in mind that some managers tend to drill down into this question pretty deep so if you get asked, be prepared to answer with a detailed response.
The basics here are going to be that symmetric uses a single key, and a public key uses two keys. Let's suppose that you took a document and placed it in a drawer, then locked it with a key. If anyone else wanted to access that document, they would need a key for that drawer. This is how Symmetric key encryption works. A public key, on the other hand, would require two keys to open up a drawer.
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"As a cryptology professional, it's important to know the differences between symmetric and public-key encryption. I have used both, and know that each has its own unique values. Symmetric key encryption generally speaking is fast and secure. If you're sending encrypted packets to be decrypted, they must use a key which means you must send along a key to enable them to have access. A risky problem that might come up is if you're sending a physical medium, then the packet becomes insecure. Another risk might be is if someone is monitoring the network, they could steal the encrypted packets and key and decrypt them."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"In my honest and humble opinion, public key encryption has equal importance to symmetric key. Actually, it's more secure because it has two keys, and work together to encrypt and decrypt packets. I like this one because of the extra security measure built into it. Because the private key is never sent across the network, it remains secure which gives it an extra measure of encryption. The only down side that I see is it tends to be quite slow, which makes it difficult to send larger amounts of data using a public key encryption."
26. What is a false positive and false negative alert in the case of Intrusion Detection Systems?
How to Answer
Every company that has a intrusion detection system will likely come across a false positive and/or false negative. If you've ever did test cases for your company, and the results gave you a false positive or false negative, could be because of a bug in the software, a failure in the hardware, or perhaps the functionality is not working properly. In any case, the hiring manager will ask this question to gauge if this problem is caused by manual intervention, or a failure of the systems. It's important to highlight your knowledge and understanding of this topic by talking about the steps you take to monitor the reliability of the hardware and software and use corrective actions to prevent future alerts of this kind. For example, did you have to do further testing or change the code or functionality in the software to correct this problem?
Written by Tom Dushaj on March 7th, 2019
1st Answer Example
"While we try to protect any sort of intrusion or hacking of our systems, we do get the occasional attempted intrusion alerts that tell us where the intrusion is coming from and how they are able to get through a first level of security. This is where we implement a false positive and false negative to give them the impression that they are penetrating our system, but in reality we are watching them to monitor which areas of our network they are attempting to attack, so that we can strengthen that area, and other areas of attempted attacks."
Written by Tom Dushaj on March 7th, 2019
2nd Answer Example
"I've worked with intrusion detection software, anti-virus, and malware software for many years, and have found that even when you test your system, you might get a false positive or false negative. It's not uncommon for this to happen, and I've always proactively planned for it since it's very likely to happen. My approach is to explore why it happens, or what might have caused it to happen, and work towards a preemptive strike to prevent it from happening again. Since both are damaging, and they create a false sense of security, it makes it even more important to me to address it very early in the process. One of the areas I look closely at is test cases. I tend to break them down to the granular level and analyze every detail to get to the core of the problem. I do this by using different test data, metrics and analysis to review test cases, and I do this process manually and also use automation scanning tools as well."