MockQuestions MockQuestions
Interviews Questions by Career
Interviews Questions by Company
Interviews Questions by Topic
Get Started
Interview Coach 1:1
Gain the confidence you need by asking our professionals any interview scenario, question, or answer you are unsure about.
Let Us Review Your Answers
Our interviewing professionals will gladly review and revise any answer you send us. Allowing you to craft perfect responses for your next job interview.
Interview Questions by Topic
Interview Questions by Career
Interview Questions by Company

Cyber Security Interview
Questions

24 Questions and Answers by Tom Dushaj

Updated December 6th, 2019 | Tom Dushaj is a business and technology executive and an accomplished author of the book "Resumes That Work".
Question 1 of 24
Explain the differences between TLS, SSL, and HTTPS, and what are the cyber security benefits?
View Answers
How to Answer
TLS means Transport Layer Security. HTTPS is a hyper-text transfer protocol. In a network, HTTPS secures communications. HTTPS is a secure HTTP version. An SSL/TLS connection secures any communication sent online. All ongoing communications between the browser and servers are encrypted safely. Your cyber security depends on HTTPS, SSL and TLS. Websites that don't include all the cyber security measures will get a penalty by Google. Interviewers will ask a number of different questions about TLS, SSL, and HTTPS. Some of the common ones will be how each one of these work, and how they are used. You'll probably be asked to give examples of each in a hypothetical environment. I'll cover a few scenarios below in my answers. It's important to do a thorough walk-through and give examples with scenarios of each.
1000s of Interview Questions
Win your next job by practicing from our question bank. We have thousands of questions and answers created by interview experts.
24 Cyber Security Interview Questions
Win your next job by practicing from our question bank. We have thousands of questions and answers created by interview experts.
Interview Questions
  1. Explain the differences between TLS, SSL, and HTTPS, and what are the cyber security benefits?
  2. How will you detect an incident or data breach, and what steps do you take to prevent it from happening?
  3. What are the various ways to inform employees about information security policies and procedures?
  4. Give me your opinion on Blockchain technology, and how do you think it will revolutionize cyber security?
  5. In a situation where a user needs admin rights on his system, what is the protocol that you follow to grant or restrict admin access?
  6. There are different levels of data classification, how are they structured, and why are they required?
  7. What is a false positive and false negative alert in the case of Intrusion Detection Systems?
  8. There have been several virus attacks recently, what have you done to protect your organization from these cyber attacks?
  9. Can you describe the difference between a Black Hat, White Hat and Grey Hat hacker?
  10. Does Google Penalize Websites With No Cyber Security?
  11. How does Ahrefs and SERP impact the security of a website?
  12. What does it mean when there is a Googlebot breach?
  13. What is the difference between Asymmetric and Symmetric encryption and which one is better?
  14. What is PKI and does it bolster your cyber security defense?
  15. As a site administrator, what steps do you take to prevent incoming CSRF attacks?
  16. What is the difference between ECB and CBC in an IT security environment?
  17. Can you tell me the difference between coding, encryption and hashing, and why they are important?
  18. How do you enforce the use of SSO (single sign-on) & MFA (multi-factor Authentication) within your company?
  19. What practices do you have in place to monitor and protect against suspicious malware, Ransomware, and phishing activity?
  20. Which user applications have you found are most susceptible to being hacked?
  21. What are your contingency protocols if your company gets hacked?
  22. Do you have a Cyber Security Incident Response Plan?
  23. How do you protect connected mobile devices on your network from cyber attacks?
  24. How do you assess the difference between a cyber threat, vulnerability and a risk?
Answer Examples
1.
Explain the differences between TLS, SSL, and HTTPS, and what are the cyber security benefits?
TLS means Transport Layer Security. HTTPS is a hyper-text transfer protocol. In a network, HTTPS secures communications. HTTPS is a secure HTTP version. An SSL/TLS connection secures any communication sent online. All ongoing communications between the browser and servers are encrypted safely. Your cyber security depends on HTTPS, SSL and TLS. Websites that don't include all the cyber security measures will get a penalty by Google. Interviewers will ask a number of different questions about TLS, SSL, and HTTPS. Some of the common ones will be how each one of these work, and how they are used. You'll probably be asked to give examples of each in a hypothetical environment. I'll cover a few scenarios below in my answers. It's important to do a thorough walk-through and give examples with scenarios of each.

Tom's Answer #1
"Securing and protecting our corporate website has always been our highest priority. When I assess how secure our sites are, I look at all the possible vulnerabilities within our systems, and take steps necessary to identify where those weaknesses might be. Let's say your site takes your viewers to a different page to use their credit cards and make purchases. If you did not use HTTPS to secure your site (that padlock image at the top left where the domain address is listed), or if it is incorrectly set up, the content can be intercepted by bad actors (hackers) on your site. I'm tuned into multiple IT news sources and software updates from all our software vendors on the latest hack attempts so that I'm always In the know. I've always had the practice of utilizing two SSL keys, one private key, and the other a public key that everyone knows."
Tom's Answer #2
"Say a client visits your site and sees that the information on your site can be easily intercepted; it does not leave an impression of credibility or trust. If your site is not reliable, secure or safe, why would any client risk a purchase? If they can purchase something similar on a safer site, what would stop them? As a general rule, I always use the Handshake Protocol of TLS which enables authentications for clients and servers. I find this a more secure communication method after the first handshake is a success. If there is a failed handshake the first time, the connection terminates. I also use the STARTTLS (or STLS for POP3 protocol) command for outbound email connections for extra safety. A secure connection is required by specific ports to be able to connect. For example, i would use 995 for secure POP3, 443 for HTTPS and 993 for IMAP. I already have these ports set up on our server."
2.
How will you detect an incident or data breach, and what steps do you take to prevent it from happening?
There are many software and hardware detection systems in the market that help prevent incidents and data breaches. Hiring managers will ask situational questions about detection and how they start. Explaining to the manager that organizations need to change their mindset about how detection is addressed will definitely give you points in the interview. Furthermore, Cyber experts should be able to articulate the procedures involved in tracking an intruder and where most companies fail with their detection systems. Don't be shy; tell the manager how much you enjoy your work, and how proud you are for setting up and maintaining an environment that that has 0% intrusion as a direct result of your security strategy and vision.

Tom's Answer #1
"An incident can happen at any time without warning, so being ready is critically important. I strongly believe that every company should have a plan B for attacks that take place without warning. Once a hacker gains access to a system, there are two main directives that they pursue. Doing reconnaissance, and exploring to understand the system. Their next steps are to find assets (Data), how to access them, all while acting in a stealth mode in the system. This is where I would be able to detect their movements, and track activity."
Tom's Answer #2
"The trick is having a strong detection system that finds an attacker early in the process to thwart or minimize data theft or other significant damage. In order to find an active attacker, there are two challenges must be addressed and solved:

1) You need to change your approach on what you look for and how you identify them
2) Look at full network activity, rather than limited packet routing

I find that the whole mindset has to change, because identifying an active attacker through the typical process of pre-defined signatures, entry behaviors, and other signs isn't the most efficient way of protecting your systems. These hackers are meticulous, and follow a step-by-step campaign to gain entry."
3.
What are the various ways to inform employees about information security policies and procedures?
Anyone in IT leadership that is responsible for establishing and maintaining company policy and procedures for security needs to ensure that there's a system in place for monitoring corporate computers and mobile devices to protect against email viruses, malware, and data breaches. You'll find that hiring managers tend to spend a bit more time on this question because they want to gauge your level of confidence on how you implement these practices across the company and the way you communicate the procedures to all employees. The experience you share with the manager will be a reflection of your capabilities and will show that you can think outside the box. It's not uncommon for a manager to ask you to talk at length about communicating effective ways to identify phishing emails, transferring confidential files securely, password management tips, and applying privacy and security updates for all employees. This helps the manager see the level of detail that you go through to protect your company's employees.

Tom's Answer #1
"If you look at statistics on how attacks were established. You will find that over 50% of attacks came from employees within a company that inadvertently allowed access to a hacker, or simply disregarded company security policy. At my last company, I was directly involved in writing the security policies and procedures, as well as setting guidelines and conducting training sessions with employees to teach them to detect phishing emails and similar scams. I demonstrated in detail what a phishing email looks like, and what to look for when they receive one, and the procedure to follow once this type of scam is identified. I created an email account so that anyone who received these phishing emails,l could send them straight to that account."
Tom's Answer #2
"During my security training sessions with employees, I explained the importance of cyber security, and pointed out the risks of an attack and the negative impact it could have on our organization if personal employee or company information is compromised. As part of the training sessions, I discussed in detail the use of and management of strong passwords, and how to use unique characters when selecting new passwords. As a way of making sure all employees were adhering to our security policies, I set quarterly reminders for everyone to change their passwords. I also had everyone apply updates to their systems and privacy settings."
4.
Give me your opinion on Blockchain technology, and how do you think it will revolutionize cyber security?
Ever since Blockchain was introduced to the market, security technologists have been busy trying to keep Blockchain transactions secure through distributed networks so people can use bitcoin or crypto-currency as a payment gateway. Hiring managers, especially in the finance/banking industries, are well aware of this technology, so when they ask this question, they are looking for your opinion on how it applies to cyber security. If you have experience working in an environment that uses Blockchain, showcase that experience in a way that makes you stand out from the crowd. For example, use a scenario (without giving away sensitive company information) where you used it, and how you were able to protect web servers and ID systems so the transactions were safe and secure. If you have limited knowledge in Blockchain, show your eagerness to learn the technology, and how your skills would apply in those situations.

Tom's Answer #1
"Anytime I see the introduction of a new technology or payment gateway, I take it upon myself to research that technology to see where it is relevant in the world of Cyber Security. When Blockchain came out, I did extensive research on where it might have vulnerabilities, and susceptible to attacks. According to my research, Blockchain has around for about a decade and was initially introduced to store and/or send crypto-currency like Bitcoin. Blockchains are distributed networks with millions of users all over the world. Since Blockchain uses cryptology, it's easier for businesses to authenticate devices and users without the need for a password. This definitely eliminates manual intervention in the process of authentication, thereby avoiding potential attacks."
Tom's Answer #2
"The way I view Blockchain revolutionizing Cyber Security is through decentralized storage, record keeping, and peer-to-peer sharing. Furthermore, Blockchain users will be able to store all their data on their network or computer if they choose to do so. Basically, a blockchain is a decentralized, digitized, public ledger of all cryptocurrency transactions known as Distributed Ledger Technology. One of the big reasons why I think blockchain is going to be an integral part of Cyber Security is (Distributed Denial of Service. In a nutshell, Blockchain transactions can be denied easily if the send-receive participants are impeded from sending transactions. Blockchains provide a non 'hackable' entrance point, thereby, provide more security when compared with database-driven transactional structures."
5.
In a situation where a user needs admin rights on his system, what is the protocol that you follow to grant or restrict admin access?
I have seen on numerous occasions where someone needed an important document for a proposal, and the only place the data that was needed was on a server or drive that required administrative access. If you've ever needed to access folders or files that are locked or inaccessible, then you know what I mean. This is a common question asked by hiring managers to limit the number of users accessing sensitive data. They want to know if you follow security protocols and best practices for roles and privileges. In an interview, you might hear the term (Greenplum). Greenplum is a database system that manages access to those databases using roles. Giving an example of some challenges you had with restricting access for a good reason, and then granting access after approval was given shows the manager how well you followed protocol.

Tom's Answer #1
"Managing roles and privileges has its challenges because the user could be a database administrator seeking access to specific tables or objects. As part of our security best practices, I assign rules by role membership by group. I find this to be the best way of managing privileges, this way privileges can be revoked or granted from a group as a whole. I'm intimately familiar with a Greenplum database and how it works. For example, Greenplum requires a UNIX user ID to initialize and access the Greenplum database. This protocol is pretty standard in the industry, and widely used for creating new rules, and protecting passwords in the Greenplum database."
Tom's Answer #2
"If you look at various network infrastructures and architectures within companies, you will find a variety of user/role attributes. One of the user roles that I keep a close watch on is giving access to SUPERUSERS. I like to limit access to SU's for a number of reasons, one of the biggest is SU's bypass all access privilege checks in Greenplum dataset. In my humble opinion, I think only administrators should have that access, since we are intimately involved in the protection and security of the organization."
6.
There are different levels of data classification, how are they structured, and why are they required?
With a heightened level of data security taking place throughout the world, protecting customer data has never been more important. In this day and age, data has become a valuable commodity, and companies go to great lengths to protect it at all costs. When asked by the hiring manager, don't be afraid to offer examples of how you set data classification policies or reclassified data to a classified status with access limited to administrators for example. Also, highlight your knowledge about the different levels of data classification too (IE. Restricted, Private and Public).

Tom's Answer #1
"Setting data classification policy if very important, because if you don't have a policy in place, you won't know what your level of sensitivity is, which means you have no baseline or security controls to protect your data. This is an important topic to me, and I take it very seriously. My involvement goes deeper into data classification than any other team member, so I typically take the lead for data classification in three main levels. Restricted Data, Private Data, and Public Data classification. Here's how I classify these three into workable tasks.

1. Restricted Data - I apply the highest level of security to a restricted classification, because it has the highest level of risk.
2. Private Data - This one is a moderate risk level, but should still be treated as private data and protected nonetheless.
3. Public Data - Normally this level is low or no risk. While there are still controls in place, some level of control is still required."
Tom's Answer #2
"There are a number of different ways that classification of data can be performed. I've always had an interest in data collection and classification, which has led me into a Cyber Security occupation. Interestingly enough, many organizations collect and classify data in different ways. As a Data Steward, it is my obligation to reclassify data - this is conducted periodically - determine what frequency is most appropriate based on available - if after doing a data reclassification, it is determined that the data has changed or was modified, then I look at whether existing controls are consistent with the new data classification. If gaps are found within existing controls, they are immediately corrected."
7.
What is a false positive and false negative alert in the case of Intrusion Detection Systems?
Every company that has a intrusion detection system will likely come across a false positive and/or false negative. If you've ever did test cases for your company, and the results gave you a false positive or false negative, could be because of a bug in the software, a failure in the hardware, or perhaps the functionality is not working properly. In any case, the hiring manager will ask this question to gauge if this problem is caused by manual intervention, or a failure of the systems. It's important to highlight your knowledge and understanding of this topic by talking about the steps you take to monitor the reliability of the hardware and software and use corrective actions to prevent future alerts of this kind. For example, did you have to do further testing or change the code or functionality in the software to correct this problem?

Tom's Answer #1
"While we try to protect any sort of intrusion or hacking of our systems, we do get the occasional attempted intrusion alerts that tell us where the intrusion is coming from and how they are able to get through a first level of security. This is where we implement a false positive and false negative to give them the impression that they are penetrating our system, but in reality we are watching them to monitor which areas of our network they are attempting to attack, so that we can strengthen that area, and other areas of attempted attacks."
Tom's Answer #2
"I've worked with intrusion detection software, anti-virus, and malware software for many years, and have found that even when you test your system, you might get a false positive or false negative. It's not uncommon for this to happen, and I've always proactively planned for it since it's very likely to happen. My approach is to explore why it happens, or what might have caused it to happen, and work towards a preemptive strike to prevent it from happening again. Since both are damaging, and they create a false sense of security, it makes it even more important to me to address it very early in the process. One of the areas I look closely at is test cases. I tend to break them down to the granular level and analyze every detail to get to the core of the problem. I do this by using different test data, metrics and analysis to review test cases, and I do this process manually and also use automation scanning tools as well."
8.
There have been several virus attacks recently, what have you done to protect your organization from these cyber attacks?
This a great question from a manager and there are some very useful responses to this question. The very first thing is having an in-depth knowledge of how cyber security attacks occur. There are several situational examples that a hiring manager might ask you to walk through to see what you did to thwart those attacks. Some of the core questions will relate to what you did to identify those threats, what authentication you used to combat the threats, and how frequently you do risk assessments. A couple of other questions that may come up will cover how often you communicated your security and sign-off policy to employees if there was compliance corporate-wide, and what you did to maintain that compliance.

Tom's Answer #1
"I realize that attacks can happen at any time, and we need to be ready. One of the most important tasks that I'm involved in when I come into work every day is to look at our security dashboard which shows a real-time report of events, threats, intrusions, and possible breaches. This tells us what actions we need to take, or improvements that need to be addressed to strengthen our network further. The real-time report gives me a view of events that have occurred and are occurring in real-time. As a directive by our CIO, we are required to do research on public and private corporations that were hacked so we could analyze how those organizations handled data loss and what they did to remedy those issues."
Tom's Answer #2
"There are several steps that I take to safeguard our environment. Let me outline those steps and tasks to get you familiar with our process, planning and execution:

1.) The first step is to identify the threats - this involves the unauthorized access of our company networks. Since our company has sensitive information, we go to great lengths to protect it.
2.) I keep employees honest - Employees have access to a lot of valuable company information, and if leaked to the wrong people, could be disastrous for the company. It's part of my responsibility to have employees reset passwords, and have them use two-factor authentication for additional security.
3.) I keep up to date on Cybercrimes that have happened in the past - I always look at what types of data hackers are attracted to so I know what kind of strategy to put in place for those types of potential attacks.
4.) I carry out risk assessments and audits on a regular basis - This is done to mitigate risk, and data loss. I work closely with external Cyber Security consultants to implement a security that is successfully executed."
9.
Can you describe the difference between a Black Hat, White Hat and Grey Hat hacker?
When it comes to cyber hackers, you will hear three terms used for hackers. They are Black Hat, White Hat, and Gray Hat hackers. These terms are also synonymous with Search Engine Optimization as well. For informational purposes, here's an overview of all three: Black Hat Hacker - Someone who has knowledge about breaking into or breaching computer systems and bypassing their security protocols. Their primary motivation is to financial or personal gain, and to spread malware or viruses in order to gain access to these computer systems. White Hat Hacker - Someone who is known to use their skills for good rather than evil. They typically work as Cyber Security consultants that are paid to find security vulnerabilities in systems, and work to strengthen those security holes for clients. In A hiring manager might pose a carefully crafted question to determine how well you know each one, and if you fall into one of the three categories. They want to know will you be able to defend against a cyber attack, and how you handle threats from hackers.

Tom's Answer #1
"When I think of Black Hat Hackers, a few things come to mind. An individual or group of hackers whose intent is to either maliciously penetrate a company's system by writing and distributing malware that leaves a company vulnerable and susceptible to further attacks. The others are cyber espionage and political persuasion. I am directly responsible for following our company protocol when we are alerted that a Black Hat attack is in progress. Much like a chess game, I carefully engage and monitor the activities of the Black Hat Hacker to see what steps and moves I must execute to prevent loss of data or a breach. One of the biggest motivations for Black Hat hackers is personal or financial gain."
Tom's Answer #2
"On the flip side of Black Hat Hackers is White Hat Hackers, which serve a completely different purpose and role. White Hat Hackers are what's called ethical hackers. I worked with a company that employed a White Hat Hacker, and I was assigned to work with this individual on a project to perform penetration testing and vulnerability assessments on the security systems to attempt to find weak spots and holes in our system via various hacking methods. I'm also familiar with how Gray Hat Hackers work, and I'm careful how I work and interface with them. The reason being is they don't fall within the Black Hat or White Hat Hacker category, thus the name Gray Hat hacker. I've found that they tend to look for vulnerabilities in a system without notifying the owner of the systems knowledge, and offer to fix those issues for a small fee. There are also instances where I have seen Gray Hat Hackers where Gray Hat hackers post a company's vulnerability in a public forum or social media platform for all to see. I've found that not all hackers are created equal, but I do take precautions with all hackers anyway."
10.
Does Google Penalize Websites With No Cyber Security?
Yes. Google penalizes websites with low or no cyber security. The reason is that a non-secure website puts website visitors at risk. There are a few things to watch out for to be safe from a Google penalty. If any of these things come up, changes will need to be made to your web presence. Let's start with some basics that could come up in an interview. Since Google continues to revise and tweak the way content is indexed on the web, you need to stay up to date on these changes. Make sure your HTTPS, TSL, and SSL are all in place. Even if it does publish updates on its algorithm, there are constant changes and sometimes no explanations about which changes are being made or when. It's important to note that the types of questions that come up will cover HTTPS, TSL, and SSL Certificates. The reason for this is two-fold. One is that Google looks at which sites are protected by security, and ranks them accordingly. The other is it also looks at which sites are not protected and displays an exclamation mark just to the left of the domain URL showing it is not secured.

Tom's Answer #1
"Working with cross-functional teams within our company has given me the experience to work on Search Engine Optimization, Marketing, as well as Google Penguin, Panda, and Hummingbird algorithms and releases. These tie directly into our corporate Cyber Security policy, and why it's important for us to be aware of internal and external activities that affect the security of our systems. It is my responsibility to work closely with our marketing department to make sure they are following our security policies and that they don't run the risk of launching a campaign that might compromise our website ranking. Some examples are SEO indexing, domain authority, and over use of keywords."
Tom's Answer #2
"One of the most important lessons I have learned first-hand is that Google does penalize websites for not having security on them (SSL Certificates-HTTPS and TSL), and it goes one step further to crawl your site to see if you have 404 error pages, broken links, or pages with suspicious content, it drops your ranking to the very bottom of searches. My current role dictates that I test all pages, links, content, shopping cart, contact form fields, blog pages, etc. to make sure we are compliant with all our security measures in Google's eyes. One of the tools I use to ping our site is Ping-O-Matic, which pings our site for irregularities or suspicious activity."
11.
How does Ahrefs and SERP impact the security of a website?
Ahrefs is a backlink and SEO tool set that a lot of people use. This tool does site auditing and will do an analysis of your site and monitor your website's health over a period of time. Alerts from Ahrefs will notify you of lost and new backlinks, keyword ranks, and web mentions. This tool is not a security breach because its purpose is to monitor your site and nothing more than that. SERP stands for Search Engine Results Page. It is used primary for marketing to the right target audience for your products and services. Then, the algorithms of Google report the behavior of your website to Google. It shows what keywords people used to get on your website, what people search for, which search engines your target audience prefers and the like. The reason I am mentioning all these terms and acronyms is because a hiring manager will want to know if you have knowledge from both ends of the security spectrum. One from the protection side (Cyber Security), and the other from a marketing perspective because marketing departments create their own web campaigns and may not be fully aware of the security risks involved in launching some campaigns. The hiring manager wants to see if you understand both sides and also work with marketing to ensure their campaigns are being launched without risk.

Tom's Answer #1
"I've been fortunate enough to work with our marketing department on their product and service campaigns. This has taught me to see things from both sides of the fence. What needs to be done from the security side to ensure that in order to launch a safe and effective campaign, one need understand how they intend to launch their campaign and at the same time spot areas of risk before they are seen by social media and on the web. One of biggest areas that we focus on with the marketing team is incoming traffic to our company website, and how visitors are being directed to our site or where they are linking to from campaigns to arrive at our site. This has helped me pinpoint where potential gaps or vulnerabilities may be on our website."
Tom's Answer #2
"I'm always optimizing our cyber security protection by removing page garbage and continuously "pruning" our site and enhancing new security features all the time. Any time I look at the effect that SERP or Ahrefs has on our site, it really comes down to building organic high quality back-links for our site to prevent attacks. I find that this reduces the amount of hacker attacks and unwelcome traffic to our website. These cyber security measures make sure i stay on top of things like that. This means that if we currently have all the cyber security measures in place for our website, then that minimizes risk and worry. As a general practice, I always take extra precautions when it comes to how data is analyzed from other sites like Ahrefs, MOZ, etc., and where traffic is coming from."
12.
What does it mean when there is a Googlebot breach?
Googlebots are not a breach in cyber security. Bots are software automated applications that run internet scripts. Also called spiders or crawlers, and they take on repetitive, simple tasks, as opposed to malicious and legitimate bots. A Googlebot is the web crawling bot from Google that essentially crawls discovers updated and new pages to add to their searching index. Google bots can make repeated requests to a website that it views as suspicious behavior. Site owners may not even notice it but Googlebots visit their sites quite a bit. To most, it may seem like a breach of security or privacy, but Google bots have to make requests to a website before you let them in. Here's where it gets interesting, good interviewers typically start with basic questions early in the interview to weed out the candidates that are clearly not qualified, then work their way up to more complex questions. Googlebot questions will fall somewhere in the middle in terms of complexity. The way that this question might be posed is whether a Googlebot or a breach mean the same thing, and if not what is the difference between the two.

Tom's Answer #1
"Having worked with Googlebots in the past, I'm familiar with how they work and why Google uses them to crawl websites. Googlebots do their job to alert webmasters and security professionals about malicious threats or attempts to hack a site. They also help determine whether a site has legitimate content to help it rank as well. I've seen websites get penalized because they aren't indexed properly and they have pages that don't follow Google's stipulated guidelines for cyber security protection measures in place. In my opinion, it really comes down to a websites domain authority and domain trust which tells the Googlebots that it is safe and protected."
Tom's Answer #2
"I work very closely with our marketing department and cyber colleagues to make sure that we have quality content that the Google bots will index using Google Fetch. Performing this technique causes website pages to get visited and indexed by the Googlebot. When I do this, there are three things that immediately come to mind. One is to make sure I am meeting Googlebot guidelines, the second is to check if search engines crawl from one page to another through HTML links, and the third is to make sure that we have followed internal cyber security and privacy guidelines to protect from any attacks."
13.
What is the difference between Asymmetric and Symmetric encryption and which one is better?
When comparing Asymmetric and Symmetric encryption, there are many things you need to be aware of. Not only will you need to know the difference between the two, but how they are used, and which one is better in a particular situation. It's important that you can articulate to the hiring manager examples of how you used both in specific situations and what you did to put an air-tight security solution in place that is impenetrable. Cyber Security has become one of the most important topics in technology today. Anytime you're processing credit card transactions through a payment gateway online, or at a brick and mortar retail store, you're dealing with vital consumer information, and hiring managers are going to want to hear how you keep these things protected.

Tom's Answer #1
"When I work with Asymmetric encryption, I always take into account that there has to be a private key and a public key for anyone sending a message. I have to adhere to a decryption policy for where and how the public and private is stored and shared. The way I view the differences between the two are the execution of asymmetric encryption algorithms is slower than symmetric encryption algorithms. Although the asymmetric encryption is mostly used for exchanging keys in a secure manner, it is used for establishing a secure channel over a non-secure medium such as the internet. The most common form of an encryption algorithm is Diffie-Hellman."
Tom's Answer #2
"In my current role I do work with Symmetric encryption. Since Symmetric encryption which uses a single key for encryption and decryption, I am responsible for monitoring the data transmission of those communication messages to prevent a potential intrusion or breach alert. As with many symmetric encryption algorithms, they execute faster, and are less complex than Asymmetric encryption, and are a preferred method of encryption communication. The most commonly used symmetric encryption algorithms are 3 DES, AES, DES, and RC4."
14.
What is PKI and does it bolster your cyber security defense?
PKI is essential for cyber security. Public Key Infrastructure or PKI is a set of procedures, software, policies, roles and hardware necessary for creating, managing, revoking, storing and using digitized certificates. The sole purpose of PKI is for the facilitation of secure information transfer electronically. This can happen through a range of activities in the network including confidential email, internet banking and e-commerce. PKI is a requirement for activities were passwords alone are inadequate methods of authentication. PKI bolsters your defense in terms of cyber security because it protects you from identity theft. Depending on the title or position of the interviewer (Manager, Director of Vice President), you'll probably be asked questions related to encryption and digitized certificates. Pay attention to these questions because they are all related. If an interviewer asks you to give them example of a high level authentication, you'll need to talk about how public and private keys (PKI processes, procedures, and roles work, and what your involvement is with this technology.

Tom's Answer #1
"PKI was an important part of my role and responsibility. I had to ensure that digital certificates were managed properly so that users would be able to have access to approved sites locally and remotely. I made sure that all information on our website wasn't getting into the wrong hands. Without PKI, all our confidential information could be hacked easily using simple passwords. I made sure that we had a high level of security in place for authentication and access to important information to prevent from such attacks from happening. I've been working within a Public-Key Infrastructure for a while and have learned that data encryption is at the heart of authentication and password protection."
Tom's Answer #2
"In my current role, I had to look up the public key of a receiver and a sender to ensure that both keys matched before allowing access to our systems. In other words, I perform a higher level of authentication than just typing in a password to further ensure protection. Our corporate policy dictates that we need to follow a structured framework for hardware and software data encryption to ensure trust for all parties. I strongly believe that having PKI in place to optimize cyber security is essential for every serious website owner. I was also one of the team members who made a contribution to writing our encryption policy."
15.
As a site administrator, what steps do you take to prevent incoming CSRF attacks?
Cross-Site Request Forgery (CSRF) attacks have become a common method of attack for hackers. What normally happens is an attacker gains trust from an unsuspecting user with authority to perform a specific action they were not intending on performing, then the attacker uses their identity and user privileges to impersonate them and perform malicious activities for their personal gain. As a site administrator, you have to be thoroughly knowledgeable about Cross-Site Request Forgery (CSRF) attacks. This is a great opportunity for you to showcase your knowledge with CSRF. You can use examples of recent security protocols or implementations that you developed to prevent incoming CSRF attacks. Here's an example of a CSRF attack. Someone logs into their banking website, and while logged in, they receive an email with a request to click on a link. If the victim clicks on this link, a script would execute a transaction to transfer funds from the victims account to the attackers account.

Tom's Answer #1
"As a site administrator, there are a number of things I need to be aware of in order to protect against CSRF attacks. I've developed a checklist of items that I follow on a regular basis for security prevention.

a.) Whenever I finish an online banking transaction, I always make sure I am logged off immediately.
b.) I always keep my anti-virus software up to date and active. I also run scans on a weekly basis to check and see if any malicious scripts can be blocked.
c.) I disable scripting in my browser.
d.) I always run all my financial transaction on one browser.
e.) This is an important one. I never save login information for my banking or financial institution."
Tom's Answer #2
"The way I approach CSRF attacks is two-fold. There is the server side and client side. The way I prevent server side attacks is to use cookies that perform session-tracking to session tokens that are dynamically generated. This makes it increasingly more difficult to obtain a clients session. Another way I protect my environment is that I don't assume that all sites are trustworthy. While visiting a site, I don't open any suspicious mails while authenticating to my banking website or any other site that performs financial transactions. This prevents any malicious scripts from being executed while logged into my banking website."
View All 24 Cyber Security Questions and Answers
Sign up to access our library of 50,000+ Q&As,
plus coaches for one-on-one support, so you can interview more confidently.
More Interview Q&As
Explore expert tips and resources to be more confident in your next interview.
Behavioral
Common
Phone
Tough
Leadership
All Interview Topics
All Career Q&As
Disclaimer
Our interview questions and answers are created by experienced recruiters and interviewers. These questions and answers do not represent any organization, school, or company on our site. Interview questions and answer examples and any other content may be used else where on the site. We do not claim our questions will be asked in any interview you may have. Our goal is to create interview questions and answers that will best prepare you for your interview, and that means we do not want you to memorize our answers. You must create your own answers, and be prepared for any interview question in any interview.