47 Cyber Security Interview Questions & Answers

Below is a list of our Cyber Security interview questions. Click on any interview question to view our answer advice and answer examples. You may view 15 answer examples before our paywall loads. Afterwards, you'll be asked to upgrade to view the rest of our answers.

Table of Contents

1. Behavioral Questions
2. Discovery Questions
3. Leadership Questions
4. Operational Questions
5. Technical Questions
6. Tehcnical Questions

Behavioral

1. Can you recall a time your manager was unavailable when a situation arose that demanded an immediate resolution? How did you react?

How to Answer

When responding to this question, emphasize your willingness to take the initiative rather than complain about the manager's absence. Explain why you felt the need to take action and describe how you did so to resolve the immediate situation and then review the issue and your actions with your manager. Be prepared to answer a follow-up question about what you would do differently next time.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

While this appears to be a question about leadership, it addresses your willingness to take the initiative. The interviewer is interested in this because it helps them determine your future growth potential. Organizations like to hire individuals who continually improve themselves and develop new skills, allowing them to advance within the company.

Written by William Swansen on June 5th, 2022

Answer Example

"Recently, my manager was away on vacation, and I was asked to fill in for them. A conflict arose between our team and another department that demanded an immediate resolution. The manager from the other department insisted we do what they wanted since our manager was not available. Knowing this was not the best solution, I presented an alternative and recommended that we discuss this with the senior leadership team to get their input. The other manager agreed. Working with senior leaders, we developed a compromise that resolved the conflict. When my manager returned from vacation, I briefed them on the incident, and they agreed I had acted appropriately."

Written by William Swansen on June 5th, 2022

Behavioral

2. Please describe a situation where you needed to adapt a process, procedure, or technology differently from how you usually did things.

How to Answer

When responding to the question, provide the interviewer with a brief description of a situation where you encountered a new challenge and how you addressed it by learning a new process or procedure or acquiring new skills. Describe how the way you reacted to this situation benefited the company.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Interviewers are curious to learn how flexible and adaptable you are and if you are willing to learn and expand your knowledge. They know that the job you are being hired for will evolve, and you'll be required to learn new methodologies, processes, and procedures to continue to do the work effectively. They want to ensure that you are capable of this.

Written by William Swansen on June 5th, 2022

Answer Example

"Recently, our company switched to a new random password generating system. I was required to explain this to our internal clients and help them set up their password management programs. Having never done this myself, I first had to learn the system to explain it to the staff. After doing this and gaining confidence in my knowledge, I put together a tutorial and presented it to the entire organization. They quickly adopted the new system, which reduced the number of unauthorized logins by 20% during the first year."

Written by William Swansen on June 5th, 2022

Behavioral

3. Can you recall a time you were assigned a task that wasn't a part of your job description? How did you handle this, and what was the outcome?

How to Answer

The best way to answer this is to start by stating that you are always open to pitching in wherever you can to help the company get the job done. You should also emphasize that you are open to learning new skills that will help both you and the company. Then describe an incident to illustrate this.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Some employees are reluctant to do anything that is not part of their job description. However, in today's fast-paced business environment, people are often asked to do extra work that may not have been part of their original assignment when they were hired. Interviewers seek to understand how you react when asked to do something not part of your normal job and determine how flexible you are.

Written by William Swansen on June 5th, 2022

Answer Example

"I have worked for several small companies where the employees wore many hats. I enjoyed this experience because it allowed me to learn new skills as an information security manager outside of my profession. This helped me grow my portfolio of skills and contributed to the company's success. In one case, I was asked to attend a trade show to research new information security products from a technical perspective. Even though I had no experience in this area, I accepted the assignment with enthusiasm. Attending the show and interfacing with the suppliers taught me a great deal about how products are developed and marketed, which helped me evaluate new product features and make recommendations for adopting them to our management team."

Written by William Swansen on June 5th, 2022

Behavioral

4. Can you give me an example of when you had to work with someone difficult to get along with? How did you handle the situation?

How to Answer

This is a behavioral question to which the interviewer expects a 'STAR' formatted answer: Situation, Task, Action, Result. Interviewers ask behavioral questions to determine how you react to challenging situations in the workplace. Your description of how you handled this in a previous job will indicate what you will do if hired by the organization. Behavioral questions typically involve challenges, relationships, conflict, or communication errors.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Written by William Swansen on June 5th, 2022

Answer Example

"In one of my recent jobs, I was partnered with another employee who was not open to new ideas and suggestions. Their attitude was 'my way or the highway.' We were tasked to develop a new process for using advanced encryption techniques more effectively. I asked for their ideas and noted that while they were good, it would be more efficient to modify them slightly. We developed a consensus about the new process by accepting their initial suggestions and only recommending minor modifications. We recommended this to management, and the new process was implemented. This resulted in significant savings for the company and made it easier for my colleague and me to work together on future projects."

Written by William Swansen on June 5th, 2022

Behavioral

5. Please tell me about a time when something major didn't go according to plan at work.

How to Answer

Since this is a behavioral question, you should utilize the 'STAR' response methodology. Make sure to stay positive, don't blame anyone else for the problem, and don't take full credit for the solution. Demonstrate how you worked with others to resolve the situation. As with any behavioral question, discuss the results you attained and possibly the lessons learned, especially if the outcome wasn't optimum.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Responding to situations that don't go according to plan is a key characteristic that interviewers look for. They will ask you a question like this to determine how you react to unforeseen circumstances. This provides them an indication of your flexibility, responsiveness, and creativity.

Written by William Swansen on June 5th, 2022

Answer Example

"During a recent software update project, the versions of the software we ordered were not correct. We reviewed the purchase order and determined that the software had been ordered incorrectly. Since the software seals had been broken, we couldn't return the product, nor was the manufacturer likely to agree to correct this because it was our error. Even though this involved additional expense, my manager and I agreed it would be quicker to order the correct versions of the software so we could proceed with the upgrade. We did this and were able to install the software without any major delay in the project. This taught us to carefully review the software versions we had and needed before ordering new products or performing any upgrades."

Written by William Swansen on June 5th, 2022

Behavioral

6. Can you describe a time you were asked to do something you had never done before? How did you react?

How to Answer

Provide an example of a situation where you were asked to perform a new task. Explain how you readily accepted the job and gathered resources to complete the task. Then describe the results of your efforts and what you learned from the experience. Your answer should follow the 'STAR' response pattern: Situation, Task, Action, Results.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Interviewers will ask this question to determine how you react to new situations and your attitude toward learning new skills and procedures. Employers prefer employees who are willing to learn new skills and thereby contribute more to the organization's business objectives. Curiosity and continuous learning are traits interviewers look for.

Written by William Swansen on June 5th, 2022

Answer Example

"In my most recent position, I was asked to lead a seminar on implementing information security practices for Mac systems. Even though I only had experience with Windows and Linux systems, and I'd never done this, I accepted the assignment and researched the topic. I put together a presentation using the information I collected and presented it to my entire department. The seminar was a success, and I learned that I could accomplish any task assigned to me with a little effort and the right resources."

Written by William Swansen on June 5th, 2022

Behavioral

7. Tell me about a difficult decision you had to make in one of your previous roles.

How to Answer

When answering this question, choose a situation in which you made a decision involving a personal sacrifice or two equally undesirable outcomes. Explain the choice you made, your rationale, and the outcome. Then briefly discuss what, if anything, you would have done differently based on the outcome.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

The interviewer is looking for examples of your decision-making process and how you approach difficult challenges or situations. They want to learn more about how decisive you are and whether you are willing to make difficult choices. The interviewer hopes to see that you are willing to put the organization's interests ahead of your personal feelings.

Written by William Swansen on June 5th, 2022

Answer Example

"During a recent downturn in business, I was required to reduce my staff. Every team member was well qualified and valuable to the organization, so choosing who to let go was difficult. After much consideration, I decided to dismiss one of the more experienced workers, knowing that they could easily find another job within the industry with my recommendation. This allowed me to develop one of the junior staffers, increasing their skills and making them more valuable to the organization. I would make the same decision if presented with this situation again."

Written by William Swansen on June 5th, 2022

Discovery

8. When was the last occasion you asked for direct feedback from your manager?

How to Answer

Requesting feedback from the people you work with demonstrates your desire to improve. Most employees avoid receiving feedback, fearing that it will be negative. By actively seeking it, you demonstrate courage, a willingness to be open to criticism, and the initiative to improve. Describe a time you felt you didn't complete a task properly and sought feedback to correct your process so you'd do better next time.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

The interviewer will ask this question to separate you from most applicants. This is because many professionals don't ever seek feedback from their supervisors. Interviewers prefer candidates who constantly seek feedback so they can immediately correct any deficiencies they may have or incorrect actions they are taking. The best professionals know that the only way to get better news is to engage their colleagues for feedback and suggestions.

Written by William Swansen on June 5th, 2022

Answer Example

"I have found that one of the best ways to improve myself is to continually seek feedback from the people I work with. Both my colleagues and my management team have perspectives that I don't and can spot weaknesses that I need to work on to improve. Therefore, I am constantly asking them about my performance. I also ask them for any suggestions they have and resources I can use to improve my skills and expertise. I do this continuously, and it has been very valuable."

Written by William Swansen on June 5th, 2022

Discovery

9. Can you tell me what your home network consists of?

How to Answer

Since discovery questions are general, there is no way to prepare for these. The best way to respond is frankly and honestly. Keep in mind that the information you provide the interviewer may be used for additional questions throughout the interview. This allows you to guide the interviewer toward areas you're comfortable talking about.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

The interviewer may ask you several different discovery questions to learn more about your background beyond what they read in your resume when beginning an interview. These questions provide them with the information they can use throughout the interview. These questions also begin the conversation, creating a dialogue between you and the interviewer. Another goal of these questions is to relax you, so the interviewer gets a clearer picture of how you respond when not feeling stressed because of the interview.

Written by William Swansen on June 5th, 2022

Answer Example

"My home network is quite basic. It consists of a cable modem, a Wi-Fi router, and two PCs hardwired to the router. There are also several wireless devices connected to the network, including a laptop, several cell phones, an Amazon Fire Stick, and several devices for the home security system. I require two-step authentication to access the wireless network."

Written by William Swansen on June 5th, 2022

Discovery

10. What is a professional achievement that you are proud of?

How to Answer

When responding to this question, try to have an achievement in mind that will demonstrate how you can help the interviewer's organization achieve one of its business objectives or goals. Employers hire individuals to help them make money, save money, or save time. Demonstrating how you can do this with all your answers during an interview will help convince the interviewer that you are the right person for this job.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

If your resume or CV is well written, it will detail some of your significant achievements and the contributions you've made to your previous employers. The interviewer asks this question to determine which of these you're most proud of and why. They hope to learn about your efforts to achieve the objective and how they contributed to your organization's success or business objectives.

Written by William Swansen on June 5th, 2022

Answer Example

"One of my professional achievements that I am most proud of is helping my current employer reduce the number of cyber-attacks the experience by 50%. I did this by setting up strong security measures such as firewalls, strong user authentication, network monitoring tools, and educating the employees about cyber security. Once the hackers realized the strength of our security measures, they stopped trying to infiltrate our network and turned their attention to organizations with more vulnerabilities."

Written by William Swansen on June 5th, 2022

Discovery

11. Describe a situation where you needed to persuade someone about an idea or process.

How to Answer

You can answer this question using the STAR format, describing how you seek to understand other people's points of view, acknowledging them, then offering them an alternative and the rationale behind it. You can then describe how you addressed any questions and concerns they had and developed a win-win scenario with a positive outcome.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

The interviewer will ask you this question because they are interested in learning about your communication and leadership skills and how you apply them to accomplish the tasks required in this role. Persuading other people about your ideas and suggestions is a valuable skill. Interviewers recognize that this will make you more effective in the job and reduce conflict between you and other team members.

Written by William Swansen on June 5th, 2022

Answer Example

"I take great pride in my ability to convince others of my ideas and suggestions. First, I solicit others' input, carefully listening to their ideas and acknowledging them. If their suggestions are appropriate, we move forward. However, if I believe we can improve on them, I state my ideas and recommendations and explain why I believe in them. I then answer any questions they may have and drive for a consensus in which all the parties are satisfied we are moving in the right direction."

Written by William Swansen on June 5th, 2022

Discovery

12. Why did you choose to interview with our organization rather than with others in our industry?

How to Answer

If you expect this question during every interview, you can be prepared to answer it based on your research of the company before the interview. Mention something about the company's recent achievements, business prospects, or work culture. You may also want to refer to the company's challenges and how you can help them address these based on your skills and experience.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

You should anticipate being asked this question in every interview. Employers want to know why you chose their specific company to interview with. They prefer to hire employers who are passionate about their work and the organization. This question is also meant to determine how much research you have done about the company.

Written by William Swansen on June 5th, 2022

Answer Example

"One of the reasons I chose to interview with your organization is that my research indicated you are a leader in this field. The products and services you provide have been developed through the innovation and creativity of your staff. As the industry pivots towards new technologies, I believe I can help you maintain this leadership position utilizing my information security skills and experience."

Written by William Swansen on June 5th, 2022

Discovery

13. What's the most interesting thing about you that I didn't see on your resume?

How to Answer

You can answer this question by giving the interviewer information about yourself that is not controversial and will support your qualifications for the position. Examples may be musical talent, an interesting hobby, or an unusual experience you had. Your research about the organization and its culture will help you prepare for this question.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Interviewers like to ask this question to learn more about your personality and determine whether you will fit into their corporate environment. By inviting you to the interview, they've already indicated that you have the skills and qualifications necessary to perform this job. The purpose of the interview is to confirm this and see how well you will fit into their culture.

Written by William Swansen on June 5th, 2022

Answer Example

"One thing that is not on my resume is my volunteer work with disadvantaged youth. I enjoy mentoring young people and helping them develop skills they can use to further their education, prepare for a profession, and navigate their way through life. I enjoy the satisfaction I get from seeing them reach their full potential. This experience has made me more comfortable seeking mentoring and development advice from my management team."

Written by William Swansen on June 5th, 2022

Discovery

14. Tell me about an aspect of your profession that makes you the most satisfied, energized, and productive at work.

How to Answer

This is a great question to ask yourself before beginning your job search. It will help you target specific jobs that you enjoy doing and will therefore be good at. This will enable you to answer this question when asked by an interviewer by simply describing a task you enjoyed working on related to the job you are applying for.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

This question is meant to uncover your passion and what you enjoy doing. Interviewers know that people do their best work when they are passionate about what they do. They will ask questions like this to discover if you are truly passionate about this job or just doing it for the money.

Written by William Swansen on June 5th, 2022

Answer Example

"One of my favorite parts about this profession is collaborating with organization members from other departments. I enjoy working together to determine how to achieve the business's objectives. Participating as a member of a creative team is one of the best aspects of this job."

Written by William Swansen on June 5th, 2022

Discovery

15. What motivated you to make a move from your current role?

How to Answer

When answering questions like this, be positive and explain that you are moving towards something new, not away from something old. Discuss your desire to be challenged and the rewards you will get by helping a new organization achieve its objectives. Also, talk about the opportunity to improve yourself by acquiring new skills and experiences in a new position.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Interviewers will ask this, knowing it is a potential 'trick' question that may prompt you to speak poorly of your current job, organization, or supervisor. They know that if you do this in your current situation, you will likely do it if you elect to leave their organization. Interviewers seek to hire candidates who are positive and move toward new opportunities rather than away from bad ones.

Written by William Swansen on June 5th, 2022

Answer Example

"While I enjoy the work I do and the organization I am associated with, I'm always looking for new challenges and opportunities to develop myself. While researching this job, I discovered that your organization would benefit from my experience, skills, and expertise to address your current challenges. I also noted that this role would expose me to opportunities to learn new skills, develop new relationships, and improve my overall qualifications. Finally, this job represents an increase in responsibility which I am always seeking."

Written by William Swansen on June 5th, 2022

Discovery

16. What's a misconception your coworkers have about you, and why do you believe they feel this way?

How to Answer

Since the interviewer is asking you to reveal either a real weakness or behavior that appears to be a weakness, it may be hard to answer this question. Your answer should either point out a minor flaw that you are working to correct or discuss a strength your coworkers and managers are unaware of. In any case, remain positive when answering this question.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

This may be a trick question to get you to identify a weakness you have or are perceived to have. Interviewers will ask this to uncover a weakness or determine how self-aware you are. They also want to know if you'll answer this question positively or say something negative about yourself or your coworkers.

Written by William Swansen on June 5th, 2022

Answer Example

"My coworkers sometimes mentioned that I'm not very social. This is because I tend to focus on the job more than socializing while at work. They don't see that when I'm not working, I spend a lot of time enjoying the company of my friends who share my interests in the outdoors."

Written by William Swansen on June 5th, 2022

Leadership

17. Can you give me an example of a time you led by example and describe what you did and how your team reacted?

How to Answer

Since this is a behavioral question, format your answer in the STAR framework by first describing a Situation and the Task you were required to complete. Then, describe how you Acted by demonstrating the behavior you needed the team to exhibit. Finally, discuss the outcome of the project or task and what your team learned from the example you set. Make sure you communicate how you led by example and how this motivated the team to accomplish the assigned task.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Interviewers ask this question to prompt you to talk about your leadership style, hoping you will describe how you lead from the front by example rather than from the back by exercising your authority. They recognize that teams perform better when they believe in their leadership and are willing to follow their example. By asking this question, the interviewer can discern whether you will be an effective leader.

Written by William Swansen on June 5th, 2022

Answer Example

"In my most recent role, my team and I were tasked with implementing a new process. Since none of us had experience in this area, I researched the process and created a training curriculum. I presented this to the team, participating in the exercises which simulated the new process. Together, we debugged the process, created an implementation plan, and launched the process. By fully participating in each aspect of the project, I demonstrated to the team that I was willing to roll up my sleeves and work alongside them to make the project successful. They acknowledged this and expressed their willingness to replicate the process on future projects."

Written by William Swansen on June 5th, 2022

Operational

18. How will you detect an incident or data breach, and what steps do you take to prevent it from happening?

Why the Interviewer Asks This Question

There are many software and hardware detection systems in the market that help prevent incidents and data breaches. Hiring managers will ask operational questions about detection and how they start. They expect you to answer by describing the methodologies you use to employ intrusion detection systems and the success you have had with these. Providing concrete examples of your work will convince the manager that you are up to this task and can do the work for which they are hiring you.

Written by William Swansen on June 5th, 2022

How to Answer

You can answer this question by explaining to the manager that organizations need to change their mindset about how detection is addressed. This will give you points in the interview. Cyber experts should be able to articulate the procedures involved in tracking an intruder and where most companies fail with their detection systems. Tell the manager how much you enjoy your work and how proud you are of setting up and maintaining environments with 0% intrusions due to your security strategy and vision.

Written by William Swansen on June 5th, 2022

1st Answer Example

"An incident can happen at any time without warning, so being ready is critically important. I strongly believe that every company should have a plan B for attacks that take place without warning. Once a hacker gains access to a system, there are two main directives that they pursue. Doing reconnaissance, and exploring to understand the system. Their next steps are to find assets (Data), and how to access them, all while acting in a stealth mode in the system. This is where I would be able to detect their movements and track activity."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"The trick is having a strong detection system that finds an attacker early in the process to thwart or minimize data theft or other significant damage. In order to find an active attacker, there are two challenges that must be addressed and solved:

1) You need to change your approach on what you look for and how you identify them
2) Look at full network activity, rather than limited packet routing

I find that the whole mindset has to change because identifying an active attacker through the typical process of pre-defined signatures, entry behaviors, and other signs isn't the most efficient way of protecting your systems. These hackers are meticulous, and follow a step-by-step campaign to gain entry."

Written by Tom Dushaj on December 6th, 2019

Operational

19. What steps would you recommend our employees take to prevent identity theft?

How to Answer

You should anticipate this question during every interview you attend. You can prepare your answer by creating a list of easy-to-follow measures that will help individuals protect their identity, both on the job and in their personal lives. Your ability to describe how you would do this will convince the interviewer that you are capable of performing this job and would be an asset to the organization. As with any operational question, keep your answer brief and to the point, and always be prepared for a follow-up question.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Employers expect cybersecurity professionals to perform a wide variety of tasks within the organization. In addition to taking specific measures to protect the organization's data, cyber security personnel is also expected to educate the employees about protecting their personal and the organization's information. The interviewer will ask you about your knowledge of preventing identity theft to ensure that you can perform this function. This will help protect the employees, which in turn keeps the organization's information safe.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Protecting one's identity is important for both individual employees and the organization as a whole. If an employee's identity is compromised, the information the identity thief obtains can be used to access the organization's network and compromise or damage its data. Therefore, it is important that I help employees protect their identities. Some common ways to do this include ensuring that they use strong and unique passwords that are updated frequently, avoiding sharing confidential information online, verifying the identity of websites they visit, and other similar methods."

Written by William Swansen on June 5th, 2022

2nd Answer Example

"in each of my previous jobs, I was required to help train employees about identity theft. I conducted seminars that informed them of the dangers of identity theft, how difficult it was to remediate this, and ways they can protect their identity. Some of the techniques I shared include using strong passwords, avoiding sharing their information on social media, only visiting websites they trusted, installing antivirus software and other tools on their computers, and keeping their systems and software up to date."

Written by William Swansen on June 5th, 2022

Operational

20. What are the various ways to inform employees about information security policies and procedures?

Why the Interviewer Asks This Question

Anyone in IT leadership responsible for establishing and maintaining company policy and procedures for security needs to ensure that there's a system in place for monitoring corporate computers and mobile devices to protect against email viruses, malware, and data breaches. You'll find that hiring managers tend to spend a bit more time on this question because they want to gauge your level of confidence on how you implement these practices across the company and how you communicate the procedures to all employees. It's not uncommon for a manager to ask you to talk about communicating effective ways to identify phishing emails, transferring confidential files securely, password management tips, and applying privacy and security updates for all employees.

Written by William Swansen on June 5th, 2022

How to Answer

Since communication is a key sauce skill hiring managers look for in prospective employees, you can use this question to demonstrate your skills in this area. A good way to respond would be by relating an experience you had with a previous employer in which you communicated the organization's cyber security policies and procedures and how important was to adhere to these. The experience you share with the manager will be a reflection of your capabilities and may IP show that you can think outside the box. This helps the manager see the level of detail you go through to protect your company's information security assets and employees.

Written by William Swansen on June 5th, 2022

1st Answer Example

"If you look at statistics on how attacks were established. You will find that over 50% of attacks came from employees within a company that inadvertently allowed access to a hacker, or simply disregarded company security policy. At my last company, I was directly involved in writing the security policies and procedures, as well as setting guidelines and conducting training sessions with employees to teach them to detect phishing emails and similar scams. I demonstrated in detail what a phishing email looks like, what to look for when they receive one, and the procedure to follow once this type of scam is identified. I created an email account so that anyone who received these phishing emails, l could send them straight to that account."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"During my security training sessions with employees, I explained the importance of cyber security and pointed out the risks of an attack and the negative impact it could have on our organization if personal employee or company information is compromised. As part of the training sessions, I discussed in detail the use of and management of strong passwords, and how to use unique characters when selecting new passwords. As a way of making sure all employees were adhering to our security policies, I set quarterly reminders for everyone to change their passwords. I also had everyone apply updates to their systems and privacy settings."

Written by Tom Dushaj on December 6th, 2019

Operational

21. Give me your opinion on Blockchain technology, and how do you think it will revolutionize cyber security?

Why the Interviewer Asks This Question

Since Blockchain was introduced to the market, security technologists have been busy keeping Blockchain transactions secure through distributed networks so people can use bitcoin or crypto-currency as a payment gateway. Hiring managers, especially in the finance/banking industries, are well aware of this technology, so when they ask this question, they are looking for your opinion on how it applies to cyber security. They expect you to be well versed in this area and to be able to respond with a strong, fact-based opinion that examples and presidents can support.

Written by William Swansen on June 5th, 2022

How to Answer

If you have experience working in an environment that uses Blockchain, showcase that experience in a way that makes you stand out from the crowd. For example, use a scenario (without giving away sensitive company information) where you used it and how you could protect web servers and ID systems so the transactions were safe and secure. If you have limited knowledge of Blockchain, show your eagerness to learn the technology and how your skills would apply in those situations.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Anytime I see the introduction of a new technology or payment gateway, I take it upon myself to research that technology to see where it is relevant in the world of Cyber Security. When Blockchain came out, I did extensive research on where it might have vulnerabilities, and be susceptible to attacks. According to my research, Blockchain has been around for about a decade and was initially introduced to store and/or send crypto-currency like Bitcoin. Blockchains are distributed networks with millions of users all over the world. Since Blockchain uses cryptology, it's easier for businesses to authenticate devices and users without the need for a password. This definitely eliminates manual intervention in the process of authentication, thereby avoiding potential attacks."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"The way I view Blockchain revolutionizing Cyber Security is through decentralized storage, record keeping, and peer-to-peer sharing. Furthermore, Blockchain users will be able to store all their data on their network or computer if they choose to do so. Basically, a blockchain is a decentralized, digitized, public ledger of all cryptocurrency transactions known as Distributed Ledger Technology. One of the big reasons why I think blockchain is going to be an integral part of Cyber Security is (Distributed Denial of Service. In a nutshell, Blockchain transactions can be denied easily if the send-receive participants are impeded from sending transactions. Blockchains provide a non 'hackable' entrance point, thereby, provide more security when compared with database-driven transactional structures."

Written by Tom Dushaj on December 6th, 2019

Operational

22. In a situation where a user needs admin rights on his system, what protocol do you follow to grant or restrict admin access?

Why the Interviewer Asks This Question

Hiring managers ask this common question to confirm that you limit the number of users accessing sensitive data. They want to know if you follow security protocols and best practices for roles and privileges. In an interview, you might hear the term (Greenplum). Greenplum is a database system that manages access to those databases using roles. Giving an example of some challenges you had with restricting access for a good reason and then granting access after approval shows the manager how well you followed protocol.

Written by William Swansen on June 5th, 2022

How to Answer

There are numerous occasions when someone needs an important document for something like a proposal, and the only place the data needed is on a server or drive that requires administrative access. If you've ever needed to access folders or files that are locked or inaccessible, you understand this issue. When answering this question, you need to point out that you always follow protocol when granting admin-level permission to a user. This demonstrates your adherence to company cyber security policies, and your understanding of how having admin access can cause serious security breaches. You may want to note that your old and two exceptions to this role, but only with the appropriate approval by individuals with authority to grant this.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Managing roles and privileges has its challenges because the user could be a database administrator seeking access to specific tables or objects. As part of our security best practices, I assign rules by role membership by group. I find this to be the best way of managing privileges, this way privileges can be revoked or granted to a group as a whole. I'm intimately familiar with a Greenplum database and how it works. For example, Greenplum requires a UNIX user ID to initialize and access the Greenplum database. This protocol is pretty standard in the industry, and widely used for creating new rules, and protecting passwords in the Greenplum database."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"If you look at various network infrastructures and architectures within companies, you will find a variety of user/role attributes. One of the user roles that I keep a close watch on is giving access to SUPERUSERS. I like to limit access to SU's for a number of reasons, one of the biggest is SU's bypass all access privilege checks in Greenplum dataset. In my humble opinion, I think only administrators should have that access since we are intimately involved in the protection and security of the organization."

Written by Tom Dushaj on December 6th, 2019

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"I occasionally encounter this situation at ****. If access is needed as a one and done I dispatch a tech to assist the user if is needed on an ongoing basis I have the data owner of the unit request the access from us and state for how long. On a larger organization, it would be the department head. Once we review the ticket I usually have the user moved to a different staff network that we have reserved for special cases, that network has its own firewall in front and a NIDS too and we use DAC to assign back access to only the resources needed by the employee. After the period of time ended, we moved back the user to its default privileges which are based on his group and role. This allows us to keep the attack surface area as restricted as possible."

Amanda's Feedback

Fantastic! You've clearly outlined how you all restrict admin access to meet different needs and minimize the attack surface. The confidence in your answer makes it clear that you're comfortable working with this protocol.

Operational

23. How do you assess the difference between a cyber threat, vulnerability, and risk?

Why the Interviewer Asks This Question

When assessing a threat, vulnerability, and risk, there are several factors to consider. Let's take a deeper dive into what these are and how to be prepared to answer questions that come up in an interview. In simple terms, a threat refers to a circumstance or event with the potential to cause harm by way of an outcome. One example could be a phishing attack that allows the attacker access to steal private or confidential information for personal gain. Vulnerability simply means a weakness in a system. One example is an attacker planting a cross-site script to gain control over sensitive data within a network infrastructure. Lastly, in this case, a threat is defined as a threat probability followed by potential loss. It is important to note that a hiring manager might ask a combined question or a singular question. This means they may just ask about vulnerability or just a threat question to move the interview along. It's best to be prepared for all three questions anyway. The hiring manager is looking to achieve a couple of things here. They want to see how well you can articulate all three definitions (provided they ask all three questions) and how deep your understanding is within these three areas.

Written by William Swansen on June 5th, 2022

How to Answer

The best approach to responding to this question is to define each issue the interviewer asks you about. You can then begin to compare and contrast them, noting the differences between each of them and how you would prepare or respond to these. You may want to provide the interview with examples of a cyber threat, vulnerability, and risk that you've encountered in your previous positions and how you dealt with each of these. If the interviewer asks a follow-up question about any of these topics, it indicates they have a special interest and may have already encountered them or are anticipating they will.

Written by William Swansen on June 5th, 2022

1st Answer Example

"When I perform a threat, vulnerability, and risk assessment, there are certain protocols and procedures I must follow. I first need to identify whether I'm dealing with a threat, vulnerability, or mitigating risk. Identifying vulnerability is very important because this will reveal to me how well our detection and intrusion systems are working, and whether or not they are leaving us vulnerable to attacks at any level of our networks and systems. If we find that there are widely exploited vulnerabilities that come to my attention, I immediately act to secure those areas of vulnerability. During my tenure here, I was able to maintain a safe and secure technology environment by standardizing encryption, detection, and authorization practices."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"If I'm dealing with a threat, I need to identify who the threat actor is (a person or entity who initiates a threat), then I know how to respond to this threat. I go through a checklist of items to make sure that we have secured our networks, systems, and users. This can be achieved by software monitoring systems that alert us to threat traffic, and how they might be attempting to breach our systems. In cases where I am addressing risks, I take a proactive approach to mitigating risks by monitoring and scanning our architecture to see if there are any SQL injections or Cross-site scripts present. I run these automated tests on a daily basis to safeguard our systems."

Written by Tom Dushaj on December 6th, 2019

Operational

24. How do you protect connected mobile devices on your network from cyber attacks?

Why the Interviewer Asks This Question

Mobile and connected devices are becoming a way of life in the corporate world. Network/Systems and Cyber Security engineers have to be on the defensive regarding mobile and connected devices that enter their workplace. They don't know if a smartphone, for example, has a malicious app on an employee's phone and if unknowingly having that can compromise their networks or systems. This is a question that an interviewer will likely ask. They may go as far as asking what kind of setup you have at home for your connected devices. A hiring manager will ask this to see how well protected you are at home and if you apply these same practices and principles at work. It's important that you are aware of the types of attacks that can occur on mobile and connected devices. As an example, here's a list of potential topics that may come up during an interview.

Written by William Swansen on June 5th, 2022

How to Answer

Before responding to the interviewer's question, you may want to ask a clarifying question. Are they asking about how you protect connected mobile devices on the organization's network, or are they interested in how you do this for your personal devices at home? Once you better understand the question, you can begin to answer by describing your techniques and why you use these. You don't need to go into great detail; just describe your overall strategy and any special measures you employ. The interviewer will ask you a follow-up question if they need more information or want to explore the topic in more detail.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Since I also have a mobile phone and several connected devices at home and work, I do take extra precautions to make sure that what I load on my phone and devices is safe and virus free. I do this by researching the software or app before downloading it. I am also careful not to grant app permissions to access functions on my mobile device either. In my current role, I take the steps necessary to safeguard mobile devices and users against attacks. I have developed a checklist that I share with our employees to make sure they follow safe practices. Here's an example of my list:

1. Use strong/unique passwords
2. Add anti-virus software to devices
3. Review app permissions before giving access
4. Use two-step (multi-factor) authentication
5. Keep your software up to date on a regular basis
6. Disable features you may not use

1.) Mobile Malware
2.) Malicious Apps
3.) Data Leaks
4.) Phishing Attempts
5.) Machine Based Attacks"

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"I have implemented several safe mobile device use practices in addition to an awareness program to keep our employees thinking about the importance of security threats as they use their mobile or connected devices. It's important to me to maintain a dynamic "immune system" for our networks and systems to ensure sensitive data is protected at all levels of our organization. As part of the awareness program, I conduct periodic training sessions called "Lunch & Learns" to talk about the various types of threats to mobile and connected devices that can occur. Each training session covers the latest updates on all the threats and how to protect their selves."

Written by Tom Dushaj on December 6th, 2019

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"By using a Mobile Device Management platform and having endpoint security software such as Sophos InterceptX. In addition to all security measures, you should normally take on all mobile devices such as geofencing, encryption, storage segmentation where applicable, and even the use of cloud technology to working data from being stored on the device."

Amanda's Feedback

Well done! Your answer is specific enough to assure the interviewer that you have expertise in protecting mobile devices from cyberattacks because you've listed specific software and additional security measure that help protect valuable information.

Operational

25. Do you have a Cyber Security Incident Response Plan?

Why the Interviewer Asks This Question

First of all, all companies should have a Cyber Security Incident Response Plan. If you've worked in Information Security for any amount of time, you should be familiar with Incident Response. The make-up of an incident response plan will probably include the following components: A.) An Incident Response Team, B.) A Workforce Continuity Plan, and C.) A summary or inventory of tools and technologies within the environment. It's fair to say that an interviewer will likely want to know what part of the Incident Response plan you are responsible for if a cyber attack were to happen or if a critical security event has been detected.

Written by William Swansen on June 5th, 2022

How to Answer

Give some thought as to how you would respond to this question. We suggest you give the interviewer some insight into how the plan was developed and if you had any involvement or input in putting the plan together. This tells the interviewer that you were an instrumental part of the planning process from planning to executing this plan. Make sure to include a description of what parts of the plan you are responsible for if an incident occurs.

Written by William Swansen on June 5th, 2022

1st Answer Example

"At my current company, I was intimately involved in the development of our Cyber Security Incident Response Plan. I was responsible for overseeing the planning strategy, as well as the operational and tactical execution of the Incident Response plan. As per our company policy, we followed the NIST - Computer Security Incident Handling Guide. Here's a breakdown of the structure of the plan that I helped develop:

1.) Detection and Analysis - Includes everything from monitoring potential attacks to looking for signs of an incident.
2.) Train staff on detection, containment, eradication, and recovery.
3.) Identifying the source of potential attacks
4.) Containment and recovery - This involves disabling network/systems access and installing security patches to resolve vulnerabilities.
5.) Assess the damage."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"It was important for me to be part of the containment and incident response team since I was directly involved in the creation of this team and plan. One of the many things that I took part in was examining past incident reports and lessons learned so that we could prevent similar incidents from happening in the future. I also reviewed and updated alert levels and investigated where possible single points of failure could happen. I wrote a service restoration document that included two critical steps:

1.) Perform a network/systems health check for validation to confirm that all systems are operational.
2.) Assess the damage and severity to determine the cause of the incident."

Written by Tom Dushaj on December 6th, 2019

Operational

26. What are your contingency protocols if your company gets hacked?

How to Answer

You can answer this question by describing your actions after discovering that a breach has occurred within your organization. The first thing should always be to notify your customers immediately. By law, you are required to inform customers whose data has been compromised. Every company should have a contingency and communication plan in case this happens. This is a very common question that almost always comes up in an interview. There are several ways to respond to this question. The responses that will get you points in the interview highlight your steps when such an incident occurs. It will help to mention that you are an important part of this process and that you oversee each step to make sure you are following the law and company policy.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

One of the key functions of a cyber security professional is to respond to incidents in which the company's information and security are threatened. The interviewer expects you to have a definitive plan you can use if this occurs. They may also be interested in whether your plan is similar to the one their company uses or if there are additional steps you include that help mediate the situation more efficiently. Being able to describe the plan and the steps you take will help the interviewer determine if you're qualified for this role.

Written by William Swansen on June 5th, 2022

1st Answer Example

"If a breach were to happen, we have strict rules, processes, and procedures that we have to follow in order to comply with state and federal laws. My role includes making sure that a written notification was sent to all our customers with signature confirmation informing our customers of a breach. This letter clearly states that a breach occurred and to notify them what information was compromised. Additionally, a letter is also sent to a few governing bodies such as the State Attorney General's Office, HIPPA, and the SEC (if applicable) informing them that a breach has occurred, and what we intend to do to remedy this problem and when it will be resolved."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"My current company has a documented internal incident response plan that we follow in case of a breach. It maps out the current setup of our systems, who is to be contacted, and a list of onsite and offsite employees, cloud providers, and/or networks of other companies we have acquired. This same practice and notification procedure is also done for our vendors that may have been affected by a breach as well.

Here's a breakdown of protocols that are performed after an attack:

o Notify Incident Response Team
o Review all steps in our contingency plan
o Call in a forensics cyber security team (External Consultants)
o Notify state & local governing bodies - (if it applies)
o Find out where the attack came from
o Check back-ups in the cloud
o Disconnect all computers from the network and start documentation of the infection
o Document and investigate where the attack came from
o After the attack is remedied, conduct employee training and education on how to avoid future attacks."

Written by Tom Dushaj on December 6th, 2019

Operational

27. What is a false positive and false negative alert in the case of Intrusion Detection Systems?

Why the Interviewer Asks This Question

Every company with an intrusion detection system will likely come across a false positive or false negative. If you've ever done test cases for your company, and the results gave you a false positive or false negative, it could be because of a software bug, a hardware failure, or perhaps the functionality is not working properly. In any case, the hiring manager will ask this question to gauge if this problem is caused by manual intervention or a failure of the systems.

Written by William Swansen on June 5th, 2022

How to Answer

When answering this question, t's important to highlight your knowledge and understanding of this topic by talking about the steps you take to monitor the reliability of the hardware and software and use corrective actions to prevent future alerts of this kind. For example, did you have to do further testing or change the code or functionality in the software to correct this problem? You can use an example from one of your previous jobs to illustrate your proficiency in this area and how you go about determining if your intrusion detection system is providing a false negative or false positive.

Written by William Swansen on June 5th, 2022

1st Answer Example

"While we try to protect any sort of intrusion or hacking of our systems, we do get the occasional attempted intrusion alerts that tell us where the intrusion is coming from and how they are able to get through the first level of security. This is where we implement a false positive and false negative to give them the impression that they are penetrating our system, but in reality, we are watching them monitor which areas of our network they are attempting to attack so that we can strengthen that area and other areas of attempted attacks."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"I've worked with intrusion detection software, anti-virus, and malware software for many years, and have found that even when you test your system, you might get a false positive or false negative. It's not uncommon for this to happen, and I've always proactively planned for it since it's very likely to happen. My approach is to explore why it happens, or what might have caused it to happen, and work towards a preemptive strike to prevent it from happening again. Since both are damaging, and they create a false sense of security, it makes it even more important to me to address them very early in the process. One of the areas I look closely at is test cases. I tend to break them down to the granular level and analyze every detail to get to the core of the problem. I do this by using different test data, metrics, and analysis to review test cases, and I do this process manually and also use automation scanning tools as well."

Written by Tom Dushaj on December 6th, 2019

Operational

28. Which user applications have you found are most susceptible to being hacked?

How to Answer

If you were to look at data going back for the last 10 years, you'd find that a majority of applications that were hacked are in the banking and finance industry. This is important because if the employment prospect you are applying to is in this industry, you'll likely be asked this question. Answering this question with knowledge about what type of applications get hacked the most will help the interviewer understand the depth of your knowledge on this subject. A good way to start answering these types of questions is to give examples of recent hacks in the industry of the company you are interviewing with. To really show your knowledge on this topic, give the interviewer a brief on what industries made changes that were implemented to avoid this from happening again.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

The interviewer will ask you this question for two reasons. First, they are genuinely interested in the applications that tend to be hacked and want to see if their organization uses any of these. The second is to check your knowledge about cyber security and determine if you understand which are the most vulnerable applications. They expect you to know this and be able to describe your strategy for protecting these applications and the organization's entire IT infrastructure.

Written by William Swansen on June 5th, 2022

1st Answer Example

"It's been my experience that the banking and finance industry has been especially targeted by hackers the most. One of the biggest reasons is obviously financial gain. Hackers seem to find vulnerabilities within banking apps and exploit them. It's estimated that 85% of web apps that are tested have flaws that hackers were able to penetrate. Using apps on your mobile phone can be risky especially if you do any sort of financial transactions. As a company policy, we have implemented two-factor authentication for all our users. This has helped reduce hacking attempts within our corporate environment significantly. We also encourage our users to update their devices on a weekly basis too."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"I've seen cases where individuals get tricked into handing over (not literally) sensitive banking or other information that eventually gets forwarded to an attacker. Protecting my mobile phone from being hacked is very important to me because I know that it is more vulnerable than a desktop, laptop, or another mobile device. One of the measures I use is to keep my phone away from public Wi-Fi. There are a couple of other ways a hacker can easily exploit vulnerabilities in a mobile phone. They can....

1.) Implement a phishing attack or infect a user with malware to gain access.
2.) Write cross-site scripting and using SQL injections to obtain access to a database then remotely run commands."

Written by Tom Dushaj on December 6th, 2019

Operational

29. What practices do you have in place to monitor and protect against suspicious malware, ransomware, and phishing activity?

How to Answer

Out of all the types of attacks, phishing attacks are one of the most common security challenges that both individuals and companies face in today's world. Whether you're logging in to access credit card accounts or other sensitive information, hackers are getting creative by using email, social media, and phone calls to steal valuable data from unsuspecting users. Here's where you can highlight your expertise and knowledge on how hackers gain access to people's phones, PCs, and other mobile devices. Talk about how you and your company regularly conduct internal penetration testing and training sessions on how to spot phishing attacks, malware/ransomware, and other suspicious links, emails, communications, etc.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

As organizations grow, their intellectual property and proprietary information become more vulnerable to attacks. Even though new methodologies are constantly being developed to thwart these, hackers continue to develop new in unique ways to obtain the information they seek. Interviewers will ask you about your practices to protect an organization's critical information and stay abreast of new and developing threats. This is the key reason they are interviewing you for this position.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Over the years, I have implemented a number of safeguard protection practices at my current company to prevent phishing attacks, malware, and ransomware. Some of the practices include training our employees on how to spot suspicious emails that could be phishing emails or potential malware that could infect their devices. As an extra security measure, I require all our employees to change their passwords every month. I send an automated message on a monthly basis to remind everyone to change their passwords."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"I have found that many companies have poor security detection processes in place. Companies don't properly train their employees on what to look out for and how to report these potential attacks to the Information Security department. I take IT security seriously and have implemented an awareness program to address this concern. Here are a number of things that I train our employees to look out for:

1.) Look at hyperlinks by hovering over them before you click on them.
2.) Never give out personal information from an unsolicited email.
3.) Do not click on any attachments or hyperlinks from an unknown source.
4.) Read through the email and look for misspelled words and poor grammar. That's a dead giveaway."

Written by Tom Dushaj on December 6th, 2019

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"Security controls such as IDS, WAFs, IPS, HIPS, Antivirus,

Monitoring tools that analyze the logs for detecting intrusion and breeches: Sourcefire, FireEye, Solarwinds, and ThousandEyes.

EDR Endpoint Detection and response tools such as Cybereason.

User education on Email handling, phone handling."

Chad's Feedback

Great start. Your answer demonstrates a wealth of knowledge in this area! However, there is room to improve the structure of your response to ensure you are coming across as organized and articulate while you talk about the different practices in place. Keep in mind it is not just about what you say - it's about how you say it. Ensure you are answering in complete sentences, and directly addressing the interview question. You may also want to consider using full words in place of acronyms, to ensure there is no confusion (i.e. "Intrusion Detection System" instead of IDS, "Web Application Firewall" in place of WAFs, etc.).

Operational

30. Recently, there have been several virus attacks; what have you done to protect your organization from these cyber attacks?

Why the Interviewer Asks This Question

This is a great question from a manager, and there are some very good responses to this question. The first thing is having an in-depth knowledge of how cyber security attacks occur. There are several situational examples that a hiring manager might ask you to walk through to see what you did to thwart those attacks. Some of the core questions will relate to what you did to identify those threats, what authentication you used to combat the threats, and how frequently you do risk assessments. A couple of other questions that may come up will cover how often you communicated your security and sign-off policy to employees if there was compliance corporate-wide, and what you did to maintain that compliance.

Written by William Swansen on June 5th, 2022

How to Answer

When responding to this question, make sure to cover topics including how you identified the threats, what authentication you used to combat the threats, and how frequently you do risk assessments. You should also mention how often you communicated your security and sign-off policy to employees and if there was corporate-wide compliance or violations of the cyber security policies, and how you addressed these. A comprehensive answer addressing each of these practices will help convince the interviewer that you are the right candidate for this job.

Written by William Swansen on June 5th, 2022

1st Answer Example

"I realize that attacks can happen at any time, and we need to be ready. One of the most important tasks that I'm involved in when I come into work every day is to look at our security dashboard which shows a real-time report of events, threats, intrusions, and possible breaches. This tells us what actions we need to take, or improvements that need to be addressed to strengthen our network further. The real-time report gives me a view of events that have occurred and are occurring in real-time. As a directive by our CIO, we are required to do research on public and private corporations that were hacked so we could analyze how those organizations handled data loss and what they did to remedy those issues."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"There are several steps that I take to safeguard our environment. Let me outline those steps and tasks to get you familiar with our process, planning, and execution:

1.) The first step is to identify the threats - this involves unauthorized access to our company networks. Since our company has sensitive information, we go to great lengths to protect it.
2.) I keep employees honest - Employees have access to a lot of valuable company information, and if leaked to the wrong people, could be disastrous for the company. It's part of my responsibility to have employees reset passwords, and have them use two-factor authentication for additional security.
3.) I keep up to date on Cybercrimes that have happened in the past - I always look at what types of data hackers are attracted to so I know what kind of strategy to put in place for those types of potential attacks.
4.) I carry out risk assessments and audits on a regular basis - This is done to mitigate risk, and data loss. I work closely with external Cyber Security consultants to implement security that is successfully executed."

Written by Tom Dushaj on December 6th, 2019

Operational

31. How do you enforce the use of SSO (Single Sign-On) & MFA (Multi-Factor Authentication) within your company?

Why the Interviewer Asks This Question

The importance of SSO (Single Sign-On) & MFA (Multi-Factor Authentication) goes way beyond passwords and how they are used and protected. The simple combination of just a user name and password is no longer an effective means of protecting our personal information. With all the data breaches, malware, and identity theft present in our society, it's no surprise that both public and private organizations are taking extra precautions to protect themselves. You will hear this question a lot in interviews because every company tries to implement some sort of SSO and MFA policy to protect their employees. Some example questions might focus on how or when you decide to use MFA or SSO.

Written by William Swansen on June 5th, 2022

How to Answer

The interviewer will ask you many operational questions throughout the interview, similar to this one. They are trying to determine how you go about performing the tasks required by this job. This will enable them to determine if you are qualified for the role and will be able to achieve the results they are hiring you for. Your answer should be brief and to the point when responding to operational questions. Either describe the process you use or walk the interviewer through the steps you take to accomplish the task they ask you about. As with any question, always be prepared for a follow-up.

Written by William Swansen on June 5th, 2022

1st Answer Example

"My current company has SSO and MFA in place. I was responsible for recommending, implementing and executing this policy to help protect employee and company information. This was a debated topic within our leadership because MFA has an extra step in the process, so I had to justify why this was important to implement both for various applications and access to certain systems that housed sensitive information. My argument was to do this for the overall security of the company. SSO is more convenient for users, but has a higher security risk. MFA on the other hand has more security, but is less convenient because of the extra steps involved."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"In order to understand how both SSO and MFA work and the advantages and disadvantages of each, I had to record a video explaining how it works, and how best to use its capabilities. Here's a breakdown of a few lessons that was taught:

SSO (Single Sign-On)
o SSO is quick and convenient for the user. It saves time by not having the user log into several different applications.
o Fewer trouble support tickets into helpdesk.
o Users only have to remember one password at any given time.
o Biometric authentication can be used for some applications.

MFA (Multi-Factor Authentication)
o MFA requires additional steps for extra security protection like recovery questions.
o It can also read biometric/face recognition as well.
o It has the ability to find your location to authenticate your IP address."

Written by Tom Dushaj on December 6th, 2019

Operational

32. As a site administrator, what steps do you take to prevent incoming CSRF attacks?

How to Answer

Cross-Site Request Forgery (CSRF) attacks have become a common method of attack for hackers. Normally, an attacker gains trust from an unsuspecting user with the authority to perform a specific action they did not intend to perform. The attacker then uses their identity and user privileges to impersonate them and perform malicious activities for their personal gain. As a site administrator, you must be thoroughly knowledgeable about Cross-Site Request Forgery (CSRF) attacks. This is a great opportunity for you to showcase your knowledge with CSRF. You can use examples of recent security protocols or implementations that you developed to prevent incoming CSRF attacks. Here's an example of a CSRF attack. Someone logs into their banking website, and while logged in, they receive an email with a request to click on a link. If the victim clicks on this link, a script will execute a transaction to transfer funds from the victim's account to the attacker's account.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Interviewers will ask you about methodologies you use to combat specific types of cybersecurity attacks. They may be working from a list provided by the IT department or addressing the types of attacks they've already encountered in their organization. If you notice a pattern in the interviewer's questions, you can easily discern the types of threats they are most concerned about. This will allow you to tailor your answers to better meet their needs and demonstrate your qualifications for this role.

Written by William Swansen on June 5th, 2022

1st Answer Example

"As a site administrator, there are a number of things I need to be aware of in order to protect against CSRF attacks. I've developed a checklist of items that I follow on a regular basis for security prevention.

a.) Whenever I finish an online banking transaction, I always make sure I am logged off immediately.
b.) I always keep my anti-virus software up to date and active. I also run scans on a weekly basis to check and see if any malicious scripts can be blocked.
c.) I disable scripting in my browser.
d.) I always run all my financial transactions on one browser.
e.) This is an important one. I never save login information for my banking or financial institution."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"The way I approach CSRF attacks is two-fold. There is the server side and client side. The way I prevent server-side attacks is to use cookies that perform session-tracking to session tokens that are dynamically generated. This makes it increasingly more difficult to obtain a client's session. Another way I protect my environment is that I don't assume that all sites are trustworthy. While visiting a site, I don't open any suspicious emails while authenticating to my banking website or any other site that performs financial transactions. This prevents any malicious scripts from being executed while logged into my banking website."

Written by Tom Dushaj on December 6th, 2019

Technical

33. There are different levels of data classification; how are they structured, and why are they required?

Why the Interviewer Asks This Question

With a heightened level of data security throughout the world, protecting customer data has never been more important. Data has become a valuable commodity in this day and age, and companies go to great lengths to protect it at all costs. Knowing the different levels of data classification is a fundamental skill required by any cyber security professional. The hiring manager will ask you this question to confirm that you are aware of the importance of this issue and able to take steps to address it.

Written by William Swansen on June 5th, 2022

How to Answer

When asked by the hiring manager, don't be afraid to offer examples of how you set data classification policies or reclassified data to a classified status with access limited to administrators. Also, highlight your knowledge about the different levels of data classification (ie., Restricted, private, and public). You don't need to go into too much detail because a hiring manager will ask a follow-up question if they need more information or want to explore the topic more. Once you are asked a follow-up question, you have permission to expand on your answer and possibly give an example from a previous situation you encountered.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Setting data classification policy is very important because if you don't have a policy in place, you won't know what your level of sensitivity is, which means you have no baseline or security controls to protect your data. This is an important topic to me, and I take it very seriously. My involvement goes deeper into data classification than any other team member, so I typically take the lead for data classification on three main levels. Restricted data, private data, and public data classification. Here's how I classify these three into workable tasks.

1. Restricted data - I apply the highest level of security to a restricted classification because it has the highest level of risk.
2. Private data - This one is at a moderate risk level, but should still be treated as private data and protected nonetheless.
3. Public data - Normally this level is low or no risk. While there are still controls in place, some level of control is still required."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"There are a number of different ways that classification of data can be performed. I've always had an interest in data collection and classification, which has led me into a cyber security occupation. Interestingly enough, many organizations collect and classify data in different ways. As a Data Steward, it is my obligation to reclassify data - this is conducted periodically - to determine what frequency is most appropriate based on available - if after doing a data reclassification, it is determined that the data has changed or was modified, then I look at whether existing controls are consistent with the new data classification. If gaps are found within existing controls, they are immediately corrected."

Written by Tom Dushaj on December 6th, 2019

Technical

34. Can you tell me the difference between coding, encryption and hashing, and why they are important?

How to Answer

Let's begin with what coding, encryption, and hashing mean and their importance to IT security. Encoding - to encode something is to communicate a message so that the receiver will clearly understand. Hashing - is an integrity method to validate data. Encryption makes data unreadable by anyone except those who know the secret shared key. All three are important to enable security at every level. If an interviewer asks about coding standards, he's looking for these codes.....Encoding - Base64, UTF-8, ASCII, Hashing - SHA1, SHA256, SHAKE256, and Encryption - AES, Blowfish, and RSA.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Knowing the difference between coding, encryption, and hashing is very important if you want to get past the first round of interviews. This is a common question used to weed out junior-level IT Security candidates. As a qualified cyber security professional, you should be able to answer this question easily. Start by describing each of these techniques used to protect the organization's information. Your answer should also include specific codes each technique employs. This will convince the interviewer you're qualified for the position.

Written by William Swansen on June 5th, 2022

1st Answer Example

"I have a thorough understanding of encoding, hashing, and encryption. I know that with encoding, I need to be mindful of the standards that are used for the receiver and sender since every receiver will not support the same standards. For hashing, my main purpose is to secure the storage of passwords. As far as encryption, I like to make sure that whomever I send an encrypted message to has the capability and secret key to decrypt my message. This is a safe and secure way to communicate with others who are the intended party to your message."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"The way I see it is that encoding, hashing, and encryption are used together to keep our information safe and out of the hands of hackers, and not intended for unauthorized parties. The purpose of a base64 encoded message to an application is to hash the integrity of that message so it can be verified by the receiver. My practice has always been to follow the industry code standards set for all three. They are:

o Encoding standards: Base64, UTF-8, and ASCII
o Encryption algorithms: AES, Blowfish, and RSA.
o Hashing algorithms: SHA1, SHA256, and SHAKE256"

Written by Tom Dushaj on December 6th, 2019

Technical

35. What is the difference between ECB and CBC in an IT security environment?

How to Answer

Let's start with what these two entities mean. ECB (Electronic Code Book) is basically raw cipher. You have a block that needs to be encrypted as an output. If you don't encrypt the block, it might appear as ciphertext. CBC (Cipher Block Chaining) is essentially an initialization vector; it converts plaintext to ciphertext. These methods of operational configuration allow those ciphers to work with large data streams without the risk of compromising security.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Essentially, the hiring manager wants to know if you understand the differences between ECB and CBC, which deal with encrypting ciphertext. They'll ask questions similar to these; Are ciphertext blocks decrypted separately? Is it possible to encrypt and decrypt simultaneous threads? Other questions that may come up are how can an image be encrypted, what's the standard protocol to do so, or perhaps; What's the difference between ciphertext and plaintext? These are more advanced questions that will likely occur later in the interview, once the interviewer has confirmed your basic qualifications

Written by William Swansen on June 5th, 2022

1st Answer Example

"Anytime that I need to encrypt blocks of data in ECB mode, I can always use many threads simultaneously, but I always encrypt plaintext blocks separately for security purposes. The difference between the two is that with CBC, I need to add XOR to each plaintext block to the block that was previously produced. With ECB it's the simplest mode of encryption. The result is then encrypted using a cipher algorithm in the usual way. CBC is a little different because the initialization vector needs to be created randomly by the sender."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"When it comes to ECB and CBC data, I like to see if there may be encryption weaknesses using ECB mode encoding an image for example. If I don't use the proper protocols for encryption, the ECB mode cannot hide/blur the plaintext image. In cases like these, I would change the initialization vector after using the secret key a number of times. It's almost the same as needing to change your password on a regular basis. If the vector is used too many times, this would make the system vulnerable to plaintext attacks."

Written by Tom Dushaj on December 6th, 2019

Technical

36. What is PKI, and does it bolster your cyber security defense?

How to Answer

Public Key Infrastructure or PKI is a set of procedures, software, policies, roles, and hardware necessary for creating, managing, revoking, storing, and using digitized certificates. PKI is essential for cyber security. The sole purpose of PKI is the facilitation of secure information transfer electronically. This can happen through a range of activities in the network, including confidential email, internet banking, and e-commerce. PKI is a requirement for activities where passwords alone are inadequate authentication methods. PKI bolsters your defense in terms of cyber security because it protects you from identity theft. Depending on the title or position of the interviewer (Manager, Director, or Vice President), you'll probably be asked questions related to encryption and digitized certificates. Please pay attention to these questions because they are all related. Suppose an interviewer asks you to give them an example of a high-level authentication example. In that case, you'll need to talk about how public and private keys (PKI processes, procedures, and roles) and your involvement with this technology.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Public Key Infrastructure or PKI is an essential technique cyber security professionals use to protect the organization's information. You're very likely to be asked this question during an interview for this role. Interviewers will ask you many questions about your techniques to protect their information. This ensures them that you can perform the tasks required by this job and know about the most current methodologies used in this profession. As the interview progresses, the questions will become more complex and demanding. While this will challenge you, it also indicates that the interviewer is gaining confidence in your ability and qualifications for the job.

Written by William Swansen on June 5th, 2022

1st Answer Example

"PKI was an important part of my role and responsibility. I had to ensure that digital certificates were managed properly so that users would be able to have access to approved sites locally and remotely. I made sure that all information on our website wasn't getting into the wrong hands. Without PKI, all our confidential information could be hacked easily using simple passwords. I made sure that we had a high level of security in place for authentication and access to important information to prevent such attacks from happening. I've been working within a Public Key Infrastructure for a while and have learned that data encryption is at the heart of authentication and password protection."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"In my current role, I had to look up the public key of a receiver and a sender to ensure that both keys matched before allowing access to our systems. In other words, I perform a higher level of authentication than just typing in a password to further ensure protection. Our corporate policy dictates that we need to follow a structured framework for hardware and software data encryption to ensure trust for all parties. I strongly believe that having PKI in place to optimize cyber security is essential for every serious website owner. I was also one of the team members who made a contribution to writing our encryption policy."

Written by Tom Dushaj on December 6th, 2019

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"Public Key Infrastructure is an essential component of our modern-day enterprise security since it serves as the basis of asymmetric cryptography. Having a well-built PKI infrastructure will allow you to benefit from encryption throughout the enterprise. Even if a service is compromised by a malicious actor your encrypted internal communications will be secure."

Amanda's Feedback

Perfect! You've defined PKI and explained how it benefits the organization.

Technical

37. Explain the differences between TLS, SSL, and HTTPS, and what are the cyber security benefits?

How to Answer

When responding to this question, first define what each acronym stands for. TLS means Transport Layer Security. HTTPS is a hyper-text transfer protocol. In a network, HTTPS secures communications. Then discuss what they do. HTTPS is a secure HTTP version. An SSL/TLS connection secures any communication sent online. All ongoing communications between the browser and servers are encrypted safely. Finally, discuss the benefits they bring. Your cyber security depends on HTTPS, SSL, and TLS. Websites that don't include all the cyber security measures will get a penalty from Google.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Interviewers will ask several different questions about TLS, SSL, and HTTPS. Some of the common ones will be how each works and how they are used. You'll probably be asked to give examples of each in a hypothetical environment. We cover a few scenarios in the answer examples. It's important to do a thorough walk-through and give examples with scenarios of each.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Securing and protecting our corporate website has always been our highest priority. When I assess how secure our sites are, I look at all the possible vulnerabilities within our systems and take the steps necessary to identify where those weaknesses might be. Let's say your site takes your viewers to a different page to use their credit cards and make purchases. If you did not use HTTPS to secure your site (that padlock image at the top left where the domain address is listed), or if it is incorrectly set up, the content can be intercepted by bad actors (hackers) on your site. I'm tuned into multiple IT news sources and software updates from all our software vendors on the latest hack attempts so that I'm always In the know. I've always had the practice of utilizing two SSL keys, one private key, and the other a public key that everyone knows."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"Say a client visits your site and sees that the information on your site can be easily intercepted; it does not leave an impression of credibility or trust. If your site is not reliable, secure, or safe, why would any client risk a purchase? If they can purchase something similar on a safer site, what would stop them? As a general rule, I always use the Handshake Protocol of TLS which enables authentications for clients and servers. I find this a more secure communication method after the first handshake is a success. If there is a failed handshake the first time, the connection terminates. I also use the STARTTLS (or STLS for POP3 protocol) command for outbound email connections for extra safety. A secure connection is required by specific ports to be able to connect. For example, I would use 995 for secure POP3, 443 for HTTPS, and 993 for IMAP. I already have these ports set up on our server."

Written by Tom Dushaj on December 6th, 2019

Technical

38. How do Ahrefs and SERP impact the security of a website?

How to Answer

You can begin your answer to this question by stating that Ahrefs is a backlink and SEO toolset that many people use. This tool does site auditing and will analyze your site and monitor your website's health. Alerts from Ahrefs will notify you of lost and new backlinks, keyword ranks, and web mentions. This tool is not a security breach because its purpose is to monitor your site and nothing more than that. SERP stands for Search Engine Results Page. It is used primarily to market your products and services to the right target audience. Then, the algorithms of Google report the behavior of your website to Google. It shows what keywords people used to get on your website, what people search for, which search engines your target audience prefers, and the like.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

The interviewer will ask you about these terms and acronyms because they will want to know if you know both ends of the security spectrum. One from the protection side (Cyber Security) and the other from a marketing perspective. This is because marketing departments create their own web campaigns and may not be fully aware of the security risks involved in launching some campaigns. The hiring manager wants to see if you understand both sides and can work with marketing to ensure their campaigns are being launched without risk.

Written by William Swansen on June 5th, 2022

1st Answer Example

"I've been fortunate enough to work with our marketing department on their product and service campaigns. This has taught me to see things from both sides of the fence. What needs to be done from the security side to ensure that in order to launch a safe and effective campaign, one need understand how they intend to launch their campaign and at the same time spot areas of risk before they are seen by social media and on the web. One of the biggest areas that we focus on with the marketing team is incoming traffic to our company website, and how visitors are being directed to our site or where they are linking to campaigns to arrive at our site. This has helped me pinpoint where potential gaps or vulnerabilities may be on our website."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"I'm always optimizing our cyber security protection by removing page garbage and continuously "pruning" our site and enhancing new security features all the time. Any time I look at the effect that SERP or Ahrefs has on our site, it really comes down to building organic high-quality back-links for our site to prevent attacks. I find that this reduces the number of hacker attacks and unwelcome traffic to our website. These cyber security measures make sure I stay on top of things like that. This means that if we currently have all the cyber security measures in place for our website, then that minimizes risk and worry. As a general practice, I always take extra precautions when it comes to how data is analyzed from other sites like Ahrefs, MOZ, etc., and where traffic is coming from."

Written by Tom Dushaj on December 6th, 2019

Technical

39. Does Google penalize websites with no cyber security?

How to Answer

The best answer to this question is yes, Google penalizes websites with low or no cyber security. The reason is that a non-secure website puts website visitors at risk. There are a few things to watch out for to be safe from a Google penalty. If any of these things come up, changes will need to be made to your web presence. Let's start with some basics that could come up in an interview. Since Google continues to revise and tweak how content is indexed on the web, you need to stay updated on these changes. Make sure your HTTPS, TSL, and SSL are all in place. Even if it does publish updates on its algorithm, there are constant changes and sometimes no explanations about which changes are being made or when.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

It's important to note that questions will come up during an interview for a cyber security job that covers HTTPS, TSL, and SSL Certificates. The reason for this is two-fold. One is that Google looks at which sites are protected by security and ranks them accordingly. Knowing this will help you ensure the site's security while boosting its SEO ranking. The other is it also looks at which sites are not protected and displays an exclamation mark just to the left of the domain URL, showing it is not secured. This may prevent prospective customers from visiting the site.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Working with cross-functional teams within our company has given me the experience to work on Search Engine Optimization, Marketing, as well as Google Penguin, Panda, and Hummingbird algorithms and releases. These tie directly into our corporate cyber security policy, and why it's important for us to be aware of internal and external activities that affect the security of our systems. It is my responsibility to work closely with our marketing department to make sure they are following our security policies and that they don't run the risk of launching a campaign that might compromise our website ranking. Some examples are SEO indexing, domain authority, and overuse of keywords."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"One of the most important lessons I have learned first-hand is that Google does penalize websites for not having security on them (SSL Certificates-HTTPS and TSL), and it goes one step further to crawl your site to see if you have 404 error pages, broken links, or pages with suspicious content, it drops your ranking to the very bottom of searches. My current role dictates that I test all pages, links, content, shopping cart, contact form fields, blog pages, etc. to make sure we are compliant with all our security measures in Google's eyes. One of the tools I use to ping our site is Ping-O-Matic, which pings our site for irregularities or suspicious activity."

Written by Tom Dushaj on December 6th, 2019

Technical

40. Can you explain what cognitive cybersecurity is?

How to Answer

There are two ways to respond to this type of question. If you are familiar with the interviewer's topic, you can proceed to answer the question using the information and knowledge you have. If you are not familiar with the topic, the best response is to admit this to the interviewer and then describe how you would proceed to learn about it. Interviewers easily recognize when a candidate is trying to bluff their way through an answer. Doing this will ensure that you're not offered the position even though you may be qualified.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

As with any information technology, advances and developments are occurring at a rapid pace. As a cyber security professional, it is your responsibility to stay on top of these so that you can employ them in your work. Interviewers will ask you about these advancements to see how current your information and knowledge are. They want to make sure you are aware of new tip methods used by hackers to attack systems and newly developed techniques you can employ to prevent this. Interviewers may ask you about this even if they are not familiar with cognitive cyber security.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Cognitive cybersecurity is a newly developed technique that takes advantage of artificial intelligence, or AI technologies patterned on human thought processes to identify cyber security threats and protect an organization's IT systems. These self-learning systems use techniques such as data mining, pattern recognition, and natural language processing to simulate a human brain and develop countermeasures to cyber attacks. The advantage of cognitive cybersecurity systems is they work much faster than a human in detecting and addressing a cyber attack."

Written by William Swansen on June 5th, 2022

2nd Answer Example

"While I've heard about cognitive cybersecurity and understand that it is a technique that employs artificial intelligence to prevent cyber-attacks, I've never used it. Intuitively I understand the benefits it could offer due to AI's ability to quickly analyze large amounts of data and develop a solution to a cyber threat or attack. If your organization is considering employing this, I can quickly learn about it due to my background in cyber security as well as my familiarity with artificial intelligence techniques."

Written by William Swansen on June 5th, 2022

Technical

41. What are the two main types of DDOS attacks, and how can you prevent them?

How to Answer

Note that this question has two parts: first, you need to describe what a DDOS attack is and then list ways that you prevent these. Spending too much time on either of these topics may indicate to the interviewer that you are unsure of your answer and therefore are trying to elaborate on the information you do know. Keep your answer balanced, and make sure that you share techniques you have used to prevent the DDOS attacks that have been successful in your previous roles. Providing concrete examples of these will help strengthen your answer.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

This is an important cyber security interview question. A Distributed Denial of Service or DDOS attack is an attack that results in servers refusing to provide services to authorized clients. This is one of the more common cyber threats used by bad actors to shut down an organization's IT infrastructure, causing disruptions in business and costing them great amounts of money. Hiring managers will want to ensure that you are familiar with these types of attacks and know how to implement preventive measures to stop them from occurring. This fundamental cybersecurity question is likely to be asked early in the interview to identify unqualified candidates.

Written by William Swansen on June 5th, 2022

1st Answer Example

"A Distributed Denial of Service or DDOS attack is an attack that results in servers refusing to provide services to authorized clients. DDOS attacks can be classified into two types. The first is a flooding attack in which the hacker sends a huge amount of traffic to the server, which the server cannot handle, causing the server to stop functioning. The second type of DDOS attack is a crash attack where the hacker exploits a bug on the server resulting in a system crash. Common ways to prevent DDOS attacks include using anti-DDOS services, carefully configuring firewalls and routers, and using front-end hardware to block the attack."

Written by William Swansen on June 5th, 2022

2nd Answer Example

"Unfortunately, I have had to deal with many DDOS attacks during my career as a cyber security professional. I have encountered two types of DDOS attacks: a flooding attack and a crash attack. Flooding involves overwhelming the server with so much data that it shuts down. A crash attack inserts a bug into the server software that causes it to fail. Effective measures for countering these attacks include using anti-DDOS services, configuring firewalls and routers to recognize and repel the DDOS attacks, employing load balancing to manage excessive network traffic, and identifying spikes in external network traffic so that it can be rerouted or blocked."

Written by William Swansen on June 5th, 2022

Technical

42. How does a three-way handshake work in a TCP/IP network?

How to Answer

While networking knowledge is important for a cyber security professional, the interviewer does not expect you to be an expert in this area. They are curious about the depth of your knowledge and how you can apply this to help maintain the security of the organization's IT infrastructure. Therefore, keep your answer brief and to the point when answering this question. The more you elaborate, the more likely you will provide inaccurate information. Long, drawn-out answers also cause the interviewer to become distracted. This may lessen your chance of being offered the position.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Computer networks use a protocol known as TCP/IP. This stands for Transmission Control Protocol/Internet Protocol. Network administrators typically manage these networks. However, as a cyber security professional, you need to be intimately familiar with how a network functions, its protocols, and the cyber security vulnerabilities these can create. The interviewer will ask you this question to test your networking knowledge and determine if you can identify the vulnerabilities that need to be addressed within an organization's computer network.

Written by William Swansen on June 5th, 2022

1st Answer Example

"A three-way handshake is a technique used in a TCP/IP network to create a connection between a host, also known as a server, and a client. It is called a three-way handshake because three steps are required for the client and server to exchange data packets. If any of the steps fail, the information will not be transmitted, and an error message will be issued. This three-step process ensures that both a client and the server are valid and authorized to exchange information."

Written by William Swansen on June 5th, 2022

2nd Answer Example

"TCP/IP networks create a connection between a server and a client using a process known as a three-way handshake. In the first step, a client sends a synchronize packet to the server to verify that the server is available and has open ports. The server responds with a synchronize-acknowledged packet indicating it has open ports. The client acknowledges this and sends an acknowledgment packet back to the server. This establishes a communication channel between the client and the server over which data can be exchanged."

Written by William Swansen on June 5th, 2022

Technical

43. Can you describe the differences between a Vulnerability Assessment and Penetration Testing?

How to Answer

When responding to a question about different ways to assess the security of an organization's IT infrastructure, you should be able to discuss the various methodologies used to accomplish this. These can include assessments, testing, hacking, and other techniques used by cyber security professionals. Describing these in detail and comparing and contrasting them will indicate to the interviewer that you're qualified for this position.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

One of the key functions cyber security professionals perform is to ensure that the organization's information is secure. They do this by constantly probing the system, similar to what a hacker would do to identify its vulnerabilities and determine how difficult it is to access the information. Interviewers will ask you about the methodologies you use to accomplish this, including vulnerability assessments and penetration testing. Knowing the differences between these, how they are used, and the results you can obtain from them is a key requirement for this role.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Vulnerability assessments and penetration testing are two ways you can determine the security of the organization's IT infrastructure. A vulnerability assessment will help identify access points within the system that hackers can use to infiltrate the network and steal the company's information. These flaws can then be remediated. Penetration testing is the process of finding specific vulnerabilities within the system's security. This is a more dynamic method of ensuring that vulnerabilities are identified and addressed."

Written by William Swansen on June 5th, 2022

2nd Answer Example

"Every organization knows that their IT infrastructure has flaws or weaknesses. They want to find these flaws and prioritize the flaws for fixing. A vulnerability assessment enables them to do this effectively and efficiently. Penetration testing is the active process of finding vulnerabilities on a specific target within the network. The organization sets up all the security measures they can think of and would then test if there is any other way that their network can be hacked. Both of these techniques are effective, especially if used together."

Written by William Swansen on June 5th, 2022

Technical

44. Please discuss the CIA triad in the context of cyber security.

How to Answer

Since this question asks about a specific term used in this job, your answer should begin with the definition of the acronym CIA in the context of a cyber security environment. You can then discuss what each element of CIA addresses and how you use this in your work. You may want to include an example to illustrate your answer.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Like many other technical professions, cyber security has its own language, which includes acronyms, specific phrases, and terminology. Interviewers will ask you about this to determine how knowledgeable you are in this field and if you can communicate complex topics using language that both technical and non-technical individuals will understand. As a cyber security professional, you'll be interfacing with individuals from across the organization. Your ability to communicate effectively will greatly enhance your value to the organization.

Written by William Swansen on June 5th, 2022

1st Answer Example

"In the context of cyber security, CIA stands for Confidentiality, Integrity, and Availability. CIA is a model that is designed to guide policies for information security. It is one of the most popular models used by organizations. When working with individuals from outside the cyber security organization, I often use the concept of CIA to stress the importance of each element. I provide examples of how adhering to the CIA will endure the company's information is kept secure and the chance of a data breach is minimized."

Written by William Swansen on June 5th, 2022

2nd Answer Example

"CIA is an acronym that describes the three pillars of cyber security: Confidentiality, Integrity, and Availability. Confidentiality addresses the premise that the organization's information should be accessible and readable only to authorized personnel. This can be accomplished using strong encryption. Integrity means making sure the data has not been modified by an unauthorized entity and is not corrupted or modified by unauthorized personnel. Availability addresses the fact that data should be available to the users whenever they require it."

Written by William Swansen on June 5th, 2022

Technical

45. What is the difference between asymmetric and symmetric encryption, and which one is better?

Why the Interviewer Asks This Question

When comparing Asymmetric and Symmetric encryption, there are many things you need to be aware of. Not only will you need to know the difference between the two, but how they are used, and which one is better in a particular situation. It's important that you can articulate to the hiring manager examples of how you used both in specific situations and what you did to put an air-tight security solution in place that is impenetrable. Cyber Security has become one of the most important topics in technology today. Anytime you're processing credit card transactions through a payment gateway online, or at a brick and mortar retail store, you're dealing with vital consumer information, and hiring managers are going to want to hear how you keep these things protected.

Written by Tom Dushaj on December 6th, 2019

How to Answer

This is a two-part question. The interviewer first wants you to define the differences between asymmetric and symmetric encryption and then state your opinion on which one is more effective. Interviewers expect you to respond not only with your opinion of which of these you prefer but also with the rationale behind your thoughts. Make sure you answer both parts of this question, keeping your responses succinct and to the point. You should anticipate the interviewer wanting to explore the rationale behind your answer in more detail.

Written by William Swansen on June 5th, 2022

1st Answer Example

"When I work with asymmetric encryption, I always take into account that there has to be a private key and a public key for anyone sending a message. I have to adhere to a decryption policy for where and how the public and private are stored and shared. The way I view the differences between the two is the execution of asymmetric encryption algorithms is slower than symmetric encryption algorithms. Although asymmetric encryption is mostly used for exchanging keys in a secure manner, it is used for establishing a secure channel over a non-secure medium such as the internet. The most common form of an encryption algorithm is Diffie-Hellman."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"In my current role, I do work with symmetric encryption. Since symmetric encryption which uses a single key for encryption and decryption, I am responsible for monitoring the data transmission of those communication messages to prevent a potential intrusion or breach alert. As with many symmetric encryption algorithms, they execute faster, are less complex than asymmetric encryption, and are a preferred method of encryption communication. The most commonly used symmetric encryption algorithms are 3 DES, AES, DES, and RC4."

Written by Tom Dushaj on December 6th, 2019

Tehcnical

46. What does it mean when there is a Googlebot breach?

How to Answer

When responding to this question, you can talk about how Googlebots are not a breach of cyber security. Bots are software automated applications that run internet scripts. Also called spiders or crawlers, they take on repetitive, simple tasks instead of malicious and legitimate bots. A Googlebot is a web crawling bot from Google that essentially crawls and discovers updated and new pages to add to their searching index. Googlebots can make repeated requests to a website that it views as suspicious behavior. Site owners may not even notice it, but Googlebots visit their sites quite a bit. To most, it may seem like a breach of security or privacy, but Googlebots have to make requests to a website before you let them in.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

Good interviewers typically start with basic questions early in the interview to weed out the candidates that are not qualified, then work their way up to more complex questions. Googlebot questions will fall somewhere in the middle in terms of complexity. The way that this question might be posed is whether a Googlebot or a breach means the same thing, and if not, what is the difference between the two.

Written by William Swansen on June 5th, 2022

1st Answer Example

"Having worked with Googlebots in the past, I'm familiar with how they work and why Google uses them to crawl websites. Googlebots do their job to alert webmasters and security professionals about malicious threats or attempts to hack a site. They also help determine whether a site has legitimate content to help it rank as well. I've seen websites get penalized because they aren't indexed properly and they have pages that don't follow Google's stipulated guidelines for cyber security protection measures in place. In my opinion, it really comes down to a websites domain authority and domain trust which tells the Googlebots that it is safe and protected."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"I work very closely with our marketing department and cyber colleagues to make sure that we have quality content that the Googlebots will index using Google Fetch. Performing this technique causes website pages to get visited and indexed by the Googlebot. When I do this, there are three things that immediately come to mind. One is to make sure I am meeting Googlebot guidelines, the second is to check if search engines crawl from one page to another through HTML links, and the third is to make sure that we have followed internal cyber security and privacy guidelines to protect from any attacks."

Written by Tom Dushaj on December 6th, 2019

Tehcnical

47. Can you describe the difference between a Black Hat, White Hat and Grey Hat hacker?

How to Answer

When it comes to cyber hackers, you will hear three terms used for hackers. They are Black Hat, White Hat, and Gray Hat hackers. These terms are also synonymous with Search Engine Optimization as well. For informational purposes and to help you answer this question, here's an overview of all three: Black Hat Hacker - Someone who knows about breaking into or breaching computer systems and bypassing their security protocols. Their primary motivation is for financial or personal gain and to spread malware or viruses to access these computer systems. White Hat Hacker - Someone who is known to use their skills for good rather than evil. They typically work as cyber security consultants paid to find security vulnerabilities in systems and work to strengthen those security holes for clients.

Written by William Swansen on June 5th, 2022

Why the Interviewer Asks This Question

A hiring manager might pose a carefully crafted question about the different types of hackers to determine how well you know each one and if you fall into one of the three categories. They want to know will you be able to defend against a cyber-attack and how you handle threats from hackers. Your answer will indicate your experience in this area, knowledge of the different types of hacking, and whether you can use hacking proactively and positively to protect the organization's IT assets.

Written by William Swansen on June 5th, 2022

1st Answer Example

"When I think of Black Hat Hackers, a few things come to mind. An individual or group of hackers whose intent is to either maliciously penetrate a company's system by writing and distributing malware that leaves a company vulnerable and susceptible to further attacks. The others are cyber-espionage and political persuasion. I am directly responsible for following our company protocol when we are alerted that a Black Hat attack is in progress. Much like a chess game, I carefully engage and monitor the activities of the Black Hat Hacker to see what steps and moves I must execute to prevent loss of data or a breach. One of the biggest motivations for Black Hat hackers is personal or financial gain."

Written by Tom Dushaj on December 6th, 2019

2nd Answer Example

"On the flip side of Black Hat Hackers is White Hat Hackers, which serve a completely different purpose and role. White Hat Hackers are what are called ethical hackers. I worked with a company that employed a White Hat Hacker, and I was assigned to work with this individual on a project to perform penetration testing and vulnerability assessments on the security systems to attempt to find weak spots and holes in our system via various hacking methods. I'm also familiar with how Gray Hat Hackers work, and I'm careful how I work and interface with them. The reason being is they don't fall within the Black Hat or White Hat Hacker category, thus the name Gray Hat hacker. I've found that they tend to look for vulnerabilities in a system without notifying the owner of the systems knowledge, and offer to fix those issues for a small fee. There are also instances where I have seen Gray Hat Hackers where Gray Hat hackers post a company's vulnerability in a public forum or social media platform for all to see. I've found that not all hackers are created equal, but I do take precautions with all hackers anyway."

Written by Tom Dushaj on December 6th, 2019