73 General Cyber Security Interview Questions
After interviewing many Technical recruiters and working with hundreds of Cyber Security Professionals we have come up with this list of Cyber Security Interview questions. You can write your answers in the comment section. Best answers win lot of attention.
1. What is the difference between Threat, Vulnerability and a Risk?
2. What is the difference between Asymmetric and Symmetric encryption and which one is better?
3. What is an IPS and how does it differs from IDS?
4. What is XSS, how will you mitigate it?
5. What is the difference between encryption and hashing?
6. Are you a coder/developer or know any coding languages?
7. What is CSRF?
8. What is a Security Misconfiguration?
9. What is a Black hat, white hat and Grey hat hacker?
10. What is a firewall?
11. How do you keep yourself updated with the information security news?
12. The world has recently been hit by Attack/virus etc. What have you done to protect your organization as a security professional?
13. Explain CIA triangle?
14. HIDS vs NIDS and which one is better and why?
15. What is port scanning?
16. What is the difference between VA and PT?
17. What are the objects that should be included in a good penetration testing report?
18. What is compliance?
19. Tell us about your Personal achievements or certifications?
20. What are various response codes from a web application?
21. When do you use tracert/traceroute?
22. What is DDoS and what is its mitigation?
23. What is a WAF and what are its different types of WAF?
24. Explain the objects of Basic web architecture?
25. How often should Patch management be performed?
26. How do you govern various security objects?
27. How does a Process Audit go?
28. What is the difference between policies, processes and guidelines?
29. How do you handle AntiVirus alerts?
30. What is a false positive and false negative in the case of IDS?
31. What is the difference between Software testing and penetration testing?
32. What are your thoughts about the Blue team and the Red team?
33. What is you preferred – Bug bounty or security testing?
34. Can you tell me about your Major project or about your professional achievements?
35. Can you tell me points on Web server hardening?
36. What is data leakage? How will you detect and prevent it?
37. What are the different levels of data classification and why are they required?
38. In a situation where a user needs admin rights on his system to do daily tasks, what should be done – should admin access be granted or restricted?
39. What damages can be caused by social media inthe office?
40. Should social media usage be allowed in the office?
41. What are the various ways by which the employees are made aware about information security policies and procedures?
42. Suppose you were given an option to choose from either Open source software or licensed software to do a job. What will you Prefer and why?
43. When should a security policy be revised?
44. What all should be included in a CEO level report from a security standpoint?
45. What is your style Reporting Risks?
46. Have you ever come across an incident and how did you handle it?
47. How should data archives be maintained?
48. What are your thoughts on Chain of Custody?
49. What is “SQL Injection”?
50. What do you have on your Home Network?
51. What project that you’ve built are you most proud of?
52. What is SSL Connection and an SSL Session?
53. What are the three ways to authenticate a person?
54. What are the various methodologies used in Security Testing?
55. What are Web Server Vulnerabilities?
56. What are business logic vulnerabilities?
57. What is Traceroute or Tracert?
58. Tell me three steps to secure Linux server security system
59. What is salting and what is it used for?
60. Component used in SSL?
61. What is WEP Cracking?
62. What are the parameters that define an SSL Session State?
63. How do you protect your home Wireless Access Point?
64. What are the attributes of Security Testing?
65. What is port scanning?
66. How do you carry out Phishing activity?
67. Describe Network Intrusion Detection system (NDIS)?
68. Techniques used to prevent web server attacks?
69. What is HIDS?
70. Describe the process of a TLS session being set up when someone visits a secure website.
71. What could a regular person do to keep themselves cyber safe?
72. Were there any instances in the past where you are the only individual working on the team and how did you deal with that?
73. What is the best way to maintain a data archive?