Cyber Sec Interview Questions 2 Flashcards
Explain the CIA Triad.
Confidentiality is the practice of keeping data private and hidden from outside entities. Encryption usually covers this.
Integrity is knowing that data has not been manipulated or altered by unauthorized users. This is enforced by using identity access management (IAM) tools.
Availability refers to how accessible data is to users. If a server is attacked or shut down, then the data is no longer available, which means backups are integral to keeping data accessible.
What weak spots or anomalies would you look for in a security system?
Interviewers want to see your approach when it comes to analyzing a network for security issues. There is no one given way to do this; the key is to be thorough and methodical. Don’t be afraid to draw out a network diagram to help aid your explanation, and don’t forget about the user interface part of the system (e.g. enforcing two-factor authentication or educating users about security best practices on their end).
What’s the difference between HTTPS, SSL, and TLS? Which one is more secure?
HTTPS (hypertext transfer protocol secure) is primarily used to secure network communications, particularly those between web browsers and web servers. TLS (transport layer security) and its older predecessor SSL (secure sockets layer) establish encrypted and authenticated links.
The second part is a trick question. SSL/TLS is used to secure HTTPS, so one is only as secure as the other.
What are the best practices in setting up a VPN?
The best practices when setting up a VPN include thorough vendor research, preparing for surges in use, keeping the VPN updated and patched, using multi-factor authentication for VPN connections, and avoiding free VPNs. It’s also a good idea to discuss VPN management once it’s up and running.
Describe a security issue or crisis that you resolved.
When asked a situational or behavioral question like this, your best bet is to use the STAR (situation, task, action, and result) method to outline your strategy and methods in a thorough way. It’s also important to emphasize how you kept a cool head and used the resources at your disposal, while understanding the implications of the crisis, and taking steps to prevent it from happening again.
What’s the difference between a threat, a vulnerability, and a risk?
A threat is something that wants to cause harm to an organization’s security system, either in the form of a DDoS attack or in order to steal data.
A vulnerability is a weak spot in a security system that bad actors can exploit.
A risk is when a vulnerability can result in a financial loss or data loss if exploited.
How do you stay informed about tech news?
The purpose of this cybersecurity engineer interview question is to demonstrate that you’re proactive in how you consume tech news, and that you stay on top of news instead of waiting for it to come to you. This can be through RSS feeds, Reddit, following industry leaders on Twitter, and tech news sites like SDxCentral.
What are the risks to data security?
Accidental Sharing. Not all data loss events are the work of sophisticated cybercriminals. ... Overworked Cybersecurity Teams. ... Employee Data Theft. ... Ransomware. ... Bad Password Hygiene. ... Bribery. ... Too Much Data Access. ... Phishing Emails.
