Fortinet Interview

Question 1

GDPR

Answer 1

General Data Protection Regulation

Question 2

Describe GDPR

Answer 2

[REGULATORY FRAMEWORK] Sets guidelines for the collection and processing of personal information from individuals.

Question 3

HIPAA

Answer 3

Health Insurance Portability and Accountability Act

Question 4

Describe HIPAA

Answer 4

[REGULATORY FRAMEWORK] Protect sensitive patient health information from being disclosed

Question 5

SOX

Answer 5

Sarbanes–Oxley Act

Question 6

Describe SOX

Answer 6

[REGULATORY FRAMEWORK] United States federal law that mandates/dictates practices in financial record keeping and reporting for corporations.

Question 7

Describe NIST 800-53

Answer 7

Provide a foundation of guiding elements, strategies, systems, and controls, that can agnostically support any organization’s cybersecurity needs and priorities.

Question 8

Describe ISO 27001

Answer 8

Is a standard that specifies security management and controls following ISO27002 best practices.

Question 9

COBIT

Answer 9

Control Objectives for Information Technologies

Question 10

Describe COBIT

Answer 10

Is a framework for IT management and governance.

Question 11

COBIT Components

Answer 11

Framework: Organizes IT governance objectives and good practices

Process descriptions: A reference process model for everyone in an organization.

Control objectives: complete set of high-level requirements

Management guidelines: assign responsibility, measure performance

Maturity models: Assesses maturity and capability per process

Question 12

PCI-DSS

Answer 12

Payment Card Industry Data Security Standard

Question 13

Describe PCI-DSS

Answer 13

[REGULATORY FRAMEWORK] Standard used to handle credit cards from major card brands.

Question 14

GDPR principles

Answer 14

1. Lawfulness, fairness, and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitations
6. Integrity and confidentiality
7. Accountability

Question 15

Main APTs

Question 16

Cyber Kill Chain

Answer 16

RIEPLODE

Reconnaissance

Intrusion

Exploitation

Privilege Escalation

Lateral Movement

Obfuscation / Anti-forensics

Denial of Service

Exfiltration

Question 17

Describe APT

Answer 17

Is a broad-term used to describe an actor that establishes a long-term presence on a network in order to extract or compromise sensitive data.

Question 18

APT Groups

Answer 18

• ALPHV/BlackCat
• APT 29, Cozy Bear
• LockBit

Question 19

Common Ransomwares

Answer 19

• TrickBot / WIZARD SPIDER
• Ryuk / WIZARD SPIDER
• Cryptolocker
• WannaCry
• NotPetya
• REvil
• DarkSide

Question 20

Malware Types

Answer 20

• Ransomware (WannaCry)
• Adware (Fireball)
• Spyware (Pegasus)
• Worm (Stuxnet)
• Trojan (TrickBot)
• Keyloggers
• Rootkits
• Wiper (Shamoon)
• Virus

Question 21

Recent Attacks

Answer 21

• Roku Says Hackers Gained Access To 576,000
• California’s City of Oakley declares an emergency
• Canada’s national police force was hit with a cyberattack (February)

Question 22

Major ICS Attacks

Answer 22

• Colonial pipeline (DarkSide ransomware)
• Oldsmar, Florida water treatment facility (TeamViewer remote access)
• Aramco, 2012 (Shamoon)