Interview Questions & Answers | Information Security

Information Security is one of the fastest-growing demands in IT. More and more skills need to enhance in this field. In this article, we have listed out the interview questions and answers generally asked in Information Security.

Q1. Explain what is the role of information security analyst?

Ans: As an information security analyst,  you need to perform many tasks to secure an organization from any cyber attack. I am listing some of them:

  • Conducting regular Vulnerability Assessment (VA)/Penetration Testing(PT) of IT infrastructure
  • Prepare the plan to secure assets of an organization
  • Updates deployed software regularly
  • Implement IDS/IPS in the network for monitoring traffic
  • Recommending purchases of security infrastructure such as firewall, load balancer, antivirus, etc.
  • Analyze the root cause of any security breach in past
  • Conduct session to impart training to  employees of an organization
  • Suggest tools and techniques enhance the security of an organization
  • Responsible for conducting security audits
  • Responsible for creating security policies for an organization
  • Plan and implement recovery of organization data in case of any network disaster

Q2. Mention what is data leakage? What are the factors that can cause data leakage?

Ans: In simple terms, data leakage is defined as the availability of confidential data to unauthorized persons. There can be many reasons for data leakage such as security breach by the hacker, security misconfiguration of servers, backup is stored at the less secure place, logical flow in a web application that results in the data leak, etc.

Q3. List out the steps to successful data loss prevention controls?

Ans: I am listing some data loss prevention controls. Although this list is not exhaustive, by going through you have a clear idea regarding possible steps for data prevention controls.

  • create an information risk profile for every data stored in the data center
  • create impact severity and response chart which helps an organization to categorize data
  • based on severity, plan to prioritize the breach incidents
  • assign and document roles and responsibilities of the network administrator, incident analyst, auditor, and forensic investigator
  • implement data loss prevention controls
  • monitor and review the results of techniques you deployed for data loss prevention weekly or monthly based on criticality.

Q4. Explain what is the 80/20 rule of networking?

Ans: 80/20 is a rule used for describing the IP networks. According to this rule,  80% of network traffic should remain local while only 20% should be routed towards a remote network. This rule is more applicable for small-medium sized network environment.

Q5. Mention what are personal traits you should consider protecting data?

Ans: If you want to protect data on your personal computer, I am listing some measures:

  • Always use genuine software
  • Install antivirus/anti-spyware
  • Never share your password with anyone
  • If possible, always encrypt your personal data
  • Ensure the operating system is updated with security patches
  • plan to back up your data

Q6. What is WEP cracking? 

Ans: WEP stands for Wired Equivalent Privacy (WEP) and it is a security algorithm for wireless networks. Now, as the name suggests, WEP cracking signifies the exploitation of vulnerabilities present in the wireless network and access confidential information.

Q7. Explain what is phishing? How can it be prevented?

Ans: Phishing is a technique to fool users to submit confidential information such as passwords and credit card numbers on fake web pages.

Prevention:

  • If possible, only interact with secure websites
  • Never download an attachment from an unknown person
  • Never email your financial information

Q8. Mention what are web server vulnerabilities?

Ans: There is a list of web server vulnerabilities :

  • Default settings
  • Default username and password
  • Security Patches not installed regularly
  • Misconfiguration
  • vulnerabilities in the operating system

Q9. List the techniques used to prevent web server attacks?

Ans: There is a list of techniques used to prevent web server attacks:

  • Secure installation and configuration of the OS
  • Safe installation and configuration of the webserver software
  • Scanning system vulnerability
  • Remote administration disabling
  • Removing of unused and default account
  • Changing of default ports and settings to customs port and settings
  • Anti-virus and firewalls

Q10. For security analyst what are the useful certification?

Ans: 

Security Essentials (GSEC):  Good for systems security administration.

Certified Security Leadership: Enhancing knowledge in how to lead the security team.

CISSP: Good for mid-level management people in Information Security.

Certified Forensic Analyst:  It helps in enhancing knowledge to collect and analyze data from Windows and Linux computer systems.

Certified Firewall Analyst: It helps in enhancing knowledge in configuring routers, firewalls, and perimeter defense systems.

Offensive Security Certified Professional (OSCP): Concentrate on the deep technical knowledge required for penetration testing.

Q11. What is the goal of information security within an organization?

Ans: The goal of Information Security is to address the CIA triad. CIA stands for Confidentiality, Integrity, and Availability.
Confidentiality: It limits access to information. It is implemented by Encryption, Access control, and other security measures.
Integrity: It is the assurance that the information is not altered. It is implemented by using Hashing, Digital signatures, Certificates, and Non-repudiation.
Availability: It is a guarantee of reliable access to the information by authorized people. It is implemented by creating redundancy (like DR site) and fault tolerance.

Q12. How would you harden user authentication?

Ans: By using two-factor authentication, we can harden user authentication.
Two-factor authentication use "what they have" AND "what they know".
"what they have" AND "what they know" generally refers to security token and password.

Q13. What are the steps to secure a server?

Ans: Steps to secure a server :

  1. Implementation of SSH Keys.
  2. Update patches and regular vulnerability assessment of Routers, Firewalls, and other network devices.
  3. Implement VPNs and Private Networking to create secure connections between remote computers and servers.
  4. Public Key Infrastructure and SSL/TLS Encryption
  5. Service Auditing helps in knowing services running on systems, which ports used for communication, and what protocols are accepted. This data helps the network administrator to configure the Firewall.
  6. File Auditing and Intrusion Detection Systems

File auditing helps in comparing the current system against a record of the files
An Intrusion Detection System (IDS), helps in monitoring a system or network for unauthorized activity.

Q14. List out some important encryption techniques.

Ans: Encryption techniques are:

  1. Triple DES
  2. RSA
  3. Blowfish
  4. Twofish
  5. AES

Q15. How do you determine a vulnerability’s severity?

Ans: Generally link severity with business risk. If you think vulnerability is not actually exploitable, but fix also takes not much effort, it is good to fix those vulnerabilities. Try to find risk associated with business, if you found business may get hurt because of vulnerability,  severity will be high and vice versa.

Q16. How do you find security flaws in source code – manual analysis, automated tools, or both? 

Ans: It is very difficult to analyze thousands of lines of source code without using any automated tools. To find security flaws in source code, generally, both manual analysis and automated tools used by a security analyst.

Q17. List the top 10 Web security vulnerabilities.

Ans: OWASP TOP 10:

  1. SQL Injection Attacks
  2. Broken Authentication & Session Management
  3. Cross-Site Scripting (XSS) Attacks
  4. Insecure Direct Object References
  5. Security Misconfiguration
  6. Sensitive Data Exposure
  7. Missing Function Level Access Control
  8. Cross-Site Request Forgery Attacks
  9. Using Components with Known Vulnerabilities Components
  10. Unvalidated Redirects and Forwards

Q18. What is DDoS and what tools used for DDoS attacks?

Ans: DDoS stands for Distributed Denial of Service.
DDoS is a type of DOS attack where multiple compromised system attacks on the application hosted servers and exhaust all resources.
Tools use for DDoS are LOIC, hyenae, HULK, etc.

Q19. What’s more secure, SSL, or TLS?

Ans: SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network. Both use similar ciphers and message digests.

SSL v3.0
Was exploited by the POODLE attack and is now obsolete. Must not be used

TLS v1.2
The newest TLS protocol

Enables better use of more secure ciphers
Features enhanced negotiation of the encrypted connections

Q20. What is DNS monitoring?

Ans: DNS monitoring uses network monitoring tools to test connectivity between your authoritative name servers and local recursive servers.
DNS monitoring allows you to test that:

  • Your DNS server resolves correctly the URL that you have provided to expected IPs.
  • Your provided URL is resolved correctly to expected IPs by your specified common DNS server.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

2 Responses

  1. cody says:

    thank you

  2. Anonymous says:

    nice blog

Leave a Reply

Your email address will not be published.