Most Asked Cyber Security Interview Questions & Answers
Cyber security is a much-needed skill in the 21st century. This blog lists out Most Asked Cyber Security Interview Questions & Answers.
- Q. What is Cyber security?
- Q. What is a Security event?
- Q. What is a Security Incident?
- Q. What are the differences between compliance and security?
- Q. What is Privacy?
- Q. What are security operational controls?
- Q. List out OWASP's Top 10 vulnerabilities.
- Q. What is encryption?
- Q. What is GDPR?
- Q. What is NIST?
- Q. What is Threat Model?
Q. What is Cyber security?
Ans: Cyber security is defined as a method of protection of the IT system from any breach of Confidentiality, Integrity, and Availability (CIA triad).
Q. What is a Security event?
Ans: Any incident (related be security) detected by the security engineer or by security appliance by the method of analyzing logs or by doing correlation. Examples: login to an application, collection of logs, etc. are examples of security events.
Q. What is a Security Incident?
Ans: Any security event that may have the potential of damaging the confidentiality, integrity, and availability of the IT system is called a security incident. An example of a security incident is detecting a trial of different passwords on the application for the same user (brute force).
Q. What are the differences between compliance and security?
Ans:
Security | Compliance |
Technically more depth to identify any issues in the IT system | Test checklist until auditor satisfaction |
Protection of IT system against the principle of the CIA triad | Test controls are in place against a specific checklist |
It covers physical controls of the IT system as a whole | Covers physical control also if mentioned in the checklist. |
Done to secure IT system | Generally, be done to ensure the need for the third party |
Continuous process and it never ends | Finished in third party auditor is satisfied |
Example: application security, VA/PT | Examples: ISO, SOC, PCIDSS, ISO 27001, HIPAA |
Q. What is Privacy?
Ans: Privacy determines how personal information is used by third-party organizations.
Q. What are security operational controls?
Ans: An operational control covers the following points:
- training schedule
- firewall configuration
- server configuration
- backup configuration
Q. List out OWASP's Top 10 vulnerabilities.
Ans: Owasp is a non-profit organization that help in improving the security of web applications by publishing the top 10 security issues found in web application. Below is the OWASP Top 10 - 2017 issues released by OWASP:
A1:2017 - Injection |
A2:2017 - Broken Authentication |
A3:2017 - Sensitive Data Exposure |
A4:2017 - XML External Entities (XXE) |
A5:2017 - Broken Access Control |
A6:2017 - Security Misconfiguration |
A7:2017 - Cross-Site scripting |
A8:2017 - Insecure Deserialization |
A9:2017 - Using Components with known vulnerabilities |
A10:2017 - Insufficient Logging and Monitoring |
Q. What is encryption?
Ans: Encryption is a process of converting information into unreadable data by using different algorithms. Encryption helps in securing information even when it is acquired by an attacker.
Q. What is GDPR?
Ans: GDPR stands for General Data Protection Regulation. This European standard takes care of the data of European residents. It also imposes hefty fines if companies are not able to comply with this standard.
Q. What is NIST?
Ans: NIST is a US government organization that publishes documents related to computer security that includes cryptography, authentication, etc.
Q. What is Threat Model?
Ans: A threat model is a process of identifying potential weaknesses in IT software. It includes critical asset identification, possible threats, possible attacks, mitigation techniques, remediation etc.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.