Most Asked Cyber Security Interview Questions & Answers

Cyber security is a much-needed skill in the 21st century. This blog lists out Most Asked Cyber Security Interview Questions & Answers.

Q. What is Cyber security?

Ans: Cyber security is defined as a method of protection of the IT system from any breach of Confidentiality, Integrity, and Availability (CIA triad).

Q. What is a Security event?

Ans: Any incident (related be security) detected by the security engineer or by security appliance by the method of analyzing logs or by doing correlation. Examples: login to an application, collection of logs, etc. are examples of security events.

Q. What is a Security Incident?

Ans: Any security event that may have the potential of damaging the confidentiality, integrity, and availability of the IT system is called a security incident. An example of a security incident is detecting a trial of different passwords on the application for the same user (brute force).

Q. What are the differences between compliance and security?

Ans:

Security	Compliance
Technically more depth to identify any issues in the IT system	Test checklist until auditor satisfaction
Protection of IT system against the principle of the CIA triad	Test controls are in place against a specific checklist
It covers physical controls of the IT system as a whole	Covers physical control also if mentioned in the checklist.
Done to secure IT system	Generally, be done to ensure the need for the third party
Continuous process and it never ends	Finished in third party auditor is satisfied
Example: application security, VA/PT	Examples: ISO, SOC, PCIDSS, ISO 27001, HIPAA

Q. What is Privacy?

Ans: Privacy determines how personal information is used by third-party organizations.

Q. What are security operational controls?

Ans: An operational control covers the following points:

• training schedule
• firewall configuration
• server configuration
• backup configuration

Q. List out OWASP's Top 10 vulnerabilities.

Ans: Owasp is a non-profit organization that help in improving the security of web applications by publishing the top 10 security issues found in web application. Below is the OWASP Top 10 - 2017 issues released by OWASP:

A1:2017 - Injection

A2:2017 - Broken Authentication

A3:2017 - Sensitive Data Exposure

A4:2017 - XML External Entities (XXE)

A5:2017 - Broken Access Control

A6:2017 - Security Misconfiguration

A7:2017 - Cross-Site scripting

A8:2017 - Insecure Deserialization

A9:2017 - Using Components with known vulnerabilities

A10:2017 - Insufficient Logging and Monitoring

Q. What is encryption?

Ans: Encryption is a process of converting information into unreadable data by using different algorithms. Encryption helps in securing information even when it is acquired by an attacker.

Q. What is GDPR?

Ans: GDPR stands for General Data Protection Regulation. This European standard takes care of the data of European residents. It also imposes hefty fines if companies are not able to comply with this standard.

Q. What is NIST?

Ans: NIST is a US government organization that publishes documents related to computer security that includes cryptography, authentication, etc.

Q. What is Threat Model?

Ans: A threat model is a process of identifying potential weaknesses in IT software. It includes critical asset identification, possible threats, possible attacks, mitigation techniques, remediation etc.