Top Security Engineer Interview Questions 

Here are some general questions that you might get in your interview for a security engineer position. 

What is Cross Site Request Forgery?

Cross-site request forgery is a web security vulnerability that allows an attacker to induce users to perform actions which they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

Is DNS monitoring important?

 DNS has an important role in how end users in a company connect with the internet. Each connection made to a domain by the devices is recorded in the DNS logs. Reviewing DNS traffic between client and local devices recursive resolver could disclose a lot of important analysis.

What is XSS and how will you mitigate it?

Cross site scripting is called as XSS. The attacker aims to implement malicious scripts in a web browser of the target by including malicious code in a legitimate web page or web application. To reduce the risk from XSS, companies should sanitize their input. The application code should not output data received as input directly to the browser without checking it for malicious code.

What is an IPS and how does it differ from IDS?

IDS is an intrusion detection system. It will identify the intrusion and will leave the rest to the administrator .  IPS is an intrusion prevention system. It will discover the intrusion and will take further action to prevent the intrusion. In addition, false positives for IDS will only cause alerts, while false positives for IPS could cause the loss of important data or functions.

What is the difference between Asymmetric and Symmetric encryption?

Symmetric uses the same key for both encryption and decryption whereas Asymmetric uses different keys for encryption and decryption. Symmetric is usually much faster but the key needs to be transferred over an unencrypted channel

What is the main difference between encryption and hashing?

Encryption is reversible whereas hashing is irreversible. Hashing can be cracked using rainbow tables and collision attacks but is not reversible. Encryption ensures confidentiality whereas hashing ensures Integrity.

What is a Botnet?

A botnet is a string of connected computers or Internet of things devices coordinated together to perform a task. It can maintain a chatroom, or it can take control of your computer. Botnets can be used to steal data, send spams and execute a DDOS attack.

 Explain SSL Encryption

SSL(Secure Sockets Layer) is the industry-standard security technology creating encrypted connections between Web Server and a Browser. This is used to maintain data privacy and to protect the information in online transactions.

What are the different layers of the OSI model?

An OSI model is a reference model for different systems to communicate over a network. The function of an OSI reference is to guide vendors and developers so the digital communication products and software programs can inter-operate. The seven layers of OSI model are Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer

Explain WEP cracking and types of WEP?

WEP cracking is a form of security protocol that provides a level of security and privacy to a wireless LAN .There are two types of cracking Active and passive cracking. Active cracking attack have an increased load effect on the network but it is easy to detect compared to passive cracking. On the other hand, Passive cracking has no effect on the network traffic until WEP is cracked and it’s hard to detect.

what does an information security analyst do?

Some of the important duties of security analyst is listed below,
1.Execute security measures to protect computer systems, data and networks
2. up-to-date on the latest intelligence and hacker techniques
3. Prevent data loss and service interruptions
4. Test data processing system and perform risk assessments
5. Install various security software like firewalls, data encryption and other security measures
6. Recommend security enhancements and purchases
7. Planning, testing and implementing network disaster plans
8. Staff training on information and network security procedures

What is data leakage and Explain the factors causing data leakage?

The separation or departing of IP from its intended place of storage is known as data leakage. The factors that are responsible for data leakage can be
1. Copy of the IP to a less secure system or their personal computer
2. Human error
3. Technology mishaps
4. System misconfiguration
5. A system breach from a hacker
6. A home-grown application developed to interface to the public
7. Inadequate security control for shared documents or drives
8. Corrupt hard-drive
9. Back up are stored in an insecure place

Explain risk, vulnerability and threat?

Vulnerability is a gap in the protection efforts of a system. Threat is when an attacker exploits that weakness. Risk is the measure of potential loss when the vulnerability is exploited by the threat e.g. Default username and password for a server – An attacker can easily crack into this server and compromise it.

What is a Security Misconfiguration?

Security misconfiguration is a vulnerability when a device//network is configured in a way which can be exploited by an attacker to take advantage of it. These exposures occur due to apprehensive default configuration, poorly documented configuration and side effects of optional configuration.

Define Forward Secrecy, and how does it work?

Forward secrecy is also called as Perfect forward secrecy. It is a method to assure that all the transactions sent over the web are secure and safe. This method blocks a hacker from accessing the data that is sent over the internet. This method provides safety and security for the company and the user.

What is an Active Reconnaissance?

Active reconnaissance is a kind of computer attack where intruder engages the target system for collecting the data about vulnerabilities.
· The attackers mostly use port scanning to identify vulnerable ports and then exploit the vulnerabilities of services that are associated with open ports.