1. How do you govern various security objects?
Various security objects are governed with the help of KPI (Key Performance Indicators). Let us take the example of windows patch, agreed KPI can be 99%. It means that 99% of the PCs will have the latest or last month’s patch. On similar lines various security objects can be managed. More Additional Info On
2. How do you handle AntiVirus alerts?
Check the policy for the AV and then the alert. If the alert is for a legitimate file then it can be whitelisted and if this is malicious file then it can be quarantined/deleted. The hash of the file can be checked for reputation on various websites like virustotal, malwares.com etc. AV needs to be fine-tuned so that the alerts can be reduced.
If you want to Gain In-depth Knowledge on Cyber Security Interview, please go through this link Cyber Security Online Training
 |
3. Software testing vs. penetration testing?
Software testing just focuses on the functionality of the software and not the security aspect. A penetration testing will help identify and address the security vulnerabilities.
4. What are your thoughts about Blue team and red team?
Red team is the attacker and blue team the defender. Being on the red team seems fun but being in the blue team is difficult as you need to understand the attacks and methodologies the red team may follow.
5. What is you preferred - Bug bounty or security testing?
Both are fine, just support your answer like Bug Bounty is decentralised, can identify rare bugs, large pool of testers etc.
6. Tell us about your Professional achievements/major projects?
This can be anything like setting up your own team and processes or a security practice you have implemented. Even if the achievement is not from a security domain just express it well.
7. What is data leakage? How will you detect and prevent it?
Data leak is when data gets out of the organisation in an unauthorised way. Data can get leaked through various ways – emails, prints, laptops getting lost, unauthorised upload of data to public portals, removable drives, photographs etc. There are various controls which can be placed to ensure that the data does not get leaked, a few controls can be restricting upload on internet websites, following an internal encryption solution, restricting the mails to internal network, restriction on printing confidential data etc.
8. What are the different levels of data classification and why are they required?
Data needs to be segregated into various categories so that its severity can be defined, without this segregation a piece of information can be critical for one but not so critical for others. There can be various levels of data classification depending on organisation to organisation, in broader terms data can be classified into:
- Top secret – Its leakage can cause drastic effect to the organisation, e.g. trade secrets etc.
- Confidential – Internal to the company e.g. policy and processes.
- Public – Publically available, like newsletters etc.
To become a Certified Ethical hacker, enroll for a live free demo on Ethical Hacking Online Training
9. When should a security policy be revised?
There is no fixed time for reviewing the security policy but all this should be done at least once a year. Any changes made should be documented in the revision history of the document and versioning. In case there are any major changes the changes need to be notified to the users as well.
10. What is an incident and how do you manage it?
Any event which leads to compromise of the security of an organisation is an incident. The incident process goes like this:
- Identification of the Incident
- Logging in (Details)
- Investigation and root cause analysis (RCA)
- Escalation or keeping the senior management/parties informed
- Remediation steps
- Closure report.
