Realistically, Information Security has thousands of possible questions at any given interview across many possible topics. On top, Information Security (InfoSec), means different things to different people. For example, Information Security covers everyone from the guy at Geek Squad running a copy of Norton all the way up to the Chief Security Officer at Microsoft. As a result, a single list of questions is not going to cover everything. However, there are definitely layers or tiers of possible questions that you can run into, and we will discuss some of them here.
Layer or Tier 1: Basic Security Tech
Security Tech positions, layer or tier 1 are are the basic fundamentals of what is current right now. Questions you may get for this type of role are customer relationship skills, personality based and to help the interviewer better understand your preferences. These questions would cover simple break fixes, connections, privileges, etc. Here are some example questions:
- How would you preform a traceroute to find a break in communication?
- You would run the tracert or traceroute command from command prompt, which would allow you to see exactly what routers are touched as you move through the network. When you get to a destination that you can not connect to or where the trace chain stops, there is the break.
- Why would you want to use SSH from a Windows PC?
- SSH (TCP port 22) is a secure connection and can be used to harden against eavesdropping.
- What is the difference between Asymmetric and Symmetric encryption?
- Symmetric encryption uses the same key to encrypt and decrypt, where as Asymmetric uses two separate keys. Symmetric is faster, but Asymmetric is easier to implement.
- What is SSL and why is it not enough when it comes to encryption?
- SSL is identity verification, not hard data encryption. SSL is commonly attacked via its implementation (Heartbleed bug) and can be stripped in certain circumstances. SSL is designed to prove that the person you are talking to on the other end is who they say they are.
Layer or Tier 2: The Break Fixer
Positions like the Break Fixer requires a little more experience and diversified skills. This person would need to be able to think out-side the box and be able to think through a problem. Performing tasks like cleanups and minor forensics are common. Some example question someone interviewing for a Break / Fixer security position would be:
- What is XSS?
- XSS is cross-site scripting which is a computer vulnerability found in web applications and the easiest way to protect against it is input validation. An example of XSS is an attacker embedding HTML tags in the comments section of a website. This new code will be loaded every time someone loads the page an could lead visitors to another site where accounts and personal information can be captured.
- How can you reset a password-protected BIOS configuration on a PC?
- Since the BIOS is a pre-boot system it has a storage mechinism for is settings and preferences. Simply removing the battery will result in it losing is settings, thus resetting the password to default. The BIOS factory password would be reset to ‘password’.
- What are three ways to authenticate a person?
- Using two factor authentication
- Something you know (password)
- Something you have (token)
- Something you are (biometrics)
- What is data protection at rest vs data protection in transit?
- Data is protected at rest when it in on just sitting there on a database or system. Data is protected in transit while it is moving from server to client.
- How can you login to Active Directory from a Mac or Linux box?
- Since Active Directory uses SMB protocol, you can access Active Directory from a non-Windows system by using the Samba program.
Layer or Tier 3: The Seasoned
The Seasoned Security professional has spent several years working through both small and large security issues. By now this person would have experienced several environments, security software and diverse implementations. The Seasoned Security professional works as a member of a team and is most likely on a specialized security track. The Seasoned Security professional would be asked these types of interview questions:
- What is the difference between and exploit and a vulnerability (this is a very common question)?
- A vulnerability is a potential problem where as a exploit is an active one.
- How can you configure a network to allow only a single computer to login on a particular jack?
- Using sticky ports to configure each port to only allow one computer to connect.
- What is the difference between an HIDS and a NIDS?
- Both are Intrusion Detection Systems, but one is Host and the other is Network. HISDS run as background utilities on the client and NIDS sniff packets as they cross the network.
- What is the CIA triangle?
- Confidentiality – keeping data secure, Integrity – keeping data intact, Availability – data accessibility.