8. What is a Phishing attack?

A "phishing attack"  typically is an e-mail masquerading as a message from a trusted sourceis an e-mail masquerading as a message from a trusted source

9.  What's an example of two factor authentication?

password
finger print

10.  What's an example of three factor authentication?

password (something you know)

finger print (something you are)

RSA Token (something you have)

11. What's the difference between NTFS and Share permissions?

-It depends on how the file is accessed and it. Logging on locally and accessing the file through the local filesystem in this case the share permissions won't matter. However if you're accessing the files (not logged on locally) through a share, then the share permissions apply first, then the NTFS permissions apply, so it's cumulative.

12. What are GPO Permissions?
-
13.  SQL injection explain this concept

-SQL injection is a technique to add (or inject)  malicious SQL code to a website for example that has a vulnerability in it's entry field

-The attacker can have the entry field dump the contents of a database to the attackers service.

-One method to fix the server would be to patch the vulnerability.

14. Give an example of something you discovered and what did you do to handle it

15.  Name a Policy or detailed procedure you implemented and the result of it effectivness

16. What port does Remote Desktop (RDP) run on?

-Port 3389

17. What port does ICMP use?

-Trick question: ICMP does not use a port since it does not have a place for a port. It is encapsulated with an IP datagram only.

18. What is a SYN Flood?

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

                                                          

Normal SYN                                                                                                            SYN Flood

-Courtesy Wikipedia.com

19. What is a slow Denial of Service (DOS) attack?

-In a slow DOS is that the attack tools sends an HTTP request that never finishes.  As a result, each listener process never finishes its quota of MaxRequestsPerChild so that it can die.  By sending a small amount of never-complete requests, Apache gladly spawns new processes/threads up to MaxClients at which point it fails to answer requests and the site is DOS’ed.

 
-Courtesy Guerilla-CISO.com

20. Look around this room and tell me what is a security risk?

-Whiteboard had information on it.

-Open Network jacks, with CAT 5 cables available in the room that someone can easily plug into.

21. What's an example of a "find" you have found and come across?

-Well while doing an audit I saw the HR department was submitting payroll information to the 3rd party payment processor via FTP.

-Noticing the value of the sensitive information, I was able to speak with the 3rd party vendor and have the pay roll submission information switched to SFTP.

22. Tell me about a time you used a continuous process to improve an existing system?
 (Tip#1: think about something you did in the past, and since this is a IT Security Interview, put a Security spin on it, as this is a very vague question.)
(Tip#2: Ivf the position you are interviewing for is a Risk and Compliance position make sure your answer has something to do with that .)