IT Security Interview Questions

1. Interviewer: Tell me what is a BootKit?
-A Boot Kit is where Malware injects code into the MBR

2.  Interviewer: What is the difference between a Disk Level Encryption and a Block Level Encryption?

3. Interviewer: What is a White List in Malware?

4. Interviewer:  What is PII (Personable Identifiable Information) and how that relates to PCI?

5.  Tell me how you would run a new project to start a Whitelist of new Malware computer infestation. Describe what you would do from Start to Finish.

6. When would you use Block Level Encryption as opposed to Full Disk Encryption? Tell me on a hard drive.

7. Can you tell me what corporate departments you may use Full Disk Encryption?

8. What is a Phishing attack?

A "phishing attack"  typically is an e-mail masquerading as a message from a trusted sourceis an e-mail masquerading as a message from a trusted source

9.  What's an example of two factor authentication?

finger print

10.  What's an example of three factor authentication?

password (something you know)
finger print (something you are)
RSA Token (something you have)

11. What's the difference between NTFS and Share permissions?

-It depends on how the file is accessed and it. Logging on locally and accessing the file through the local filesystem in this case the share permissions won't matter. However if you're accessing the files (not logged on locally) through a share, then the share permissions apply first, then the NTFS permissions apply, so it's cumulative.

12. What are GPO Permissions?
13.  SQL injection explain this concept
-SQL injection is a technique to add (or inject)  malicious SQL code to a website for example that has a vulnerability in it's entry field
-The attacker can have the entry field dump the contents of a database to the attackers service.
-One method to fix the server would be to patch the vulnerability.

14. Give an example of something you discovered and what did you do to handle it

15.  Name a Policy or detailed procedure you implemented and the result of it effectivness

16. What port does Remote Desktop (RDP) run on?
-Port 3389

17. What port does ICMP use?
-Trick question: ICMP does not use a port since it does not have a place for a port. It is encapsulated with an IP datagram only.

18. What is a SYN Flood?

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

Normal SYN                                                                                                            SYN Flood


19. What is a slow Denial of Service (DOS) attack?

-In a slow DOS is that the attack tools sends an HTTP request that never finishes.  As a result, each listener process never finishes its quota of MaxRequestsPerChild so that it can die.  By sending a small amount of never-complete requests, Apache gladly spawns new processes/threads up to MaxClients at which point it fails to answer requests and the site is DOS’ed.

20. Look around this room and tell me what is a security risk?
-Whiteboard had information on it.
-Open Network jacks, with CAT 5 cables available in the room that someone can easily plug into.

21. What's an example of a "find" you have found and come across?
-Well while doing an audit I saw the HR department was submitting payroll information to the 3rd party payment processor via FTP.
-Noticing the value of the sensitive information, I was able to speak with the 3rd party vendor and have the pay roll submission information switched to SFTP.

22. Tell me about a time you used a continuous process to improve an existing system?
 (Tip#1: think about something you did in the past, and since this is a IT Security Interview, put a Security spin on it, as this is a very vague question.)
(Tip#2: Ivf the position you are interviewing for is a Risk and Compliance position make sure your answer has something to do with that .)

Good to Know:
Bit 9 = malware and advanced threats: locks advanced:

-White List
-Immediate visibility, detection and protection
-Time based detection and forensics
-Lowest admin effort and user impact
-Proven reliability and scalability

Bit 9 blocks advanced Malware:
-Continous monitors every file that tries to execute
-Monitor all this through a web interface

Symantec Endpoint Encryption:
-encrypts storage devices, desktops, and laptops

-File Integrity Monitor - Monitors File Changes

HP Security Tools:
ArcSight Logger - Collects machine data logs and unifys that data for searching, analyzing, etc. (SIEM=Security Information and Event Management)
Tipping Point 

Steganography - Embedding a file within a file
Harddrive Encryption - encrypts data stored on a hard drive using sophisticated mathematical functions
-data cannot be read by anyone who does not have access to the appropriate key or password]