Information Security Interview Questions & Answers
The number of Information Security related jobs are growing extensively…. There is a huge requirement for skilled InfoSec professionals across the globe.. the jobs positions are available for freshers, experienced guys and top management (typically CISO .HCL,BPLetc)… This post is my attempt to collect typical InfoSec interview question and answers to help those looking out opportunities in this field… I’ll keep on updating the questions regularly.. You can also share/contribute any questions you might have faced during your InfoSec interviews….
Category I: General Security Concepts / Network Security / OS Security
1) Is there any difference between Information Security and IT Security? If yes, please explain the difference.
Ans- Yes. Information Security and IT Security are both different terms often used interchangeably. IT Security focuses on purely technical controls (like implementing antivirus, firewall, hardening systems etc) while Information Security is more wider term which implies securing “information” as an asset be it in any form. (ex shredding of paper documents to prevent dumpster driving etc). So IT security can be considered as a subset of Information Security.
2) What is the difference between Encoding, Encryption and Hashing?
Ans- At a very high level, all these 3 terms might appear to be similar and people often confuse between them. But each of the technique is distinct and has different use case. The purpose of encoding is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed. It does not require a key as the only thing required to decode it is the algorithm that was used to encode it. Examples: ASCII, Unicode, URL Encoding, Base64. The purpose of encryption is to transform data in order to keep it secret from others. It uses a key, which is kept secret, in conjunction with the plaintext and the algorithm, in order to perform the encryption operation. Examples: AES, Blowfish, RSA. The purpose of hashing is to take arbitrary input and produce a fixed-length string that has the following attributes:
The same input will always produce the same output.
Multiple disparate inputs should not produce the same output.
It should not be possible to go from the output to the input.
Any modification of a given input should result in drastic change to the hash.
Examples- MD5, SHA1, SHA2 etc. Hashing is often used in computer forensics to verify integrity of the digital evidence.
3) What is the difference between proxy, firewall, IDS and IPS?
A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Firewall is basically meant for network traffic control/filtering mainly at layer-3. It allows/denies packets and connections based on certain pre-defined rules. IDS- Intrusion Detection System is an application which tries to detect intrusion attempts based on attack signature database it has. IPS- Intrusion Prevention System detects the intrusion (like IDS) and goes one step ahead to prevent it as well. It simply drops the packet it thinks suspicious (based on rules)
Examples:
proxy – Squid
Firewall- IPTables, CISCO Pix, ZoneAlarm
IDS- SNORT
IPS- IBM Proventia
5) How do you keep yourself updated with latest trends in Information Security?
Ans: I refer to various security news sites , blogs etc (Like thehackernews, Rapid7 blog etc) Also I am subscribed to various online security magazines like Pentest magazine, HackInsight etc and I surf through the archives of various security conferences held worldwide.
6) Which OS do you feel is more secure? Linux or Windows?
Ans: No OS is secured unless and until its administrator is smart enough to secure it. Though Windows has more publicly found security issues, it can still be hardened appropriately. Its all about perception and having right sense of security. Linux definitely provides robust security, however a mis-configured Linux box could really pose a big threat to security.
7) Is there any risk when conducting Application Security testing on production instance?
Ans: Ideally, Application Security testing should never be performed on production instance. Automated scanners can insert, modify or even delete data from the target application. This could be a big risk. So the testing should be carried out on test instance which should contain exact replica of the application code running on production instance. If at all you have to test on production instance, its owner must take responsibility (in writing) of any data loss that may occur after testing.
8) How would you convince the developer to fix the vulnerabilities you found in the Web Application?
Ans: It is a normal human mentality not to accept our mistakes. Same applies in this case. No developer would easily accept that code written by him has serious security bugs. So, you have to demonstrate him the vulnerability you discovered with proper PoC. And explain him the severity and impact if the vulnerability gets exploited. You have to be polite while explaining and not get into arguments.
9) How does HTTP handles state?
Ans: HTTP is a stateless protocol.
10) What is file shredding?
Ans: File Shredding is a technique used to securely erase/wipe or destroy the file (logical or physical) in such a way that it cannot be re-constructed to derive its original meaning.
11) List few situations wherein lost data cannot be recovered.
Ans: If the data is stored on magnetic media, and that media comes in contact with very strong magnetic field then it may result in permanent loss of data. If data is on the disk is over-written more then 30 times, it may get in unrecoverable state. If the media is physically destroyed like completely burnt or turned into fine powder then it won’t be possible to recover the data.
Category I: General Security Concepts / Network Security / OS Security
1) Is there any difference between Information Security and IT Security? If yes, please explain the difference.
Ans- Yes. Information Security and IT Security are both different terms often used interchangeably. IT Security focuses on purely technical controls (like implementing antivirus, firewall, hardening systems etc) while Information Security is more wider term which implies securing “information” as an asset be it in any form. (ex shredding of paper documents to prevent dumpster driving etc). So IT security can be considered as a subset of Information Security.
2) What is the difference between Encoding, Encryption and Hashing?
Ans- At a very high level, all these 3 terms might appear to be similar and people often confuse between them. But each of the technique is distinct and has different use case. The purpose of encoding is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed. It does not require a key as the only thing required to decode it is the algorithm that was used to encode it. Examples: ASCII, Unicode, URL Encoding, Base64. The purpose of encryption is to transform data in order to keep it secret from others. It uses a key, which is kept secret, in conjunction with the plaintext and the algorithm, in order to perform the encryption operation. Examples: AES, Blowfish, RSA. The purpose of hashing is to take arbitrary input and produce a fixed-length string that has the following attributes:
The same input will always produce the same output.
Multiple disparate inputs should not produce the same output.
It should not be possible to go from the output to the input.
Any modification of a given input should result in drastic change to the hash.
Examples- MD5, SHA1, SHA2 etc. Hashing is often used in computer forensics to verify integrity of the digital evidence.
3) What is the difference between proxy, firewall, IDS and IPS?
A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Firewall is basically meant for network traffic control/filtering mainly at layer-3. It allows/denies packets and connections based on certain pre-defined rules. IDS- Intrusion Detection System is an application which tries to detect intrusion attempts based on attack signature database it has. IPS- Intrusion Prevention System detects the intrusion (like IDS) and goes one step ahead to prevent it as well. It simply drops the packet it thinks suspicious (based on rules)
Examples:
proxy – Squid
Firewall- IPTables, CISCO Pix, ZoneAlarm
IDS- SNORT
IPS- IBM Proventia
5) How do you keep yourself updated with latest trends in Information Security?
Ans: I refer to various security news sites , blogs etc (Like thehackernews, Rapid7 blog etc) Also I am subscribed to various online security magazines like Pentest magazine, HackInsight etc and I surf through the archives of various security conferences held worldwide.
6) Which OS do you feel is more secure? Linux or Windows?
Ans: No OS is secured unless and until its administrator is smart enough to secure it. Though Windows has more publicly found security issues, it can still be hardened appropriately. Its all about perception and having right sense of security. Linux definitely provides robust security, however a mis-configured Linux box could really pose a big threat to security.
7) Is there any risk when conducting Application Security testing on production instance?
Ans: Ideally, Application Security testing should never be performed on production instance. Automated scanners can insert, modify or even delete data from the target application. This could be a big risk. So the testing should be carried out on test instance which should contain exact replica of the application code running on production instance. If at all you have to test on production instance, its owner must take responsibility (in writing) of any data loss that may occur after testing.
8) How would you convince the developer to fix the vulnerabilities you found in the Web Application?
Ans: It is a normal human mentality not to accept our mistakes. Same applies in this case. No developer would easily accept that code written by him has serious security bugs. So, you have to demonstrate him the vulnerability you discovered with proper PoC. And explain him the severity and impact if the vulnerability gets exploited. You have to be polite while explaining and not get into arguments.
9) How does HTTP handles state?
Ans: HTTP is a stateless protocol.
10) What is file shredding?
Ans: File Shredding is a technique used to securely erase/wipe or destroy the file (logical or physical) in such a way that it cannot be re-constructed to derive its original meaning.
11) List few situations wherein lost data cannot be recovered.
Ans: If the data is stored on magnetic media, and that media comes in contact with very strong magnetic field then it may result in permanent loss of data. If data is on the disk is over-written more then 30 times, it may get in unrecoverable state. If the media is physically destroyed like completely burnt or turned into fine powder then it won’t be possible to recover the data.
Comments