Security Job interview questions

GismoBaby

What are the most common technical questions interviewers ask when going for a security position (graduate/trainee)? Its my first interview and I have ideas on what to expect but Id like to hear from those of you who have actually done technical interviews and not just depend on my own ideas which may be off par!!

syklops

Can you be more specific and tell us what kind of security job? Do you mean Information Security?

GismoBaby

syklops wrote: »

Can you be more specific and tell us what kind of security job? Do you mean Information Security?

IT Audit, security and compliance. The spec mentioned pentesting, network testing, IT testing(?).

I pulled this from the spec "Good technical IT knowledge, which may include a knowledge of networking, IT security, operating systems, system administration and/or programming. An interest in discovery, testing and remediation of IT environments. Excellent knowledge of technology (applications, infrastructure, best practice, controls)".

Its this section that im wondering what they may ask questions on. Its a very sweeping statement covering a lot! Im hoping it will be more generalised questions since its for a trainee but any suggestions would be appreciated!

GismoBaby

GismoBaby wrote: »

IT Audit, security and compliance. The spec mentioned pentesting, network testing, IT testing(?).

I pulled this from the spec "Good technical IT knowledge, which may include a knowledge of networking, IT security, operating systems, system administration and/or programming. An interest in discovery, testing and remediation of IT environments. Excellent knowledge of technology (applications, infrastructure, best practice, controls)".

Its this section that im wondering what they may ask questions on. Its a very sweeping statement covering a lot! Im hoping it will be more generalised questions since its for a trainee but any suggestions would be appreciated!

This sounds like the company I work for, I'm very curious to know...... Do they begin with an I?

The main thing is to show an interest in everything IT related from the Network level down to the encryption on a USB key.

Most positions are multifunctional, I mean one day I could be creating a script for a new client. The next day I could be troubleshooting VPN issues. Another day writing up procedures.... You need to be able to adapt to anything and companies need people who can adapt.

If your position is entry level as you said then the thing they'll want to see is hunger and ambition, explain what you've done in your past... Explain what you know, possibly display your skills.... Don't bull%$^* just be honest, be friendly, be curious.... Ask questions about the position, about the company.

Don't be nervous, an entry level/intern level is about what you want to know, not what you know!

syklops

Some of the basic questions I have gotten are:

Cryptography:

When encrypting a large piece of information should you encrypt first and then compress? Or should you compress first and then encrypt. Explain why.

When using public key cryptography which key, public or private, do you encrypt with and which do you sign with?

You are bound to get asked about the 7 layer OSI model. Being able to name them is fine for a basic job, but being able to explain what each one does and how they relate to each other will get you bonus marks.

I was asked in a Pen Testing interview recently a question in relation to nmap, when scanning UDP ports what are you looking for? The answer they were looking for was "If the port is reported as closed, then it is closed. If the request times out, then it is probably open"

I'll try and think of a few more that I have been asked in the past.

Edit: You will probably be asked to describe a time when you had to fix a problem by writing a program or script. Try and have an interesting one to tell. Also, make sure you remember the libraries or modules you used to solve the program. There is nothing worse than them asking you what libraries you used and you going "Ermm, It was.... let me see, er lib... lib-something?"

GismoBaby

Deleted User wrote: »

This sounds like the company I work for, I'm very curious to know...... Do they begin with an I?

The main thing is to show an interest in everything IT related from the Network level down to the encryption on a USB key.

Most positions are multifunctional, I mean one day I could be creating a script for a new client. The next day I could be troubleshooting VPN issues. Another day writing up procedures.... You need to be able to adapt to anything and companies need people who can adapt.

If your position is entry level as you said then the thing they'll want to see is hunger and ambition, explain what you've done in your past... Explain what you know, possibly display your skills.... Don't bull%$^* just be honest, be friendly, be curious.... Ask questions about the position, about the company.

Don't be nervous, an entry level/intern level is about what you want to know, not what you know!

Nope a few more letters up the alphabet! Thanks for the advise, especially the last line, I never thought of it that way!!

GismoBaby

syklops wrote: »

Some of the basic questions I have gotten are:

Cryptography:

When encrypting a large piece of information should you encrypt first and then compress? Or should you compress first and then encrypt. Explain why.

When using public key cryptography which key, public or private, do you encrypt with and which do you sign with?

You are bound to get asked about the 7 layer OSI model. Being able to name them is fine for a basic job, but being able to explain what each one does and how they relate to each other will get you bonus marks.

I was asked in a Pen Testing interview recently a question in relation to nmap, when scanning UDP ports what are you looking for? The answer they were looking for was "If the port is reported as closed, then it is closed. If the request times out, then it is probably open"

I'll try and think of a few more that I have been asked in the past.

Edit: You will probably be asked to describe a time when you had to fix a problem by writing a program or script. Try and have an interesting one to tell. Also, make sure you remember the libraries or modules you used to solve the program. There is nothing worse than them asking you what libraries you used and you going "Ermm, It was.... let me see, er lib... lib-something?"

Doesnt sound too bad but id have been well caught out if they asked me the encryption one, must visit my friend google for an answer to that one! The NMAP one is an interesting one too. I wouldnt have thought they would ask such specific questions!

Good point on the OSI, id probably have gone up with "All people seem to need drug prescriptions" acronym in my head and no more!

Thanks a million I really appreciate it

[-0-]

They might ask you about recent vulnerabilities too, and the OWASP Top Ten. Look up the recent Java vulnerabilities and be able to talk about them.

syklops

Yeah I should have mentioned the OWASP Top Ten. I have been asked to name them a few times. Also be able to explain what XSS and CSRF are and how to check for their presence and how to mitigate against them.

GismoBaby

syklops wrote: »

Yeah I should have mentioned the OWASP Top Ten. I have been asked to name them a few times. Also be able to explain what XSS and CSRF are and how to check for their presence and how to mitigate against them.

Ya I had figured they would come up so have been reading through them for a refresh, have a little experience in pentesting so im sure they will ask that. Thanks

syklops

GismoBaby wrote: »

Ya I had figured they would come up so have been reading through them for a refresh, have a little experience in pentesting so im sure they will ask that. Thanks

Sorry, didnt mean to treat you like a noob.

Whats a firewalk?

GismoBaby

syklops wrote: »

Sorry, didnt mean to treat you like a noob.

Whats a firewalk?

haha i am so dont be sorry, when i said little i really meant little as in a few months only!

firewalk: a tool that tries to figure out what layer 4 protocols a firewall allows, mixture of traceroute and TTL. Layer 4 protocols being TCP UDP and to protect the firewall you should block icmp timeout messages. ripped from wiki, never heard of it!! So many little bits like that you never heard about in college!

syklops

GismoBaby wrote: »

haha i am so dont be sorry, when i said little i really meant little as in a few months only!

firewalk: a tool that tries to figure out what layer 4 protocols a firewall allows, mixture of traceroute and TTL. Layer 4 protocols being TCP UDP and to protect the firewall you should block icmp timeout messages. ripped from wiki, never heard of it!! So many little bits like that you never heard about in college!

Its a very obscure question but I got asked it once. I've recently been working on a new firewalk tool which made me think of it.

I assume you know what idle scanning/zombie scanning is? Even though I never ever found a use for it.

GismoBaby

syklops wrote: »

Its a very obscure question but I got asked it once. I've recently been working on a new firewalk tool which made me think of it.

I assume you know what idle scanning/zombie scanning is? Even though I never ever found a use for it.

Obscure is right i though it was a spelling mistake at first and thought twice before replying!

nope... kinda sounds like a man in the middle attack without the attacking?? Only half read it tho cos my heads about to explode been at this all day!