Q: What is the first thing you should do before tuning your SIEM which is receiving thousands of CVEs from scan (yes this was a real question)? Q: What is CI/CD? Q:What is PAM? Q: Are you familiar with any email scanners? Q: How did a ransomware actor propagate if they used PowerShell to infect the network? Q: What would you do to ensure it never happens again?
What is Second Order SQLi?
What do you Know about Hacking,What are the different types malwares, what are the different types of tools used in security
What is the CIA triad?
Explain your experience as a guard ?
I was asked to fill a risk form based on different scenarios painted. The test is to gage my reporting skill and thought process.
How would you handle a difficult situation?
What is firewall
If you could have any super power what would it be?
Things were even worse when I had the first call with the "technical guy". I applied to this role because it was completely on Red teaming, security research and exploit development. But when I started the interview, he started with what they are trying to do in Xerox. He said they are building a cyber team in Xerox acorss the world with 35-40 team members. I am like, that sounds interesting. Then as soon as he started asking questions, he jumped straight into cloud risk assessment based questiosns and few architecture based risk assessment questions. First thing, the role is of a red team, why are you asking cloud risk assessment/ threat modelling based questions. I know that there should be knowledge about these two, but why are not asking questions suitable for a red team profile. There were 2-3 simple questions at the end of the interview on pen test, that's it. I felt like they don't know what red team is and nor do they want to figure out because if they did, they would have asked relevant questions. It's ok to not know when building a new team but do your research first or get someone who can interview properly for the role.
Viewing 51 - 60 interview questions