Information Security Officer Interview Preparation Guide
Download PDF
Add New Question

Information Security Officer related Frequently Asked Questions in various Information Security Professional job interviews by interviewer. The set of questions here ensures that you offer a perfect answer posed to you. So get preparation for your new job hunting

95 Information Security Professional Questions and Answers:

1 :: Do you know what is the 80/20 rule of networking?

80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain local while 20% is routed towards a remote network.
Post Your Answer

2 :: What is security Essentials (GSEC)?

It declares that candidate is expert in handling basic security issues- it is the basic certification in security
Post Your Answer

3 :: Explain me what’s more secure, SSL or HTTPS?

Trick question: these are not mutually exclusive. Look for a smile like they caught you in the cookie jar. If they’re confused, then this should be for an extremely junior position.
Post Your Answer

4 :: Tell me what’s the difference between symmetric and public-key cryptography?

Standard stuff here: single key vs. two keys, etc, etc.
Post Your Answer

5 :: Tell me what port does ping work over?

A trick question, to be sure, but an important one. If he starts throwing out port numbers you may want to immediately move to the next candidate. Hint: ICMP is a layer 3 protocol (it doesn’t work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols.
Post Your Answer

6 :: Tell me what kind of attack is a standard Diffie-Hellman exchange vulnerable to?

Man-in-the-middle, as neither side is authenticated.
Post Your Answer

7 :: Do you know what’s the difference between HTTP and HTML?

Obviously the answer is that one is the networking/application protocol and the other is the markup language, but again, the main thing you’re looking for is for him not to panic.
Post Your Answer

8 :: Explain what is the primary reason most companies haven’t fixed their vulnerabilities?

This is a bit of a pet question for me, and I look for people to realize that companies don’t actually care as much about security as they claim to–otherwise we’d have a very good remediation percentage. Instead we have a ton of unfixed things and more tests being performed.

Look for people who get this, and are ok with the challenge.
Post Your Answer

9 :: Tell us what project that you have built are you most proud of?

For some people, this would be the first computer they ever built, or the first time they modified a game console, or the first program they wrote, the list can go on and on. In my case, that would be a project for work that I was working on for years. It started out as an Excel spreadsheet that the Engineering department were using to keep track of their AutoCAD drawings, and ended up evolving through a couple hundred static HTML pages, an Access Database and frontend, and finally to a full on web application running in MySQL and PHP. This simple little thing ended up becoming an entire website with dedicated Engineering, Sales and Quality web apps used by the company globally, which just goes to show you you never know where something might lead.
Post Your Answer

10 :: Do you know what is XSS?

Cross-site scripting, the nightmare of Javascript. Because Javascript can run pages locally on the client system as opposed to running everything on the server side, this can cause headaches for a programmer if variables can be changed directly on the client’s webpage. There are a number of ways to protect against this, the easiest of which is input validation.
Post Your Answer
Add New Question