Intern/Entry level interviews aren't as difficult interviews compared to security engineers and tier 2/3 security analyst interviews. During these interviews, the hiring manager is looking to see if you understand basic network and security fundamentals. Questions asked in these interviews are typically straightforward with few scenario-based questions. During this stage in your career, it's extremely important that you showcase your willingness to learn. You will accomplish this by talking about how you are keeping up with cyber security news, home labs you have built(don't worry, I'll create a repository for home labs as well), and how you are contributing to the security community (this is a major bonus).
- Tell me about yourself. (This question is not meant for you to give your life story. This question is meant for you to give an overview of your career geared towards cybersecurity, your educational background, why you chose cybersecurity, your passion for cybersecurity, etc.)
- What steps would you take you secure a server? (This question is asked to see if you have a basic understanding of how to secure a server. This does not mean you will be administering servers, but it lets the interviewer know that you understand basic fundamentals of system hardening.)
- What is the difference between UDP and TCP? (Testing you networking and protocol knowledge. Hint: One protocol is primarily used in Video Streaming. The other protocol is used to send emails.)
- What are the default ports for HTTP and for HTTPS? (Requires basic port and protocol knowledge.)
- Explain the CIA Triad. (The CIA Triad is the backbone of cybersecurity. It's important to understand it.)
- What is two-factor authentication? (You don't need to know how to implement it, but understanding it full and knowing why you should use it is important.)
- Explain the OSI Model. (This requires networking knowledge. Hint to remember the 7 layers: All People Seem to Need Data Processing. (This is a Mnemonic) )
- Explain a 3 way handshake. (Requires basic networking knowledge. Hint: When thinking about a 3 way handshake, think about a mailman delivering a package with a tracking number)
- What is the difference between Symmetric and Asymmetric encryption? (Basic knowledge of encryption. Hint: Symmetric = Same, Asymmetric = Different)
- How does encryption and hashing differ? (Basic knowledge of encryption. Hint: The CIA triad)
- What are some important protocols and their respective ports? What are those protocols used for? (Basic networking knowledge. Interviewer is looking to gauge your networking experience and how well you explain their purpose.)
- Explain the differences between risk, vulnerability, and a threat. (The interviewer is looking for a clear and concise answer. Less words are more.)
- What happens when you enter a site on google in your browser? (Test networking and protocol knowledge) This is taking a concept that every internet user might take for granted, but that Security professionals should know in more detail about.
-
You receive an alert for an incident, how would you investigate it? (There's no right or wrong answer to this situation. This is a vague question, in which you have to ask questions to gather information before deciding how you're going to answer the question. Having experience conduction investigations will help you with this, but not having experience isn't the end of the world. Think out loud of your solutions so that they can hear your thought process. Hearing your thought process is extremely important.)
-
A user reports that their computer is running slow and acting abnormal. You investigate it and notice that the computer has been making requests to an unknown IP address, what do you? (This question gauges your knowledge on attack methods and networking. Hint: DNS requests is 🔑 )
-
You get an email forwarded from leadership saying they're not sure of its phishing, where do you look to verify if the email is phishing or not? (This tests email security knowledge, link analysis, headers, etc.)
-
Can you tell me about a favorite threat detection that you have built? How did you build it? What problem did it solve? (This question may be geared towards security engineers and/or tier 3. This question will be to gauge the complexity of threat detections you have built, what data sources you have used, etc. It's also a time to show off your critical thinking skills on how & why you developed them. As well as how you were able to solve problems that the organization may or may not have known existed)
- Which is more secure HTTPS, SSL, or TLS. (This is a trick question. Requires basic networking knowledge. Hint: What does HTTPS use to encrypt data?)
- What is the importance of DNS monitoring? What are DNS attack methods? (Straight forward question. Intermediate networking knowledge. The interviewer is gauging your overall knowledge of DNS and how it can be exploited)
When interviewing for cybersecurity positions, there won't be many application security questions unless you're applying for cloud, appsec, etc type roles. You still need to understand the fundamental concept of application security, although.
- What is the OWASP Top 10? (These are the most citical security risks to web applications)
- Explain XSS and how can to prevent it? (XSS is apart of the Owasp Top 10)
- Explain SQL Injection and how to prevent it? (SQL Injection is apart of the Owasp Top 10)
- How would you prevent secrets from getting exposed in a codebase? (Tests knowledge around secure coding best practices and secrets management)
When interviewing for cybersecurity positions, there won't be many application security questions unless you're applying for cloud, appsec, etc type roles. You still need to understand the fundamental concept of application security, although.
- What is the OWASP Top 10? (These are the most critical security risks to web applications)
- Explain XSS and how can to prevent it? (XSS is apart of the OWASP Top 10)
- Explain SQL Injection and how to prevent it? (SQL Injection is apart of the OWASP Top 10)
You will rarely have splunk specific interview questions, unless you're specifically interviewing for a splunk engineer, admin, etc. role. However, Splunk is a popular tool that many companies use for alerts, analysis, and monitoring. As a security analyst you will be using splunk or SIEM to conduct investigations.
-
Explain Splunk Architecture. (Interviewer is looking for you to explain each componenet of Splunk.)
-
What is the component of Splunk that does the searching? (Tests specific domain knowledge on the main Splunk components)
-
What is the difference using the NOT = and != in a Splunk query? (A little in the weeds but have been asked this before, interviewer looking for SPL command specifics)
-
Explain Splunk Architecture. (Interviewer is looking for you to explain each component of Splunk.)