Below are some important Network Security interview questions which are asked in most MNC company interviews for beginners or professionals.
6. In context of public key encryption, if you are using both signature and encryption features, what key will you use for encryption and which one will you use for signing?
Answer is simple. One would always sign using their key so the public key is used for encryption. Most of the candidates tend to name public key for both signing and encryption. They miss out the point that public key encryption also includes a private key.
7. What type of network do you use at home?
Again, this question is employed to assess the skills and networking background of candidates. “I don’t have a network at home but I have handled networks at so and so places” is better than saying “sorry, I don’t have a network at home”. The latter would send out a signal that the candidate never had exposure to networks.
8. What is Cross Site Request Forgery and how to defend against it?
The question can also be in two parts, in which case, candidates without knowledge of CSRF would get lost. If asked combined, candidates can guess that cross site request forgery is something that relates to malicious scripting with phishing intentions. The question may also be framed as “what is cross site request”. In this case, candidates cannot even guess that it is something malicious as the word ‘forgery’ is not there.
9. Name the port used by PING.
Always remember that PING does not use any port. As PING is based upon layer 3 protocol, it never uses any computer port. A simple variation of the question could be: Does PING use UDP? Or Does PING use TCP? Again remember that UDP and TCP are layer 4 protocols and PING has nothing to do with them.
10. Security Life Cycle.
It can be phrased in many ways: what comes first – vulnerability or threat? How do you design a system with some options given? The candidate needs to answer these questions using his/her own experience and opinions. The objective is how best the candidate can explain what you asked.
These are just some of the network security interview questions that are meant to give you an idea of how a security interview goes. If you wish to share your experience or wish to add anything, please feel free to share using comments box.
6. In context of public key encryption, if you are using both signature and encryption features, what key will you use for encryption and which one will you use for signing?
Answer is simple. One would always sign using their key so the public key is used for encryption. Most of the candidates tend to name public key for both signing and encryption. They miss out the point that public key encryption also includes a private key.
7. What type of network do you use at home?
Again, this question is employed to assess the skills and networking background of candidates. “I don’t have a network at home but I have handled networks at so and so places” is better than saying “sorry, I don’t have a network at home”. The latter would send out a signal that the candidate never had exposure to networks.
8. What is Cross Site Request Forgery and how to defend against it?
The question can also be in two parts, in which case, candidates without knowledge of CSRF would get lost. If asked combined, candidates can guess that cross site request forgery is something that relates to malicious scripting with phishing intentions. The question may also be framed as “what is cross site request”. In this case, candidates cannot even guess that it is something malicious as the word ‘forgery’ is not there.
9. Name the port used by PING.
Always remember that PING does not use any port. As PING is based upon layer 3 protocol, it never uses any computer port. A simple variation of the question could be: Does PING use UDP? Or Does PING use TCP? Again remember that UDP and TCP are layer 4 protocols and PING has nothing to do with them.
10. Security Life Cycle.
It can be phrased in many ways: what comes first – vulnerability or threat? How do you design a system with some options given? The candidate needs to answer these questions using his/her own experience and opinions. The objective is how best the candidate can explain what you asked.
These are just some of the network security interview questions that are meant to give you an idea of how a security interview goes. If you wish to share your experience or wish to add anything, please feel free to share using comments box.
No comments:
Post a Comment