Cyber Security Interview Questions You Must Know

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

do you want to know some of the most common interview questions for cybersecurity how about some questions that are meant to trip you up I'll stick around for this video and I will break down 10 questions and answers to help you ace your cybersecurity interview but first if this is the first time that we are meeting welcome to my channel my name is John Goode and here I get to spread my passion for cybersecurity training tips and tricks and career advice to help you go further remember to smash the thumbs up to like this video if the subscribe button and the Bell icon so you don't miss future content and make sure to leave a comment for the YouTube algorithm if you like my training and you want more head on over to my website at John good comm to access full training courses if you just want to donate to support the channel that's cool too visit the link in the description to donate you can also join me on discord the link is in the description okay let's get into the video number one how is encryption different from hashing this question is really to figure out if you understand both encryption and hashing first of all the main idea of encryption is to protect the confidentiality of data we are using some type of algorithm in order to scramble the data so that only the person with that decryption key can read or make sense of the data we use encryption for many things but email web traffic and data storage are three of the most common uses for encryption hashing on the other hand is a mechanism to verify the integrity of data when we create a hash of data such as a file we generate some random string of characters that will be the same as long as that file does not change if any part of that file changes and we create the hash again we are going to have a completely different value returned for this type of question it's going to be a good idea that you know a few different types of encryption and hashing algorithms question number two describe your home network or lab this question is where you should geek out your answers really describe how invested into the field you are as things are changing more to the cloud you might not have stacks of equipment at your house anymore but being able to describe some technologies that you use in your home helps a lot especially if you have less experienced security people want to know what are you tinkering with outside of work what kinds of things and make sure that you're not just checking out when you leave work for the day remember that to be successful in security you have to keep learning question number three what is the OSI model the OSI model is one of those things you learn very early in your career I've heard this question asked with varying difficulty from what is the OSI model what are the layers of the OSI model or even having somebody describe each layer the OSI model has all kinds of uses but at its simplest form the OSI model provides a standardized method for computing and network communications we also use the OSI model in order to help us troubleshoot technology for example you might hear somebody say well I have a layer one issue because a cable has gone bad or I have a layer three issue meaning that there's an issue with routing or Network year question number four which is more secure open source or close source I want you to be careful with this question I know that a lot of people are going to jump to saying that closed source software is more secure but if the question was so easy why would they ask it in an interview first of all open source software in companies is very common in today's environments if you quickly disregard open source software you might actually cause a lot of issues with developers in your company and honestly you are being very closed-minded for this kind of question I would be more conversational about it because both open source and closed source software have benefits to them think about if you were in a heavy DevOps type environment that needed a lot of customization or different aspects of the business host source software might severely limit your progress the key point is think things through with this type of question question five which security framework is best depending on the role that you're interviewing for or that you're trying to get this question definitely will be asked security programs follow some type of security framework in order to hit key security requirements some industries have very specific requirements such as the defense and government sectors so they might take some other type of regulations and tailor them to their environments and then you have technology companies that might not have anything that they actually have to follow some of the most common frameworks include the NIST special publication 802 the better but typically your exposure is going to be based on the industries that you've worked in now I hope you're enjoying the content so far make sure to smash the light and leave a comment to let me know if you have been asked any of these questions in any interview that you've been in all right back to the content question six what is the primary goal of information security or cyber security your answer to this question speaks directly to your mindset of our role as cyber security or information security in the organization at the heart of what we do is the idea of helping the business be successful we aren't there to create a surplus of roadblocks and in most cases were considered a cost center because we aren't creating profit or the company if the company decides to pursue a certain path we need to look for ways to enable the business in order to get there when you answer this question if you respond in a way that doesn't contribute to the success of the organization you are likely going to be seen in a negative light because you don't understand our true purpose Russia number seven what is risk what is a threat what is a vulnerability today in security we need to be extremely focused on risk and balancing the controls that we put in place with the potential loss or damage the business might incur a true test of a season security professional is going to be how much they consider the business and the likelihood that a risk is going to be realized or that it's going to happen inexperienced people or inexperienced professionals are set on the idea of implementing security just for the sake of implementing security instead of realizing that everything has a cost and some security is just not worth it or the business of course much of what we implement for security relies on business leaders and senior management support but if you mentioned something about balancing risk and the business and you're going to be seen as a more experienced professional than somebody who does not mention that question number eight where do you get your security news from in this career field of cyber security and information security if you aren't learning then you're moving backwards things change new technologies are released new vulnerabilities are discovered all the time you must be learning every day if you don't already read security news you need to start get yourself an RSS reader I use something called feedly in order to get all my news in one spot and start researching security websites a website called dark reading also crebbs on security are two really good places or security news but also check out security weekly which actually has a YouTube channel and they cover weekly news in a podcast style format question number nine why are preventive controls better than Detective controls or why are detective controls better than preventative controls I've actually never been personally asked this question in an interview but I actually think it's a interesting question for somebody to ask if you're interviewing with somebody who's fairly skilled at conducting interviews well you should expect some type of curveball questions from them the reason why I like this question is because first you actually have to know the difference between the two types of controls which is pretty simple in general but second it's kind of a trick question because the best choice actually depends on a lot of different factors if I was to ask somebody this question I want to hear your thoughts as you think things out for example technical preventive controls are always in line such as an intrusion prevention system or IPS so you can actually run into capacity issues for handling traffic and you might even have a single point of failure on your hands detective controls allow you to analyze what's happening without letting an attacker know that you're watching them the ability to break down a question like this and evaluate the pros and the cons is equality that an experienced professional should have and then when you compare that to a beginner the beginner is probably going to jump to a conclusion saying that one type of control is always better than the other question number 10 should you compress or should you encrypt first similar to other questions that we've gone through this question is really to identify your technical level the true answer of course is that you should compress data first and then encrypt it but this simple question is likely to trip up beginners question of the day what is the hardest question that you've been asked in an interview did you know the answer how did you respond to the question if you didn't know the answer remember to leave a like comment and subscribe head on over my website at John good comm for full training courses and I'll see you next time [Music]

Info

Channel: Jon Good

Views: 49,856

Rating: 4.9351892 out of 5

Keywords: cybersecurity, cyber security, cybersecurity interview questions and answers, network security interview questions and answers, application security interview questions, cyber security interview, cyber security interview tips, cyber security job interview questions, cyber security engineer interview questions, cyber security scenario based questions, cybersecurity training, cybersecurity jobs, cybersecurity tutorial, cybersecurity interview, cyber security jobs, it security jobs

Id: jb7T26soBo0

Channel Id: undefined

Length: 10min 46sec (646 seconds)

Published: Sat May 16 2020