Cyber Security Interview Questions

  1. what are the log sources you integrated with siem tool
  2. what is dos, ddos
  3. difference b/n dos & ddos
  4.  if you dont have rule condition how you will identify ddos attack
  5. what is tcp & udp and difference
  6. explain bruteforce attack and how you will investigate 
  7. ssh telnet and dns port numbers
  8. what is the use of arp
  9. Port scanning investigation
  10. Malware investigation
  11. DDOS INVESTIGATION
  12. SQL injection
  13. Suspicious outbound connection happened wt will you see for mitigation
  14. Owasp top 10
  15. What is threat management
  16. In mitre attack on persistence technique tell me any two subtechniques
  17. Sentinel architecture
  18. How vulnerability will come in edr?
  19. Bruteforce investigation
  20. Evenid 4791,4624,4625,4688
  21. Port number RDP,LDAP,telnet,ssh,amb
  22. ell me about the investigation in DLP?
  23. 2. On what basis DLP tool creates a alert?
  24. 3. How are u gonna report about forensics in DLP?
  25. 4. Difference between EDR and AV?
  26. 5. Explain any two alerts investigation in SIEM?
  27. 6. Why do u use comm. prompt during malware investigation?
  28. 7. Why do u report malicious domain to proxy? Why not to Firewall?
  29. 8. Explain about Phishing email analysis?
  30. 9. Any idea about "scheduled task" in Windows OS?
  31. 1) explain any investigation particulaerly investigated in EDR
  32. 2) Explain query to search windows sign in logs 
  33. 3) how you coloborate end points to EDR what is the  process
  34. 4) difernce between EDR and antivirus
  35. 5) what are the poliecies you know in EDR
  36. 6) Event ID for account lockout

Comments

Post a Comment

Popular posts from this blog

Brute force attack investigation

  Responsibility Index Phase Responsibility      Identification L1 Analyst:- GSOC Monitoring Team      Investigation  L2 Analyst:-This includes individuals from Network Team/GSOC Containment L2 Analyst: -  This includes individuals from Network Team/ Server team          Remediation L2 Analyst:-This includes Network Team/Server Team/GSOC Recovery L2 Analyst:-This includes Network Team/Server Team/GSOC Brute Force attack Procedure Identification Stage Stage Source Identification Brute Force incident is reported by  Network Team Incident/If the alert is raised by the SIEM Investigating Stage Stage Actions by Respective Team Investigation Security team checks If the Brute Force attack is identified and an alert generated via SIEM below parameters are considered for investigating: Source addresses of the attempts Firewall Action Investigating Destination on which brute force attem...
Read more

Which tools and software do we need?

 We will need some software when applying the dynamic analysis method. Let's take a look at these software categories. Virtualization Software We do not want to conduct dynamic analysis on our own system as we need to run the malware to be able to examine its activities. For this reason, we should make use of Virtualization Software that helps us work on some virtual systems. Thanks to these software, you can use a different operating system on your host operating system. If they are configured properly, you can perform your analysis safely, as malicious software cannot escape from this virtual operating system. It is useful to make a small note here on these virtualization software. Since these virtualization environments are essentially software, various vulnerabilities that allow malwares to escape out of these virtual environments and allow code executions on the host operating system may occur on these environments. For this reason, It is crucial to keep your virtualization so...
Read more

Packet drafting for IDS_IPS

 Table of contents Introduction Scapy-Overview Snort-Rule References Introduction In this article will demonstrate how we can generate packet that can test/trigger rule in Snort or Suricata using Scapy. Scapy is a packet manipulation tool for computer networks, originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery. Scapy Overview To run Scapy write scapy in your linux terminal as following: ┌──(kali㉿kali)-[~] └─$ sudo scapy [sudo] password for kali:                                                              aSPY//YASa                     apyyyyCY//////////YCa  ...
Read more