AmbitionBox
Interview Questions
- Reviews
- Salaries
- Interview Questions
- About Company
- Benefits
- Jobs
- Office Photos
- Community
Add office photos
i
Ernst & Young
Compare
Filter interviews by
Ernst & Young Security Consultant Interview Questions, Process, and Tips
Ernst & Young Security Consultant Interview Experiences
1 interview found
Anonymous
I applied via Naukri.com and was interviewed before Nov 2021. There were 3 interview rounds.
(6 Questions)
- Q1. What is xss and how it's can be exploited?
- Ans.
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
XSS stands for Cross-Site Scripting.
Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.
These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.
XSS attacks can be prevented by prope...
- Q2. What is csrf and how it can be exploited?
- Ans.
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
CSRF stands for Cross-Site Request Forgery
It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in
The request can perform actions on behalf of the user without their knowledge or consent
To prevent CSR...
- Q3. What is sast and dast and why it is performed?
- Ans.
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.
DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.
SAST is useful fo...
- Q4. What is httpsOnly and secure flag is used for?
- Ans.
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.
Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.
Both are important security measures for protecting sensitive information and preventing attacks.
Examples of websites that use ...
- Q5. What are the security headers used in an application?
- Ans.
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)
CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded
X-XSS-Protection helps prev...
- Q6. How cache control is implemented?
- Ans.
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
Cache-Control header is used to specify caching directives
Expires header is used to specify an expiration date for the resource
Max-Age header is used to specify the maximum age of the resource in seconds
Pragma header is used for backwards compatibility with HTTP/1.0
Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
(2 Questions)
- Q1. Application and api security questions?
- Q2. Work experience and questions related to work performed in previous organization?
Interview Preparation Tips
Skills evaluated in this interview
Security Consultant Jobs at Ernst & Young
Interview questions from similar companies
Selected
I applied via Company Website and was interviewed before Jun 2023. There were 2 interview rounds.
Several gaming tests and personlaity tests
(2 Questions)
- Q1. How would you check if someone has hacked your computer?
- Ans.
To check if someone has hacked your computer, look for unusual behavior, unknown programs, strange network activity, and changes in settings.
Monitor for any unusual behavior on your computer such as slow performance, unexpected pop-ups, or unexplained changes.
Check for unknown programs or files that you did not install or recognize.
Monitor network activity for any suspicious connections or data transfers.
Look for chang...
- Q2. What is phishing and Vphishing?
- Ans.
Phishing is a type of cyber attack where attackers impersonate legitimate entities to trick individuals into providing sensitive information. Vphishing is a variation of phishing that involves using voice communication.
Phishing involves sending fraudulent emails or messages that appear to be from reputable sources, in order to deceive individuals into revealing personal information such as passwords or credit card numb...
Selected
I applied via Referral and was interviewed before Jun 2023. There was 1 interview round.
(2 Questions)
- Q1. Owasp top 10 is asked.
- Q2. Xss and mitigations is asked
Interview Preparation Tips
I applied via campus placement at Guru Nanak Dev University (GNDU) and was interviewed in Apr 2024. There were 3 interview rounds.
Asked about Reasoning, English, Computer networks, Database Management system, Electronics
15 min discussion on any topic given on the spot, 1 min for thinking
(3 Questions)
- Q1. What do you know about Cloud Computing?
- Ans.
Cloud computing is the delivery of computing services over the internet, including servers, storage, databases, networking, software, analytics, and intelligence.
Cloud computing allows users to access and store data and applications on remote servers instead of on their local devices.
It offers scalability, flexibility, cost-effectiveness, and the ability to access resources from anywhere with an internet connection.
Exa...
- Q2. OOPs concepts and examples
- Ans.
OOPs concepts refer to Object-Oriented Programming principles like inheritance, encapsulation, polymorphism, and abstraction.
Inheritance: Allows a class to inherit properties and behavior from another class.
Encapsulation: Bundling data and methods that operate on the data into a single unit.
Polymorphism: Ability to present the same interface for different data types.
Abstraction: Hiding the complex implementation detail
- Q3. SQL queries like Joins and Selection
Interview Preparation Tips
- DSA
- Cloud Computing
- Network Security
- OOPS
Skills evaluated in this interview
(1 Question)
- Q1. Technical questions on build and operations
(1 Question)
- Q1. Managerial question and communication skills
I applied via Naukri.com and was interviewed in Oct 2024. There was 1 interview round.
(2 Questions)
- Q1. Risky user investigation and defination
- Q2. Mitre attack frame work
I applied via Naukri.com and was interviewed in Sep 2024. There were 2 interview rounds.
They ask questions based on security
(2 Questions)
- Q1. What is injection
- Ans.
Injection is a technique used to introduce code or data into a computer program or system.
Injection is commonly used in cyber attacks to exploit vulnerabilities in software.
Types of injection include SQL injection, cross-site scripting (XSS), and command injection.
Injection attacks can lead to unauthorized access, data theft, and system compromise.
- Q2. Type of injection
- Ans.
SQL injection is a type of injection attack that allows an attacker to execute malicious SQL statements.
SQL injection involves inserting malicious SQL code into input fields of a web application
Attackers can manipulate databases, steal data, and even delete or modify records
Examples include entering ' OR '1'='1' into a login form to bypass authentication
(2 Questions)
- Q1. Explain interesting incident you handled
- Q2. Log sources - to hunt for threats
- Ans.
Log sources are essential for hunting threats in a network environment.
Collect logs from network devices such as firewalls, routers, and switches.
Utilize logs from endpoint security solutions like antivirus and EDR tools.
Incorporate logs from servers, including authentication logs and system logs.
Monitor logs from cloud services and applications for any suspicious activities.
Analyze logs from SIEM solutions to correlat
Interview Preparation Tips
I was interviewed in Aug 2024.
(2 Questions)
- Q1. Ransomware scenario based
- Q2. Networking concepts
(2 Questions)
- Q1. APT questions like recent cyber attacks
- Q2. Networking concepts
Interview Preparation Tips
I applied via Campus Placement and was interviewed in Aug 2023. There were 2 interview rounds.
There was group of 5 people in the gd and the topic was Electric Vehicles
20 minutes were given to conclude the gd
(2 Questions)
- Q1. This was a one to one technical round they ask about your project. what are your three strengths?
- Q2. How will you lead your team?
Ernst & Young Interview FAQs
Tell us how to improve this page.
Ernst & Young Interviews By Designations
- Ernst & Young Consultant Interview Questions
- Ernst & Young Senior Consultant Interview Questions
- Ernst & Young Analyst Interview Questions
- Ernst & Young Associate Consultant Interview Questions
- Ernst & Young Tax Analyst Interview Questions
- Ernst & Young Manager Interview Questions
- Ernst & Young Technology Consultant Interview Questions
- Ernst & Young Associate Interview Questions
- Show more
Interview Questions for Popular Designations
- Security Analyst Interview Questions
- Cyber Security Analyst Interview Questions
- Security Engineer Interview Questions
- Network Security Engineer Interview Questions
- Information Security Analyst Interview Questions
- Senior Security Engineer Interview Questions
- Cyber Security Consultant Interview Questions
- Senior Security Analyst Interview Questions
- Show more
Interview Questions from Similar Companies
Fast track your campus placements
Ernst & Young Security Consultant Reviews and Ratings
based on 11 reviews
Rating in categories
|
Senior Consultant
15.8k
salaries
|  ₹9.1 L/yr - ₹29.7 L/yr |
|
Consultant
12k
salaries
| ₹6 L/yr - ₹20 L/yr |
|
Manager
7.6k
salaries
| ₹16.9 L/yr - ₹51.2 L/yr |
|
Assistant Manager
6.4k
salaries
| ₹9.5 L/yr - ₹28.7 L/yr |
|
Associate Consultant
3.9k
salaries
| ₹3.3 L/yr - ₹12 L/yr |
Deloitte
PwC
EY Global Delivery Services ( EY GDS)
Accenture
- Home >
- Interviews >
- Ernst & Young Interview Questions >
- Ernst & Young Security Consultant Interview Questions
