AmbitionBox
Interview Questions
- Reviews
- Salaries
- Interview Questions
- About Company
- Benefits
- Jobs
- Office Photos
- Community
Add office photos
i
Ernst & Young
Compare
Filter interviews by
Ernst & Young Security Consultant Interview Questions, Process, and Tips
Ernst & Young Security Consultant Interview Experiences
1 interview found
Anonymous
I applied via Naukri.com and was interviewed before Nov 2021. There were 3 interview rounds.
(6 Questions)
- Q1. What is xss and how it's can be exploited?
- Ans.
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
XSS stands for Cross-Site Scripting.
Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.
These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.
XSS attacks can be prevented by prope...
- Q2. What is csrf and how it can be exploited?
- Ans.
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
CSRF stands for Cross-Site Request Forgery
It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in
The request can perform actions on behalf of the user without their knowledge or consent
To prevent CSR...
- Q3. What is sast and dast and why it is performed?
- Ans.
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.
DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.
SAST is useful fo...
- Q4. What is httpsOnly and secure flag is used for?
- Ans.
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.
Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.
Both are important security measures for protecting sensitive information and preventing attacks.
Examples of websites that use ...
- Q5. What are the security headers used in an application?
- Ans.
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)
CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded
X-XSS-Protection helps prev...
- Q6. How cache control is implemented?
- Ans.
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
Cache-Control header is used to specify caching directives
Expires header is used to specify an expiration date for the resource
Max-Age header is used to specify the maximum age of the resource in seconds
Pragma header is used for backwards compatibility with HTTP/1.0
Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
(2 Questions)
- Q1. Application and api security questions?
- Q2. Work experience and questions related to work performed in previous organization?
Interview Preparation Tips
Skills evaluated in this interview
Security Consultant Jobs at Ernst & Young
Interview questions from similar companies
Selected
I applied via Company Website and was interviewed before Jun 2023. There were 2 interview rounds.
Several gaming tests and personlaity tests
(2 Questions)
- Q1. How would you check if someone has hacked your computer?
- Ans.
To check if someone has hacked your computer, look for unusual behavior, unknown programs, strange network activity, and changes in settings.
Monitor for any unusual behavior on your computer such as slow performance, unexpected pop-ups, or unexplained changes.
Check for unknown programs or files that you did not install or recognize.
Monitor network activity for any suspicious connections or data transfers.
Look for chang...
- Q2. What is phishing and Vphishing?
- Ans.
Phishing is a type of cyber attack where attackers impersonate legitimate entities to trick individuals into providing sensitive information. Vphishing is a variation of phishing that involves using voice communication.
Phishing involves sending fraudulent emails or messages that appear to be from reputable sources, in order to deceive individuals into revealing personal information such as passwords or credit card numb...
Selected
I applied via Referral and was interviewed before Jun 2023. There was 1 interview round.
(2 Questions)
- Q1. Owasp top 10 is asked.
- Q2. Xss and mitigations is asked
Interview Preparation Tips
I applied via campus placement at Guru Nanak Dev University (GNDU) and was interviewed in Apr 2024. There were 3 interview rounds.
Asked about Reasoning, English, Computer networks, Database Management system, Electronics
15 min discussion on any topic given on the spot, 1 min for thinking
(3 Questions)
- Q1. What do you know about Cloud Computing?
- Ans.
Cloud computing is the delivery of computing services over the internet, including servers, storage, databases, networking, software, analytics, and intelligence.
Cloud computing allows users to access and store data and applications on remote servers instead of on their local devices.
It offers scalability, flexibility, cost-effectiveness, and the ability to access resources from anywhere with an internet connection.
Exa...
- Q2. OOPs concepts and examples
- Ans.
OOPs concepts refer to Object-Oriented Programming principles like inheritance, encapsulation, polymorphism, and abstraction.
Inheritance: Allows a class to inherit properties and behavior from another class.
Encapsulation: Bundling data and methods that operate on the data into a single unit.
Polymorphism: Ability to present the same interface for different data types.
Abstraction: Hiding the complex implementation detail
- Q3. SQL queries like Joins and Selection
Interview Preparation Tips
- DSA
- Cloud Computing
- Network Security
- OOPS
Skills evaluated in this interview
(2 Questions)
- Q1. Explain interesting incident you handled
- Q2. Log sources - to hunt for threats
- Ans.
Log sources are essential for hunting threats in a network environment.
Collect logs from network devices such as firewalls, routers, and switches.
Utilize logs from endpoint security solutions like antivirus and EDR tools.
Incorporate logs from servers, including authentication logs and system logs.
Monitor logs from cloud services and applications for any suspicious activities.
Analyze logs from SIEM solutions to correlat
Interview Preparation Tips
(3 Questions)
- Q1. Basic web application attacks
- Q2. Active Directory attacks
- Q3. Network security pentesting mythology
(1 Question)
- Q1. Asking about ctc and notice period or general questions
Interview Preparation Tips
I applied via Campus Placement and was interviewed in Aug 2023. There were 2 interview rounds.
There was group of 5 people in the gd and the topic was Electric Vehicles
20 minutes were given to conclude the gd
(2 Questions)
- Q1. This was a one to one technical round they ask about your project. what are your three strengths?
- Q2. How will you lead your team?
Selected
I applied via Campus Placement and was interviewed in Dec 2023. There were 2 interview rounds.
2 hours, basic dsa questions, cyber security related mcqs
(4 Questions)
- Q1. What is normalization in dbms
- Ans.
Normalization in DBMS is the process of organizing data in a database to reduce redundancy and improve data integrity.
Normalization involves breaking down a database into smaller, more manageable tables and defining relationships between them.
It helps in reducing data redundancy by storing data in a structured and organized manner.
Normalization also helps in improving data integrity by ensuring that data is consistent ...
- Q2. Difference between truncate and delete
- Ans.
Truncate is a DDL command that removes all records from a table, while delete is a DML command that removes specific records.
Truncate is faster than delete as it does not log individual row deletions.
Truncate resets identity columns, while delete does not.
Truncate cannot be rolled back, while delete can be rolled back using a transaction.
Truncate does not fire triggers, while delete does.
- Q3. How will your protect your digital data
- Ans.
I will protect my digital data by implementing strong encryption, regular backups, and strict access controls.
Implement strong encryption algorithms to secure data in transit and at rest
Regularly backup data to prevent loss in case of cyber attacks or hardware failures
Enforce strict access controls by using multi-factor authentication and least privilege principle
- Q4. Some types of cyber attacks
- Ans.
Some types of cyber attacks include phishing, malware, ransomware, DDoS attacks, and social engineering.
Phishing: fraudulent emails or messages to trick individuals into revealing sensitive information
Malware: malicious software designed to damage or gain unauthorized access to a computer system
Ransomware: encrypts files on a victim's system and demands payment for decryption
DDoS attacks: overwhelming a system with a f...
Skills evaluated in this interview
Deep Bhav
(1 Question)
- Q1. Focus on owasp top 10
(1 Question)
- Q1. Deep knowledge of the vulnerableity and how to mitigate them
(1 Question)
- Q1. Basics of your and why looking to change
Interview Preparation Tips
Selected
I applied via Referral and was interviewed before Aug 2022. There were 3 interview rounds.
General aptitude test - Quant, DI/LR, English
(4 Questions)
- Q1. General information about resume
- Q2. Interest and knowledge of cybersecurity and computer network concepts
- Q3. Hobbies and interests
- Q4. Extra curricular activities
Interview Preparation Tips
Ernst & Young Interview FAQs
Tell us how to improve this page.
Ernst & Young Interviews By Designations
- Ernst & Young Consultant Interview Questions
- Ernst & Young Senior Consultant Interview Questions
- Ernst & Young Analyst Interview Questions
- Ernst & Young Associate Consultant Interview Questions
- Ernst & Young Tax Analyst Interview Questions
- Ernst & Young Manager Interview Questions
- Ernst & Young Technology Consultant Interview Questions
- Ernst & Young Associate Interview Questions
- Show more
Interview Questions for Popular Designations
- Security Analyst Interview Questions
- Cyber Security Analyst Interview Questions
- Security Engineer Interview Questions
- Network Security Engineer Interview Questions
- Information Security Analyst Interview Questions
- Senior Security Engineer Interview Questions
- Cyber Security Consultant Interview Questions
- Senior Security Analyst Interview Questions
- Show more
Interview Questions from Similar Companies
Fast track your campus placements
Ernst & Young Security Consultant Reviews and Ratings
based on 11 reviews
Rating in categories
|
Senior Consultant
15.8k
salaries
|  ₹9.1 L/yr - ₹29.7 L/yr |
|
Consultant
12k
salaries
| ₹6 L/yr - ₹20 L/yr |
|
Manager
7.6k
salaries
| ₹16.9 L/yr - ₹51.2 L/yr |
|
Assistant Manager
6.4k
salaries
| ₹9.5 L/yr - ₹28.7 L/yr |
|
Associate Consultant
3.9k
salaries
| ₹3.3 L/yr - ₹12 L/yr |
Deloitte
PwC
EY Global Delivery Services ( EY GDS)
Accenture
- Home >
- Interviews >
- Ernst & Young Interview Questions >
- Ernst & Young Security Consultant Interview Questions
