Add office photos
Filter interviews by
Global IS Consulting Cyber Security Analyst Lead Interview Questions, Process, and Tips
Global IS Consulting Cyber Security Analyst Lead Interview Experiences
1 interview found
Selected
I applied via LinkedIn and was interviewed before Nov 2023. There were 2 interview rounds.
(9 Questions)
- Q1. About OWASP top 10, uses, and why we use?
- Q2. Differentiate between different attacks (like; CSRF/SSRF, LFI/RFI Stored XSS/DOM based XSS, etc.)
- Ans.
Different attacks have unique characteristics and targets, such as CSRF/SSRF, LFI/RFI, Stored XSS/DOM based XSS.
CSRF (Cross-Site Request Forgery) - attacker tricks a user into performing actions on a website without their knowledge
SSRF (Server-Side Request Forgery) - attacker can make the server perform requests to other servers
LFI (Local File Inclusion) - attacker can include files on a server through a web browser
RFI...
- Q3. How to preform privilege escalation if we have normal user access?
- Ans.
Privilege escalation can be achieved by exploiting vulnerabilities in the system or using social engineering techniques.
Exploit vulnerabilities in the system to gain higher privileges
Use social engineering techniques to trick users into granting higher privileges
Utilize known privilege escalation techniques such as DLL hijacking or abusing misconfigured permissions
- Q4. Different types of xss, explain
- Ans.
Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Reflected XSS: occurs when the malicious script is reflected off a web server, such as in search results or error messages
Stored XSS: the injected script is permanently stored on the target server, such as in a comment section or database
DOM-based XSS: the attack occurs i...
- Q5. List of common ports for network communication
- Ans.
Common ports for network communication
Port 80 - HTTP (Hypertext Transfer Protocol)
Port 443 - HTTPS (Hypertext Transfer Protocol Secure)
Port 25 - SMTP (Simple Mail Transfer Protocol)
Port 22 - SSH (Secure Shell)
Port 21 - FTP (File Transfer Protocol)
- Q6. How to preform bruteforce
- Ans.
Bruteforce is a method used to crack passwords by systematically trying all possible combinations until the correct one is found.
Use automated tools like Hydra or Burp Suite to try different combinations of usernames and passwords
Start with common passwords and then move on to more complex ones
Bruteforcing can be time-consuming and may trigger account lockouts if not done carefully
- Q7. How to use burpsuite, and nessus
- Ans.
Burp Suite is a web vulnerability scanner and proxy tool, while Nessus is a vulnerability assessment tool.
Burp Suite is used for web application security testing, including scanning for vulnerabilities and intercepting and modifying HTTP traffic.
Nessus is used for network vulnerability scanning and assessment, identifying security issues in systems and applications.
Both tools are essential for identifying and addressin...
- Q8. Use repeater in burpsuite
- Ans.
Repeater in Burp Suite is used to manually modify and re-send individual HTTP requests.
Repeater tool allows for manual editing of requests before sending them again
Useful for testing different parameters or payloads
Helps in analyzing server responses to modified requests
- Q9. What approach we follow to preform vapt on web applications, mobile applications, and network infra. If we have the url/ip address?
- Ans.
We follow a systematic approach for performing VAPT on web applications, mobile applications, and network infra with the provided URL/IP address.
First, conduct a thorough reconnaissance phase to gather information about the target.
Next, perform vulnerability scanning to identify potential security weaknesses.
Then, conduct penetration testing to exploit the identified vulnerabilities.
Finally, provide a detailed report w...
(3 Questions)
- Q1. Certifications details
- Q2. Salary expectation
- Q3. Willing to relocate if needed
Interview Preparation Tips
- Ceh
- CEH pratical
- oscp
- Cissp
- crtp
- Networking
- Web Application
- OWASP
- cis benchmark
Skills evaluated in this interview
Top trending discussions
Interview questions from similar companies
Selected
Basic Aptitude Questions
Moderate level of coding questions
(2 Questions)
- Q1. Technical questions of programming
- Q2. Technical questions of networking
(2 Questions)
- Q1. Tell me about Yourself
- Ans.
I am a highly experienced Cyber Security Analyst with a strong background in network security and incident response.
Over 8 years of experience in the field of cyber security
Specialize in network security and incident response
Certified in CISSP and CEH
Led multiple successful cyber security projects
Strong analytical and problem-solving skills
- Q2. Location of joining
Cyber Security Manager Interview Questions & Answers
LTIMindtree
Navneet Dwivedi
posted on 20 Dec 2024
(1 Question)
- Q1. Technical questions related to cybersecurity
(1 Question)
- Q1. Detailed discussion on technically.
(1 Question)
- Q1. Questions related to experience.
Nifia Saleem
(2 Questions)
- Q1. Discuss about latest threat that i encountered
- Q2. Difference between kill cahin and mitre framework
- Ans.
Kill Chain is a cybersecurity attack model while MITRE Framework is a knowledge base for cyber threats.
Kill Chain is a step-by-step model that outlines the stages of a cyber attack, from initial reconnaissance to data exfiltration.
MITRE Framework is a comprehensive list of known tactics, techniques, and procedures used by cyber adversaries.
Kill Chain helps organizations understand and defend against cyber attacks, whil...
(1 Question)
- Q1. Salary compensation
I applied via Campus Placement and was interviewed in Nov 2024. There were 2 interview rounds.
2 coding questions about arrays and strings.
(1 Question)
- Q1. Complete interview from your resume
(2 Questions)
- Q1. Tell me about the nature of work
- Ans.
Cyber Security Analysts protect computer systems and networks from cyber threats by monitoring, detecting, and responding to security incidents.
Monitor computer networks for security breaches
Investigate security incidents and provide incident response
Implement security measures to protect against cyber attacks
Conduct security assessments and audits to identify vulnerabilities
Stay up-to-date on the latest cyber threats
- Q2. Web application security related and owasp top 10
I applied via Company Website and was interviewed in Jul 2024. There were 2 interview rounds.
C,C#,C++,Dart,Go,Type script
(2 Questions)
- Q1. How can you create a virus to correct a crashed server? Answer : a. Read all data console. B. using any server detector . C. Use advance knowledge on cybersecurity difference system to quick recreate. Answ...
- Q2. Answer my Q1 and try to contact me
Interview Preparation Tips
Selected
I applied via Naukri.com and was interviewed in Jun 2024. There was 1 interview round.
(2 Questions)
- Q1. Cyber kill chain
- Q2. Mitre Attack technique
- Ans.
Mitre Attack technique is a framework for categorizing cyber threats based on tactics, techniques, and procedures used by attackers.
Mitre Attack technique provides a standardized way to categorize and analyze cyber threats.
It helps organizations understand and defend against common attack patterns.
Examples of Mitre Attack techniques include spear phishing, credential dumping, and command and control.
Syed Imran
(5 Questions)
- Q1. Basic cyber security cum devops questions
- Q2. What is cloud? and types
- Ans.
Cloud is a virtual space that allows users to store, manage, and access data and applications remotely.
Cloud is a virtualized infrastructure that provides on-demand access to computing resources.
It allows users to store and access data and applications remotely over the internet.
Cloud services are typically categorized into three types: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a...
- Q3. What is devops?
- Ans.
DevOps is a software development approach that combines development and operations teams to improve collaboration and efficiency.
DevOps is a cultural shift that promotes collaboration and communication between software developers and IT operations.
It aims to automate and streamline the software delivery process, from development to deployment and maintenance.
DevOps emphasizes continuous integration, continuous delivery...
- Q4. What is ci/cd in devops
- Ans.
CI/CD stands for Continuous Integration/Continuous Deployment. It is a DevOps practice that involves automating the process of building, testing, and deploying software.
CI/CD is a software development approach that aims to deliver code changes more frequently and reliably.
Continuous Integration involves merging code changes into a shared repository and running automated tests to detect integration issues early.
Continuo...
- Q5. Implementing security in cloud
- Ans.
Implementing security in the cloud involves various measures to protect data and systems from cyber threats.
Use strong authentication and access controls to prevent unauthorized access
Encrypt data both in transit and at rest to ensure confidentiality
Implement network security measures like firewalls and intrusion detection systems
Regularly update and patch software to address vulnerabilities
Monitor and log activities t...
Interview Preparation Tips
Skills evaluated in this interview
Cyber Security Analyst Interview Questions & Answers
Tech Mahindra
Mushtaque Hashmi
posted on 2 Jan 2024
(5 Questions)
- Q1. IP related work email blocking related
- Q2. IP blocked login devices and check malicious IP in devices option.
- Ans.
IP blocking is a common security measure to prevent unauthorized access to devices and networks.
Implement IP blocking on login devices to prevent unauthorized access from specific IPs.
Regularly check for malicious IPs in devices and block them to prevent security breaches.
Utilize tools like firewalls and intrusion detection systems to monitor and block malicious IPs.
Consider implementing automated scripts or tools to s...
- Q3. Email Gateway block the email spam if we received
- Ans.
Yes, email gateways can block email spam if configured properly.
Email gateways use various techniques like blacklists, whitelists, content filtering, and sender authentication to block spam.
Spam emails are typically identified based on keywords, sender reputation, and other factors.
Advanced email gateways may also use machine learning algorithms to detect and block spam.
Regular updates and monitoring of email gateway s...
- Q4. F5device for security for white listing
- Ans.
F5 devices can be used for security white listing to control access to specific applications or services.
F5 devices can be used to create white lists of approved IP addresses, URLs, or applications that are allowed to access a network.
This helps prevent unauthorized access and reduces the attack surface for potential threats.
For example, an organization can use F5 devices to white list specific IP addresses for remote
- Q5. Cisco devices for email and IP upgrade
- Ans.
When upgrading Cisco devices for email and IP, it is important to plan and execute the upgrade carefully.
Ensure compatibility of new devices with existing infrastructure
Backup configurations and data before starting the upgrade
Test the new devices in a controlled environment before deploying them
Consider any security implications of the upgrade
Train staff on how to use the new devices effectively
Skills evaluated in this interview
Global IS Consulting Interview FAQs
Some of the top questions asked at the Global IS Consulting Cyber Security Analyst Lead interview -
Tell us how to improve this page.
Interview Questions for Popular Designations
- Cyber Security Analyst Interview Questions
- Cyber Security Consultant Interview Questions
- Cyber Security Engineer Interview Questions
- Cyber Security Interview Questions
- Cyber Security Associate Interview Questions
- Cyber Security Specialist Interview Questions
- Cyber Security Intern Interview Questions
- Senior Cyber Security Analyst Interview Questions
- Show more
People are getting interviews through
Interview Questions from Similar Companies
Global IS Consulting Cyber Security Analyst Lead Reviews and Ratings
based on 1 review
Rating in categories
TCS
Accenture
Wipro
Cognizant
Calculate your in-hand salary
- Home >
- Interviews >
- Global IS Consulting Interview Questions >
- Global IS Consulting Cyber Security Analyst Lead Interview Questions
