Grant Thornton Bharat Cyber Security Analyst Interview Questions and Answers

Cyber security refers to the practice of protecting computer systems, networks, and sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.

• Cyber security involves a range of technologies, processes, and practices designed to safeguard digital assets.

• It includes measures such as firewalls, antivirus software, encryption, and intrusion detection systems.

• Cyber security al...read more

Phishing attack is a type of social engineering attack where attackers trick victims into revealing sensitive information.

• Phishing attacks can be carried out through emails, phone calls, or text messages.

• Attackers often use fake websites or login pages to steal login credentials.

• Phishing attacks can also be used to distribute malware or ransomware.

• Examples of phishing attacks include spear phishing, whaling, and vishin...read more

To identify the genuine mail, check the sender's email address and verify the content and attachments.

• Check the sender's email address for any discrepancies or variations.

• Verify the content of the email for any grammatical errors or suspicious requests.

• Check the attachments for any malware or suspicious file types.

• Contact the sender directly to confirm the authenticity of the email.

• Use email filtering and anti-phishing...read more

The constantly evolving nature of cyber threats and the challenge of staying ahead of them excites me about cyber security.

• The thrill of solving complex puzzles and identifying vulnerabilities

• The opportunity to work with cutting-edge technology and tools

• The sense of purpose in protecting individuals and organizations from cyber attacks

• The potential for continuous learning and professional growth

• Examples: discovering a ...read more

To make the system secure from a user point of view, I would implement strong authentication measures and educate users on safe browsing habits.

• Implement multi-factor authentication

• Enforce strong password policies

• Regularly update and patch software

• Provide security awareness training to users

• Restrict user access to sensitive data

• Monitor user activity for suspicious behavior

Fileless malware is a type of malicious software that operates in memory without leaving any trace on the hard drive.

• Fileless malware is also known as memory-based malware or non-malware.

• It uses legitimate system tools and processes to carry out its malicious activities.

• It is difficult to detect and remove as it does not leave any files on the system.

• Examples of fileless malware include PowerShell-based attacks and mac...read more

Ransomware is a type of malware that encrypts files and demands payment for decryption. Mitigation involves backups, security software, and user education.

• Regularly backup important data to prevent loss

• Use anti-malware software to detect and prevent ransomware

• Educate users on how to identify and avoid phishing emails and suspicious downloads

• Implement network segmentation to limit the spread of ransomware

• Have an inciden...read more

Alerts in SIEM tool

• SIEM tools generate alerts based on predefined rules and thresholds

• Alerts can be categorized based on severity levels

• Alerts can be investigated and triaged to determine if they are true positives or false positives

• SIEM tools can also automate response actions based on certain alerts

• Examples of alerts include failed login attempts, malware detections, and suspicious network traffic

DOS and DDOS attacks are malicious attempts to disrupt the normal functioning of a website or network.

• DOS (Denial of Service) attack is a type of attack where a single system floods the target system with traffic, making it unavailable to legitimate users.

• DDOS (Distributed Denial of Service) attack is a more sophisticated version of DOS attack, where multiple systems are used to flood the target system with traffic.

• DDO...read more