KPMG India Security Analyst Interview Questions and Answers

It was an MCQ test with questions from Quantitative Ability, Logical reasoning, Verbal Abililty

Q1. Introduce yourself
Add your answer
Q2. Describe your internship experience and what was your contribution.
Add your answer
Q3. Why do you want to pivot to Cyber Security from your Electrical engineering degree?
Add your answer
Q4. Are you willing to learn?
Add your answer

Q1. Where are you from? What do you like about this city?
Add your answer
Q2. What do you think Consultants do?
Ans. 
Consultants provide expert advice and guidance to clients in a specific field or industry.
• Consultants analyze client needs and provide tailored solutions

• They offer recommendations based on industry best practices

• Consultants may also assist with implementation and training

• They often work on a project basis or provide ongoing support

• Examples: Cyber Security Consultants help organizations improve their security posture, I
Answered by AI
Add your answer
Q3. Would you like travelling for work?
Add your answer
Q4. Are you willing to relocate?
Add your answer

Q1. Technical questions on build and operations
Add your answer

Q1. Managerial question and communication skills
Add your answer

Q1. Risky user investigation and defination
Add your answer
Q2. Mitre attack frame work
Add your answer

Q1. What is xss and how it's can be exploited?
Ans. 
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
• XSS stands for Cross-Site Scripting.

• Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.

• These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.

• XSS attacks can be prevented by prope...read more
Answered by AI
Add your answer
Q2. What is csrf and how it can be exploited?
Ans. 
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
• CSRF stands for Cross-Site Request Forgery

• It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in

• The request can perform actions on behalf of the user without their knowledge or consent

• To prevent CSR...read more
Answered by AI
Add your answer
Q3. What is sast and dast and why it is performed?
Ans. 
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
• SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.

• DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.

• SAST is useful fo...read more
Answered by AI
Add your answer
Q4. What is httpsOnly and secure flag is used for?
Ans. 
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
• httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.

• Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.

• Both are important security measures for protecting sensitive information and preventing attacks.

• Examples of websites that use ...read more
Answered by AI
Add your answer
Q5. What are the security headers used in an application?
Ans. 
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
• Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)

• CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded

• X-XSS-Protection helps prev...read more
Answered by AI
Add your answer
Q6. How cache control is implemented?
Ans. 
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
• Cache-Control header is used to specify caching directives

• Expires header is used to specify an expiration date for the resource

• Max-Age header is used to specify the maximum age of the resource in seconds

• Pragma header is used for backwards compatibility with HTTP/1.0

• Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
Answered by AI
Add your answer

Q1. Application and api security questions?
Add your answer
Q2. Work experience and questions related to work performed in previous organization?
Add your answer

Q1. Explain interesting incident you handled
Add your answer
Q2. Log sources - to hunt for threats
Ans. 
Log sources are essential for hunting threats in a network environment.
• Collect logs from network devices such as firewalls, routers, and switches.

• Utilize logs from endpoint security solutions like antivirus and EDR tools.

• Incorporate logs from servers, including authentication logs and system logs.

• Monitor logs from cloud services and applications for any suspicious activities.

• Analyze logs from SIEM solutions to correlat
Answered by AI
Add your answer

Q1. Ransomware scenario based
Add your answer
Q2. Networking concepts
Add your answer

Q1. APT questions like recent cyber attacks
Add your answer
Q2. Networking concepts
Add your answer