Filter interviews by
I applied via Referral and was interviewed in Apr 2023. There were 4 interview rounds.
My forte in security lies in network security, penetration testing, and incident response.
Specialize in network security protocols and technologies
Skilled in conducting penetration tests to identify vulnerabilities
Experienced in responding to security incidents and mitigating risks
Certifications such as CISSP, CEH, or OSCP demonstrate expertise
I have knowledge in technologies such as Python, Java, C++, Linux, and network security.
Python
Java
C++
Linux
Network Security
Pentesting methodology is a systematic approach used to identify and exploit vulnerabilities in a system to improve security.
1. Reconnaissance: Gather information about the target system.
2. Scanning: Identify open ports and services on the target system.
3. Gaining access: Exploit vulnerabilities to gain access to the system.
4. Maintaining access: Maintain access to the system for further testing.
5. Covering tracks: Rem...
OWASP is a standard used for security testing of APIs and Web Applications
OWASP Top 10 is a widely recognized standard for web application security
OWASP API Security Top 10 provides guidelines for securing APIs
OWASP ZAP (Zed Attack Proxy) is a popular tool for testing web application security
White hat hackers are ethical hackers who use their skills to improve security, while black hat hackers are malicious hackers who exploit vulnerabilities for personal gain.
White hat hackers are ethical hackers who work to improve security by finding and fixing vulnerabilities in systems.
Black hat hackers are malicious hackers who exploit vulnerabilities for personal gain or to cause harm.
White hat hackers may be hired ...
Blue team focuses on defense and prevention, while red team simulates attacks to test defenses.
Blue team is responsible for defending against cyber threats and implementing security measures.
Red team simulates real-world attacks to test the effectiveness of the blue team's defenses.
Blue team works proactively to prevent security breaches, while red team works reactively to identify vulnerabilities.
Blue team focuses on ...
Authentication verifies a user's identity, while authorization determines what actions a user is allowed to perform.
Authentication confirms the user's identity through credentials like passwords or biometrics.
Authorization controls access to resources based on the authenticated user's permissions.
Example: Logging into a system with a username and password is authentication, while being able to view or edit specific fil
Secure authentication methods are crucial for protecting sensitive information.
Use multi-factor authentication (MFA) to add an extra layer of security
Implement strong password policies, including regular password changes
Utilize biometric authentication such as fingerprint or facial recognition
Employ single sign-on (SSO) for centralized authentication management
Monitor and analyze authentication logs for suspicious acti
Hashing is one-way function for data integrity while encryption is two-way function for data confidentiality.
Hashing is irreversible and used for data integrity verification.
Encryption is reversible and used for data confidentiality protection.
Hashing produces a fixed-length output (hash value) while encryption output length can vary.
Example: Hashing - MD5, SHA-256; Encryption - AES, RSA
LFI allows an attacker to include files on a server through the web browser, while RFI allows an attacker to execute arbitrary code on a server.
LFI stands for Local File Inclusion, where an attacker can include files on a server using a vulnerable script.
RFI stands for Remote File Inclusion, where an attacker can execute arbitrary code on a server by including a remote file.
LFI is limited to files that are already pres...
Mitigations for SQL injection include input validation, parameterized queries, stored procedures, and least privilege access.
Implement input validation to ensure only expected data is accepted
Use parameterized queries to separate SQL code from user input
Utilize stored procedures to encapsulate SQL logic and prevent direct user input execution
Follow the principle of least privilege to restrict database access rights
Blind based SQL injection is a type of SQL injection attack where the attacker sends SQL queries to the database and observes the result without actually seeing the output.
Attacker sends SQL queries to the database and observes the behavior of the application to determine if the query was successful or not.
No error messages are displayed to the attacker, making it harder to detect.
Time-based blind SQL injection involve...
Password spraying is a type of cyber attack where attackers try a few common passwords against many usernames.
Attackers use common passwords to try and gain access to multiple accounts.
Unlike brute force attacks, password spraying involves trying a few passwords against many accounts.
Attackers aim to avoid detection by not triggering account lockouts.
Organizations can defend against password spraying by enforcing stron...
Implement account lockout, use strong passwords, and implement CAPTCHA
Implement account lockout after a certain number of failed login attempts
Encourage users to use strong passwords with a combination of letters, numbers, and special characters
Implement CAPTCHA to prevent automated brute force attacks
Consider implementing rate limiting to restrict the number of login attempts within a certain time frame
End goal is more important as it drives the overall direction and success of a project.
End goal provides a clear vision and purpose for the project
Procedures are important for achieving the end goal efficiently
Flexibility in procedures may be necessary to adapt to changing circumstances
Examples: In cybersecurity, the end goal of protecting sensitive data may require constantly evolving procedures to combat new threats
Top trending discussions
I applied via Naukri.com and was interviewed in Aug 2020. There were 3 interview rounds.
I applied via Recruitment Consultant and was interviewed in Nov 2020. There were 3 interview rounds.
I applied via Campus Placement and was interviewed before Feb 2020. There were 6 interview rounds.
I applied via Referral and was interviewed before Jan 2021. There were 5 interview rounds.
I applied via Approached by Company and was interviewed before Oct 2021. There were 2 interview rounds.
I have X years of domain experience.
I have worked in this domain for X years.
During my time in this domain, I have gained expertise in various areas such as...
I have worked on projects related to...
I have experience working with clients in this domain.
I keep myself updated with the latest trends and developments in this domain.
based on 1 interview
Interview experience
based on 8 reviews
Rating in categories
Security Engineer
16
salaries
| ₹0 L/yr - ₹0 L/yr |
Senior Security Engineer
10
salaries
| ₹0 L/yr - ₹0 L/yr |
Cyber Security Analyst
4
salaries
| ₹0 L/yr - ₹0 L/yr |
Cyber Security Engineer
4
salaries
| ₹0 L/yr - ₹0 L/yr |
HR Executive
3
salaries
| ₹0 L/yr - ₹0 L/yr |
TCS
Accenture
Wipro
Cognizant