Filter interviews by
I applied via Referral and was interviewed in Apr 2023. There were 4 interview rounds.
My forte in security lies in network security, penetration testing, and incident response.
Specialize in network security protocols and technologies
Skilled in conducting penetration tests to identify vulnerabilities
Experienced in responding to security incidents and mitigating risks
Certifications such as CISSP, CEH, or OSCP demonstrate expertise
I have knowledge in technologies such as Python, Java, C++, Linux, and network security.
Python
Java
C++
Linux
Network Security
Pentesting methodology is a systematic approach used to identify and exploit vulnerabilities in a system to improve security.
1. Reconnaissance: Gather information about the target system.
2. Scanning: Identify open ports and services on the target system.
3. Gaining access: Exploit vulnerabilities to gain access to the system.
4. Maintaining access: Maintain access to the system for further testing.
5. Covering tracks: Rem...
OWASP is a standard used for security testing of APIs and Web Applications
OWASP Top 10 is a widely recognized standard for web application security
OWASP API Security Top 10 provides guidelines for securing APIs
OWASP ZAP (Zed Attack Proxy) is a popular tool for testing web application security
White hat hackers are ethical hackers who use their skills to improve security, while black hat hackers are malicious hackers who exploit vulnerabilities for personal gain.
White hat hackers are ethical hackers who work to improve security by finding and fixing vulnerabilities in systems.
Black hat hackers are malicious hackers who exploit vulnerabilities for personal gain or to cause harm.
White hat hackers may be hired ...
Blue team focuses on defense and prevention, while red team simulates attacks to test defenses.
Blue team is responsible for defending against cyber threats and implementing security measures.
Red team simulates real-world attacks to test the effectiveness of the blue team's defenses.
Blue team works proactively to prevent security breaches, while red team works reactively to identify vulnerabilities.
Blue team focuses on ...
Authentication verifies a user's identity, while authorization determines what actions a user is allowed to perform.
Authentication confirms the user's identity through credentials like passwords or biometrics.
Authorization controls access to resources based on the authenticated user's permissions.
Example: Logging into a system with a username and password is authentication, while being able to view or edit specific fil
Secure authentication methods are crucial for protecting sensitive information.
Use multi-factor authentication (MFA) to add an extra layer of security
Implement strong password policies, including regular password changes
Utilize biometric authentication such as fingerprint or facial recognition
Employ single sign-on (SSO) for centralized authentication management
Monitor and analyze authentication logs for suspicious acti
Hashing is one-way function for data integrity while encryption is two-way function for data confidentiality.
Hashing is irreversible and used for data integrity verification.
Encryption is reversible and used for data confidentiality protection.
Hashing produces a fixed-length output (hash value) while encryption output length can vary.
Example: Hashing - MD5, SHA-256; Encryption - AES, RSA
LFI allows an attacker to include files on a server through the web browser, while RFI allows an attacker to execute arbitrary code on a server.
LFI stands for Local File Inclusion, where an attacker can include files on a server using a vulnerable script.
RFI stands for Remote File Inclusion, where an attacker can execute arbitrary code on a server by including a remote file.
LFI is limited to files that are already pres...
Mitigations for SQL injection include input validation, parameterized queries, stored procedures, and least privilege access.
Implement input validation to ensure only expected data is accepted
Use parameterized queries to separate SQL code from user input
Utilize stored procedures to encapsulate SQL logic and prevent direct user input execution
Follow the principle of least privilege to restrict database access rights
Blind based SQL injection is a type of SQL injection attack where the attacker sends SQL queries to the database and observes the result without actually seeing the output.
Attacker sends SQL queries to the database and observes the behavior of the application to determine if the query was successful or not.
No error messages are displayed to the attacker, making it harder to detect.
Time-based blind SQL injection involve...
Password spraying is a type of cyber attack where attackers try a few common passwords against many usernames.
Attackers use common passwords to try and gain access to multiple accounts.
Unlike brute force attacks, password spraying involves trying a few passwords against many accounts.
Attackers aim to avoid detection by not triggering account lockouts.
Organizations can defend against password spraying by enforcing stron...
Implement account lockout, use strong passwords, and implement CAPTCHA
Implement account lockout after a certain number of failed login attempts
Encourage users to use strong passwords with a combination of letters, numbers, and special characters
Implement CAPTCHA to prevent automated brute force attacks
Consider implementing rate limiting to restrict the number of login attempts within a certain time frame
End goal is more important as it drives the overall direction and success of a project.
End goal provides a clear vision and purpose for the project
Procedures are important for achieving the end goal efficiently
Flexibility in procedures may be necessary to adapt to changing circumstances
Examples: In cybersecurity, the end goal of protecting sensitive data may require constantly evolving procedures to combat new threats
Top trending discussions
I was interviewed in Jan 2025.
I was interviewed in Feb 2025.
I was interviewed in Jan 2025.
The exam consists of seven sections, and the cutoff score is quite high; it is essential to complete the exam thoroughly.
I was interviewed in Feb 2025.
I was interviewed in Jan 2025.
I was interviewed in Sep 2024.
An aptitude test evaluates an individual's potential to excel in a specific area by assessing their strengths and weaknesses in particular abilities.
An assessment that measures an individual's inherent abilities and potential for success in a specific activity.
A coding test is a programming assessment designed to evaluate a candidate's coding skills. It is a standard component of the technical hiring process for software developers and programmers.
Assessment that evaluates a candidate's coding skills
Group discussion (GD) topics for interviews may cover areas such as business, social issues, and current affairs. GDs serve to evaluate a candidate's communication, leadership, and teamwork abilities.
Discussion assignments are prompts that your teacher may assign to you. By participating in these discussions, you can reflect on your learning, share ideas and opinions, or ask and answer questions. Discussions may require you to respond to individual questions or provide multiple responses to an ongoing conversation.
I was interviewed in Jan 2025.
A sequence was provided: 4181, 2684, 1597, 987, 610.
first 2 are given and write code for other value calculation using java 8
The second question required writing a reverse of a palindrome using both Java 8 streams. I was able to successfully write both and clear the first round.
Java 17 introduces sealed classes to restrict inheritance and improve code maintainability.
Sealed classes are declared using the 'sealed' keyword followed by the permitted subclasses.
Subclasses of a sealed class must be either final or sealed themselves.
Errors may occur when trying to extend a sealed class with a non-permitted subclass.
Implementation of 'notify me if item is back in stock' feature in an ecommerce application
Create a database table to store user notifications for out-of-stock items
Implement a service to check item availability and send notifications to subscribed users
Provide a user interface for users to subscribe to notifications for specific items
posted on 4 Feb 2025
I was interviewed in Jan 2025.
Yes, open for fixed term hire and working from client location at Gurgaon for 3 days a week.
Open for fixed term hire
Willing to work from client location at Gurgaon for 3 days a week
Implemented automated testing using Selenium WebDriver and JUnit in Agile environment
Implemented automated testing framework using Selenium WebDriver
Utilized JUnit for test case management
Worked in Agile environment to ensure continuous testing and integration
Pilot testing is done by a small group of users before the full release, while beta testing is done by a larger group of users. Automation testing can be used for regression testing, smoke testing, and performance testing.
Pilot testing involves a small group of users testing the functionality in a controlled environment.
Beta testing involves a larger group of users testing the functionality in a real-world environment.
...
Primary key uniquely identifies a record, while unique key allows only one instance of a value in a column. Query to find last id involves using ORDER BY and LIMIT.
Primary key enforces uniqueness and not null constraint on a column
Unique key enforces uniqueness but allows null values
To find row with last id, use ORDER BY id DESC LIMIT 1 in SQL query
Software Testing Life Cycle (STLC) involves planning, designing, executing, and reporting on tests. Defect Life Cycle includes identification, logging, fixing, and retesting defects.
STLC includes requirements analysis, test planning, test design, test execution, and test closure.
Defect Life Cycle involves defect identification, defect logging, defect fixing, defect retesting, and defect closure.
STLC ensures that the so...
303 status code in API means 'See Other'. PUT method is used to update data, while DELETE method is used to remove data. 3 point estimation technique in Agile is used to estimate tasks.
303 status code indicates that the resource can be found at a different URI and should be retrieved from there
PUT method is used to update an existing resource in the API
DELETE method is used to remove a resource from the API
3 point esti...
Links and labels that can be tagged to a bug in Jira
Links: related issues, documents, websites
Labels: priority, severity, type, status
Shell scripting is a way to automate tasks in Unix/Linux systems. Grep is used to search for specific patterns in text files. Href is not a standard Unix command.
Shell scripting automates tasks by writing scripts in a Unix/Linux environment
Grep command is used to search for specific patterns in text files
Example: grep 'search_pattern' file.txt
Href is not a standard Unix command, it may be a typo or a custom script
To resolve conflict with a team member, communication is key. Prioritize understanding, address the issue calmly, find common ground, and work towards a solution together.
Listen to the team member's perspective and concerns
Communicate openly and calmly about the issue
Find common ground and areas of agreement
Work together to find a solution that benefits both parties
Seek input from other team members or a mediator if ne
Open to relocating to Bangalore, working in night shifts, long hours, and 24X7 culture. Goal is to excel in automation testing.
Yes, open to relocating to Bangalore and working from client's office
Yes, open to working in night/rotational shifts
Yes, open to working in long extendable hours or 24X7 culture
Goal is to excel in automation testing
I was interviewed in Jan 2025.
based on 1 interview
Interview experience
based on 8 reviews
Rating in categories
Security Engineer
16
salaries
| ₹2.5 L/yr - ₹4 L/yr |
Senior Security Engineer
10
salaries
| ₹2 L/yr - ₹9.7 L/yr |
Cyber Security Analyst
4
salaries
| ₹3 L/yr - ₹6 L/yr |
Cyber Security Engineer
4
salaries
| ₹2.8 L/yr - ₹4.2 L/yr |
HR Executive
3
salaries
| ₹2.1 L/yr - ₹4.2 L/yr |
TCS
Accenture
Wipro
Cognizant