LTIMindtree Soc Analyst 1 Interview Questions and Answers

Q1. Basic networking Dhcp ARP Firewall Proxy WAF DMZ
Add your answer

Q1. Cyber kill chain
Add your answer
Q2. Phishing analysis
Add your answer

Q1. What's diffrence between VA and PT
Ans. 
VA stands for Vulnerability Assessment, which identifies vulnerabilities in systems and networks. PT stands for Penetration Testing, which simulates real-world attacks to exploit vulnerabilities.
• VA is a proactive approach to identifying vulnerabilities, while PT is a more hands-on, simulated attack

• VA typically involves scanning systems for known vulnerabilities, while PT involves attempting to exploit vulnerabilities t...read more
Answered by AI
Add your answer

Q1. Phishing mail analysis
Add your answer
Q2. SQL injections attack
Add your answer

Q1. Tell me about your self
Add your answer
Q2. What is DDos attack
Ans. 
DDoS attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic.
• DDoS stands for Distributed Denial of Service

• Attackers use multiple compromised systems to flood the target with traffic

• Goal is to make the target inaccessible to its intended users

• Common types include UDP flood, ICMP flood, and SYN flood

• Examples: Mirai botnet attack
Answered by AI
Add your answer

Q1. Explain CIA? Splunk and IBM qradar?
Ans. 
CIA stands for Confidentiality, Integrity, and Availability. Splunk and IBM QRadar are both security information and event management (SIEM) tools.
• CIA is a security model that focuses on protecting information by ensuring its confidentiality, integrity, and availability.

• Splunk is a SIEM tool that collects, indexes, and analyzes machine data to provide insights into security events and threats.

• IBM QRadar is another SIEM...read more
Answered by AI
Add your answer

Q1. How to mitigate ddos attack
Ans. 
Mitigating DDoS attacks involves implementing various strategies to protect against overwhelming traffic.
• Implementing a strong firewall to filter out malicious traffic

• Utilizing a content delivery network (CDN) to distribute traffic and reduce strain on servers

• Using DDoS mitigation services or tools to detect and block attacks

• Configuring network devices to limit the impact of attacks

• Regularly monitoring network traffic
Answered by AI
Add your answer
Q2. How to approach rdp connection during analysis
Ans. 
Approach RDP connection during analysis by examining logs, network traffic, and user activity.
• Review RDP logs for any suspicious activity or unauthorized access.

• Analyze network traffic for any anomalies or unusual patterns related to RDP connections.

• Monitor user activity to identify any unauthorized or suspicious RDP sessions.

• Consider using tools like Wireshark, Splunk, or ELK stack for in-depth analysis.

• Look for faile...read more
Answered by AI
Add your answer

Basic aptitude topics

Scenario based questions

Q1. College project
Add your answer
Q2. Internship details
Add your answer
Q3. Questions on java, sql
Add your answer