Add office photos
Filter interviews by
PwC Security Consultant Interview Questions and Answers
PwC Security Consultant Interview Experiences
1 interview found
Anonymous
Selected
I applied via Company Website and was interviewed before Jun 2023. There were 2 interview rounds.
Several gaming tests and personlaity tests
(2 Questions)
- Q1. How would you check if someone has hacked your computer?
- Ans.
To check if someone has hacked your computer, look for unusual behavior, unknown programs, strange network activity, and changes in settings.
Monitor for any unusual behavior on your computer such as slow performance, unexpected pop-ups, or unexplained changes.
Check for unknown programs or files that you did not install or recognize.
Monitor network activity for any suspicious connections or data transfers.
Look for chang...
- Q2. What is phishing and Vphishing?
- Ans.
Phishing is a type of cyber attack where attackers impersonate legitimate entities to trick individuals into providing sensitive information. Vphishing is a variation of phishing that involves using voice communication.
Phishing involves sending fraudulent emails or messages that appear to be from reputable sources, in order to deceive individuals into revealing personal information such as passwords or credit card numb...
Interview questions from similar companies
Selected
I applied via Referral and was interviewed before Jun 2023. There was 1 interview round.
(2 Questions)
- Q1. Owasp top 10 is asked.
- Q2. Xss and mitigations is asked
Interview Preparation Tips
I applied via Naukri.com and was interviewed before Nov 2021. There were 3 interview rounds.
(6 Questions)
- Q1. What is xss and how it's can be exploited?
- Ans.
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
XSS stands for Cross-Site Scripting.
Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.
These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.
XSS attacks can be prevented by prope...
- Q2. What is csrf and how it can be exploited?
- Ans.
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
CSRF stands for Cross-Site Request Forgery
It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in
The request can perform actions on behalf of the user without their knowledge or consent
To prevent CSR...
- Q3. What is sast and dast and why it is performed?
- Ans.
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.
DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.
SAST is useful fo...
- Q4. What is httpsOnly and secure flag is used for?
- Ans.
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.
Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.
Both are important security measures for protecting sensitive information and preventing attacks.
Examples of websites that use ...
- Q5. What are the security headers used in an application?
- Ans.
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)
CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded
X-XSS-Protection helps prev...
- Q6. How cache control is implemented?
- Ans.
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
Cache-Control header is used to specify caching directives
Expires header is used to specify an expiration date for the resource
Max-Age header is used to specify the maximum age of the resource in seconds
Pragma header is used for backwards compatibility with HTTP/1.0
Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
(2 Questions)
- Q1. Application and api security questions?
- Q2. Work experience and questions related to work performed in previous organization?
Interview Preparation Tips
Skills evaluated in this interview
I applied via campus placement at Guru Nanak Dev University (GNDU) and was interviewed in Apr 2024. There were 3 interview rounds.
Asked about Reasoning, English, Computer networks, Database Management system, Electronics
15 min discussion on any topic given on the spot, 1 min for thinking
(3 Questions)
- Q1. What do you know about Cloud Computing?
- Ans.
Cloud computing is the delivery of computing services over the internet, including servers, storage, databases, networking, software, analytics, and intelligence.
Cloud computing allows users to access and store data and applications on remote servers instead of on their local devices.
It offers scalability, flexibility, cost-effectiveness, and the ability to access resources from anywhere with an internet connection.
Exa...
- Q2. OOPs concepts and examples
- Ans.
OOPs concepts refer to Object-Oriented Programming principles like inheritance, encapsulation, polymorphism, and abstraction.
Inheritance: Allows a class to inherit properties and behavior from another class.
Encapsulation: Bundling data and methods that operate on the data into a single unit.
Polymorphism: Ability to present the same interface for different data types.
Abstraction: Hiding the complex implementation detail
- Q3. SQL queries like Joins and Selection
Interview Preparation Tips
- DSA
- Cloud Computing
- Network Security
- OOPS
Skills evaluated in this interview
I applied via Naukri.com and was interviewed in Oct 2024. There was 1 interview round.
(2 Questions)
- Q1. Risky user investigation and defination
- Q2. Mitre attack frame work
Cyber Security Consultant Interview Questions & Answers
Ernst & Young
Jay Praful Rampariya
posted on 3 Jul 2024
It was an MCQ test with questions from Quantitative Ability, Logical reasoning, Verbal Abililty
(4 Questions)
- Q1. Introduce yourself
- Q2. Describe your internship experience and what was your contribution.
- Q3. Why do you want to pivot to Cyber Security from your Electrical engineering degree?
- Q4. Are you willing to learn?
(4 Questions)
- Q1. Where are you from? What do you like about this city?
- Q2. What do you think Consultants do?
- Ans.
Consultants provide expert advice and guidance to clients in a specific field or industry.
Consultants analyze client needs and provide tailored solutions
They offer recommendations based on industry best practices
Consultants may also assist with implementation and training
They often work on a project basis or provide ongoing support
Examples: Cyber Security Consultants help organizations improve their security posture, I
- Q3. Would you like travelling for work?
- Q4. Are you willing to relocate?
Interview Preparation Tips
I applied via Naukri.com and was interviewed in Sep 2024. There were 2 interview rounds.
They ask questions based on security
(2 Questions)
- Q1. What is injection
- Ans.
Injection is a technique used to introduce code or data into a computer program or system.
Injection is commonly used in cyber attacks to exploit vulnerabilities in software.
Types of injection include SQL injection, cross-site scripting (XSS), and command injection.
Injection attacks can lead to unauthorized access, data theft, and system compromise.
- Q2. Type of injection
- Ans.
SQL injection is a type of injection attack that allows an attacker to execute malicious SQL statements.
SQL injection involves inserting malicious SQL code into input fields of a web application
Attackers can manipulate databases, steal data, and even delete or modify records
Examples include entering ' OR '1'='1' into a login form to bypass authentication
I was interviewed in Aug 2024.
(2 Questions)
- Q1. Ransomware scenario based
- Q2. Networking concepts
(2 Questions)
- Q1. APT questions like recent cyber attacks
- Q2. Networking concepts
Interview Preparation Tips
I applied via Naukri.com and was interviewed before Nov 2021. There were 3 interview rounds.
(6 Questions)
- Q1. What is xss and how it's can be exploited?
- Ans.
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
XSS stands for Cross-Site Scripting.
Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.
These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.
XSS attacks can be prevented by prope...
- Q2. What is csrf and how it can be exploited?
- Ans.
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
CSRF stands for Cross-Site Request Forgery
It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in
The request can perform actions on behalf of the user without their knowledge or consent
To prevent CSR...
- Q3. What is sast and dast and why it is performed?
- Ans.
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.
DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.
SAST is useful fo...
- Q4. What is httpsOnly and secure flag is used for?
- Ans.
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.
Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.
Both are important security measures for protecting sensitive information and preventing attacks.
Examples of websites that use ...
- Q5. What are the security headers used in an application?
- Ans.
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)
CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded
X-XSS-Protection helps prev...
- Q6. How cache control is implemented?
- Ans.
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
Cache-Control header is used to specify caching directives
Expires header is used to specify an expiration date for the resource
Max-Age header is used to specify the maximum age of the resource in seconds
Pragma header is used for backwards compatibility with HTTP/1.0
Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
(2 Questions)
- Q1. Application and api security questions?
- Q2. Work experience and questions related to work performed in previous organization?
Interview Preparation Tips
Skills evaluated in this interview
I applied via Campus Placement and was interviewed in Aug 2023. There were 2 interview rounds.
There was group of 5 people in the gd and the topic was Electric Vehicles
20 minutes were given to conclude the gd
(2 Questions)
- Q1. This was a one to one technical round they ask about your project. what are your three strengths?
- Q2. How will you lead your team?
PwC Interview FAQs
Tell us how to improve this page.
PwC Interviews By Designations
- PwC Associate Interview Questions
- PwC Senior Associate Interview Questions
- PwC Consultant Interview Questions
- PwC Associate2 Interview Questions
- PwC Associate Consultant Interview Questions
- PwC Manager Interview Questions
- PwC Senior Consultant Interview Questions
- PwC Technology Consultant Interview Questions
- Show more
Interview Questions for Popular Designations
- Security Analyst Interview Questions
- Cyber Security Analyst Interview Questions
- Security Engineer Interview Questions
- Network Security Engineer Interview Questions
- Information Security Analyst Interview Questions
- Senior Security Engineer Interview Questions
- Senior Security Analyst Interview Questions
- Cyber Security Consultant Interview Questions
- Show more
PwC Security Consultant Interview Process
based on 1 interview
Interview experience
Interview Questions from Similar Companies
Fast track your campus placements
|
Senior Associate
15k
salaries
|  ₹8 L/yr - ₹30 L/yr |
|
Associate
12.8k
salaries
| ₹4.9 L/yr - ₹17.2 L/yr |
|
Manager
6.7k
salaries
| ₹14 L/yr - ₹44.3 L/yr |
|
Senior Consultant
4.4k
salaries
| ₹9 L/yr - ₹32.4 L/yr |
|
Associate2
4.2k
salaries
| ₹4.5 L/yr - ₹16.6 L/yr |
Deloitte
Ernst & Young
Accenture
TCS
- Home >
- Interviews >
- PwC Interview Questions >
- PwC Security Consultant Interview Questions
