PwC Senior Security Analyst Interview Questions and Answers

It was an MCQ test with questions from Quantitative Ability, Logical reasoning, Verbal Abililty

Q1. Introduce yourself
Add your answer
Q2. Describe your internship experience and what was your contribution.
Add your answer
Q3. Why do you want to pivot to Cyber Security from your Electrical engineering degree?
Add your answer
Q4. Are you willing to learn?
Add your answer

Q1. Where are you from? What do you like about this city?
Add your answer
Q2. What do you think Consultants do?
Ans. 
Consultants provide expert advice and guidance to clients in a specific field or industry.
• Consultants analyze client needs and provide tailored solutions

• They offer recommendations based on industry best practices

• Consultants may also assist with implementation and training

• They often work on a project basis or provide ongoing support

• Examples: Cyber Security Consultants help organizations improve their security posture, I
Answered by AI
Add your answer
Q3. Would you like travelling for work?
Add your answer
Q4. Are you willing to relocate?
Add your answer

Asked about Reasoning, English, Computer networks, Database Management system, Electronics

15 min discussion on any topic given on the spot, 1 min for thinking

Q1. What do you know about Cloud Computing?
Ans. 
Cloud computing is the delivery of computing services over the internet, including servers, storage, databases, networking, software, analytics, and intelligence.
• Cloud computing allows users to access and store data and applications on remote servers instead of on their local devices.

• It offers scalability, flexibility, cost-effectiveness, and the ability to access resources from anywhere with an internet connection.

• Exa...read more
Answered by AI
Add your answer
Q2. OOPs concepts and examples
Ans. 
OOPs concepts refer to Object-Oriented Programming principles like inheritance, encapsulation, polymorphism, and abstraction.
• Inheritance: Allows a class to inherit properties and behavior from another class.

• Encapsulation: Bundling data and methods that operate on the data into a single unit.

• Polymorphism: Ability to present the same interface for different data types.

• Abstraction: Hiding the complex implementation detail
Answered by AI
Add your answer
Q3. SQL queries like Joins and Selection
Add your answer

Q1. What is xss and how it's can be exploited?
Ans. 
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
• XSS stands for Cross-Site Scripting.

• Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.

• These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.

• XSS attacks can be prevented by prope...read more
Answered by AI
Add your answer
Q2. What is csrf and how it can be exploited?
Ans. 
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
• CSRF stands for Cross-Site Request Forgery

• It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in

• The request can perform actions on behalf of the user without their knowledge or consent

• To prevent CSR...read more
Answered by AI
Add your answer
Q3. What is sast and dast and why it is performed?
Ans. 
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
• SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.

• DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.

• SAST is useful fo...read more
Answered by AI
Add your answer
Q4. What is httpsOnly and secure flag is used for?
Ans. 
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
• httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.

• Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.

• Both are important security measures for protecting sensitive information and preventing attacks.

• Examples of websites that use ...read more
Answered by AI
Add your answer
Q5. What are the security headers used in an application?
Ans. 
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
• Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)

• CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded

• X-XSS-Protection helps prev...read more
Answered by AI
Add your answer
Q6. How cache control is implemented?
Ans. 
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
• Cache-Control header is used to specify caching directives

• Expires header is used to specify an expiration date for the resource

• Max-Age header is used to specify the maximum age of the resource in seconds

• Pragma header is used for backwards compatibility with HTTP/1.0

• Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
Answered by AI
Add your answer

Q1. Application and api security questions?
Add your answer
Q2. Work experience and questions related to work performed in previous organization?
Add your answer

There was group of 5 people in the gd and the topic was Electric Vehicles
20 minutes were given to conclude the gd

Q1. This was a one to one technical round they ask about your project. what are your three strengths?
Add your answer
Q2. How will you lead your team?
Add your answer

Q1. What is Deloitte and what do we do? When was a time where you handled adversity?
Add your answer
Q2. When was a time where you handled adversity?
Add your answer

Python coding and security basic such as network security and OSI models

General aptitude test - Quant, DI/LR, English

Q1. General information about resume
Add your answer
Q2. Interest and knowledge of cybersecurity and computer network concepts
Add your answer
Q3. Hobbies and interests
Add your answer
Q4. Extra curricular activities
Add your answer