Qseap Infotech Associate Information Security Consultant Interview Questions, Process, and Tips

Basic Login and reasoning questions with some basic networking and CIA model-related questions.

Q1. OWASP Top 10 CIA Model
Ans. 
OWASP Top 10 is a list of common web application vulnerabilities. CIA model is a framework for information security.
• OWASP Top 10 includes vulnerabilities like injection, broken authentication, and cross-site scripting.

• CIA model stands for confidentiality, integrity, and availability.

• It is used to evaluate and improve the security of information systems.

• For example, a company may use the CIA model to ensure that custome...read more
Answered by AI
Add your answer
Q2. Access Control Questions (Privilege Escalation and IDOR) Cookie Attributes Injection
Add your answer
Q3. Threat, Vulnerability and Risk Difference Authentication and Authorization Difference
Ans. 
Threat, vulnerability, and risk are related to security while authentication and authorization are related to access control.
• Threat is a potential danger that can exploit a vulnerability and cause harm.

• Vulnerability is a weakness in a system that can be exploited by a threat.

• Risk is the likelihood of a threat exploiting a vulnerability and the impact it will have.

• Authentication is the process of verifying the identity ...read more
Answered by AI
Add your answer

Q1. Basic Questions like describing yourself and some key points in your resume Strength and weakness
Add your answer

Numerical reasoning and logical reasoning a bit tough however can be clear

Q1. Network protocols and its port number,nmap questions like how to scan ports, firewalls and it's type, vpn,http vs https vs ssl, cia triad, scenario based questions
Add your answer

Q1. They will not ask any questions on this round just confirmation from your side.
Add your answer

Reasoning ability and technical questions of fundamental of system and cyber security ports number

Q1. What are your salary expectations?
Add your answer
Q2. What is your family background?
Add your answer
Q3. Tell me about yourself.
Add your answer
Q4. Some service bond related questions
Add your answer
Q5. Some technical questions
Add your answer

Q1. CIA triads , difference between http and HTTPS
Ans. 
CIA triads are confidentiality, integrity, and availability. HTTPS is a secure version of HTTP.
• CIA triads are the three pillars of information security.

• Confidentiality ensures that only authorized parties can access data.

• Integrity ensures that data is not tampered with or altered.

• Availability ensures that data is accessible to authorized parties when needed.

• HTTPS is a secure version of HTTP that encrypts data in transi...read more
Answered by AI
Add your answer
Q2. Ports number and tools used
Ans. 
Ports and tools used in information security
• Common ports used in information security include 80 (HTTP), 443 (HTTPS), 22 (SSH), and 3389 (RDP)

• Tools used in information security include Nmap, Wireshark, Metasploit, and Nessus

• Port scanning tools like Nmap are used to identify open ports on a target system

• Packet sniffing tools like Wireshark are used to capture and analyze network traffic

• Vulnerability scanners like Nessus...read more
Answered by AI
Add your answer
Q3. Owasp top 10 with examples
Ans. 
OWASP Top 10 is a list of common web application vulnerabilities.
• Injection (SQL, LDAP, etc.)

• Broken Authentication and Session Management

• Cross-Site Scripting (XSS)

• Broken Access Control

• Security Misconfiguration

• Insecure Cryptographic Storage

• Insufficient Transport Layer Protection

• Unvalidated and Unsanitized Input

• Using Components with Known Vulnerabilities

• Insufficient Logging and Monitoring
Answered by AI
Add your answer