SISA Information Security Security Consultant Interview Questions and Answers

Q1. Reason for job change
Add your answer
Q2. What is Expected salary
Add your answer

Q1. Sql injection vulnerability
Add your answer
Q2. Owasp top 10 related questions
Add your answer
Q3. Reason for job change
Add your answer
Q4. When can you join the company
Add your answer

Q1. What is Routing please explain
Ans. 
Routing is the process of selecting the best path for network traffic to travel from one network to another.
• Routing involves analyzing network topology and determining the most efficient path for data to travel

• Routing protocols such as OSPF and BGP are used to exchange routing information between routers

• Routing tables are used to store information about network destinations and the best path to reach them

• Routing can be...read more
Answered by AI
Add your answer
Q2. What is subnetting, please explain
Ans. 
Subnetting is the process of dividing a network into smaller subnetworks.
• Subnetting helps in efficient utilization of IP addresses

• It improves network performance and security

• Subnetting is done by borrowing bits from the host portion of an IP address

• Example: 192.168.1.0/24 can be subnetted into 192.168.1.0/25 and 192.168.1.128/25
Answered by AI
Add your answer

Q1. Explain network subnetting with explain
Ans. 
Subnetting is the process of dividing a network into smaller subnetworks to improve performance and security.
• Subnetting involves creating multiple smaller networks within a larger network by dividing the IP address range.

• It helps in reducing network congestion, improving security by isolating different departments or functions, and optimizing network performance.

• Subnet masks are used to determine which part of an IP ad...read more
Answered by AI
Add your answer
Q2. Explain difference between router and switch
Ans. 
Routers connect multiple networks together, while switches connect devices within a single network.
• Routers operate at the network layer (Layer 3) of the OSI model, while switches operate at the data link layer (Layer 2).

• Routers use IP addresses to forward data between networks, while switches use MAC addresses to forward data within a network.

• Routers are typically used to connect different networks, such as a home netw...read more
Answered by AI
Add your answer

Q1. Methodology approach for both api and web pen test
Ans. 
The methodology approach for API and web pen test involves identifying vulnerabilities, testing for exploits, and reporting findings.
• Identify the scope of the test and the target systems

• Perform reconnaissance to gather information about the target

• Test for common vulnerabilities such as SQL injection and cross-site scripting

• Test for exploits to determine the impact of vulnerabilities

• Report findings and provide recommend
Answered by AI
Add your answer
Q2. Why you used csrf tokens
Ans. 
CSRF tokens are used to prevent unauthorized access to sensitive data or actions on a website.
• CSRF tokens add an extra layer of security to web applications by ensuring that requests are coming from an authenticated user.

• They are generated by the server and included in forms or URLs to verify the authenticity of the request.

• Without CSRF tokens, attackers can use cross-site scripting (XSS) attacks to trick users into un...read more
Answered by AI
Add your answer

Q1. Owasp vulnerabilities which you come across
Ans. 
OWASP vulnerabilities commonly encountered in security analysis
• Injection flaws (SQL, LDAP, OS command, etc.)

• Cross-site scripting (XSS)

• Broken authentication and session management

• Security misconfiguration

• Sensitive data exposure

• Insufficient logging and monitoring

• Using components with known vulnerabilities

• Insecure communication (e.g. lack of encryption)

• Broken access control

• XML External Entities (XXE)
Answered by AI
Add your answer

Q1. CSRF Owasp top 10 Web application
Add your answer

Q1. Current CTC Expected CTC
Ans. 
Discussed in person or over email
• I prefer to discuss this in person or over email

• I am open to negotiation based on the job requirements
Answered by AI
Add your answer

Q1. Applied through LinkedIn and was shortlisted 1st round was a discussion about current experience and domain knowledge, questions around revenue assurance areas
Add your answer
Q2. Later was asked some domain questions around telecom frameworks and TMforum frameworks
Add your answer

Was given a business case and was asked to come up with a PPT presentation for a consulting engagement with

Scope
Approach
Timelines
Deliverables
Recommendations

In the area of revenue assurance for a telecom client