10+ KPMG Global Services Interview Questions and Answers

Daily activities for maintaining SIEM solution

• Monitor SIEM alerts and investigate any potential security incidents

• Review and update SIEM rules and policies

• Ensure SIEM data sources are properly configured and updated

• Perform regular backups and test disaster recovery procedures

• Stay up-to-date with the latest security threats and trends

• Collaborate with other teams to ensure proper integration with other security tools

• Provide regular reports on SIEM performance and security incid...read more

Use cases to prevent web attacks on various devices

• Implementing firewalls and intrusion detection systems on servers

• Using anti-virus and anti-malware software on client devices

• Regularly updating software and security patches

• Enforcing strong password policies and multi-factor authentication

• Conducting regular security audits and penetration testing

• Implementing HTTPS and SSL certificates on websites

• Using content security policies to prevent cross-site scripting and injection att...read more

A use case to prevent SQL injection attacks

• Implement input validation and sanitization

• Use parameterized queries

• Limit database user privileges

• Regularly update and patch database software

Cyber kill chain and Mitre framework are both used for cyber threat intelligence, but the former focuses on attack stages while the latter provides a comprehensive framework for threat intelligence.

• Cyber kill chain is a model that describes the stages of a cyber attack, from reconnaissance to exfiltration.

• Mitre framework is a comprehensive framework for organizing and analyzing threat intelligence, including attack patterns, tactics, and techniques.

• Cyber kill chain is more fo...read more

WAF use cases include protection against OWASP Top 10 vulnerabilities, DDoS attacks, and web application attacks.

• Protection against SQL injection attacks

• Prevention of cross-site scripting (XSS) attacks

• Blocking of malicious bots and crawlers

• Mitigation of distributed denial-of-service (DDoS) attacks

• Enforcement of security policies and compliance regulations

• Monitoring and logging of web traffic for threat detection and incident response

Yes, I have created use cases with multiple devices.

• I have experience creating use cases for mobile and desktop devices.

• I have also created use cases for wearable devices and IoT devices.

• One example is when I created use cases for a mobile app that could be used in conjunction with a smartwatch.

• Another example is when I created use cases for a web application that could be accessed from both desktop and mobile devices.

Password spraying is trying a few commonly used passwords on multiple accounts, while brute-force attack is trying all possible combinations of characters to crack a password.

• Password spraying is a type of attack where a few commonly used passwords are tried on multiple accounts to gain unauthorized access.

• Brute-force attack is a type of attack where all possible combinations of characters are tried to crack a password.

• Password spraying is a less time-consuming attack as comp...read more

Developed a use case for streamlining team communication and task management

• Created a centralized platform for team members to communicate and collaborate on tasks

• Implemented task tracking and progress monitoring features

• Reduced miscommunication and increased productivity

• Received positive feedback from team members and management

Cyber kill chain is a framework that describes the stages of a cyber attack.

• It consists of seven stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.

• The framework helps organizations understand and defend against cyber attacks.

• For example, if an attacker is in the reconnaissance stage, they are gathering information about the target.

• By understanding the stages of a cyber attack, organizations can implemen...read more

The device that receives maximum EPS varies depending on the context and industry.

• In the telecommunications industry, the device that receives maximum EPS is the base station.

• In the automotive industry, the device that receives maximum EPS is the electronic control unit (ECU).

• In the medical industry, the device that receives maximum EPS varies depending on the specific medical device.

• EPS stands for events per second and refers to the rate at which events are processed by a de...read more

Retail Management in store involves overseeing the day-to-day operations of a retail establishment.

• Managing inventory and stock levels

• Ensuring customer satisfaction and resolving complaints

• Hiring, training, and scheduling staff

• Analyzing sales data and implementing strategies to increase revenue

• Maintaining store appearance and cleanliness

We have created use cases for customer onboarding, order management, and inventory tracking.

• Customer onboarding: designed a process for new customers to sign up and create an account

• Order management: created a system for tracking orders from placement to delivery

• Inventory tracking: developed a method for monitoring stock levels and reordering when necessary