Thinkapps Solutions Senior Security Engineer Interview Questions and Answers

Basic terminologies in cyber security

• Malware

• Phishing

• Firewall

• Encryption

• Vulnerability

• Patch

• Intrusion Detection System

• Social Engineering

• Two-Factor Authentication

The OSI model is a conceptual model that describes how data is transmitted over a network.

• OSI stands for Open Systems Interconnection

• It has 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application

• Each layer has a specific function and communicates with adjacent layers

• The model helps ensure interoperability between different network devices and software

• Example: HTTP operates at the Appli...read more

HTTP is unencrypted while HTTPS is encrypted. HTTPS provides secure communication over the internet.

• HTTP stands for Hypertext Transfer Protocol while HTTPS stands for Hypertext Transfer Protocol Secure

• HTTP is vulnerable to attacks like man-in-the-middle while HTTPS is secure

• HTTPS uses SSL/TLS certificates to encrypt data while HTTP does not

• HTTPS is used for secure online transactions like online banking, e-commerce, et...read more

The OWASP Top 10 is a list of the most critical web application security risks.

• Injection

• Broken Authentication and Session Management

• Cross-Site Scripting (XSS)

• Broken Access Control

• Security Misconfiguration

• Insecure Cryptographic Storage

• Insufficient Transport Layer Protection

• Unvalidated and Unsanitized Input

• Using Components with Known Vulnerabilities

• Insufficient Logging and Monitoring

Common cyber attacks include phishing, malware, ransomware, DDoS, and social engineering.

• Phishing: fraudulent emails or websites that trick users into giving sensitive information

• Malware: malicious software that can damage or control a computer system

• Ransomware: malware that encrypts files and demands payment for their release

• DDoS: Distributed Denial of Service attacks overwhelm a website or network with traffic

• Social ...read more

Mitigating common cyber attacks involves implementing strong passwords, regular software updates, and employee training.

• Use strong passwords and two-factor authentication

• Regularly update software and operating systems

• Train employees on how to identify and avoid phishing scams

• Implement firewalls and antivirus software

• Limit access to sensitive data and regularly backup important files