UST Security Analyst Interview Questions and Answers

3 way hand shaking is a process in TCP/IP communication where three packets are exchanged to establish a connection.

• Three packets are involved: SYN, SYN-ACK, ACK

• SYN packet is sent by the client to the server to initiate the connection

• SYN-ACK packet is sent by the server to the client as a response

• ACK packet is sent by the client to the server to confirm the connection

The OSI Model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven layers.

• The OSI Model stands for Open Systems Interconnection Model.

• It helps in understanding how data is transferred between devices in a network.

• Each layer has specific functions and communicates with the adjacent layers.

• Examples of layers include Physical, Data Link, Network, Transport, Sessio

TCP is connection-oriented, reliable, and slower, while UDP is connectionless, unreliable, and faster.

• TCP is connection-oriented, meaning it establishes a connection before sending data, while UDP is connectionless.

• TCP is reliable as it ensures all data is received in order and without errors, while UDP does not guarantee delivery.

• TCP is slower due to the overhead of establishing and maintaining connections, while UDP ...read more

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

• Acts as a barrier between a trusted internal network and untrusted external network

• Filters traffic based on rules set by the network administrator

• Can be hardware-based or software-based

• Examples include Cisco ASA, Palo Alto Networks, and pfSense

I am a dedicated Security Analyst with a strong background in cybersecurity and risk management.

• Experienced in conducting security assessments and identifying vulnerabilities

• Skilled in implementing security measures to protect against cyber threats

• Proficient in analyzing security incidents and responding effectively

• Certified in relevant security certifications such as CISSP or CISM

Malware refers to malicious software designed to disrupt, damage, or gain unauthorized access to a computer system.

• Viruses: self-replicating programs that infect other files on a computer

• Worms: standalone malware that spreads across networks

• Trojans: disguised as legitimate software to trick users into installing them

• Ransomware: encrypts files and demands payment for decryption

• Spyware: secretly gathers information about...read more

The first step would be to isolate the infected machine from the network to prevent further spread of the infection.

• Isolate the infected machine from the network to prevent further spread of the infection

• Identify the type of malware or virus that has infected the machine

• Run a full system scan using antivirus software to detect and remove the malware

• Update the operating system and all software to patch any vulnerabiliti...read more

Azure Security Policies are a set of rules and configurations that help enforce security controls within Azure environments.

• Azure Security Policies help ensure compliance with security standards and best practices

• They can be used to enforce specific security configurations, such as requiring encryption for storage accounts

• Policies can be assigned at the subscription, resource group, or resource level

Conditional Access in Azure is used to control access to resources based on specific conditions.

• Conditional Access policies can be set up to require multi-factor authentication for certain users or devices

• It can restrict access based on location, device compliance, or other factors

• Conditional Access can be used to enforce policies such as requiring a compliant device to access sensitive data

Active Directory Federation Service (AD FS) is a feature in Windows Server that allows for single sign-on authentication across multiple systems.

• AD FS allows users to access multiple applications with a single set of credentials

• It enables secure sharing of identity information between trusted partners

• AD FS uses claims-based authentication to verify user identity

• It supports integration with cloud-based services like Off

ISO 27001 is a globally recognized standard for information security management.

• ISO 27001 provides a framework for managing and protecting sensitive information.

• It outlines a risk management process to identify, assess, and treat information security risks.

• ISO 27001 requires organizations to implement and maintain a set of policies, procedures, and controls to ensure the confidentiality, integrity, and availability of ...read more

DLP policies are rules and procedures that prevent sensitive data from being accessed, used, or shared inappropriately.

• DLP policies can be used to prevent data breaches and protect sensitive information.

• They can include rules for identifying and classifying sensitive data, as well as procedures for monitoring and controlling access to that data.

• Examples of DLP policies include restricting access to certain files or fol...read more