Cyber Security Analyst

100+ Cyber Security Analyst Interview Questions and Answers

Updated 27 Feb 2025

Q51. Hands on Burpsuite and how to use it?

Ans.

Burpsuite is a popular web application security testing tool used for finding security vulnerabilities.

  • Burpsuite is used for intercepting and modifying HTTP/S requests between a web browser and the target application.

  • It can be used to identify security vulnerabilities such as SQL injection, cross-site scripting, and more.

  • Burpsuite has various tools like Intruder, Repeater, and Scanner for different types of security testing.

  • It also has features for session handling, content d...read more

Q52. What is the pillar of cybersecurity

Ans.

The pillar of cybersecurity is confidentiality, integrity, and availability.

  • Confidentiality: Ensuring that information is only accessible to authorized individuals.

  • Integrity: Maintaining the accuracy and trustworthiness of data and systems.

  • Availability: Ensuring that systems and data are accessible and usable when needed.

Q53. What are ports, and import port numbers

Ans.

Ports are communication endpoints in a network, and port numbers are used to identify specific services or processes.

  • Ports are virtual communication endpoints used by computers to send and receive data over a network

  • Port numbers range from 0 to 65535, with well-known ports (0-1023) reserved for specific services like HTTP (port 80) or FTP (port 21)

  • Common port numbers include 80 (HTTP), 443 (HTTPS), 22 (SSH), 25 (SMTP), and 3389 (RDP)

Q54. Difference between ISO 27001 and 27001?

Ans.

ISO 27001 is the international standard for information security management systems, while 27001 is a typographical error.

  • ISO 27001 is the correct international standard for information security management systems.

  • 27001 is a typographical error and does not refer to any specific standard.

  • Organizations should aim for ISO 27001 certification to demonstrate their commitment to information security.

  • ISO 27001 provides a framework for establishing, implementing, maintaining, and co...read more

Are these interview questions helpful?

Q55. Explain dictionary attack?

Ans.

A dictionary attack is a method used to gain unauthorized access to a system by systematically trying all possible words or combinations from a pre-existing list.

  • Dictionary attack is a type of brute force attack.

  • It involves using a list of commonly used passwords or words from a dictionary to guess the password of a user or system.

  • The attacker tries each word in the list until a match is found or all possibilities are exhausted.

  • Dictionary attacks can be performed offline or o...read more

Q56. Explain rainbow attack?

Ans.

A rainbow attack is a type of brute force attack that involves precomputing and storing the hash values of all possible passwords.

  • Rainbow attacks are used to crack password hashes by comparing them to precomputed hash values.

  • They are based on the idea of reducing the time and computational resources required for brute force attacks.

  • Rainbow tables are used to store precomputed hash values and their corresponding passwords.

  • The attack involves looking up the hash value in the ra...read more

Share interview questions and help millions of jobseekers 🌟

man-with-laptop

Q57. email Gateway block the email spam if we received

Ans.

Yes, email gateways can block email spam if configured properly.

  • Email gateways use various techniques like blacklists, whitelists, content filtering, and sender authentication to block spam.

  • Spam emails are typically identified based on keywords, sender reputation, and other factors.

  • Advanced email gateways may also use machine learning algorithms to detect and block spam.

  • Regular updates and monitoring of email gateway settings are essential to effectively block spam emails.

Q58. Steps to consider after Phishing attack

Ans.

Steps to take after a phishing attack

  • Immediately disconnect from the internet

  • Change all passwords associated with the compromised account

  • Notify the appropriate parties (IT department, bank, etc.)

  • Run a virus scan on all devices used to access the compromised account

  • Educate yourself and others on how to identify and avoid phishing attacks

Cyber Security Analyst Jobs

Cyber Security Analyst - Threat Modeling 1-11 years
Ford Global Business Services
4.4
Chennai
Cyber Security Analyst 2-6 years
Wipro Limited
3.7
Bangalore / Bengaluru
Cyber Security Analyst - L4 2-6 years
Wipro Limited
3.7
Mumbai

Q59. Ethical hacking in cyber security

Ans.

Ethical hacking is a process of identifying vulnerabilities in a system to improve its security.

  • Ethical hacking involves using the same techniques as malicious hackers to identify vulnerabilities in a system.

  • The goal of ethical hacking is to improve the security of the system by fixing the identified vulnerabilities.

  • Ethical hackers must follow a strict code of ethics and obtain permission before conducting any hacking activities.

  • Examples of ethical hacking include penetration...read more

Q60. What are you learn in cyber security

Ans.

In cyber security, you learn about network security, encryption, threat detection, incident response, and ethical hacking.

  • Network security involves protecting networks from unauthorized access or attacks.

  • Encryption is the process of encoding information to make it secure and unreadable without the proper decryption key.

  • Threat detection involves identifying and responding to potential security threats or breaches.

  • Incident response is the process of reacting to and managing a s...read more

Q61. Steps to find Web PT/Network PT/ Mob PT?

Ans.

To find Web PT/Network PT/Mob PT, perform network scanning, use port scanners, and analyze network traffic.

  • Perform network scanning to identify devices on the network

  • Use port scanners to identify open ports on the devices

  • Analyze network traffic to identify patterns and anomalies

  • Look for specific protocols or services associated with Web PT/Network PT/Mob PT

  • Use specialized tools like Wireshark or Nmap for deeper analysis

Q62. What is SQLi its types?

Ans.

SQLi stands for SQL Injection. It is a type of cyber attack where an attacker injects malicious SQL code into a vulnerable website.

  • SQLi allows attackers to access sensitive data from a website's database

  • There are three types of SQLi: In-band, Inferential, and Out-of-band

  • In-band SQLi is the most common type and involves using the same communication channel to launch the attack and retrieve data

  • Inferential SQLi involves using logical deductions to infer information from the dat...read more

Q63. What is cyber security

Ans.

Cyber security is the practice of protecting computer systems, networks, and sensitive information from unauthorized access, theft, or damage.

  • Cyber security involves implementing measures to prevent cyber attacks and data breaches

  • It includes protecting against viruses, malware, and other malicious software

  • Cyber security also involves educating users on safe online practices

  • Examples of cyber security measures include firewalls, encryption, and multi-factor authentication

Q64. Share experience Arcsight & Splunk tool

Ans.

Arcsight & Splunk are SIEM tools used for log management and security analytics.

  • Arcsight is a legacy SIEM tool used for log management and security analytics.

  • Splunk is a modern SIEM tool used for log management, security analytics, and data visualization.

  • Both tools are used to collect, analyze, and correlate log data from various sources to detect security threats and incidents.

  • Arcsight has a complex architecture and requires more resources to manage compared to Splunk.

  • Splunk...read more

Q65. what is a proxy server?

Ans.

A proxy server acts as an intermediary between a client and a server, forwarding requests and responses.

  • It can be used to improve security and privacy by hiding the client's IP address.

  • It can also be used to bypass content filters or access geographically restricted content.

  • Examples include Squid, Nginx, and Apache.

  • Proxy servers can be configured to allow or block certain types of traffic.

Q66. What is the purpose DNS?

Ans.

DNS stands for Domain Name System and its purpose is to translate domain names into IP addresses.

  • DNS helps users easily access websites by translating human-readable domain names (e.g. www.google.com) into machine-readable IP addresses (e.g. 172.217.3.206).

  • It helps in load balancing by distributing traffic among multiple servers based on the IP address resolved by DNS.

  • DNS also provides redundancy and fault tolerance by allowing multiple DNS servers to store the same DNS recor...read more

Q67. OOPs concepts and examples

Ans.

OOPs concepts refer to Object-Oriented Programming principles like inheritance, encapsulation, polymorphism, and abstraction.

  • Inheritance: Allows a class to inherit properties and behavior from another class.

  • Encapsulation: Bundling data and methods that operate on the data into a single unit.

  • Polymorphism: Ability to present the same interface for different data types.

  • Abstraction: Hiding the complex implementation details and showing only the necessary features.

Q68. difference between kill cahin and mitre framework

Ans.

Kill Chain is a cybersecurity attack model while MITRE Framework is a knowledge base for cyber threats.

  • Kill Chain is a step-by-step model that outlines the stages of a cyber attack, from initial reconnaissance to data exfiltration.

  • MITRE Framework is a comprehensive list of known tactics, techniques, and procedures used by cyber adversaries.

  • Kill Chain helps organizations understand and defend against cyber attacks, while MITRE Framework provides a common language for discussin...read more

Q69. How Manually Test A Network?

Ans.

Manually testing a network involves using various tools and techniques to identify vulnerabilities and potential security threats.

  • Performing port scans to identify open ports and services

  • Conducting penetration testing to simulate attacks and identify weaknesses

  • Reviewing firewall and router configurations

  • Analyzing network traffic for anomalies

  • Testing user authentication and access controls

  • Checking for outdated software and firmware

  • Assessing physical security measures

  • Social eng...read more

Q70. what is it low and how to work

Ans.

The question is unclear and lacks context.

  • Please provide more information or clarify the question.

  • Without context, it is impossible to provide a meaningful answer.

  • Low can refer to many things in cyber security, such as low-level attacks or low-risk vulnerabilities.

  • Working in cyber security involves analyzing and mitigating risks to protect systems and data.

  • It is important to stay up-to-date on the latest threats and security measures.

  • Examples of cyber security tools and techn...read more

Q71. Alerts in SIEM tool

Ans.

Alerts in SIEM tool

  • SIEM tools generate alerts based on predefined rules and thresholds

  • Alerts can be categorized based on severity levels

  • Alerts can be investigated and triaged to determine if they are true positives or false positives

  • SIEM tools can also automate response actions based on certain alerts

  • Examples of alerts include failed login attempts, malware detections, and suspicious network traffic

Q72. Owaps top10 .. explain anyone.?

Ans.

OWASP Top 10 is a list of the most critical web application security risks.

  • Injection attacks: SQL, NoSQL, OS, LDAP, etc.

  • Broken authentication and session management

  • Cross-site scripting (XSS)

  • Broken access control

  • Security misconfiguration

  • Insecure cryptographic storage

  • Insufficient logging and monitoring

  • Insecure communication

  • Using components with known vulnerabilities

  • Insufficient attack protection and rate limiting

Q73. what is VPN and how use it?

Ans.

VPN stands for Virtual Private Network, a secure connection that allows users to access the internet privately and securely.

  • VPN encrypts your internet connection to protect your data from hackers and surveillance.

  • It masks your IP address, making it difficult for websites to track your location.

  • VPN can be used to access geo-restricted content, such as streaming services or websites.

  • It is commonly used by remote workers to securely connect to their company's network.

  • Popular VPN...read more

Q74. what is VPN how to use it ?

Ans.

A VPN (Virtual Private Network) is a secure connection that allows users to access the internet privately and securely.

  • VPN encrypts your internet connection to protect your data from hackers and surveillance.

  • It masks your IP address, making it appear as though you are browsing from a different location.

  • VPN can be used to access geo-restricted content, bypass censorship, and enhance online privacy.

  • To use a VPN, you typically need to download and install VPN software on your de...read more

Q75. Event life cycle of any siem solution

Ans.

The event life cycle of a SIEM solution involves several stages from data collection to incident response.

  • Data collection: SIEM collects logs and events from various sources such as network devices, servers, and applications.

  • Normalization: The collected data is normalized to a common format for easier analysis and correlation.

  • Aggregation: Events are grouped together based on common attributes to identify patterns and trends.

  • Correlation: SIEM correlates events from different s...read more

Q76. What is DNS and DNS Proxy

Ans.

DNS stands for Domain Name System, a system that translates domain names to IP addresses. DNS Proxy is a server that forwards DNS queries.

  • DNS is like a phone book for the internet, translating domain names (like google.com) to IP addresses (like 172.217.3.206)

  • DNS Proxy is a server that acts as an intermediary between a client and a DNS server, forwarding DNS queries on behalf of the client

  • DNS Proxy can be used for filtering, caching, or load balancing DNS queries

Q77. PenetrationTesting vs vvulnerability Assessments

Ans.

Penetration testing involves simulating real-world attacks to identify security weaknesses, while vulnerability assessments focus on identifying and prioritizing vulnerabilities.

  • Penetration testing involves actively exploiting vulnerabilities to determine the impact of a successful attack.

  • Vulnerability assessments focus on identifying and prioritizing vulnerabilities based on their severity and potential impact.

  • Penetration testing is more comprehensive and provides a deeper u...read more

Q78. What is dns and its protocols

Ans.

DNS (Domain Name System) is a protocol used to translate domain names into IP addresses.

  • DNS is essential for translating human-readable domain names (like google.com) into machine-readable IP addresses (like 172.217.3.206)

  • DNS operates using a client-server architecture, where the client (usually a web browser) sends a DNS query to a DNS server to resolve a domain name

  • DNS uses various protocols such as UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) for co...read more

Q79. What's is vulnerability Assessment

Ans.

Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in a system.

  • Identifying weaknesses in a system that could be exploited by attackers

  • Quantifying the level of risk associated with each vulnerability

  • Prioritizing vulnerabilities based on their severity and potential impact

  • Conducting regular scans and tests to identify new vulnerabilities

  • Examples: using vulnerability scanning tools like Nessus or OpenVAS

Q80. Port Numbers of different protocols

Ans.

Port numbers for different protocols

  • HTTP - 80

  • HTTPS - 443

  • FTP - 20, 21

  • SSH - 22

  • SMTP - 25

  • DNS - 53

  • POP3 - 110

  • IMAP - 143

  • LDAP - 389

  • RDP - 3389

Q81. What is write blocker

Ans.

A write blocker is a hardware device or software tool that prevents data from being written to a storage device.

  • Used in digital forensics to prevent accidental or intentional modification of data during analysis

  • Ensures the integrity of evidence by allowing read-only access to the storage device

  • Commonly used in investigations involving computers, mobile devices, and other digital media

  • Examples include Tableau write blockers, WiebeTech write blockers

Q82. Cisco devices for email and IP upgrade

Ans.

When upgrading Cisco devices for email and IP, it is important to plan and execute the upgrade carefully.

  • Ensure compatibility of new devices with existing infrastructure

  • Backup configurations and data before starting the upgrade

  • Test the new devices in a controlled environment before deploying them

  • Consider any security implications of the upgrade

  • Train staff on how to use the new devices effectively

Q83. F5device for security for white listing

Ans.

F5 devices can be used for security white listing to control access to specific applications or services.

  • F5 devices can be used to create white lists of approved IP addresses, URLs, or applications that are allowed to access a network.

  • This helps prevent unauthorized access and reduces the attack surface for potential threats.

  • For example, an organization can use F5 devices to white list specific IP addresses for remote access to their internal network.

Q84. What is normalization in dbms

Ans.

Normalization in DBMS is the process of organizing data in a database to reduce redundancy and improve data integrity.

  • Normalization involves breaking down a database into smaller, more manageable tables and defining relationships between them.

  • It helps in reducing data redundancy by storing data in a structured and organized manner.

  • Normalization also helps in improving data integrity by ensuring that data is consistent and accurate.

  • There are different normal forms such as 1NF,...read more

Q85. what is CEH what is CCNA

Ans.

CEH stands for Certified Ethical Hacker. CCNA stands for Cisco Certified Network Associate.

  • CEH is a certification for professionals who want to work as ethical hackers and penetration testers.

  • CCNA is a certification for professionals who want to work with Cisco networking technologies.

  • CEH covers topics such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, and more.

  • CCNA covers topics such as network fundamentals, LAN switching technologies, r...read more

Q86. what is cloud? and types

Ans.

Cloud is a virtual space that allows users to store, manage, and access data and applications remotely.

  • Cloud is a virtualized infrastructure that provides on-demand access to computing resources.

  • It allows users to store and access data and applications remotely over the internet.

  • Cloud services are typically categorized into three types: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

  • IaaS provides virtualized computing resour...read more

Q87. Difference between GET and POST method.

Ans.

GET method is used to request data from a specified resource, while POST method is used to submit data to be processed to a specified resource.

  • GET requests data from a specified resource

  • POST submits data to be processed to a specified resource

  • GET requests can be cached and bookmarked, while POST requests are not cached and do not remain in the browser history

  • GET requests have length restrictions, while POST requests do not

Q88. Different ports and example of UDP port

Ans.

Different ports are used for communication in networking. UDP port 53 is used for DNS.

  • Ports are used to identify different services or processes on a network

  • UDP port 53 is used for DNS (Domain Name System)

  • Other common UDP ports include 67 (DHCP), 161 (SNMP), and 123 (NTP)

Q89. what is it top compnyes

Ans.

Top companies in cyber security are those that provide innovative and effective solutions to protect against cyber threats.

  • Top companies invest heavily in research and development to stay ahead of emerging threats

  • They offer a range of services including threat intelligence, incident response, and vulnerability assessments

  • Examples of top companies include Symantec, McAfee, and Cisco

  • These companies have a strong reputation for providing reliable and effective cyber security sol...read more

Q90. What is mass assignment

Ans.

Mass assignment is a vulnerability where an attacker can manipulate the data sent to a web application to modify objects they should not have access to.

  • Mass assignment occurs when a user can submit multiple parameters to a web application, allowing them to modify fields they should not have access to.

  • This vulnerability can be exploited by attackers to change sensitive data or gain unauthorized access to the system.

  • Developers can prevent mass assignment by using techniques lik...read more

Q91. What is SQL injection?

Ans.

SQL injection is a type of cyber attack where malicious SQL code is inserted into input fields to manipulate a database.

  • SQL injection allows attackers to access, modify, or delete data in a database.

  • Attackers can also use SQL injection to execute commands on the database server.

  • Preventing SQL injection involves validating user input and using parameterized queries.

  • Example: Entering ' OR '1'='1' into a login form to bypass authentication.

Q92. What is firewall?

Ans.

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

  • Acts as a barrier between a trusted internal network and untrusted external network

  • Filters network traffic based on rules set by the administrator

  • Can be hardware-based or software-based

  • Examples include Cisco ASA, Palo Alto Networks, and pfSense

Q93. difference between truncate and delete

Ans.

Truncate is a DDL command that removes all records from a table, while delete is a DML command that removes specific records.

  • Truncate is faster than delete as it does not log individual row deletions.

  • Truncate resets identity columns, while delete does not.

  • Truncate cannot be rolled back, while delete can be rolled back using a transaction.

  • Truncate does not fire triggers, while delete does.

Q94. Difference between TCP and UDP?

Ans.

TCP is connection-oriented, reliable, and slower, while UDP is connectionless, unreliable, and faster.

  • TCP stands for Transmission Control Protocol, while UDP stands for User Datagram Protocol.

  • TCP is connection-oriented, meaning it establishes a connection before sending data, while UDP is connectionless.

  • TCP is reliable as it ensures delivery of data in the correct order and handles retransmissions, while UDP does not guarantee delivery or order of data.

  • TCP is slower than UDP ...read more

Q95. Tell me about OSINT Tools.

Ans.

OSINT tools are software tools used for gathering and analyzing publicly available information from various sources.

  • OSINT tools help in collecting information from social media platforms, websites, forums, and other online sources.

  • Some popular OSINT tools include Maltego, Shodan, theHarvester, and SpiderFoot.

  • These tools can be used by cyber security analysts to gather intelligence, identify potential threats, and assess vulnerabilities.

  • OSINT tools can also help in conducting ...read more

Q96. What is Dom xss?

Ans.

Dom xss is a type of cross-site scripting attack that exploits vulnerabilities in client-side scripts.

  • Dom xss attacks occur when an attacker injects malicious code into a website's DOM (Document Object Model) through user input.

  • The injected code can then execute in the victim's browser, potentially stealing sensitive information or performing unauthorized actions.

  • Preventing Dom xss requires proper input validation and sanitization, as well as using security measures such as C...read more

Q97. What do know about Cloudfare.

Ans.

Cloudflare is a web infrastructure and website security company that provides content delivery network services, DDoS mitigation, and DNS services.

  • Cloudflare offers services such as CDN, DDoS protection, and DNS management.

  • It helps improve website performance by caching content closer to users.

  • Cloudflare's security features protect websites from various online threats.

  • It provides analytics and insights into website traffic and performance.

  • Cloudflare has a large network of ser...read more

Q98. what is ci/cd in devops

Ans.

CI/CD stands for Continuous Integration/Continuous Deployment. It is a DevOps practice that involves automating the process of building, testing, and deploying software.

  • CI/CD is a software development approach that aims to deliver code changes more frequently and reliably.

  • Continuous Integration involves merging code changes into a shared repository and running automated tests to detect integration issues early.

  • Continuous Deployment automates the release of code changes to pro...read more

Q99. SSRF vs CSRF, impact of csrf

Ans.

SSRF allows attackers to access internal resources, while CSRF allows attackers to perform actions on behalf of a user.

  • SSRF (Server-Side Request Forgery) allows attackers to make requests on behalf of the server, potentially accessing internal resources.

  • CSRF (Cross-Site Request Forgery) allows attackers to perform actions on a website on behalf of a user without their consent.

  • CSRF attacks can lead to unauthorized actions being performed by the attacker, such as changing accou...read more

Q100. 4.what is vulnerability.

Ans.

A vulnerability is a weakness or flaw in a system that can be exploited by attackers to gain unauthorized access or cause damage.

  • Vulnerabilities can exist in software, hardware, or even human behavior.

  • Examples of vulnerabilities include unpatched software, weak passwords, and social engineering tactics.

  • Vulnerability assessments and penetration testing can help identify and mitigate vulnerabilities.

  • Regular updates and patches can also help prevent vulnerabilities from being ex...read more

Previous
1
2
3
Next
Interview Tips & Stories
Ace your next interview with expert advice and inspiring stories

Interview experiences of popular companies

3.7
 • 10.4k Interviews
3.8
 • 8.1k Interviews
3.6
 • 7.5k Interviews
3.7
 • 5.6k Interviews
3.5
 • 3.8k Interviews
3.8
 • 2.8k Interviews
3.4
 • 1.4k Interviews
3.5
 • 790 Interviews
View all

Calculate your in-hand salary

Confused about how your in-hand salary is calculated? Enter your annual salary (CTC) and get your in-hand salary

Cyber Security Analyst Interview Questions
Share an Interview
Stay ahead in your career. Get AmbitionBox app
qr-code
Helping over 1 Crore job seekers every month in choosing their right fit company
65 L+

Reviews

4 L+

Interviews

4 Cr+

Salaries

1 Cr+

Users/Month

Contribute to help millions

Made with ❤️ in India. Trademarks belong to their respective owners. All rights reserved © 2024 Info Edge (India) Ltd.

Follow us
  • Youtube
  • Instagram
  • LinkedIn
  • Facebook
  • Twitter