Information Security Officer Interview Preparation Guide

Strengthen your Information Security Professional interview skills with our collection of 95 important questions. Each question is designed to test and expand your Information Security Professional expertise. Suitable for all experience levels, these questions will help you prepare thoroughly. Access the free PDF to get all 95 questions and give yourself the best chance of acing your Information Security Professional interview. This resource is perfect for thorough preparation and confidence building.
Tweet Share WhatsApp

95 Information Security Professional Questions and Answers:

1 :: Do you know what is the 80/20 rule of networking?

80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain local while 20% is routed towards a remote network.
Download PDFRead All Information Security Professional Questions

2 :: What is security Essentials (GSEC)?

It declares that candidate is expert in handling basic security issues- it is the basic certification in security

3 :: Explain me what’s more secure, SSL or HTTPS?

Trick question: these are not mutually exclusive. Look for a smile like they caught you in the cookie jar. If they’re confused, then this should be for an extremely junior position.

4 :: Tell me what’s the difference between symmetric and public-key cryptography?

Standard stuff here: single key vs. two keys, etc, etc.

5 :: Tell me what port does ping work over?

A trick question, to be sure, but an important one. If he starts throwing out port numbers you may want to immediately move to the next candidate. Hint: ICMP is a layer 3 protocol (it doesn’t work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols.
Download PDFRead All Information Security Professional Questions

6 :: Tell me what kind of attack is a standard Diffie-Hellman exchange vulnerable to?

Man-in-the-middle, as neither side is authenticated.

7 :: Do you know what’s the difference between HTTP and HTML?

Obviously the answer is that one is the networking/application protocol and the other is the markup language, but again, the main thing you’re looking for is for him not to panic.

8 :: Explain what is the primary reason most companies haven’t fixed their vulnerabilities?

This is a bit of a pet question for me, and I look for people to realize that companies don’t actually care as much about security as they claim to–otherwise we’d have a very good remediation percentage. Instead we have a ton of unfixed things and more tests being performed.

Look for people who get this, and are ok with the challenge.

9 :: Tell us what project that you have built are you most proud of?

For some people, this would be the first computer they ever built, or the first time they modified a game console, or the first program they wrote, the list can go on and on. In my case, that would be a project for work that I was working on for years. It started out as an Excel spreadsheet that the Engineering department were using to keep track of their AutoCAD drawings, and ended up evolving through a couple hundred static HTML pages, an Access Database and frontend, and finally to a full on web application running in MySQL and PHP. This simple little thing ended up becoming an entire website with dedicated Engineering, Sales and Quality web apps used by the company globally, which just goes to show you you never know where something might lead.

10 :: Do you know what is XSS?

Cross-site scripting, the nightmare of Javascript. Because Javascript can run pages locally on the client system as opposed to running everything on the server side, this can cause headaches for a programmer if variables can be changed directly on the client’s webpage. There are a number of ways to protect against this, the easiest of which is input validation.
Download PDFRead All Information Security Professional Questions