Tuesday, October 28, 2008

Infosec Interview Questions (part II)

Back in March I posted an article formulating my premise for conducting interviews on forward. If, kind reader, you find this page before sitting down with an interview with me please mention this article for brownie points. With that said, some questions as well as the bloom's taxonomy reasoning applied to them in order to pinpoint an individuals level of skillset.
Remember/Knowledge


  • What's the Syntax to [scp|xcopy|robocopy|md5|net]?
  • Where do you get your infosec news from?
  • Please list the 7 layers of the OSI model.
Understand/Comprehension
  • What is the goal of infosec within a company such as this?
  • What's the difference between a risk and a threat?
Apply
  • Which layer in the OSI model do you care about most as a security analyst? Why?
  • Please describe the methodology/model for [incident response|e-discovery|forensics|network analysis|vulnerability management]
  • Hand printout of a series of characters; have individual create a regex based on a set requirement
Analyze
  • scenario: DNS reqest and 10 RRs are returned and TTL is < 300; what does this suggest?



Evaluate


  • At the deepest technical level describe how [802.11b|dns|kerberos|a network tap|a dll|a hard disk] works. please point out security weaknesses or implications while you go.
Create
  • Where do you think security will be in 5 years as a [practice|industry|concept]?
  • any sort of role play interaction

It should be reiterated that these are a subset of questions to determine security knowledge; they should be combined with other probing questions on ethics, personality, workmanship, etc.

No comments:

Post a Comment