SOC

avatar
Created by
RetailTortoise38285

Cards (21)

  • What is information security and how is it achieved?
    • Information security just means protecting the confidentiality, integrity, and availability of information. It is achieved through risk management, where you identify the valuable information, identify any assets related to that information, identify vulnerabilities, identify threats to the CIA of the information, and identify the impact to the information and the organization if an incident occurs.
  • Explain risk, vulnerability, and threat.
    • Vulnerability is a weakness in a system. Vulnerabilities are weaknesses. This means there is a gap in the protection of a system.
    • A threat is an attacker that is trying to exploit the vulnerability for their own gain.
    • Risk is the measure of potential loss when the vulnerability is exploited by the threat actor.
  • If you think of a house, a vulnerability (weakness) might be not paying the bill for your alarm monitoring company. A threat actor (burglar in this case) might use this weakness to get into your house. You would need to analyze the risk to see whether you have valuables inside of your home that justify the cost of paying for the alarm monitoring service.
  • What is the difference between asymmetric and symmetric encryption, and which one is better?
    • Symmetric encryption uses the same key to encrypt and decrypt. Asymmetric encryption uses different keys to encrypt and decrypt.
    • Both have benefits and drawbacks. Symmetric encryption is normally faster than asymmetric, but the key needs to be transferred over an unencrypted channel. Asymmetric is slower but more secure. It's best to use a hybrid of the two.
  • What is an IPS and how does it differ from an IDS?
    • An intrusion detection system (IDS) detects an intrusion and then will just alert the administrator for them to take further action.
    • An intrusion protection system (IPS) will detect the intrusion and then take action to prevent the intrusion.
  • What is the difference between encryption and hashing?
    • Encryption is reversible and hashing is one-way. Hashing can be cracked in some cases using rainbow tables and collision attacks, but it is not reversible. Hashing ensures the integrity of data, and encryption ensures the confidentiality of data.
    • A simple way to remember the difference between the two is that hashing protects the integrity of data and is one-way, and encryption is used to protect the data itself and is two-way, meaning once you encrypt something, you can then decrypt it to see the data in its original form.
  • What is a security misconfiguration?
    • A security misconfiguration is where the network, application, or device, for example, is configured to allow an attacker to exploit it easily. One of the most common security misconfigurations in both the consumer and B2B space is the use of default login credentials. Another common security misconfiguration involves cloud environments, where access to sensitive data is not restricted.
  • What are black hat, white hat, and gray hat hackers?
    • Black hat is used to describe someone who does not have the authorization to access systems or data but attempts to do so anyway. A white hat (ethical) hacker has permission from the owner. A gray hat hacker hacks without permission but does it for the greater good. A good example of a gray hat was the hacker that hacked home wireless access points (WAPs) to update the firmware, so users would be protected against a critical vulnerability
  • What is a firewall?
    • A firewall is like a gate guard. Based on a set of predefined rules, it either allows traffic or not, similar to a gate guard allowing you to go through the gate and visit Oprah or not. In modern networks, firewalls are still used but there is really no perimeter anymore due to things such as bring your own device (BYOD).
  • How do you keep yourself updated with the information security news?
    • You can use something such as Feedly to aggregate cybersecurity news into a single location for review or just follow some of the more common sources of news (such as Threatpost, The CyberWire, and The Hacker News). No one expects you to know everything that is going on, but you should have a good idea of the major news each week in the cyber world
  • The world has recently been hit by an attack (that is, SolarWinds). What would you do to protect your organization as a security professional?
    • If you have some experience, you can answer this using that as an example. If this is your first cyber role, then focus on the IR steps listed in NIST SP 800-61.
  • What is the CIA triad?
    The CIA triad can be defined as follows:
    • Confidentiality is just making sure that only the right people, systems, or applications can access data. Think of confidentiality as locking your data in a safe, and only giving access to people you trust.
    • Integrity is making sure the data has not been altered.
    • Availability is making sure the right users can access the right information when they need to. In some industries, such as critical infrastructure, availability comes before confidentiality and integrity on the priority list.
  • HIDS and NIDS – which one is better and why?
    • A host intrusion detection system (HIDS) is just an IDS that lives on a host machine. A drawback of host-based detection is it can consume a lot more processing power than a network intrusion detection system (NIDS). Both HIDSs and NIDSs perform similar actions, but an HIDS offers more visibility into suspicious activity on the endpoint.
  • What is a security policy?
    • A security policy is a document that outlines how to protect an organization from threats, and the procedures for responding to incidents
  • What are the core principles of information security?
    • The core principles are as follows: Confidentiality Integrity Availability
  • What is non-repudiation (as it applies to IT security)?
    • Non-repudiation basically means that neither the sender nor receiver of the information can deny that they processed the information. The sender or receiver could be human-to-human communication, human-to-machine, or machine-to-machine.
  • What is the relationship between information security and data availability?
    • Information security entails protecting data and ensuring that only authorized entities can access the data. Data availability just means that the authorized entities can access the data when they need to.
  • What is the difference between logical and physical security?
    • Physical security is preventing unauthorized entities from physically accessing things they should not have access to. For example, you put up a fence around your house, set up CCTV cameras, get an alarm system, and get a dog. These are all examples of physical security controls to stop unauthorized access.
    • Logical security covers the electronic form of preventing unauthorized access. You might do this through something such as using encryption for data in transit and rest so no one else can read the data.
  • What's an acceptable level of risk?
    • This depends on the risk appetite of the organization.
  • Can you give me an example of common security vulnerabilities?
    • For this question, I would keep it simple and focus on a few things such as security misconfigurations, identity and access management (IAM) of third parties, and credential reuse. You can then ask the interviewer whether they need you to expand on anything else.
  • Are you familiar with any security management frameworks, such as ISO/IEC 27002?
    • If you didn't know what this is, look it up. ISO 27002 is just a framework of security controls organizations can use to help improve their security posture. You should have at least a highlevel understanding of popular security control frameworks.