├── .github └── workflows │ └── semgrep.yml ├── README.md └── security-interview-questions.md /.github/workflows/semgrep.yml: -------------------------------------------------------------------------------- 1 | on: 2 | workflow_dispatch: {} 3 | pull_request: {} 4 | push: 5 | branches: 6 | - main 7 | - master 8 | paths: 9 | - .github/workflows/semgrep.yml 10 | schedule: 11 | # random HH:MM to avoid a load spike on GitHub Actions at 00:00 12 | - cron: 0 8 * * * 13 | name: Semgrep 14 | jobs: 15 | semgrep: 16 | name: semgrep/ci 17 | runs-on: ubuntu-20.04 18 | env: 19 | SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} 20 | container: 21 | image: returntocorp/semgrep 22 | steps: 23 | - uses: actions/checkout@v3 24 | - run: semgrep ci 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Security_Engineer_Interview_Questions 2 | 3 | I spent a couple hours the spring of 2016 reading through Glassdoor.com to see what users submitted for security questions they'd received while interviewing for security engineer jobs. I wrote down all of them that weren't duplicates and that's what you've got: raw job interview questions. These are apparently the same questions asked by Google, Salesforce, LinkedIn, etc. 4 | 5 | I purposefully didn't map the question to a company. That's not the point of this repo. Learning is. 6 | 7 | Security is difficult to get your arms around, much less your brain. I sorted the questions into logical topic groups, though. I'm also answering the questions periodically at https://medium.com/@theporkskewer. 8 | 9 | Here are a few additional resources if you found this topic helpful: 10 | * [Security_Architect_and_Principal_Security_Engineer_Interview_Questions](https://github.com/tadwhitaker/Security_Engineer_Interview_Questions) 11 | * [Beginners Mind vs. Imposter Syndrome](https://theporkskewer.medium.com/beginners-mind-vs-imposter-syndrome-996c6a2d2ffa) 12 | [* So You Want To Get Into Cybersecurity](https://medium.com/@theporkskewer/so-you-want-to-get-into-cyber-security-ca6864e71c34) 13 | 14 | Lastly, if you find value in this list of questions, please consider making a donation to the [[HS]2](https://hs2.crms.org/our-impact/) program at the Colorado Rocky Mountain School. It prepares cohorts of first-generation and/or low-income inner-city students of color to succeed in college by empowering them with STEM-based skills, a family of driven peers, and a space to see the light and power in their own voices in an amazing outdoor environment they ordinarily have no access to. Even $1 helps by demonstrating broad support to larger institutions considering donations. 15 | -------------------------------------------------------------------------------- /security-interview-questions.md: -------------------------------------------------------------------------------- 1 | # Encryption and Authentication 2 | 3 | * What is a three-way handshake? 4 | * How do cookies work? 5 | * How do sessions work? 6 | * Explain how OAuth works. 7 | * Explain how JWT works. 8 | * What is a public key infrastructure flow and how would I diagram it? 9 | * Describe the difference between synchronous and asynchronous encryption. 10 | * Describe SSL handshake. 11 | * How does HMAC work? 12 | * Why HMAC is designed in that way? 13 | * What is the difference between authentication vs authorization name spaces? 14 | * What’s the difference between Diffie-Hellman and RSA? 15 | * How does Kerberos work? 16 | * If you're going to compress and encrypt a file, which do you do first and why? 17 | * How do I authenticate you and know you sent the message? 18 | * Should you encrypt all data at rest? 19 | * What is Perfect Forward Secrecy? 20 | 21 | # Network Level and Logging 22 | * What are common ports involving security, what are the risks and mitigations? 23 | * Which one for DNS? 24 | * Describe HTTPs and how it is used. 25 | * What is the difference between HTTPS and SSL? 26 | * How does threat modeling work? 27 | * What is a subnet and how is it useful in security? 28 | * What is subnet mask? 29 | * Explain what traceroute is. 30 | * Draw a network, then expect them to raise an issue and have to figure out where it happened. 31 | * Write out a Cisco ASA firewall configuration on the white board to allow three networks unfiltered access, 12 networks limited access to different resources on different networks, and 8 networks to be blocked altogether. 32 | * Explain TCP/IP concepts. 33 | * What is OSI model? 34 | * How does a router differ from a switch? 35 | * Describe the Risk Management Framework process and a project where you successfully implemented compliance with RMF. 36 | * How does a packet travel between two hosts connected in same network? 37 | * Explain the difference between TCP and UDP. 38 | * Which is more secure and why? 39 | * What is the TCP three way handshake? 40 | * What is the difference between IPSEC Phase 1 and Phase 2? 41 | * What are biggest AWS security vulnerabilities? 42 | * How do web certificates for HTTPS work? 43 | * What is the purpose of TLS? 44 | * Is ARP UDP or TCP? 45 | * Explain what information is added to a packet at each stop of the 7 layer OSI model. 46 | * Walk through a whiteboard scenario for your environment of choice (Win/Linux) in which compromising the network is the goal without use of social engineering techniques (phishing for credential harvesting, etc). 47 | * Explain how you would build a web site that could secure communications between a client and a server and allow an authorized user to read the communications securely. 48 | * How does an active directory work? 49 | * Do you know how Single Sign-On works? 50 | * What is a firewall? 51 | * How does it work? 52 | * How does it work in cloud computing? 53 | * Difference between IPS and IDS? 54 | * How do you build a tool to protect the entire Apple infra? 55 | * How do you harden a system? 56 | * How do you elevate permissions? 57 | * Describe the hardening measures you've put on your home network. 58 | * What is traceroute? Explain it in details. 59 | * How does HTTPS work? 60 | * What would you do if you discovered an infected host? 61 | * What is SYN/ACK and how does it work? 62 | * You got the memory dump of a potentially compromised system, how are you going to approach its analysis? 63 | * How would you detect a DDOS attack? 64 | * How does the kernel know which function to call for the user? 65 | * How would you go about reverse-engineering a custom protocol packet? 66 | 67 | # OWASP Top 10, Pentesting and/or Web Applications 68 | 69 | * Differentiate XSS from CSRF. 70 | * What do you do if a user brings you a pc that is acting 'weird'? You suspect malware. 71 | * What is the difference between tcp dump and FWmonitor? 72 | * Do you know what XXE is? 73 | * Explain man-in-the-middle attacks. 74 | * What is a Server Side Request Forgery attack? 75 | * Describe what are egghunters and their use in exploit development. 76 | * How is pad lock icon in browser generated? 77 | * What is Same Origin Policy and CORS? 78 | 79 | # Databases 80 | 81 | * How would you secure a Mongo database? 82 | * Postgres? 83 | * Our DB was stolen/exfiltrated. It was secured with one round of sha256 with a static salt. 84 | * What do we do now? 85 | * Are we at risk? 86 | * What do we change? 87 | * What are the 6 aggregate functions of SQL? 88 | 89 | # Tools and Games 90 | 91 | * Have I played CTF? 92 | * Would you decrypt a steganography image? 93 | * You're given an ip-based phone and asked me to decrypt the message in the phone. 94 | * What CND tools do you knowledge or experience with? 95 | * What is the difference between nmap -ss and nmap -st? 96 | * How would you filter xyz in Wireshark? 97 | * Given a sample packet capture - Identify the protocol, the traffic, and the likelihood of malicious intent. 98 | * If left alone in office with access to a computer, how would you exploit it? 99 | * How do you fingerprint an iPhone so you can monitor it even after wiping it? 100 | * How would you use CI/CD to improve security? 101 | * You have a pipeline for Docker images. How would you design everything to ensure the proper security checks? 102 | * How would you create a secret storage system? 103 | * What technical skill or project are you working on for fun in your free time? 104 | * How would you harden your work laptop if you needed it at Defcon? 105 | * If you had to set up supply chain attack prevention, how would you do that? 106 | 107 | # Programming and Code 108 | 109 | * Code review a project and look for the vulnerability. 110 | * How would you conduct a security code review? 111 | * How can Github webhooks be used in a malicious way? 112 | * If I hand you a repo of source code to security audit what’s the first few things you would do? 113 | * Can I write a tool that would search our Github repos for secrets, keys, etc.? 114 | * Slack? 115 | * https://arstechnica.com/security/2016/04/hacking-slack-accounts-as-easy-as-searching-github/ 116 | * AWS? 117 | * Etc. 118 | * Given a CVE, walk us through it and how the solution works. 119 | * Tell me about a repetitive task at work that you automated away. 120 | * How would you analyze a suspicious email link? 121 | 122 | # Compliance 123 | 124 | * Can you explain SOC 2? 125 | * What are the five trust criteria? 126 | * How is ISO27001 different? 127 | * Can you list examples of controls these frameworks require? 128 | * What is the difference between Governance, Risk and Compliance? 129 | * What does Zero Trust mean? 130 | * What is role-based access control (RBAC) and why is it covered by compliance frameworks? 131 | * What is the NIST framework and why is it influential? 132 | * What is the OSI model? 133 | --------------------------------------------------------------------------------