These are 30 interview questions for information security (that apply for IT field) as follows:
1. What kind of authentication does AD use?
2. What actions would you take to change end user behavior towards InfoSec?
3. How do you ensure a secure software development? What are the best practices to be followed?
4. What’s the difference between a Proxy and a Firewall?
5. What is Cross-Site Scripting and how can it be prevented?
6. Please explain how the SSL protocol works.
7. Take me through the process of pen testing a system.
8. What is vulnerability test and how do you perform it?
9. What are the latest threats you foresee for the near future?
10. What is a Syn Flood attack, and how to prevent it?
11. What’s the difference between symmetric and asymmetric encryption?
12. What’s the difference between encryption and hashing?
13. During an audit, an interviewee is not disclosing the information being requested. How would you overcome this situation?
14. Within the PCI-DSS sphere, what is a compensating control?
15. Why should I use server certificates on my e-commerce website?
16. What’s port scanning and how does it work?
17. Please describe the steps to be taken by a company implementing an ISMS framework?
18. Why did you become (CISSP/CISA) certified?
19. Please explain how asymmetric encryption works
20. Can a server certificate prevent SQL injection attacks against your system? Please explain.
21. What’s the better approach setting up a firewall: dropping or rejecting unwanted packets and why?
22. What are the most common application security flaws?
23. What is ISO 27001 and why should a company adopt it?
24. Please describe step-by-step how you would prepare and perform an audit of any given system.
25. Do you have a home lab? If so, how do you use it to perfect your skills.
26. What is a Man In The Middle attack?
27. How would you harden a Windows Server? What about a Linux Server?
28. What do you understand by layered security approach?
29. What’s the difference between a router, a bridge, a hub and a switch?
30. Your network has been infected by malware. Please walk me through the process of cleaning up the environment.