Interview questions

18 questions

Tell me about a decision you made based on your instincts.

BehavioralSecurity Analyst

You receive a SIEM alert for a suspicious login. What data sources will you use to confirm or disprove malicious activity.

TechnicalSecurity Analyst

Microsoft6mo ago

Write a PowerShell script to detect C2 beaconing.

TechnicalSecurity Engineer

Explain to me what happens when you click on a web link.

TechnicalSecurity Analyst

Explain an XSS (cross-site scripting) attack.

TechnicalSecurity Analyst

How does malware achieve persistence on unix machines?

TechnicalSecurity Engineer

Write a query that detects repeated authentication failures from the same IP within a 10-minute window. Then explain how you would determine whether the pattern indicates malicious activity or simple user error.

TechnicalSecurity Analyst

How would you spot a phishing email?

TechnicalSecurity Analyst

What is a TCP handshake?

TechnicalSecurity Analyst

There are 3 classes of servers all with same critical vulnerability: public facing server, production databases with PII on it, and an office file share. Which one would you address first?

TechnicalSecurity Analyst

What is the OSI model?

BehavioralSecurity Engineer

Tell me about a time you walked someone through removing malware from their device.

TechnicalSecurity Analyst

Tell me about your favorite forensic artifact.

TechnicalSecurity Analyst

Microsoft6mo ago

Where would you check in Windows to investigate a malicious process?

TechnicalSecurity Engineer

Imagine you are investigating an alert in Sentinel called EDR killer. What do you think that means and how would you investigate that?

TechnicalSecurity Analyst

Department of Defense6mo ago

What is a golden ticket attack?

TechnicalSecurity Engineer

Microsoft6mo ago

What are the standard event log names on Windows machines?

TechnicalSecurity Engineer

Department of Defense6mo ago

What are Advanced Persistent Threats (APTs)?

TechnicalSecurity Engineer