Cybersecurity Analyst Interview Questions

A comprehensive repository for security professionals, covering the CIA Triad, Network & Endpoint Security, Malware Analysis, SOC Monitoring (SIEM/SOAR), Incident Response, and Global Compliance standards.

Total Questions:475
Difficulty Levels:
BeginnerIntermediateAdvanced
0%

Overall Progress

0/475

1.What is cybersecurity and why is it important?

2.What is the CIA Triad in cybersecurity?

3.Explain Confidentiality, Integrity, and Availability.

4.What is the difference between a threat, vulnerability, and risk?

5.What is risk assessment in cybersecurity?

6.What is the AAA framework (Authentication, Authorization, Accounting)?

7.What is Defense in Depth strategy?

8.What is the principle of Least Privilege?

9.What is Zero Trust security model?

10.What is the difference between information security and cybersecurity?

11.What is a security incident vs security event?

12.What is incident response?

13.What is the incident response lifecycle?

14.What are the phases of incident response (NIST framework)?

15.What is a security breach?

16.What is data breach vs system breach?

17.What is a security policy?

18.What is acceptable use policy (AUP)?

19.What is security awareness training?

20.What is social engineering?

21.What are common social engineering techniques?

22.What is phishing?

23.What is spear phishing vs whaling?

24.What is vishing and smishing?

25.What is pretexting?

26.What is baiting in social engineering?

27.What is tailgating/piggybacking?

28.What is dumpster diving?

29.How do you prevent social engineering attacks?

30.What is security hygiene?

31.What is a firewall?

32.What is the difference between stateful and stateless firewall?

33.What is Next-Generation Firewall (NGFW)?

34.What is Web Application Firewall (WAF)?

35.What is the difference between firewall and WAF?

36.What is DMZ (Demilitarized Zone)?

37.What is network segmentation?

38.What is VLAN (Virtual Local Area Network)?

39.What is VPN (Virtual Private Network)?

40.What is the difference between site-to-site and remote access VPN?

41.What is IPsec VPN?

42.What is SSL/TLS VPN?

43.What is split tunneling in VPN?

44.What is IDS (Intrusion Detection System)?

45.What is IPS (Intrusion Prevention System)?

46.What is the difference between IDS and IPS?

47.What is network-based IDS vs host-based IDS?

48.What is signature-based detection vs anomaly-based detection?

49.What is Snort IDS?

50.What is Suricata?

51.What is DDoS attack?

52.What are types of DDoS attacks (volumetric, protocol, application layer)?

53.How do you mitigate DDoS attacks?

54.What is SYN flood attack?

55.What is UDP flood attack?

56.What is DNS amplification attack?

57.What is Man-in-the-Middle (MITM) attack?

58.What is ARP spoofing?

59.What is DNS spoofing?

60.What is session hijacking?

61.What is packet sniffing?

62.What is Wireshark?

63.What is tcpdump?

64.How do you analyze network traffic?

65.What is port scanning?

66.What is Nmap?

67.What are common Nmap commands?

68.What is banner grabbing?

69.What is network access control (NAC)?

70.What is 802.1X authentication?

71.What is MAC address filtering?

72.What is network monitoring?

73.What is NetFlow?

74.What is SIEM integration with network devices?

75.What is east-west traffic vs north-south traffic?

76.What is micro-segmentation?

77.What is VXLAN?

78.What is Software-Defined Networking (SDN) security?

79.What is zero-trust network access (ZTNA)?

80.What is secure network architecture design?

81.What is endpoint security?

82.What is antivirus vs anti-malware?

83.What is EDR (Endpoint Detection and Response)?

84.What is the difference between antivirus and EDR?

85.What is XDR (Extended Detection and Response)?

86.What is host-based firewall?

87.What is application whitelisting?

88.What is application blacklisting?

89.What is the difference between whitelisting and blacklisting?

90.What is device encryption?

91.What is full disk encryption (FDE)?

92.What is BitLocker?

93.What is FileVault?

94.What is TPM (Trusted Platform Module)?

95.What is patch management?

96.Why is patch management important?

97.What is vulnerability patching?

98.What is zero-day vulnerability?

99.What is exploit?

100.What is the difference between vulnerability and exploit?

101.What is Mobile Device Management (MDM)?

102.What is BYOD (Bring Your Own Device) security?

103.What is remote wipe capability?

104.What is USB device control?

105.What is DLP (Data Loss Prevention) for endpoints?

106.What is behavioral analysis for endpoints?

107.What is sandboxing?

108.What is memory protection?

109.What is ASLR (Address Space Layout Randomization)?

110.What is DEP (Data Execution Prevention)?

111.What is malware?

112.What are the types of malware?

113.What is a virus?

114.What is a worm?

115.What is a Trojan horse?

116.What is ransomware?

117.What is the difference between virus and worm?

118.What is spyware?

119.What is adware?

120.What is rootkit?

121.What is bootkit?

122.What is keylogger?

123.What is backdoor?

124.What is RAT (Remote Access Trojan)?

125.What is cryptojacking?

126.What is fileless malware?

127.What is polymorphic malware?

128.What is metamorphic malware?

129.What is malware analysis?

130.What is static analysis vs dynamic analysis?

131.What is sandboxed malware analysis?

132.What is behavioral analysis of malware?

133.What is reverse engineering malware?

134.What is indicators of compromise (IOC)?

135.What is YARA rules?

136.What is hash analysis (MD5, SHA-1, SHA-256)?

137.What is VirusTotal?

138.What is malware signature?

139.What is heuristic analysis?

140.What is CryptoLocker ransomware?

141.What is WannaCry ransomware?

142.How does ransomware spread?

143.How do you recover from ransomware attack?

144.What is the best defense against ransomware?

145.What is malware removal process?

146.What is quarantine in antivirus?

147.What is false positive in malware detection?

148.What is advanced persistent threat (APT)?

149.What is command and control (C2) server?

150.What is lateral movement in malware attacks?

151.What is vulnerability management?

152.What is vulnerability scanning?

153.What is vulnerability assessment?

154.What is the difference between vulnerability scan and penetration test?

155.What is Nessus?

156.What is OpenVAS?

157.What is Qualys?

158.What is vulnerability scoring?

159.What is CVSS (Common Vulnerability Scoring System)?

160.What is CVE (Common Vulnerabilities and Exposures)?

161.What is the difference between CVE and CVSS?

162.What is NVD (National Vulnerability Database)?

163.What is vulnerability prioritization?

164.What is risk-based vulnerability management?

165.What is remediation vs mitigation?

166.What is compensating control?

167.What is vulnerability lifecycle?

168.What is continuous vulnerability scanning?

169.What is authenticated vs unauthenticated scan?

170.What is agent-based vs agentless scanning?

171.What is network vulnerability scanning?

172.What is web application vulnerability scanning?

173.What is false positive vs false negative in scanning?

174.What is vulnerability reporting?

175.What is SLA for vulnerability remediation?

176.What is critical vs high vs medium vulnerability?

177.What is exploitability in vulnerability assessment?

178.What is attack surface?

179.What is attack vector?

180.What is exposure management?

181.What is penetration testing?

182.What is ethical hacking?

183.What is the difference between white hat, black hat, and grey hat?

184.What is the penetration testing methodology?

185.What are the phases of penetration testing?

186.What is reconnaissance in penetration testing?

187.What is passive reconnaissance vs active reconnaissance?

188.What is OSINT (Open Source Intelligence)?

189.What is scanning and enumeration?

190.What is exploitation phase?

191.What is post-exploitation?

192.What is privilege escalation?

193.What is lateral movement?

194.What is persistence in penetration testing?

195.What is pivoting?

196.What is Metasploit Framework?

197.What is Burp Suite?

198.What is OWASP ZAP?

199.What is Kali Linux?

200.What is Parrot OS?

201.What is web application security?

202.What is OWASP Top 10?

203.What are the OWASP Top 10 vulnerabilities (latest)?

204.What is injection attack?

205.What is SQL injection and how to prevent it?

206.What is prepared statement?

207.What is parameterized query?

208.What is broken authentication?

209.What is session management vulnerability?

210.What is session fixation?

211.What is sensitive data exposure?

212.What is encryption at rest vs in transit?

213.What is XML External Entities (XXE)?

214.What is broken access control?

215.What is horizontal privilege escalation?

216.What is vertical privilege escalation?

217.What is security misconfiguration?

218.What is default credentials risk?

219.What is directory listing vulnerability?

220.What is cross-site scripting (XSS) in detail?

221.What is DOM-based XSS?

222.What is XSS prevention techniques?

223.What is Content Security Policy (CSP)?

224.What is insecure deserialization?

225.What is using components with known vulnerabilities?

226.What is insufficient logging and monitoring?

227.What is clickjacking?

228.What is X-Frame-Options header?

229.What is open redirect vulnerability?

230.What is HTTP response splitting?

231.What is API security?

232.What is REST API security best practices?

233.What is OAuth 2.0 security?

234.What is JWT (JSON Web Token) vulnerability?

235.What is API rate limiting?

236.What is CORS (Cross-Origin Resource Sharing)?

237.What is same-origin policy?

238.What is HTTPS and SSL/TLS?

239.What is certificate pinning?

240.What is HSTS (HTTP Strict Transport Security)?

241.What is identity and access management?

242.What is authentication?

243.What is authorization?

244.What is the difference between authentication and authorization?

245.What is identification?

246.What is multi-factor authentication (MFA)?

247.What are the factors of authentication (something you know, have, are)?

248.What is two-factor authentication (2FA)?

249.What is SMS-based 2FA and its risks?

250.What is TOTP (Time-based One-Time Password)?

251.What is authenticator app?

252.What is hardware token (YubiKey)?

253.What is biometric authentication?

254.What is passwordless authentication?

255.What is Single Sign-On (SSO)?

256.What is SAML (Security Assertion Markup Language)?

257.What is OAuth vs SAML?

258.What is OpenID Connect?

259.What is federated identity?

260.What is identity provider (IdP)?

261.What is Active Directory?

262.What is LDAP (Lightweight Directory Access Protocol)?

263.What is Kerberos authentication?

264.What is NTLM authentication?

265.What is pass-the-hash attack?

266.What is Kerberoasting?

267.What is Golden Ticket attack?

268.What is privileged access management (PAM)?

269.What is just-in-time (JIT) access?

270.What is role-based access control (RBAC)?

271.What is attribute-based access control (ABAC)?

272.What is least privilege principle?

273.What is separation of duties?

274.What is access review?

275.What is account provisioning and deprovisioning?

276.What is orphaned account?

277.What is credential stuffing attack?

278.What is password spraying attack?

279.What is brute force attack on authentication?

280.What is account lockout policy?

281.What is cryptography?

282.What is encryption?

283.What is the difference between encryption and hashing?

284.What is symmetric encryption?

285.What is asymmetric encryption?

286.What is the difference between symmetric and asymmetric encryption?

287.What is AES encryption?

288.What is RSA encryption?

289.What is DES and 3DES?

290.Why is DES deprecated?

291.What is encryption key?

292.What is key length (128-bit, 256-bit)?

293.What is public key and private key?

294.What is public key infrastructure (PKI)?

295.What is digital certificate?

296.What is certificate authority (CA)?

297.What is X.509 certificate?

298.What is SSL/TLS protocol?

299.What is TLS 1.2 vs TLS 1.3?

300.What is SSL certificate types (DV, OV, EV)?

301.What is self-signed certificate?

302.What is certificate chain?

303.What is certificate pinning?

304.What is certificate revocation?

305.What is CRL (Certificate Revocation List)?

306.What is OCSP (Online Certificate Status Protocol)?

307.What is hashing?

308.What is hash function?

309.What is MD5 hash?

310.What is SHA-1, SHA-256, SHA-512?

311.Why is MD5 insecure?

312.What is collision in hashing?

313.What is salted hash?

314.What is rainbow table?

315.What is HMAC (Hash-based Message Authentication Code)?

316.What is digital signature?

317.What is code signing?

318.What is end-to-end encryption (E2EE)?

319.What is perfect forward secrecy (PFS)?

320.What is Diffie-Hellman key exchange?

321.What is security monitoring?

322.What is SIEM (Security Information and Event Management)?

323.What is the difference between SIEM and log management?

324.What is SOAR (Security Orchestration, Automation and Response)?

325.What is the difference between SIEM and SOAR?

326.What is Splunk?

327.What is IBM QRadar?

328.What is ArcSight?

329.What is LogRhythm?

330.What is Elastic Stack (ELK)?

331.What is log aggregation?

332.What is log correlation?

333.What is security event?

334.What is alert vs event?

335.What is false positive in SIEM?

336.What is alert tuning?

337.What is alert fatigue?

338.What is use case in SIEM?

339.What is correlation rule?

340.What is baseline in security monitoring?

341.What is anomaly detection?

342.What is behavior analytics (UEBA)?

343.What is user and entity behavior analytics?

344.What is threat intelligence?

345.What is threat feed?

346.What is IOC (Indicator of Compromise)?

347.What is TTPs (Tactics, Techniques, and Procedures)?

348.What is MITRE ATT&CK framework?

349.What is Cyber Kill Chain?

350.What is Diamond Model of Intrusion Analysis?

351.What is security incident investigation?

352.What is log retention policy?

353.What is compliance logging?

354.What is audit trail?

355.What is forensic analysis of logs?

356.What is time synchronization (NTP) importance?

357.What is security dashboard?

358.What is KPI vs KRI in security?

359.What is mean time to detect (MTTD)?

360.What is mean time to respond (MTTR)?

361.What is incident response plan?

362.What is incident response team roles?

363.What is preparation phase in incident response?

364.What is detection and analysis phase?

365.What is containment strategy?

366.What is short-term vs long-term containment?

367.What is eradication phase?

368.What is recovery phase?

369.What is post-incident activity?

370.What is lessons learned meeting?

371.What is incident severity classification?

372.What is incident prioritization?

373.What is incident communication plan?

374.What is escalation procedure?

375.What is runbook vs playbook?

376.What is security playbook?

377.What is digital forensics?

378.What is forensic investigation process?

379.What is evidence collection?

380.What is chain of custody?

381.What is evidence preservation?

382.What is forensic imaging?

383.What is write blocker?

384.What is dd command for imaging?

385.What is FTK Imager?

386.What is memory forensics?

387.What is volatile vs non-volatile data?

388.What is RAM analysis?

389.What is disk forensics?

390.What is file carving?

391.What is deleted file recovery?

392.What is network forensics?

393.What is packet capture analysis?

394.What is timeline analysis?

395.What is log analysis in forensics?

396.What is rootkit detection?

397.What is anti-forensics techniques?

398.What is steganography detection?

399.What is malware analysis in forensics?

400.What is breach notification requirements?

401.What is security compliance?

402.What is regulatory compliance?

403.What is PCI-DSS?

404.What is HIPAA?

405.What is GDPR?

406.What is SOX (Sarbanes-Oxley)?

407.What is ISO 27001?

408.What is NIST Cybersecurity Framework?

409.What is CIS Controls?

410.What is SOC 2 (Type I and Type II)?

411.What is FISMA?

412.What is FedRAMP?

413.What is security audit?

414.What is internal audit vs external audit?

415.What is vulnerability assessment vs compliance scan?

416.What is security policy?

417.What is security standard?

418.What is security procedure?

419.What is security baseline?

420.What is configuration management?

421.What is change management?

422.What is risk management?

423.What is risk assessment methodology?

424.What is quantitative vs qualitative risk assessment?

425.What is risk register?

426.What is risk treatment options (accept, mitigate, transfer, avoid)?

427.What is residual risk?

428.What is business impact analysis (BIA)?

429.What is disaster recovery plan (DRP)?

430.What is business continuity plan (BCP)?

431.What is RTO (Recovery Time Objective)?

432.What is RPO (Recovery Point Objective)?

433.What is security awareness program?

434.What is phishing simulation?

435.What is security training effectiveness?

436.What is insider threat program?

437.What is data classification?

438.What is data handling policy?

439.What is acceptable use policy?

440.What is vendor risk management?

441.What is third-party risk assessment?

442.What is security questionnaire?

443.What is penetration testing compliance?

444.What is vulnerability disclosure policy?

445.What is bug bounty program?

446.You notice unusual outbound traffic at 3 AM - what do you do?

447.A user reports a phishing email - what are your steps?

448.Multiple failed login attempts detected - how do you respond?

449.Ransomware detected on one endpoint - what's your action plan?

450.User complains their account was compromised - investigation steps?

451.Port scan detected from external IP - what do you check?

452.Alert shows data exfiltration to unknown destination - response?

453.Critical vulnerability found in production server - how to handle?

454.CEO's credentials found on dark web - what do you do?

455.Suspicious PowerShell script execution - how to investigate?

456.New malware variant not detected by antivirus - next steps?

457.DDoS attack targeting your website - mitigation strategy?

458.Insider threat suspected - how do you investigate?

459.Zero-day exploit announced for software you use - actions?

460.Audit shows unpatched systems - how to prioritize?

461.User bypassed security controls - how to address?

462.Security tool generating too many false positives - solution?

463.Compliance audit in 2 weeks, gaps identified - plan?

464.Third-party vendor breached - what's your response?

465.Cryptojacking detected on servers - remediation steps?

466.Privileged account misuse detected - investigation approach?

467.IoT device on network behaving suspiciously - actions?

468.Former employee still has access - what to check?

469.Security budget cut - how to prioritize spending?

470.New regulation announced - compliance implementation plan?

471.What is the difference between DAST and SAST?

472.What is a 'Honey Pot'?

473.What is 'Port Mirroring'?

474.What is 'Entropy' in security?

475.What is 'Shadow IT'?