266 shares

January 13, 2020

61 Cybersecurity Job Interview Questions

and Answers
Roger Huang

As with any job interview, an applicant for a cybersecurity position needs to speak knowledgeably about the speci c job’s responsibilities
and the eld in general. Information security job interview questions might revolve around one speci c task—say, designing rewalls or
safeguarding information in certain applications.

However, depending on the role and how encompassing it is, cybersecurity analyst interview questions may require showing a breadth of
knowledge regarding various technologies and programming languages. And given that cybersecurity positions involve protecting
sensitive business data, you must prove that you are trustworthy, reliable, and possess problem-solving skills, ingenuity, and calm when
facing a di cult situation.

These 61 sample cybersecurity interview questions should give you an idea of what to expect when interviewing with a well-respected
organization like MITRE, Deloitte, Accenture, Cisco, Google, Lockheed, and others. Preparation is the key to making a good impression and
landing a job in cybersecurity, so study these questions carefully.

Looking for a comprehensive cybersecurity bootcamp? Check out Springboard’s new Cyber Security Career Track, in partnership with
CompTIA.

Getting-to-Know-You Questions
Before delving into the more technical aspects of what the job will require, your interviewer may want to get a sense of who you are. They
may be interested in where you are in your career and ask about your background and schooling.

For these types of security analyst interview questions, you should have a brief, concise elevator pitch. Tell them who you are, what you’ve
done, and what you’re looking to do next. Highlight your achievements and skills, what you’ve learned, and how you want to apply your
knowledge to your next position.
1. Why are you looking for a new position?
An interviewer asking this wants to understand what has prompted a change in your career. Are you looking for more responsibility? A
266
chance to shares
expand your skillset? Do you feel that you outgrew your old position? Are you looking for more pay and less travel? Well then,
why do you deserve more money, and how are you more e cient working more from a central location? Explain your motivation for nding
a new job in a way that shows that you view this new position as a positive change for both you and the organization.

2. What are your greatest strengths and accomplishments?

Take the opportunity to show how you helped your old company. Did you design its latest rewalls that prevented breaches? Did you
reroute the routers? Help with information access security? Do you work well with people and show leadership skills? Talk about the types
of technology you know well and how you made a positive impact in your last position. Explain how you built solid relationships with your
coworkers and how you all worked together on successful projects—and how you intend to do the same at this new company.

3. What are your greatest weaknesses? (Related: How did you overcome a problem?)
Everyone makes mistakes, and no one is good at everything. You should honestly assess what you can improve and how you plan to show
that improvement in your new role. Dig into your past: You might have overseen the response to a breach or some other serious problem.
It might not have been your fault, but how you handled it shows your professionalism, problem-solving abilities. and perhaps even outside-
of-the-box thinking. Show that you are willing to learn from mistakes, even if they’re not your own, and that you can handle a crisis. Explain
how you took responsibility and stepped up to be a leader.

4. How do you envision your rst 90 days on the job?

Your answer should encompass how you intend to meet with your team members to nd out more about them and how you can work
together. You should talk about how you will prioritize gaining an understanding of what your managers need from you and what all the
stakeholders hope to achieve while also building strong rapport with your co-workers. You should ask what you can do to make an impact
right away. Talk about how you intend to learn and get into the midst of business as soon as you can.

(Get some additional insight from a recruiter here.)

Technical Interview Questions

At some point, the interviewer will turn to more technical and cybersecurity-focused questions to determine how well you would do in the
position. You need to display your cybersecurity knowledge and give examples from your work history of how you performed tasks and
prevented or solved problems. Some of these are fundamental de nitions, while others require more thoughtful responses, but all should
be part of your interview arsenal, including network security interview questions, technical questions on tools, and questions you might
see in a Security+ certi cation test or a CEH.

5. What is on your home network?

Your home network is typically a test environment. How you work with it gives an indication of what you would do with someone else’s
network.

6. What is the di erence between a threat, a vulnerability, and a risk?

Answering this question calls for a deep understanding of cybersecurity and anyone working in the eld should be able to give a strong
response. You should expect a follow-up question asking which of the three to focus more on. A simple way to put it: a threat is from
someone targeting a vulnerability (or weakness) in the organization that was not mitigated or taken care of since it was not properly
identi ed as a risk.

7. How do you go about securing a server?

You might want to break this answer down into steps, especially if it refers to a speci c type of server. Your answer will give a glimpse into
your decision-making abilities and thought process. There are multiple ways to answer this question, just as there are multiple ways to
secure a server. You might reference the concept of trust no one or the principle of least privilege. Let your expertise guide your response
to this question and the others following it.

8. Why is DNS monitoring important?

Some argue that this is not necessary and that saying otherwise indicates that there are weaknesses in the domain name services. Others
say DNS monitoring is prudent because DNS queries are a data-ex ltration vector from networks that allow any host to communicate to
the Internet on Port 53.
266 shares

9. What port does ping work over?

Watch out for this. Ping is a layer-3 protocol like IP; ports are an element of the layer-4 protocols TCP and UDP.

10. What is the di erence between encoding, encrypting, and hashing?

This question should inspire a short conversation about encryption, which gives you the chance to explain your knowledge of it. Though
you’re often going to be implementing and choosing between encryption systems rather than building them, it should be something that
you know about in theory.

(There’s more on encryption here.)

11. What is SSL?

SSL is a standard security technology for creating an encrypted link between a server and a client (usually a web server and a web
browser).

12. What are the di erences between HTTPS, SSL, and TLS?
HTTPS is hypertext transfer protocol and secures communications over a network. TLS is transport layer security and is a successor
protocol to SSL. You have to demonstrate that you know the differences between the three and how network-related protocols are used to
understand the inherent risks involved.

13. What sorts of anomalies would you look for to identify a compromised system?
There are multiple ways to answer this, but again, you need to show your expertise and ingenuity. One possible answer is drawing out a
basic network architecture with its IPS/IDS, rewalls, and other security technologies to describe the type of tra c and other signs of
compromise. This is the sort of answer you’ll need to tackle in order to resolve network security interview questions.

14. If you had to both compress and encrypt data during a transmission, which would you do rst?
Compress and then encrypt, since encrypting rst might make it hard to show compression having much of an effect.

15. Which of the following would be MOST appropriate if an organization’s requirements mandate
complete control over the data and applications stored in the cloud?
1. Hybrid cloud
2. Community cloud
3. Private cloud
4. Public cloud

Answer: 3

16. How would you defend against a cross-site scripting (XSS) attack?
Every cybersecurity professional should know this, even if it is di cult to answer. Come prepared with a thoughtful, concise plan for
defending against this JavaScript vulnerability.

17. What are the di erences between cybersecurity in the cloud and on-premises?
Show that you understand the security risks inherent to both and which might be more appropriate for the company. It’ll be good to trace
out your thinking as it might form a critical component of network security interview questions.

18. What does RDP stand for?

Remote desktop protocol and its port number is 3389.

266 shares
19. What is the di erence between symmetric and asymmetric encryption?
Symmetric encryption uses the same key to encrypt and decrypt, while asymmetric encryption uses different keys for encryption and
decryption. Asymmetric encryption is commonly used to secure an initial key-sharing conversation, but then the actual conversation is
secured using symmetric crypto. Communication using symmetric crypto is usually faster due to the slightly simpler math involved in the
encryption/decryption process and because the session setup doesn’t involve PKI certi cate checking.”

(For more reading: What Is PKI and How Does It Bolster Your Cybersecurity Defenses?)

20. What is the di erence between UDP and TCP?

Both are protocols for sending packets of information over the internet and are built on top of the internet protocol. TCP stands for
transmission control protocol and is more commonly used. It numbers the packets it sends to guarantee that the recipient receives them.
UDP stands for user datagram protocol. While it operates similarly to TCP, it does not use TCP’s error-checking abilities, which speeds up
the process, but makes it less reliable.

21. What is a traceroute?

A traceroute, or tracert, can help you see where a breakdown of communications occurred. It shows what routers you touch as you move
along to your nal destination. If there is somewhere you cannot connect, you can see where it happened.

22. What is Snort?

Snort is a free open-source intrusion detection software. You should be familiar with different cybersecurity tools and their potential uses,
a common topic that is tested in the Security+ certi cation from CompTIA.

23. What is vishing?

Vishing is when somebody impersonates somebody you trust through voice calls to get you to reveal to them sensitive and private
information. It is a variant of phishing attacks, except the main difference is that it is mostly conducted via voice rather than written text.

24. What is a black box penetration test?

A black box penetration test is one where the tester is given no access to company systems or information and has only public
information to go on. While many cybersecurity roles don’t require you to conduct penetration tests, you should at least know the basics
involved with them.

25. What is the fastest way to crack a hashed password?

Rainbow tables provide pre-computed results for cracking hashed passwords and is one of, if not the fastest way to un-hash a password.

26. What are the default ports for HTTP and for HTTPS?
The default port for HTTP is 80, while the default port for HTTPS, the secure version of HTTP, is 443.

27. What is sideloading?

Sideloading is the act of downloading apps outside of o cial app stores, either on Apple or Android. This is something that puts people at
increased risk of downloading malware, as the apps are not approved by the app store providers. As a matter of company policy, most
companies will try to prevent sideloading on any company-issued mobile devices.

28. What is the protocol used for secure le transfers?

SFTP uses SSH and securely transmits les, as opposed to FTPS which uses the unsecured FTP protocol. Secure le transfers should use
the SFTP protocol.
29. What are honeypots?
Honeypots are targets placed for an attack in order to study how different attackers are attempting exploits. While often used in an
266 shares
academic setting, private organizations and governments can use the same idea to study their vulnerabilities.

30. What is a clean desk policy?

A clean desk policy is something that ensures all data is secure even when employees are not at work. This is a critical part of
cybersecurity as data security should not be dependent on employees showing up to work all the time.

31. What is a BYOD policy and what’s an easy security measure to help mitigate some of the risks?
BYOD policy stands for “bring your own device”, allowing employees to bring their own devices. Setting up a guest WiFi network allows for
segmentation from these possibly untrusted devices and core networks.

32. Which of the following works by implanting software on systems but delays execution until a speci c
set of conditions are met?
1. Logic bomb
2. Trojan
3. Scareware
4. Ransomware

Answer: 1

33. What is a polymorphic virus?

A polymorphic virus is one that changes to avoid detection and then returns to its routine code when scans are done in order to neutralize
anti-virus measures.

34. What port is typically used by Telnet?

Telnet typically uses port 23. There may be a few questions like this (that are certainly present on the Security+ exam itself) that test your
general knowledge of networking and the overall layout of ports and the standards used for each one.

35. What is a null session?

A null session is one where the user is not authenticated by either username or password. It can be a bit of a security risk for applications
since this means that the person behind the request is unknown.

36. What is the di erence between spear phishing and phishing?

Spear phishing is a phishing attack targeted towards a limited number of high-priority targets — oftentimes just one. Phishing usually
involves a mass targeted email or message that targets large groups of people. This means that practically speaking, spear-phishing will
be much more individualized and probably more well-researched (for the individual) while phishing is more like an actual shing expedition
that catches whoever bites the hook.

37. What is it called when a user is attacked by directing them to what they think is a legitimate site, but
which is actually a scam site?
This is called pharming. An attacker will often use another sort of attack to impersonate a real site and then get users to submit
information to a scam one.

38. Why should 802.1X wireless connections always be encrypted?

802.1X wireless links will be passed in clear form without any encryption. Data emanation occurs because 802.1X wireless transmits
radio-frequency signals that can be detectable. Attackers can amplify the signal and sniff the tra c and see what’s being transmitted with
almost no effort if there is no encryption.
39. What’s the di erence between auditing and logging?
Auditing involves going through logs and looking for events, while logging is simply compiling events into logs. You can think of it as
266
usually being a two-part process: rst, you log events, then you audit your logs to see if anything is abnormal.
shares

40. Which of the following is the BEST reason for placing a password lock on a mobile device?
1. Prevents an unauthorized user from accessing the owner’s data
2. Enables remote wipe capabilities
3. Stops an unauthorized user from using the device again
4. Prevents an unauthorized user from making phone calls

Answer: 1

41. Why might you do a vulnerability assessment instead of a penetration test?

Vulnerability assessments tend to be less expensive and take less time than a penetration test. They’re also lower-risk: a penetration test
will involve actual exploits of production-level services, which might lead to disruption or downtime for critical services.

42. What kind of cookie would a spyware attack typically use?

A spyware attack would typically use a tracking cookie rather than a session cookie, which would persist across different sessions rather
than stopping at one session.

43. What is shoulder sur ng?

Shoulder sur ng is a physical attack that involves actually physically sneaking looks at people’s screens as they’re typing in information in
a semi-public space.

44. What is the di erence between a worm and a virus?

The difference between the two is subtle, but it involves the self-replicating nature of worms, which can spread from system to system in a
network, while a virus oftentimes tends to be self-contained in one system. This is a critical example of a set of network security interview
questions you might encounter.

45. What should be the steps taken to prevent outdated software from being exploited?
There’s a ne balance of issues here. Obviously, the most protective step would be to unbranch certain systems from the Internet itself, or
to prevent the installation of certain software. But that’s not a step that marries usability and security very well. Instead, the appropriate
step is to keep posted on breaking security bulletins and updates, and to use the Internet and web tools to monitor for upcoming
vulnerabilities, for example, with the CVE database.

46. Which of the following attacks involves the use of previously captured network tra c?
1. Replay
2. Smurf
3. Vishing
4. DDoS

Answer: 1

47. What is it called when somebody is forced to reveal cryptographic secrets through physical threats?
Attacks like this when you have somebody reveal their secrets due to physical threats are called a rubber hose attack.

48. What tool would you use to quickly search through logs with regular expression?
This is more of an advanced question, something you might see on a more advanced certi cation such as the CEH rather than an intro-
level interview. Yet, it’s worth going through a few of those to describe the work ow involved with scripting and programming. You would
probably use a tool such as grep. In an interview setting, you might be asked to describe what regular expressions and patterns you use to
quickly locate key events.

266 shares
49. How would you XOR the two following numbers?
The XOR is a critical function in cryptography where there’s additive encryption. There’s encryption and decryption that can rely on this.
For more advanced cybersecurity roles, you might want to know how to go back and forth between two different numbers.

50. What is the best standard for a botnet to communicate?

Either HTTP or IRC, since those are the fastest for communication between multiple clients. This is something you would only really know
if you were thinking through defensive and offensive operations with tons of different clients like botnets, and will be more of an advanced
cybersecurity issue.

(Check out Glassdoor for more examples of technical questions for cybersecurity analysts and cybersecurity engineers.)

Wrapping Up
After going through his or her list of technical questions to gauge your knowledge and expertise, an interviewer will wrap up with a few
nal questions that give you a chance to make a lasting impression.

51. What tech blogs do you follow?

Show that you stay current by telling the interviewer how you get your cybersecurity news. These days, there are blogs for everything, but
you might also have news sites, newsletters, and books that you can reference.

52. What do you do in your spare time outside of cybersecurity?

The interviewer is hoping to get a better sense of you as a person to determine whether you’re trustworthy, reliable, and of good character.
He or she also wants to see if you would be a good culture t and someone others would enjoy collaborating with. You don’t need to get
too personal with the details, but you can talk about your hobbies, your family, the last vacation you took, or how often you like to work out,
among other things. Show some personality here.

53. Where do you see yourself in ve years?

Most people expect to advance in their cybersecurity careers in ve years, which could mean a promotion or raise (or a few). Emphasize
how you are looking to further your knowledge and skills—and how that will bene t the company. Tell the interviewer that you see yourself
moving up to a more senior position and continuing to contribute to the organization in a signi cant way. Drive home the point that the
investment made in you will be a good one.

54. Do you have any questions?

This is your chance to nd out more about the company and position. Remember that an interview is a two-way street. You are
interviewing them as much as they are interviewing you (even though it doesn’t always feel that way). Ask about the work environment and
what the company expects of you. Find out more about the day-to-day responsibilities and whether there are any special projects on the
horizon. And see if you and the company are a good t culture-wise.

55. Where do you get your cybersecurity news?

This question is meant to test how on top you are of cybersecurity developments and how sophisticated your sources are. Strive to
answer with more speci c niche resources, such as well-known security researchers like Bruce Schneier rather than more mainstream
sources for the average audience.

56. What do you think about the SolarWinds hack?

This kind of question tracks how you’re keeping up to date with recent cybersecurity breaches, an important quality in anybody looking to
break into a fast-moving eld such as cybersecurity. There’s a blog post about this particular topic from Brad Smith, the President of
Microsoft. As of the time of publishing for this article, this was the most trending cybersecurity breach — but the general point is to stay on
top of cybersecurity events and the approaches attackers use with high-quality, vetted sources.
57. What’s your personal threat model?
An interesting question that looks into how you think about cybersecurity on a personal basis. Have you been introspective enough to
266 shares
think about what data might be at risk in your current job? With your personal life? The way this mentality extends to proactive
consideration of cybersecurity can make you look good in front of any potential employers.

58. How do you keep your data protected?

As you might become a custodian and guardian of company data, showing that you have personal discipline and a process for protecting
your own data can be important. You’ll want to cite the use of strong passwords, two-factor authentication, and any steps you’ve taken to
secure your home network or devices from attacks, including full-disk encryption and even perhaps physical security measures.

59. What’s something you’ve learned from failure?

As you might have to confront the risk of failure in any defensive cybersecurity role, understanding the amount of introspection and
thought you put into learning from failure is a critical trait. Prepare some case studies and some deeper answers—spend the time really
thinking through when something didn’t go right at work and what you did to bounce back.

60. How familiar are you with industry cybersecurity law?

This kind of question tests your knowledge of the legal frameworks and requirements in different industries. If you’re applying for a job
with a sensitive regulated industry (such as nancial services or healthcare), you’ll want to be proactive and do research around the
guidelines and laws governing that industry.

61. Teach me something in ve minutes.

This kind of question tests your communication skills—a critical trait to have as a cybersecurity professional. Make sure you’ve practiced
and can demonstrate clear communication as well as some story-telling.

Be sure to have done your research on what a typical cybersecurity position like this pays and what you should expect in compensation at
this stage of your career. Also, nish the interview with a brief summation of your strengths and how you are a good t for the position.

Use the questions the interviewer asked and your answers to emphasize the skills you have that they are looking for. More than anything
else, remain con dent during the interview and be yourself. Companies invest in people, and you are not a robot giving out rote answers.
You are a person with valuable experience that you can draw on to answer cybersecurity questions and make the case that you are the
right person for the job.

Is cybersecurity the right career for you?

According to Cybersecurity Ventures, the cybersecurity industry is expected to have 3.5 million high-paying, un lled jobs this year. With
Springboard’s comprehensive Cyber Security Career Track, you’ll work 1:1 with an industry-mentor to learn key aspects of information
technology, security software, security auditing, and nding and xing malicious code. Learning units include subject-expert approved
resources, application-based mini-projects, hands-on labs, and career-search related coursework.

The course will culminate in a multi-part capstone project that you can highlight on your resume for prospective employers or use to
demonstrate your technical knowledge in your job interview. The learning materials will also help prepare you to pass the globally-
recognized CompTIA Security+ certi cation so you stand out when applying for cybersecurity roles.

Learn more about Springboard’s Cyber Security Career Track here.

This post was co-written with Michael McNichols and was originally published in 2018. It has been updated to include more current
information.

Roger Huang
Roger has always been inspired to learn more. He has written for Entrepreneur, TechCrunch, The Next Web,
VentureBeat, and Techvibes. Previously, he led Content Marketing and Growth efforts at Springboard.
 You might also be interested in...

266 shares

CYBER S E C U R IT Y CYBER S E C U R IT Y

5 Cybersecurity Certi cations How to Get Into Cybersecurity,

That Will Get You Hired Regardless of Your Background

Global spending on cybersecurity products and services is Imagine waking up in a good mood because you’re excited to
expected to increase by 12-15% each year until 2021, with IoT go to work. Does that sound like you? If not, do you want that

READ M O R E READ M O R E

CYBER S E C U R IT Y

What Is Whitelisting and How

Should You Implement It?

WannaCry and NotPetya may have put ransomware on the

map, but smaller ransomware attacks (taking computers

READ M O R E

CAREER TRACKS ABOUT US CONTACT

Data Science Bootcamp About the Company Contact Us

Software Engineering Bootcamp Meet the Team

UI/UX Design Bootcamp Jobs

UX Bootcamp Become a Mentor

Machine Learning Bootcamp Hire Our Students

SCHOLARSHIPS
Data Analytics Bootcamp Corporate Training
Students
Data Engineering Bootcamp A liates
Cyber Security Bootcamp Partners Veterans

Community Women In Tech

266 shares
RESOURCES Universities

Free Learning Paths Like Us on Facebook

Follow Us on Twitter
E-books and Guides
Read Our Stories on Medium
View All Resources

Springboard Library

Career Assessment Test

ALSO OF INTEREST 6 Tips to Protect Your Privacy During Zoom Meetings Springboard Blog | Discover. Learn. Share

Copyright 2021 Terms Privacy Conduct Security