Common Cybersecurity Analyst Interview Questions (And how to answer them)
For the past few Monday’s I have posted with the #cybermentoringmonday hashtag on twitter and I always get asked roughly the same thing. What are the most common questions asked during cybersecurity interviews, and how do you answer them?
So I’ve rounded up interview questions from my own experience, from people I know and from articles I have used myself from sites like Reddit, Quora and Twitter. I’ve then put where you can learn the knowledge to answer these questions comfortably.
Please note these are standard cybersecurity interview questions and they are not applicable to any specific role, just an analyst in general. Lets get into the list, I hope you find it useful.
QUESTIONS AND ANSWERS
During cybersecurity analyst interviews, you will always be asked about some networking basics. Therefore, it is extremely important to have this knowledge before going for an interview. Here are some great resources to learn this :
These guides will cover a lot of the general networking questions you may be asked. Some of the most common questions within this are:
- What is a DMZ – Answer
- Explain TCP / UDP and their differences – Answer
- What is a TCP handshake and how does it work – Answer
- What is the OSI Model – Answer
- Port numbers for common applications – Answer
- What is DNS and how does it work – Answer
- What is a VPN, different types and how do they work – Answer
DIFFERENT TYPES OF ATTACKS
Another common theme in interviews is questions around different cybersecurity attacks. Don’t expect to be asked how to perform them (Unless going for a red – team role) but rather the most common attacks, what they are and their differences. Here are some resources to learn about different types of cyber attacks.
- OWASP Top 10 – The Top 10 Web Application Security Risks
- MITRE ATT&CK Framework – Knowledge base of attacker tactics and techniques.
- Top 10 most common cyber attacks – Netwrix Blog.
- Common cyber attacks – Cisco Security.
- Common types of cybersecurity attacks – Rapid7.
Reading these guides will cover all the basic types of cyber attacks and their differences. In my own experience, the most common questions are going to be:
- What is an SQL injection? – Answer
- What is Phishing? – Answer
- What is a DDoS, what is a DoS and their differences.? – Answer
- What is a Port Scan? – Answer
- What is Malware, what is a Virus and explain their differences – Answer
OTHER / MISC TECHNICAL QUESTIONS
I’ve covered the two main groupings of questions, now here is other technical things which you may be asked about.
OS – It is important to have a good understanding of different operating systems. There are so many resources out there to learn this but keep sure you understand both Windows and Linux. Windows is commonly used on most user endpoints whereas a lot of security tools work on Linux.
Cyber Risk – Understanding risk within cybersecurity is vital, and you will likely get asked about it. This post from Upguard explains it well.
CIA Triad – The CIA triad (confidentiality, integrity, and availability) is a model which is designed to guide policies for information security within an organization. This post from techtarget explains it well.
Cybersecurity Tools – There are many tools used by a security analyst. The most common of these are SIEM, IDS/IPS, Vulnerability Scanners, PAM and Anti-Virus. Get to know these, what they are and how they work. I also have some posts on this blog which will help with this so take a look.
Incident Response – It is important that any analysts understands how incidents are responded to, even if they are not directly involved in incident response. You may be asked what is incident response and different ways it can be performed. My personal favourite resource on this is https://www.incidentresponse.com/playbooks/
Threat Hunting – Threat hunting put simply is looking for cyber threats within your network which have not triggered any security alerts. This post from crowdstrike sums it up well – https://www.crowdstrike.com/epp-101/threat-hunting/. I also have various threat hunting guides throughout my blog, so check them out.
Threat Intelligence – Threat intelligence is data collected and analyzed by an organization in order to understand a threat actor’s motives, targets, and attack behaviors. This post from crowdstrike sums it up well – https://www.crowdstrike.com/epp-101/threat-intelligence/. Interviewers may ask what the difference is between Threat Hunting / Intelligence so watch out for that.
Classification – Keep sure you understand True vs. False and Positive vs. Negative. This post from google explains it well – https://developers.google.com/machine-learning/crash-course/classification/true-false-positive-negative
There are also a number of common non – technical questions which appear to come up quite a lot:
- Most common by far is being asked about how you keep up to date with cyber security. This can include things such as twitter, blogs, podcasts, CTFs and reading books. Also keep sure you know some recent news to show them you keep up to date.
- Can you explain technical points to non technical people?
- Research the company, they will likely ask what you know about them.
Remember to have some questions ready to ask back to the interviewers. Examples like – what happens in a normal week, what various teams do you have?
Finally, whatever you do, be honest. Most cyber security interviews will have at least one technical interviewer. Don’t attempt to lie about knowing something as they will catch you out and it isn’t worth it. Be honest and highlight what you do know.
Thanks for reading the blog post. If this helps at least one person with a cyber security interview then I am happy. If you would like to discuss this post further, or just have a chat; contact me at https://twitter.com/blueteamblog