June 14, 2021

Security Analyst – Technical Questions Interview Advice

Any tips on how I should prepare for these type of questions or what is commonly asked at this stage of a technical interview?

Security analyst (blue team).

“You will be given 2 or 3 scenarios to review and discuss options. For each scenario, you will be given 5/10 mins to review before discussing your ideas/approach.”



I’m a security engineer on the infrastructure/blue team side, but close enough I think?

Some of the ones I’ve gotten are

* The main website for customers goes down unexpectedly. What do you do?

* My answer was “First verify that nothing weird happened from a CyberSecurity perspective, but otherwise I let the web admins/sys admins handle it”

* Was told that was the correct answer, as they want someone that understands separation of duties

* Say you get hired. Do you need to be an admin to our VM, firewall, and other backend systems?

* My answer was “No, only if I need to be an admin to perform typical duties within that system”

* Again, separation of duties, and ensuring they don’t get a person that hoards admin rights.

* Are you familiar with IT controls/frameworks, and if so, which ones

* This is going to be stuff like NIST-800-53B, ISO270001, etc. Good to have a somewhat decent idea of what those entail

* You’re woken up at 3am by helpdesk because someone has a message on their screen that looks like ransomware. What do you do.

* Somewhat of a trick question. The answer is “I would follow the process as laid out by our incident response plan, but without knowing what that is, the first thing would be to confirm the incident before making any actions.” If they ask you what you would expect to see in an incident response plan you can go into it (ie, isolate the machine while you assess damage) but this is one I get all the time because they want to make sure you don’t make a premature knee jerk reaction and shut everything down for a false positive.

* How many times should a user fail a phishing test before action is taken?

* My answer was basically the first 1 or 2 times, user is notified and maybe has to do online training. 3 or 4, I’m reaching out to the user directly to work with them 1 on 1. After that, it’s HR/manager time. However, whatever policy/procedure we have in place surrounding this is what would be appropriate in terms of reprimanding a user. Made an emphasis that the goal isn’t to fire skilled people that may be hard to replace but to instead educate, which seems to be met with appreciation.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.