Cybersecurity Interview Series: Scenarios
Scenario Question Interviews
Scenario Question Interviews
This is part II of the Cybersecurity Interview Series.
Previously, we mainly talked about direct answer interview questions. These are ones that allow the interviewer to see if you know certain Cybersecurity concepts and technologies.
An example direct question could be, What is the difference between TCP & UDP? Or
what is the difference between a Threat and a Vulnerability.
Scenario based questions will test more in depth knowledge as well as your thought process vs knowing the answer to a specific question (Direct answer questions)
Scenarios can be something like: You have been handed a laptop whose user believes there is malware on it and says it has been running slow, what do you do?
Where do you look to prove/disprove this theory?
In today's competitive job market, it's important to be well-prepared for cybersecurity interviews. As stated in the first post of the Interview Series, this is meant to be a guide for Security Interviews but not a replacement for researching and preparation.
Now this scenario could look different depending on which OS you’re talking about.
Windows
On a Windows machine places to look for suspicious activity can be any of the following:
Scheduled tasks
AppData local directory
C:\ProgramData directory
MacOS
For a MacOS this can be any of the following:
/Library/LaunchDaemons/
/Library/LaunchAgents/
/Library/Application Support/
Linux
On a Linux system this can be any of the following:
Cron jobs
Packages Installed (Through apt, dpkg, yum, etc.)
From here you would want to look at what has been downloaded in the given time range of when the user started noticing weird behavior.
Keep in mind, there may be a legitimate reason why the laptop is running slow. This can include
Network issues
Low RAM
Low Disk space
Although there are many avenues you can go down to discover if this is a case of malware or not, these are some ideas that will get you in the right direction.
Another Scenario
Another scenario question could be: Tell me about an incident or alert you worked on or lead, how did you get to resolution?
This would apply more for DART, SOC or IR roles.
In the end, the interviewer wants to see how you think, and how you navigate a scenario that you might face on the job.
Next, we'll discuss Interviews that consist of Exercises.
Hope this provides value in your learning journey!