Danny's newsletter - Issue #28
Scenario Question Interviews
Previously, we talked about direct answer interview questions.
An example direct question could be, What is the difference between TCP & UDP?
Scenario based questions will test more in depth knowledge and your thought process vs knowing the answer to a specific question (Direct answer questions)
Scenarios can be something like: You have been handed a laptop whose user believes there is malware on it since it has been running slow, what do you do? Where do you look to prove/disprove this theory?
Now this can look different depending on which OS you’re talking about.
Windows
On a Windows machine places to look for suspicious activity can be any of the following:
Scheduled tasks
AppData local directory
C:\ProgramData directory
MacOS
For a MacOS this can be any of the following:
Login Items
/Library/LaunchDaemons
/Library/LaunchAgents
/Library/Application Support/
Linux
On a Linux system this can be any of the following:
Cron jobs
Packages Installed (Through apt, dpkg, yum, etc.)
From here you would want to look at what has been downloaded in the given time range of when the user started noticing weird behavior.
Keep in mind, there may be a legitimate reason why the laptop is running slow. This can include a networking issue, running low on RAM, disk space, or simply running way too many resource intensive programs at once.
Although there are many avenues you can go down to discover if this is a case of malware or not, these are some ideas that will get you in the right direction.
Another Scenario
Another scenario question could be: Tell me about an incident or alert you worked on or lead, how did you get to resolution?
This would apply more for DART, SOC or IR roles.
In the end, the interviewer wants to see how you think, and how you navigate a scenario that you might face on the job.
Next, we'll discuss Interviews that consist of Exercises or Practicals.
Hope this provides value in your learning journey!