Information security analyst interview questions and answers pdf

The article on information security analyst interview questions is featured in SDxCentral’s Information Security Analyst Career Guide.

Information security interview questions will focus on two discerning factors. These are whether you know your stuff and if you can explain it. Some questions will be about straightforward concepts, like firewalls and the CIA triad. Others will make you apply your know-how to common scenarios. Here are some of the top information security analyst questions.

1. What are three ways to authenticate someone?

The three types of authentication factors are something you know, something you have, and something you are.

Something you know would include a password, a PIN, or an answer to a security question. This is one of the most common types of authentication users have to gain access to an account. Something you have would be an authenticating device, such as an ID card or a cell phone. Something you are would be biometric information. This can be a fingerprint, a voice password, or a signature. This kind of authentication is harder to obtain remotely, but is generally hardest to fake. 

Two-factor authentication is when you use any two of these methods in conjunction in order to access an account. A user may have to enter their password, and then a code sent to their phone in order to log in. Multi-factor authentication is when all three methods in play.

2. How would you secure a network? What factors would you take into account?

First, ask about the network. Ask what devices are on it, its routing method (SDN, MPLS, etc.), what data is on it, how many users access to it at any given time, and so on. Note if there are regulations involved in the data on the network. 

Using a chart or whiteboard is also helpful, as is the STAR method, which outlines the methodology and impact of the protocol you implement in a given situation. 

3. What is the difference between data protection in transit and data protection at rest?

Data protection at rest means protecting data that is in storage. Attackers can gain access to this data if they gain access to the storage device it is on, either physically or digitally. 

Data protection in transit means securing data that is sent over the network, such as to and from the internet. 

Both of these types of data can be protected with security tools such as firewalls and network access control. As well, both types of data should be encrypted. That way, an attacker gains access, they cannot read the data without cracking the encryption.

4. What do you do if someone higher on the work hierarchy than you demands you break protocol for them?

This is a common scenario for IT security analysts, and it can be a harrowing issue if their job is threatened. Sometimes the scenario will be innocuous, such as a manager asking that you give them remote access to their laptop at home. Other times they might ask to access an employee’s email or information — which can be illegal if the data they’re accessing is sensitive or personal. 

The key here is to take this issue up the chain. The Infosec Institute recommends checking with your manager to confirm if doing such a thing is acceptable. Even if you already know the answer, having someone on your side can bolster your argument. Harvard Business Review recommends appealing to the executive’s own goals and safety — violating HIPAA could result in a hefty lawsuit, and nobody wants that, right?

5. How do you keep company devices secure if they’re on public/hotel wifi?

This is crucial for a company that has employees who frequently travel, or who use WiFi that you don’t know the security of. 

Norton Security recommends staying off of public WiFi altogether. When on public WiFI, then users should avoid accessing sensitive data, like bank accounts. Users should use a VPN, avoid using public cell phone chargers, which have been used in the past to hack into devices, and avoid connecting to unknown Bluetooth devices.

6. What is a three-way handshake?

A Transmission Control Protocol (TCP) three-way handshake is a way for two devices on a network to start and confirm a session. 

It starts with one device (Device A) sending a TCP SYN packet to the destination server, composed of a random number sequence (4893). The server responds by sending an acknowledgment number (ACK) (7240) and Device A’s number plus 1 (4894). Device A finally confirms that it received both numbers by sending back the ACK plus 1 (7241), thus establishing the session. 

7. What is the residual risk? 

Residual risk is risk that’s leftover after inherent risk has been mitigated. For example, the residual risk in a network could be the chance of a hacker gaining access after a firewall and monitoring system have been applied. Risk can never be eliminated as long as the network, data, and/or devices still exist. It’s up to an information security analyst to determine how much residual risk is worth having in juxtaposition to the resources available. 

8. How do you permanently disable bad actors from accessing sensitive data?

The only way to truly disable attackers from obtaining data is by destroying the data. This isn’t as easy as sending a file to the trash; in most cases, you must physically destroy the medium housing the data. Methods include melting, shredding, overwriting the old data with new information, and degaussing (waving a magnet over a device or disk to erase the magnetic field holding the information.)

9. What is phishing? How can you stop it?

Phishing is when bad actors gain authentication factors, such as usernames and passwords, by posing as reputable sites and login apps through email. When a user clicks the link for the faux site, they will enter their login information, and the site will steal the information they entered. 

Information security analysts should educate users not to click on links or login prompts from any email, even if it appears reputable; instead, they should go directly to the site. As well, having a robust firewall and spam filter can block malicious emails. 

10. Why does security matter?

This is an information security analyst interview question you’ll get not only in your interview, but also throughout your job. Information security analysts will constantly have to justify the time, expense, and personnel it takes to secure a system. 

The correct response should highlight the costs of not having security — how high-profile data breaches can cost companies millions in fines and revenue losses, how identity theft can devastate individuals, and that constant attacks and leakages can bring a company down just as easily as a natural disaster. Make sure that you make it understandable and not full of jargon, which is what interviewers will want you to be able to do when explaining it to non-IT employees.