Must know for an Information Security Professional (A CISSP professional will know these in general) . Want to be a security professional, learn these as well.<\/p>\n
What are policies in general?<\/p>\n
What are the different types of Security Controls?<\/p>\n
Give examples of Audit Trail.<\/p>\n
Give examples of security guard.<\/p>\n
Difference between authentication and authorization<\/p>\n
Can SSO be decentralized? How can you implement that? Just examples are good.<\/p>\n
What is the least privilege policy?<\/p>\n
What is a job rotation policy?<\/p>\n
TACAS, RADIUS what are these? Does your organization need to use these? In what cases? Is it a good fit?<\/p>\n
Give examples of access control attacks?<\/p>\n
Give examples of Social Engineering?<\/p>\n
What is your experience with reviewing the access configurations?<\/p>\n
What TCP\/IP, OSI, ATM, QoS?<\/p>\n
Give examples of Network Access Control Devices?<\/p>\n
Give examples on how Network Access Control Devices are used in your organization? How can you configure them?<\/p>\n
Is Endpoint security a good practice? What is Endpoint security anyway?<\/p>\n
POTS, PBX, VoIP – does your organization use these? What are the related security risks?<\/p>\n
How can attackers inject data into video stream (video conferencing)?<\/p>\n
Give examples of Tunneling Protocols? esp. the secured ones?<\/p>\n
Is VPN a tunneling concept? What protocols are used on VPN?<\/p>\n
How is IpSec data formatted? What is AH ? What is ESP?<\/p>\n
What is the primary purpose of SSL and TLS?<\/p>\n
What is a Syn Flood Attack.<\/p>\n
What is spoofing?<\/p>\n
What is VLAN? Will you implement VLAN in your organization? When?<\/p>\n
What is the concept of Risk when it comes to organizational IT resource security?<\/p>\n
Can your security measures mitigate all risks?<\/p>\n
What is the relation between a security policy and local laws and regulations?<\/p>\n
Does your organization conduct Due care and Due diligence for security?<\/p>\n
How do you ensure confidentiality, integrity, and availability?<\/p>\n
How is managing information lifecycle important for an organization?<\/p>\n
To which organizations HIPAA apply?<\/p>\n
What are Risk Avoidance, Risk transference, Risk Mitigation, Risk Acceptance?<\/p>\n
Can Risk Acceptance be acceptable policy? Give examples…<\/p>\n
How can you apply and ensure security in the software development lifecycle?<\/p>\n
What are backdoors in software?<\/p>\n
What is XSS security risk? How can you prevent XSS?<\/p>\n
What is security testing?<\/p>\n
Can you use white box testing as a security measure?<\/p>\n
Should you encrypt all sensitive – data files?<\/p>\n
Define Symmetric and Asymmetric cryptography? Give examples. Which one is more secure?<\/p>\n
What is Hybrid cryptography, What is Hashing?<\/p>\n
What is Social Engineering for Key Discovery?<\/p>\n
What is a rainbow table attack?<\/p>\n
What is PKI? How does PKI work?<\/p>\n
What are security models?<\/p>\n
What is Bell-Lapadula model?<\/p>\n
What is Biba model?<\/p>\n
what is Clark-Wilson access model.<\/p>\n
How can XML traffic be protected?<\/p>\n
OWASP what is it? Who sponsors OWASP?<\/p>\n
How can Separation of duties and responsibilities help with security?<\/p>\n
What is the last step in incident response?<\/p>\n
What is root cause analysis?<\/p>\n
What is change management?<\/p>\n
How do software configuration, and configuration management help with security?<\/p>\n
What you know About RAID? Describe in your own way.<\/p>\n
Give example ways you can make your servers fault tolerant.<\/p>\n
Give an example of a backup strategy for a hypothetical organization.<\/p>\n
Give types and examples of computer crimes.<\/p>\n
What is Shrinkwrap contract?<\/p>\n
Give some example guidelines from ISC code of Professional Ethics.<\/p>\n
Give examples of forensic procedures.<\/p>\n
Give examples of Site and facility design considerations for security?<\/p>\n<\/div>\n
Blog<\/b>:\u00a0http:\/\/Bangla.
\n<\/i><\/span><\/div>\n
\n<\/i><\/span><\/div>\n