work and IT @ 07 Mar 2008 05:14 pm by ayoi
Yes, I conducted an interview session today, looking for suitable candidates to fill in the empty seats in the SOC (To be honest, we do need few more 
) It has been quite some time since I’ve conducted my last interview and thankfully I managed to squeeze in the interview session in between my training schedule.
Just like the previous interviews, there will be a series of questions that I will ask the candidates. This time the question will start from fundamental question (perhaps lil bit tricky, and yes, I hijacked my friend geek00l questions as well). So the questions :
1). If I ping from host A to host B, using ICMP Type 8 code 0, this ICMP packet will goes to which port?
2). Based on this information=handshake2.txt point out the handshake packets
3). What kind of event that you can derive from this trace file :trace1.pdf
4). And what kind of event that you can derive from this trace file? : trace2.pdf
5). Based on this alerts information :alerts.pdf , can you identify any possible irregular behaviour of the traffic?(traffic_a.pdf)
6). With the existence of IPS, what do you think on the relevance of IDS.
Sadly, only 1 manage to get through until the 6th question, another one manage to get through to question 3 and another 2 failed at 2nd question. And surprisingly, both of the failed candidates have many years of experience (stated in their resume maa) and even one of them has CCNA.
Hmm.. I thought the question is very simple and straight to the point compared to the previous interview questions but alas maybe I should make it more easy and simple. You tell me..
