1. Network Security Question: How would you arrange a proxy, firewall, switch, and IPS device in a network to provide a secure environment? Follow-up: What if the IPS was placed outside the firewall? What are the pros and cons? Question: If you had an unlimited budget, what additional devices or appliances would you add to increase visibility or detection? 2. Protocols and Ports Question: What protocols typically run over the following ports? Port 22 Port 80 Port 443 Port 53 Question: If ports 80 and 443 are open on an unknown device, what can you assume the device is? 3. TCP/IP and Networking Question: What is the difference between TCP and UDP? Question: Describe the TCP three-way handshake. Question: Explain what happens when a user types a URL (e.g., google.com) into a browser, from the application layer down to the physical layer. 4. Cybersecurity Concepts Question: What is RFC 1918, and why is it important? Question: Describe the Cyber Kill Chain. Which stage do you think is the most critical to detect, and why? Question: How would you investigate a phishing email? What steps would you take to determine if it’s malicious? 5. Log Analysis and Incident Response Question: If an internal IP connects to the network via VPN but later disconnects and the IP is reallocated, what logs would you check to determine the activity at the time of the alert? Question: You receive two alerts: Alert 1: An asset attempts to authenticate to another unique asset 27 times but fails in 30 minutes. Alert 2: An asset attempts to authenticate to 27 unique assets once and fails in 30 minutes. Which alert is more severe, and why? 6. Tools and Scripting Question: Have you used any external tools to look up IP or URL reputations? If so, which ones, and what information do they provide? Question: What is the difference between traceroute and ping? Question: Have you used tools like Nmap or Wireshark? What are they typically used for? Question: Do you have experience with scripting languages like Python or Bash? If so, describe a project where you used them. 7. Incident Response and Playbooks Question: Describe a time when you identified a tedious process and improved it. Question: If you discovered that users are establishing FTP connections to external sites, how would you prevent this activity, and how would you report on it? 8. Staying Updated Question: How do you stay updated on current events in the cybersecurity industry? Question: Can you share an example of a recent cybersecurity incident that caught your attention?
