Url https://www.youtube.com/channel/UCfcDMqKt72afteeXBk99cmg https://www.youtube.com/watch?v=YfNr1vx3lEM https://www.youtube.com/watch?v=BeA13U_blO8 https://www.youtube.com/watch?v=5gBhZLgXTzA

Interview questions:

• Tell about your present work experience and explain your roles and responsibilties. • What are OSI layers? • In which layer firewall works ? • what do you think in which layer does most of the attacks performed and why? • Explain and TCP vs UDP differences , and which is used in VOIP and why? • How does a firewall works? • what is the difference between IDS and IPS and firewall? • What is the difference between WAF and a Firewall? • Why we use IPS even though if we have a firewall in place? • What is DMZ and why ? • What is a proxy and why and which port it works? • Protocols and their ports. • Difference between SSL and TLS. • Which is more reliable and safe http and https, and why? • Difference between ftp, sftp, ftps . • How do analyse a phishing email. • Difference between spam and phishing. • Types of phishing, what is spear phishing. • Explain the feilds in Email header analysis. • Expalin Arcsight architecture • Do you know how to write rules in Arcsight. • Explain how you analyse a malware/virus/trojan alerted in your SIEM. • Expalin recent attacks WannaCry and Petya ransomware. • How you can protect DOS and DDOS attacks and what is the difference between them and how do they work and name any. • What is ARP poisoning and DNS spoofing(DNS cache poisoning). • How do you determine a Email address / links inside has been spoofed. • What is the defference between Routing and Routed Protocols. • Types of routing protocols. • In which layer does Switch , routers and firewalls work. • What are the protocols used in a network layer and application layer. • What are botnets, CNC server, Honeypots. • How do you perform scans as a part of Vulnerability assessment. • What are the steps performed in Incident response.

Senarios : If a server is infected with ransomware in your environment, what is your next immediate step to minimize the effect and what is the next mitigation process you will take and how. How do you find a machine generating outbound traffic in your environment and how will be your analysis and recommendation if it strictly malicious activity. Let say a user has been connected through RDP/ VPN , his machine has been generated some malicious traffic today and he logged off for that day and logged in the next day . How and what will be next step of process to find the user machine or user information, and what is the process that you do is called. A machine has been infected with malware and it has not been deleted by your antivirus. What will you check and what is next step as part of prevention and mitigation. What is the best practice of security devices to protect our environment and in which order do you place these security devices to make your security towards your environment more secure. In your environment a malware/trojan/virus has been detected and your antivirus has not performed any action on it as it dont have its signature updated. what are your checks and course of action and whom do you reach out. What would be the reasons if there are no logs seen in to the SIEM from Connector or to the connector from the devices.