1. What are vulnerability, risk, and threat?

You should answer this question by explaining vulnerability, threat, and lastly, risk. You can make things more convincing by sharing examples as well.

When it comes to vulnerability, it is a gap that can lead to huge security loss. A threat is someone who is trying to make the most of that gap in protection. Lastly, the risk is the potential loss that the business might face because of the gap.

For example, using the default password and username for the server in place. The attacker is trying to crack the same and then making the business suffer from huge loss.

2. Can you explain the difference between hashing and encryption?

While answering the respective question, make sure that you keep things straight.

When it comes to hashing, it is irreversible, and encryption is reversible. Encryption reflects confidentiality, and hashing reflects integrity.

3. Do you know any kind of coding language?

When you are answering this question, make sure that you know the basics of the language you speak about. You are not expected to be a pro.

It is not important for an information security professional, but having an understanding of programming languages like HTML, Python, and JavaScript can certainly prove to be an added advantage. These programming languages can be considered to not only exploit the development process but also automate tasks. So, having a basic understanding of these languages can certainly be a plus for the interview.

4. Explain CSRF?

When it comes to CSRF or Cross-Site Request Forgery, it is acknowledged as a web application vulnerability where the server is not going to check whether it is the trusted client who sent the request or not. Without any assessment, the request gets processed right away.

5. Explain Security Misconfiguration?

It is a form of vulnerability when a network or application or a device is configured in a manner that can be misused by the fraudster or cyber-attacker as per their needs. Security misconfiguration means leaving a gap that can be utilized by the attacker for their benefit.

6. Explain a white hat, Black hat, and Grey hat hacker?

While answering this question, make sure that you are keeping things simple and straight.

When it comes to black hat hackers, they are the ones who are hacking without any kind of authorization. Coming to white hat hackers, they are the ones who are performing this exercise with authority. And the ones who are white hat hackers but perform unauthorized hacking activities are acknowledged as Grey hat hackers.

7. Explain the firewall?

Make sure your answer is simple and easy to understand.

When it comes to a firewall, is a device that blocks or allows the traffic according to the set regulations. These are infused on the territory of untrusted and trusted networks.

8. How do you remain updated with the security information and trends?

You must follow channels like ThreatPost, The Hacker News, Pentest mag, and many more. Following these security forums can help remain updated with all the security-related information and incidents to be aware of.

9. How you can protect your organization from the recent hit virus or attack?

As a security professional, you must answer this question systematically. At first, it is important to find the leakage from where the virus or attackers can come in and fix that. After the same is done, the best solution is to implement to curb the chances of the respective attack. You must explain the process well if the interview has specified the kind of attack.

10. Explain the CIA triangle?

When it comes to C, it stands for confidentiality, which means ensuring that the information is kept secretly. I stand for Integrity, which means now altering the information. A stands for Availability which means the information is available to all the authorized parties.