Interviewing

Interview Practice Questions

So after all your hard work you have finally landed an interview with a company. I have had a few interviews and I’ve learned a lot from each one. The main problem I have found is that each company requires a different level of skill. I have had interviews where they just ask basic questions and interviews where they want to know the in and outs of something, making it very hard to prepare for, as you never know what they are going to ask. I think the best advice here would be to learn the basic stuff and if they ask you anything too technical then do your best to answer it. They are going to look at your CV and ask you questions relating to it, so if you write you have done the OSWP there is a good chance they will ask you about it and want you to go into detail about it.
A good book to purchase is the CEH Certified Ethical Hacker Study Guide by Kimberly Graves and go through as much of this before the interview as it will cover basic stuff you should know.

Companies tend to give you three interviews, the first is usually a phone interview where they get to know you a little bit and see if you know some of the basic stuff like whats port 443 used for. Second interview will be more in-depth and will usually have a team leader involved to ask some more question trying to figure out what you do and don’t know. The last interview will be a practice lab where they they expect you to exploit some basic stuff depending on the role you going for.

General Tips

When I have any interviews I try and find out about the company the best way to do this is approach it like a pen test and gather information on that company. I take a look at their web site, do research on how many people they employ, are there any bad post about the company on the net and also look for employee’s on Linkedln as this can sometimes give you topics to talk about in an interview. A good example of how Linkedln helped me with a interview is: I had a interview with a company and done the above steps I found the person who was interviewing me on Linkedln, and noticed that me and him went to the same University. So during the interview I got him talking about University and the lectures and it went really well in fact I got offered the job but I had already accepted my current position.

Another tip would be to try and plan what they may ask, as well as thinking of good questions to ask them. I would say go to the interview smartly dressed and turn up at least ten minutes early. Don’t be late and don’t go there looking like you have just woken up, after all if you get the job you will be the face of the company, they want someone who can represent them in a good light. Give a good handshake and look them in the eye when doing so, this shows you have confidence.

General Questions

Q) Why do you want to work for us?
Q) What will you bring to the team?
Q) Have you looked at our website? (Always do research on the company, be able to ask them question about services)
Q) Where do you want to be in five years time?
Q) What are your main strengths and weaknesses?
Q) Tell me about yourself?
Q) Describe a situation in which you lead a team?
Q) Describe a situation where you worked in a team?
Q) What has been your greatest achievement?
Q) What are your hobbies?
Q) What motivates you?

Technical Questions

Q) Which service runs on port 22,80,21,25,137,3306,156,443,79,1,111,53,135,445,139,161,389,3368,123,110,3269,636,500,4500 ?
Q) What is SQL injection?
Q) What is XSS?
Q) What are Private IP address?
Q) Which is the difference between Encryption,Hasing and Encoding?
Q) Where do you get your security news?
Q) What’s the difference between Symmetric and Asymettric?
Q) What is the proper sequence of a TCP connection?
Q) What type of password attack would be most successful against the password T63#s23A?
Q) What is a logic bomb virus?
Q) What are the seven layers of the ISO model?
Q) What command is used to retrieve information from a SQL database?
Q) WEP stands for what?
Q) Data encrypted with the server’s public key can be decrypted with which key?
Q) What are the flags in a TCP header?
Q) What are three insecure protocols?
Q) What’s the difference between TCP and UDP?
Q) What does the Ike scan tool do?
Q) What does APT stand for?
Q) What does ICMP stand for and what does it do?
Q) What are the top ten security vulnerabilities in PHP code?
Q) What is a null session?
Q) What the difference between windows 2000 and NT?
Q) How does nmap tell if a UDP is open or closed?
Q) What is a bufff overflow?
Q) How would you enumerate SMTP?
Q) How does LM hash work?

More to follow ….