Good security specialists know that everything has a cost, security for sake of security is not a good quality to have. Instead everything must be framed as providing value for the company/business. Just like in software, everything is about trade-offs. Balancing risk for e.g. cost or convenience is something that should be mentioned.
- How is Encryption different from Hashing?
- Describe your home network or lab.
- What is the OSI Model?
- Which is more secure: open source or closed source?
- Which security Framework is best?
- What is the primary goal of cybersecurity?
- What is a Risk, a Threat, and Vulnerability?
- Why are preventative controls better than detective controls or vice-versa?
- Where do you get your security news from?
- Should you compress or Encrypt first?
- What are the most important files in Linux?
- What are HTTP status codes that a web server will return?
- What’s the difference between Vulnerability Assessments and Penetration Tests?
- What’s the most important thing you need for a Penetration Test?
- What are tools that Hackers use?
- What is the MITRE ATT&CK Framework?
- What are common cyber attacks?
- How can we determine if an email is legitimate?
- What is a brute force attack? How can we prevent brute force attacks?
- What is SQL injection (SQLi)? How can we prevent SQL injection (SQLi)?
references
Cyber Security Interview Questions (1) by Jon Good Cyber Security Interview Questions (2) by Jon Good