Would you pass the technical interview?

Recently, I had a technical interview and these were some of the questions I was asked. Do you know the answers? Take a look and no peeking at the answers. In some areas I mentioned what my original response was. I will add other questions to the list as I encounter them. If you have a question you would like me to consider and add to the list, let me know.

    • What is the location of system audit logs in Linux?
      Answer: /var/log/audit
      My answer: /var/log Though this answer is not necessarily incorrect, in the mind of the interviewer it was since they were looking for the exact location as mentioned above.
    • What are the files that make up the password in a Linux system?
      Answer: /etc/passwd and /etc/shadow
      The /etc/passwd is like the user listing. The /etc/shadow contains the password hashes for these users.
    • What is the security triad?
      Answer: Confidentiality, Integrity and Availability
    • Name a system that would be used to secure one aspect of the triad (include one within AWS).
      • Confidentiality
        Answer: An system that would encrypt the data during transit or at rest. Whole disk encryption (Bitlocker for Windows). Data Loss Prevention (DLP) systems for email and data in transit. Encrypted USB drives using biometrics, passcodes, etc.
      • Integrity
        Answer: Using hashes to verify that data has not been altered from its last know original state. Audit trails to determine when files were created, modified or deleted. Validating that the data entering into a system is valid and does not compromise the system.
      • Availability
        Answer: Data redundancy, multiple systems in a fail-over or high availability setup. In AWS, you can use load balancers, availability zones, and auto scaling. Both Google Cloud and Microsoft Azure have similar options.
    • What are the 5 things that should be done to secure a Linux system on creation?
      Answer: (Yes, I know there are more than 5.)
        1. Update the system packages
        2. Create a non-root user and add to sudo group
        3. Disable root login
        4. Turn off unnecessary services
        5. Remove unnecessary applications
        6. Enable the firewall
        7. Disable password based logins with SSH (use keys)
        8. Close open ports (firewall helps with this, but it is good to be proactive)
        9. Enable 2FA
        10. Enable the use of only strong passwords
        11. Verify that logging and audit files are being generated and monitor them.

    • What would you used to ping a network segment? (specifically focusing on using ICMP)
      Answer: The answer I found to this is using ping with option -b which pings the broadcast segment.
      My answer: My answer was either nmap, masscan or scripting it. The nmap response brought a slight back and forth with the interviewer. They mentioned that we are not trying to discover host/services on the network and use ICMP to do this. I mentioned that nmap can be used to only discover the host (what is alive) on the network, do it by sending ICMP packets and not return the services running on it.
    • What is the difference between an IDS and IPS?
      Answer: Intrusion Detection System (IDS) only reports on what anomalies it has seen on a network or system. An Intrusion Prevention System (IPS) will act upon the anomalies it has seen on a network or system.
    • What are the two ways that IDS and IPS use for detection?
      Answer: Signatures and Anomalies
    • What is the difference between a threat, a vulnerability and risk?
      • Threat
        Answer: A threat is something that can negatively impact an organization. A threat does not have to be a person(s), groups or nation states, but can include natural events (hurricane, tornado, earthquake, etc.) among other things. The action can be intentional or accidental.
      • Vulnerability
        Answer: A vulnerability is a flaw or weakness that can be exploited. It is includes flaws or weaknesses to a specific threat.
      • Risk
        Answer: Risk is the possibility of something causing loss or damage. There is a formula that is used to calculate risk in basis terms:
        Risk = Likelihood * Impact
        Combining all three, risk would be the likelihood that a data center next to a lake (vulnerability) would get flooded after torrential rain (threat).
    • What are the incident response (IR) process steps?
      Answer:
      1. Preparation
      2. Identification
      3. Containment
      4. Eradication
      5. Recovery
      6. Lessons Learned