Wednesday, January 25, 2012

SOC Interview Questions 1

Below are the questions collected from friends who attended interviews related to Security Operations Center (SOC).

Difference between Probe vs Scan.
Difference between Security event and Security incident.
Wwhat is incident response (IR)?
How will you carry on Network forensics?
How will you carry on Memory forensics?
What is APT (Advanced Persistent Threat)?
What is IOC (related to APT)?
What is ROT13?
What is C2 (Command and Control)?
Difference between normal threat vs APT ?
Vulnerability vs Threat vs Exploit vs Risk.
Different Evasion techniques of Malware?
Different ways of compressing Malware?
What is threat agent?
Explain drive-by downloads.
Difference between Symmetric and Asymmetric encryption?
How do you collect image for Forensics without modifying the integrity of data on the PC/Laptop?
(http://darshanams.blogspot.com/2010/09/forensics-1-extracting-image.html)
Size of Registers in CPU? Are registers same for different CPU's?
How to change Linux root password?

Following articles might be of your interest
http://darshanams.blogspot.in/2012/05/cain-and-abel-password-cracking.html
http://darshanams.blogspot.in/2011/09/portable-document-files.html
http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html

Will come up with more questions once I get in touch with other friends.