Network Security Engineer Interview questions

Let’s face it, Information Security has about a bazillion possible questions at any given interview across a wide variety of possible topics. On top of that, InfoSec means a lot of different things to a lot of different people. For example, Information Security covers everyone from the guy at Best Buy running a copy of Norton all the way up to the Cryptomasters at the NSA. As a result, a single list of questions is not going to cover everything. That being said, however, there are definitely tiers of possible questions that you can run into, and that is what this guide is about.

That’s not to say that these questions cannot appear in different tiers – you may very well see some of the level 1’s during a level 5 interview. Rather, this means that in order to reach level 5, you want to be comfortable with everything up to that point – not necessarily remember everything by rote, but at least be able to have a resource you can get the answers from quickly. So without further ado, let’s begin.

Welcome to Level 1: The Tech

Entry level positions are almost always about the skills – what you know right now, and what you’re willing to do to improve upon those skills. By the same token though, a lot of these questions can help to understand more about what makes you, you – your personality and your existing preferences and opinions. At this stage you are still very much a Technician or a Security guy, but you’ve reached the point where you want to specialize, and for that you need to start learning more about what makes what you’re trying to protect tick. At this stage, you care more about getting the thing to work than security, but you also know that you want to keep people in general from doing naughty things. Sadly, you probably do not know Kung-fu.

1- What are your daily news checks?

It seems like we can’t go more than a few days anymore without hearing about a major breach, which on the surface would make it seem that more people and places are being hacked than ever before (which to be honest is true). However, it also shows that detection and reporting of attacks is improving per requirements of both government entities and insurance companies. As a result, the public and security professionals are both better informed as to what they can do to help protect themselves and watch out for falsified charges on their accounts. Keeping up to date on these matters is vital for anyone interested in Information Security.

2- What do you have on your home network?

Nothing shows you how to break and fix things more than a test environment, and for most people that means their home network. Whether its a Windows laptop with a wireless generic router and a phone all the way up to 14 Linux Workstations, an Active Directory Domain Controller, a dedicated Firewall appliance and a net-attached toaster – as long as you are learning and fiddling with it, that’s what matters.

3- What personal achievement are you most proud of?

For me at least, this one is easy- getting my CISSP. I studied for months, did every possible thing I could to improve my recall and asked for anybody and everybody to help ask questions and modify them in ways to make me try to think around corners. Everybody has at least one thing that they are proud of, and while this and the next question may be the same answer, all that matters is showing that you are willing to move forward and willing to be self-motivated.

4- What project that you have built are you most proud of?

For some people, this would be the first computer they ever built, or the first time they modified a game console, or the first program they wrote, the list can go on and on. In my case, that would be a project for work that I was working on for years. It started out as an Excel spreadsheet that the Engineering department were using to keep track of their AutoCAD drawings, and ended up evolving through a couple hundred static HTML pages, an Access Database and frontend, and finally to a full on web application running in MySQL and PHP. This simple little thing ended up becoming an entire website with dedicated Engineering, Sales and Quality web apps used by the company globally, which just goes to show you you never know where something might lead.

5- How would traceroute help you find out where a breakdown in communication is?

Tracert or traceroute, depending on the operating system, allows you to see exactly what routers you touch as you move along the chain of connections to your final destination. However, if you end up with a problem where you can’t connect or can’t ping your final destination, a tracert can help in that regard as you can tell exactly where the chain of connections stop. With this information, you can contact the correct people – whether it be your own firewall, your ISP, your destination’s ISP or somewhere in the middle.

Get the CEH: Find the Best Hacking Training

6- Why would you want to use SSH from a Windows pc?

SSH (TCP port 22) is a secure connection used on many different systems and dedicated appliances. Routers, Switches, SFTP servers and unsecure programs being tunnelled through this port all can be used to help harden a connection against eavesdropping. Despite the fact that most times when you hear about somebody ‘SSHing’ into a box it involves Linux, the SSH protocol itself is actually implemented on a wide variety of systems – though not by default on most Windows systems. Programs like PuTTY, Filezilla and others have Windows ports available, which allow Windows users the same ease-of-use connectivity to these devices as do Linux users.

7- What’s the difference between Symmetric and Asymmetric encryption?

To boil down an extremely complicated topic into a few short words, Symmetric encryption uses the same key to encrypt and decrypt, while Asymmetric uses different keys for encryption and decryption. Symmetric is usually much faster, but is difficult to implement most times due to the fact that you would have to transfer the key over an unencrypted channel. Therefore many times an Asymmetric connection will be established first, then send creates the Symmetric connection. This leads us into the next topic…

8- What is SSL and why is it not enough when it comes to encryption?

SSL is identity verification, not hard data encryption. It is designed to be able to prove that the person you are talking to on the other end is who they say they are. SSL and its big brother TLS are both used almost everyone online, but the problem is because of this it is a huge target and is mainly attacked via its implementation (The Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are very good ideas.

9- How would you find out what a POST code means?

POST is one of the best tools available when a system will not boot. Normally through the use of either display LEDs in more modern systems, or traditionally through audio tones, these specific codes can tell you what the system doesn’t like about its current setup. Because of how rare these events can be, unless you are on a tech bench day in and day out, reference materials such as the Motherboard manual and your search engine of choice can be tremendous assets. Just remember to make sure that everything is seated correctly, you have at least the minimum required components to boot, and most importantly that you have all of your connections on the correct pins.