Security
What is DevSecOps? What its core principals?
What security techniques are you familiar with? (or what security techniques have you used in the past?)
What the “Zero Trust” concept means? How Organizations deal with it?
Explain Authentication and Authorization
How do you manage sensitive information (like passwords) in different tools and platforms?
Explain what is Single Sign-On
Explain MFA (Multi-Factor Authentication)
Explain RBAC (Role-based Access Control)
Security – Web
What is Nonce?
Security – SSH
What is SSH how does it work?
What is the role of an SSH key?
Security Cryptography
Explain Symmetrical encryption
Explain Asymmetrical encryption
What is “Key Exchange” (or “key establishment”) in cryptography?
True or False? The symmetrical encryption is making use of public and private keys where the private key is used to decrypt the data encrypted with a public key
True or False? The private key can be mathematically computed from a public key
True or False? In the case of SSH, asymmetrical encryption is not used to the entire SSH session
What is Hashing?
How hashes are part of SSH?
Explain the following:
- Vulnerability
- Exploits
- Risk
- Threat
Are you familiar with “OWASP top 10”?
What is XSS?
What is an SQL injection? How to manage it?
What is Certification Authority?
How do you identify and manage vulnerabilities?
Explain “Privilege Restriction”
How HTTPS is different from HTTP?
What types of firewalls are there?
What is DDoS attack? How do you deal with it?
What is port scanning? When is it used?
What is the difference between asynchronous and synchronous encryption?
Explain Man-in-the-middle attack
Explain CVE and CVSS
What is ARP Poisoning?
Describe how do you secure public repositories
How do cookies work?
What is DNS Spoofing? How to prevent it?
What can you tell me about Stuxnet?
What can you tell me about the BootHole vulnerability?
What can you tell me about Spectre?
Explain OAuth
Explain “Format String Vulnerability”
Explain DMZ
Explain TLS
What is CSRF? How to handle CSRF?
Explain HTTP Header Injection vulnerability
What security sources are you using to keep updated on latest news?
What TCP and UDP vulnerabilities are you familiar with?
Do using VLANs contribute to network security?
What are some examples of security architecture requirements?
What is air-gapped network (or air-gapped environment)? What its advantages and disadvantages?
Explain what is Buffer Overflow
Containers
What security measures are you taking when dealing with containers?
Explain what is Docker Bench
Explain MAC flooding attack
What is port flooding?
What is “Diffie-Hellman key exchange” and how does it work?
Explain “Forward Secrecy”
What is Cache Poisoned Denial of Service?
Security – Threats
Explain “Advanced persistent threat (APT)”
What is a “Backdoor” in information security?
What is DevSecOps?
Mentor for DevOps - DevSecOps - SRE - Cloud - Container & Micorservices at Software AG
Join my following certification courses...
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
Latest posts by Rajesh Kumar (see all)
- Apache Lucene Query Example - April 8, 2024
- Google Cloud: Step by Step Tutorials for setting up Multi-cluster Ingress (MCI) - April 7, 2024
- What is Multi-cluster Ingress (MCI) - April 7, 2024
