{"id":22753,"date":"2021-07-24T20:35:20","date_gmt":"2021-07-24T20:35:20","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=22753"},"modified":"2021-10-23T06:58:21","modified_gmt":"2021-10-23T06:58:21","slug":"interview-questions-answer-for-security-and-devsecops-complete-guide","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/interview-questions-answer-for-security-and-devsecops-complete-guide\/","title":{"rendered":"Interview Questions &#038; Answer for Security and DevSecOps Complete Guide"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">Security<\/h1>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">What is DevSecOps? What its core principals?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What security techniques are you familiar with? (or what security techniques have you used in the past?)<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What the &#8220;Zero Trust&#8221; concept means? How Organizations deal with it?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain Authentication and Authorization<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">How do you manage sensitive information (like passwords) in different tools and platforms?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain what is Single Sign-On<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain MFA (Multi-Factor Authentication)<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain RBAC (Role-based Access Control)<\/h3>\n\n\n\n<h1 class=\"wp-block-heading\">Security &#8211; Web<\/h1>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">What is Nonce?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Security &#8211; SSH<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is SSH how does it work?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is the role of an SSH key?<\/h3>\n\n\n\n<h1 class=\"wp-block-heading\">Security Cryptography<\/h1>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Explain Symmetrical encryption<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain Asymmetrical encryption<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is &#8220;Key Exchange&#8221; (or &#8220;key establishment&#8221;) in cryptography?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">True or False? The symmetrical encryption is making use of public and private keys where the private key is used to decrypt the data encrypted with a public key<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">True or False? The private key can be mathematically computed from a public key<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">True or False? In the case of SSH, asymmetrical encryption is not used to the entire SSH session<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is Hashing?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">How hashes are part of SSH?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain the following:<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Vulnerability<\/li><li>Exploits<\/li><li>Risk<\/li><li>Threat<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Are you familiar with &#8220;OWASP top 10&#8221;?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is XSS?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is an SQL injection? How to manage it?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is Certification Authority?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">How do you identify and manage vulnerabilities?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain &#8220;Privilege Restriction&#8221;<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">How HTTPS is different from HTTP?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What types of firewalls are there?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is DDoS attack? How do you deal with it?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is port scanning? When is it used?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is the difference between asynchronous and synchronous encryption?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain Man-in-the-middle attack<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain CVE and CVSS<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is ARP Poisoning?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Describe how do you secure public repositories<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">How do cookies work?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is DNS Spoofing? How to prevent it?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What can you tell me about Stuxnet?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What can you tell me about the BootHole vulnerability?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What can you tell me about Spectre?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain OAuth<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain &#8220;Format String Vulnerability&#8221;<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain DMZ<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain TLS<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is CSRF? How to handle CSRF?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain HTTP Header Injection vulnerability<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What security sources are you using to keep updated on latest news?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What TCP and UDP vulnerabilities are you familiar with?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Do using VLANs contribute to network security?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What are some examples of security architecture requirements?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is air-gapped network (or air-gapped environment)? What its advantages and disadvantages?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain what is Buffer Overflow<\/h3>\n\n\n\n<h1 class=\"wp-block-heading\">Containers<\/h1>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">What security measures are you taking when dealing with containers?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain what is Docker Bench<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain MAC flooding attack<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is port flooding?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is &#8220;Diffie-Hellman key exchange&#8221; and how does it work?<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Explain &#8220;Forward Secrecy&#8221;<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is Cache Poisoned Denial of Service?<\/h3>\n\n\n\n<h1 class=\"wp-block-heading\">Security &#8211; Threats<\/h1>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Explain &#8220;Advanced persistent threat (APT)&#8221;<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">What is a &#8220;Backdoor&#8221; in information security?<\/h3>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_28843\"><iframe loading=\"lazy\"  id=\"_ytid_17990\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_28843\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Security What is DevSecOps? What its core principals? What security techniques are you familiar with? (or what security techniques have you used in the past?) What the &#8220;Zero Trust&#8221; concept&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-22753","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=22753"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22753\/revisions"}],"predecessor-version":[{"id":24243,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22753\/revisions\/24243"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=22753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=22753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=22753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}