Professional Documents
Culture Documents
The answer to this question is often very telling about a given candidate. It shows ! whether or not they "now what they#re tal"ing about in terms of development$ and %! it really illustrates the maturity of the individual &a common theme among my questions!. 'y main goal here is to get them to show me pros and cons for each. If I just get the (many eyes) regurgitation then I#ll "now he#s read *lashdot and not much else. And if I just get the (people in +hina can put anything in the "ernel) routine then I#ll "now he#s not so good at loo"ing at the complete picture. The ideal answer involves the si,e of the project$ how many developers are wor"ing on it &and what their bac"grounds are!$ and most importantly - quality control. In short$ there#s no way to tell the quality of a project simply by "nowing that it#s either open-source or proprietary. There are many e.amples of horribly insecure applications that came from both camps. /ow do you change your 01* settings in 2inu.34indows? /ere you5re loo"ing for a quic" comebac" for any position that will involve system administration &see system security!. If they don5t "now how to change their 01* server in the two most popular operating systems in the world$ then you5re li"ely wor"ing with someone very junior or otherwise highly abstracted from the real world. 4hat#s the difference between encoding$ encryption$ and hashing? 6ncoding is designed to protect the integrity of data as it crosses networ"s and systems$ i.e. to "eep its original message upon arriving$ and it isn5t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. 6ncryption is designed purely for confidentiality and is reversible only if you have the appropriate "ey3"eys. 4ith hashing the operation is one-way &non-reversible!$ and the output is of a fi.ed length that is usually much smaller than the input. 4ho do you loo" up to within the field of Information *ecurity? 4hy?
A standard question type. All we5re loo"ing for here is to see if they pay attention to the industry leaders$ and to possibly glean some more insight into how they approach security. If they name a bunch of hac"ers3criminals that5ll tell you one thing$ and if they name a few of the pioneers that5ll say another. If they don5t "now anyone in *ecurity$ we5ll consider closely what position you5re hiring them for. /opefully it isn5t a junior position. 4here do you get your security news from? /ere I#m loo"ing to see how in tune they are with the security community. Answers I#m loo"ing for include things li"e Team +ymru$ 7eddit$ Twitter$ etc. The e.act sources don#t really matter. 4hat does matter is that he doesn5t respond with$ (I go to the +16T website.)$ or$ 8I wait until someone tells me about events.8. It#s these types of answers that will tell you he#s li"ely not on top of things. If you had to both encrypt and compress data during transmission$ which would you do first$ and why? If they don#t "now the answer immediately it#s o". The "ey is how they react. 0o they panic$ or do they enjoy the challenge and thin" through it? I was as"ed this question during an interview at +isco. I told the interviewer that I didn#t "now the answer but that I needed just a few seconds to figure it out. I thought out loud and within 9 seconds gave him my answer: (+ompress then encrypt. If you encrypt first you#ll have nothing but random data to wor" with$ which will destroy any potential benefit from compression. 4hat5s the difference between symmetric and public-"ey cryptography *tandard stuff here: single "ey vs. two "eys$ etc$ etc. In public-"ey cryptography you have a public and a private "ey$ and you often perform both encryption and signing functions. 4hich "ey is used for which function? ;ou encrypt with the other person5s public "ey$ and you sign with your own private. If they confuse the two$ don5t put them in charge of your <=I project. 4hat "ind of networ" do you have at home?
2
Good answers here are anything that shows you he#s a computer3technology3security enthusiast and not just someone loo"ing for a paychec". *o if he#s got multiple systems running multiple operating systems you#re probably in good shape. 4hat you don#t want to hear is$ (I get enough computers when I5m at wor"...) I#ve yet to meet a serious security guy who doesn#t have a considerable home networ"--or at least access to one$ even if it5s not at home. 1etwor" *ecurity 4hat port does ping wor" over? A tric" question$ to be sure$ but an important one. If he starts throwing out port numbers you may want to immediately move to the ne.t candidate. /int: I+'< is a layer > protocol &it doesn#t wor" over a port! A good variation of this question is to as" whether ping uses T+< or ?0<. An answer of either is a fail$ as those are layer @ protocols. /ow e.actly does traceroute3tracert wor" at the protocol level? This is a fairly technical question but it#s an important concept to understand. It#s not natively a (security) question really$ but it shows you whether or not they li"e to understand how things wor"$ which is crucial for an Infosec professional. If they get it right you can lighten up and offer e.tra credit for the difference between 2inu. and 4indows versions. The "ey point people usually miss is that each pac"et that#s sent out doesn#t go to a different place. 'any people thin" that it first sends a pac"et to the first hop$ gets a time. Then it sends a pac"et to the second hop$ gets a time$ and "eeps going until it gets done. That#s incorrect. It actually "eeps sending pac"ets to the final destinationA the only change is the TT2 that#s used. The e.tra credit is the fact that 4indows uses I+'< by default while 2inu. uses ?0<. 4hat are 2inu.#s strengths and wea"nesses vs. 4indows? 2oo" for biases. 0oes he absolutely hate 4indows and refuse to wor" with it? This is a sign of an immature hobbyist who will cause you problems in the future. Is he a 4indows fanboy who hates 2inu. with a passion? If so just than" him for his time and show him out. 2inu. is everywhere in the security world.
+ryptographically spea"ing$ what is the main method of building a shared secret over a public medium? 0iffie-/ellman. And if they get that right you can follow-up with the ne.t one. 4hat#s the difference between 0iffie-/ellman and 7*A? 0iffie-/ellman is a "ey-e.change protocol$ and 7*A is an encryption3signing protocol. If they get that far$ ma"e sure they can elaborate on the actual difference$ which is that one requires you to have "ey material beforehand &7*A!$ while the other does not &0/!. Blan" stares are undesirable. 4hat "ind of attac" is a standard 0iffie-/ellman e.change vulnerable to? 'an-in-the-middle$ as neither side is authenticated. Application *ecurity 0escribe the last program or script that you wrote. 4hat problem did it solve? All we want to see here is if the color drains from the guy#s face. If he panics then we not only "now he#s not a programmer ¬ necessarily bad!$ but that he#s afraid of programming &bad!. I "now it#s controversial$ but I thin" that any high-level security guy needs some programming s"ills. They don#t need to be a God at it$ but they need to understand the concepts and at least be able to muddle through some scripting when required. /ow would you implement a secure login field on a high traffic website where performance is a consideration? 4e5re loo"ing for a basic understanding of the issue of wanting to serve the front page in /TT<$ while needing to present the login form via /TT<s$ and how they5d recommend doing that. A "ey piece of the answer should center around avoidance of the 'iT' threat posed by pure /TT<. Blan" stares here mean that they5ve never seen or heard of this problem$ which means they5re not li"ely to be anything near pro level. 4hat is +ross-*ite 7equest Corgery?
4
1ot "nowing this is more forgivable than not "nowing what D** is$ but only for junior positions. 0esired answer: when an attac"er gets a victim5s browser to ma"e requests$ ideally with their credentials included$ without their "nowing. A solid e.ample of this is when an I'G tag points to a ?72 associated with an action$ e.g. http:33foo.com3logout3. A victim just loading that page could potentially get logged out from foo.com$ and their browser would have made the action$ not them &since browsers load all I'G tags automatically!. /ow does one defend against +*7C? 1onces required by the server for each page or each request is an accepted$ albeit not foolproof$ method. Again$ we5re loo"ing for recognition and basic understanding here--not a full$ e.pert level dissertation on the subject. Adjust e.pectations according to the position you5re hiring for. If you were a site administrator loo"ing for incoming +*7C attac"s$ what would you loo" for? This is a fun one$ as it requires them to set some ground rules. 0esired answers are things li"e$ 80id we already implement nonces?8$ or$ 8That depends on whether we already have controls in place...8 ?ndesired answers are things li"e chec"ing referrer headers$ or wild panic. 4hat#s the difference between /TT< and /T'2? Ebviously the answer is that one is the networ"ing3application protocol and the other is the mar"up language$ but again$ the main thing you5re loo"ing for is for him not to panic. /ow does /TT< handle state? It doesn5t$ of course. 1ot natively. Good answers are things li"e 8coo"ies8$ but the best answer is that coo"ies are a hac" to ma"e up for the fact that /TT< doesn5t do it itself. 4hat e.actly is +ross *ite *cripting? ;ou5d be ama,ed at how many security people don5t "now even the basics of this immensely important topic. 4e5re loo"ing for them to say anything regarding an attac"er getting a victim to run script content &usually Fava*cript! within their browser. 4hat#s the difference between stored and reflected D**?
5
*tored is on a static page or pulled from a database and displayed to the user directly. 7eflected comes from the user in the form of a request &usually constructed by an attac"er!$ and then gets run in the victim5s browser when the results are returned from the site. 4hat are the common defenses against D**? Input Galidation3Eutput *aniti,ation$ with focus on the latter. +orporate37is" 4hat#s the goal of information security within an organi,ation? This is a big one. 4hat I loo" for is one of two approachesA the first is the Hber-loc"down approach$ i.e. (To control access to information as much as possible$ sirI) 4hile admirable$ this again shows a bit of immaturity. 1ot really in a bad way$ just not quite what I#m loo"ing for. A much better answer in my view is something along the lines of$ (To help the organi,ation succeed. )This type of response shows that the individual understands that business is there to ma"e money$ and that we are there to help them do that. It is this sort of perspective that I thin" represents the highest level of security understanding--a reali,ation that security is there for the company and not the other way around. 4hat#s the difference between a threat$ vulnerability$ and a ris"? As wea" as the +I**< is as a security certification it does teach some good concepts. =nowing basics li"e ris"$ vulnerability$ threat$ e.posure$ etc. &and being able to differentiate them! is important for a security professional. As" as many of these as you5d li"e$ but "eep in mind that there are a few differing schools on this. Fust loo" for solid answers that are self-consistent. If you were to start a job as head engineer or +*E at a Cortune J99 company due to the previous guy being fired for incompetence$ what would your priorities be? KImagine you start on day one with no "nowledge of the environmentL 4e don5t need a list hereA we5re loo"ing for the basics. 4here is the important data? 4ho interacts with it? 1etwor" diagrams. Gisibility touch points. Ingress and egress filtering. <revious vulnerability assessments. 4hat5s being logged an audited? 6tc. The "ey is to see that
they could quic"ly prioriti,e$ in just a few seconds$ what would be the most important things to learn in an un"nown situation. As a corporate Information *ecurity professional$ what5s more important to focus on: threats or vulnerabilities? This one is opinion-based$ and we all have opinions. Cocus on the quality of the argument put forth rather than whether or not they they chose the same as you$ necessarily. 'y answer to this is that vulnerabilities should usually be the main focus since we in the corporate world usually have little control over the threats. Another way to ta"e that$ however$ is to say that the threats &in terms of vectors! will always remain the same$ and that the vulnerabilities we are fi.ing are only the "nown ones. Therefore we should be applying defense-in-depth based on threat modeling in addition to just "eeping ourselves up to date. Both are true$ of courseA the "ey is to hear what they have to say on the matter. Advanced If I5m on my laptop$ here inside my company$ and I have just plugged in my networ" cable. /ow many pac"ets must leave my 1I+ in order to complete a traceroute to twitter.com? The "ey here is that they need to factor in all layers: 6thernet$ I<$ 01*$ I+'<3?0<$ etc. And they need to consider round-trip times. 4hat you5re loo"ing for is a reali,ation that this is the way to approach it$ and an attempt to "noc" it out. A bad answer is the loo" of 4TC on the fact of the interviewee. /ow would you build the ultimate botnet? Answers here can vary widelyA you want to see them cover the basics: encryption$ 01* rotation$ the use of common protocols$ obscuring the heartbeat$ the mechanism for providing updates$ etc. Again$ poor answers are things li"e$ 8I don5t ma"e themA I stop them.8 *cenario 7ole-<lay
Cor special situations you may want to do the ultimate interview question type. This is a roleplayed scenario$ where the candidate is a consultant and you control the environment. I had one of these during an interview and it was quite valuable. *o you tell them$ for e.ample$ that they5ve been called in to help a client who5s received a call from their I*< stating that one or more computers on their networ" have been compromised. And it5s their job to fi. it. They are now at the client site and are free to tal" to you as the client &interviewing them!$ or to as" you as the controller of the environment$ e.g. 8I sniff the e.ternal connection using tcpdump on port M9. 0o I see any connections to I< M.M.M.M.8 And you can then say yes or no$ etc. Crom there they continue to troubleshooting3investigating until they solve the problem or you discontinue the e.ercise due to frustration or pity.
Category I: General Security Concepts / Network Security / OS Security 1) Is there any difference between Information Security and IT Security? If yes, !ease e" !ain the difference# Ans$ %es# Information Security and IT Security are both different terms often used interchan&eab!y# IT Security focuses on ure!y technica! contro!s '!i(e im !ementin& anti)irus, firewa!!, hardenin& systems etc) whi!e Information Security is more wider term which im !ies securin& *information+ as an asset be it in any form# 'e" shreddin& of a er documents to re)ent dum ster dri)in& etc)# So IT security can be considered as a subset of Information Security# 2) ,hat is the difference between -ncodin&, -ncry tion and .ashin&? Ans$ /t a )ery hi&h !e)e!, a!! these 3 terms mi&ht a ear to be simi!ar and eo !e often confuse between them# 0ut each of the techni1ue is distinct and has different use case# The ur ose of encoding is to transform data so that it can be ro er!y 'and safe!y) consumed by a different ty e of system, e#&# binary data bein& sent o)er emai!, or )iewin& s ecia! characters on a web a&e# The &oa! is not to (ee information secret, but rather to ensure that it2s ab!e to be ro er!y consumed# It does not re1uire a (ey as the on!y thin& re1uired to decode it is the a!&orithm that was used to encode it# -"am !es3 /S4II, 5nicode, 567 -ncodin&, 0ase64# The ur ose of encryption is to transform data in order to (ee it secret from others# It uses a (ey, which is (e t secret, in con8unction with the !ainte"t and the a!&orithm, in order to erform the encry tion o eration# -"am !es3 /-S, 0!owfish, 6S/# The ur ose of hashing is to ta(e arbitrary in ut and roduce a fi"ed$!en&th strin& that has the fo!!owin& attributes3 1# 2# The same in ut wi!! a!ways roduce the same out ut# 9u!ti !e dis arate in uts shou!d not roduce the same out ut#
3# 4#
It shou!d not be ossib!e to &o from the out ut to the in ut# /ny modification of a &i)en in ut shou!d resu!t in drastic chan&e to the hash# -"am !es$ 9;5, S./1, S./2 etc# .ashin& is often used in com uter forensics to )erify inte&rity of the di&ita! e)idence# 3) ,hat is the difference between ro"y, firewa!!, I;S and I<S? / proxy server is a ser)er 'a com uter system or an a !ication) that acts as an intermediary for re1uests from c!ients see(in& resources from other ser)ers# / c!ient connects to the ro"y ser)er, re1uestin& some ser)ice, such as a fi!e, connection, web a&e, or other resource a)ai!ab!e from a different ser)er and the ro"y ser)er e)a!uates the re1uest as a way to sim !ify and contro! its com !e"ity# =irewa!! is basica!!y meant for networ( traffic contro!>fi!terin& main!y at !ayer$3# It a!!ows>denies ac(ets and connections based on certain re$defined ru!es# I;S$ Intrusion ;etection System is an a !ication which tries to detect intrusion attem ts based on attac( si&nature database it has# I<S$ Intrusion <re)ention System detects the intrusion '!i(e I;S) and &oes one ste ahead to re)ent it as we!!# It sim !y dro s the ac(et it thin(s sus icious 'based on ru!es) -"am !es3
1# 2# 3# 4#
ro"y ? S1uid =irewa!!$ I<Tab!es, 4IS4@ <i", Aone/!arm I;S$ SB@6T I<S$ I09 <ro)entia 4) .ow does asymmetric encry tion wor(? 5) .ow does SS7 wor(? 6) ,hat is ort scannin&? ,hat are the countermeasures to re)ent it? 7) ,hat is 9an in 9idd!e attac(? 4an it be re)ented? :) ,hat is the difference between fa!se ositi)e and fa!se ne&ati)e? C) -" !ain the term D;efense in de th2# 1E) ,hat do you mean by statefu! ins ection by a firewa!!? 11) ,hat is ;9A? ,hich systems shou!d be !aced in ;9A? ,hat are common security recautions for ;9A systems? 12) ,hat is ;7<? .ow does it wor(? 13) In what scenario, /; authentication shou!d be used? 14) Is SS. com !ete!y secured? If not, can it be hardened more? 15) ,hat is Firtua!iGation? ,hat are the security ris(s in it? 16) ,hat do you mean by D0%@;2 ? -" !ain security concerns re!ated with it# 17) ,hat are the different !ayers of @SI mode!? 4an you !ist 1 )u!nerabi!ity corres ondin& to each of the @SI !ayer? 1:) ,hat are honey ots? 1C) Te!! about any of the ma8or security incident that ha ened recent!y# 2E) .ow do you (ee yourse!f u dated with !atest trends in Information Security? 21) ,hich @S do you fee! is more secure? 7inu" or ,indows? 22) -" !ain in brief, 9u!ti =actor authentication#
23) -" !ain in short how Herberos wor(s# 24) .ow to harden a ,indows 9achine? 25) .ow to harden a 7inu" 9achine? 26) .ow can you re)ent ;@S>;;@S attac(? 27) ,hat is a E$;ay Fu!nerabi!ity? 4an it be re)ented? 2:) ,hat is the bi&&est difference between ,indows @S and 7inu" @S? 2C) 4an an I;S be used to re)ent intrusions? '/ns is yes, e"$ SB@6T, one of the o en source I;S if confi&ured in in$!ine mode in con8unction with I<Tab!es, it can act as I<S) 3E) -" !ain any ty e of ,i$=i /ttac( and how to re)ent it# 31) ,hat is SI-9? ,hy it is usefu!? 32) ,hat is rainbow attac(? Is there a way to re)ent it? 33) -" !ain the difference between hub, switch and router# 34) ,hat do you mean by re)erse she!! in 7inu"? 35) -" !ain fi!e /472s ' ermissions) in 7inu"# ,hat is the use of stic(y bit? 36) ,hat is B/T and </T? -" !ain difference between them and how do they wor(# 37) 4omment on security concerns in 4!oud 4om utin&# 3:) ,hat is the use of Dsa!t2 in reference to asswords? /re there any !imitations of usin& it? 3C) ,hat is sin&!e si&n$on? ,hat are security ris(s with it? Category II: VA/PT 1) ,hat is the difference between Fu!nerabi!ity /ssessment and <enetration Testin&? ,hich one needs to be erformed first? 2) ,hat are the ste s to erform F/><T? 3) ,hat recautions are re1uired to be ta(en whi!e erformin& F/><T? 4) ,ith whom wou!d you share the findin&s of F/><T and how wou!d you con)ey the ris( of the findin&s effecti)e!y so that miti&ation can be initiated immediate!y? 5) ,hat too!s do you norma!!y use for F/ and <T? ,hich too! you find the best and why? 6) ,hat a!! shou!d be inc!uded in re ort of F/><T assessment? 7) Is it ossib!e to hac( into a system without usin& any too!? If yes, how wou!d you do it? '9anua!!y?) :) .ow can you identify whether a remote machine is a ,indows 9achine or 7inu" 9achine? C) ,hat is the difference between acti)e and assi)e information &atherin&? '&i)e 1 e"am !e of each) 1E) .ow does sniffin& wor(s? -" !ain how can you sniff into a networ(# 4an sniffin& attac( be re)ented and how? 11) ,hat wou!d you do if nma ort scans are b!oc(ed by networ( security administrator? .ow wou!d you &ather host information in such case? 12) ,hat are the different com onents of metas !oit? -" !ain c!ient side e" !oits>attac(s# Category III: 1) ,hy is ,eb / e! Application Security !ication Security Im ortant?
2) *9a(in& the website .TT<S wou!d ma(e it secure+ share your comments on this# 3) ,hat are coo(ies? ,hat security threat do they ose? 4) ,hat is SI7 In8ection attac(? ,hat are its ty es?
1E
5) ,hat are the ways to re)ent SI7 In8ection? 6) ,hat is JSS attac(? ,hat are its ty es? 7) ,hat are the ways to re)ent JSS attac(s? :) ,hat is 4S6=? .ow to re)ent it? C) ,hat are the to 5 ,eb / !ication Fu!nerabi!ities you (now? !ication )u!nerabi!ity and you a!so 1E) -" !ain any case wherein you found some critica! web a ro)ided so!ution to fi" the same# 11) .ow wou!d you miti&ate )u!nerabi!ities in a !e&acy a feasib!e? 12) ,hat too!s do you use for erformin& ,eb / 13) .ow do you test security for web ser)ices? 14) ,hat is the difference between ,hite 0o" / Security testin&? 15) ;o you ha)e hands on (now!ed&e of source code re)iew? Ki)e any e"am !e of )u!nerabi!ity>bu& you found durin& source code re)iew# 16) ,hat standards do you refer for ,eb / !ication Security and re!ated )u!nerabi!ities? !ication a&ainst common attac(s? If yes, then to 17) ,hat are the most im ortant ste s you wou!d recommend to secure your new web ser)er? 1:) ,i!! 7$3 firewa!! be usefu! in rotectin& the web a what e"tent? 1C) ,hat is ;irectory 7istin&? ,hat is its im act? .ow to re)ent it? 2E) 4an you e" !ain any 2 )u!nerabi!ities occurrin& due to oor session mana&ement? 21) ,here shou!d be the ,eb Ser)er and ;atabase ser)er !aced in networ( for o tima! security? 21) Is there any ris( when conductin& / some )u!nerabi!ity in your web a !ication Security testin& on roduction instance? 22) .ow wou!d you in)esti&ate or trace any security incident which occurred due to e" !oitation of !ication? !ication for security )u!nerabi!ities? !ication? 23) <!ease e" !ain how wou!d you test a mobi!e a !ication Security testin& and 0!ac(bo" / !ication !ication security testin&? !ication where much of code chan&e is not
24) -" !ain about ;atabase Security# ,hat are common contro!s for securin& ;atabases# 25) .ow wou!d you con)ince the de)e!o er to fi" the )u!nerabi!ities you found in the ,eb / 26) .ow does .TT< hand!es state? Category IV: "isk #anage$ent/ Co$pliance/ Security %ra$eworks 1) ,hat is 6is( /ssessment and 6is( 9ana&ement? /re they same? 2) ,hat are the standards a)ai!ab!e for 6is( 9ana&ement? 3) ,hat are the ty es of 6is(s? 4) ,hat are the ossib!e ways to treat the ris(? 5) ,hat is the difference between threat, )u!nerabi!ity , e" !oit and ris(? 5) ,hat is residua! ris(? 4an it be e!iminated? 6) ,hat is IS@ 27EE1? ,hy an or&aniGation shou!d ado t it? 7) ,hat is the difference between IS@ 27EE1 and IS@ 27EE2? :) ,hat is <4I$;SS? Is there any simi!arity between <4I$;SS and IS@27EE1? C) ,hat ty e of or&aniGations are re1uired to be com !iant with <4I$;SS?
11
1E) ,hat is the difference between a standard, o!icy, rocedure? 11) ,hat wou!d you do to ma(e security ro&ram > initiati)e successfu! in the or&aniGation? 12) .ow wou!d you con)ince the senior mana&ement to in)est in certain security initiati)e? 13) .ow much wou!d you idea!!y s end on securin& a ,indows Ser)er? 'This is a )ery &eneric 1uestion, but wou!d rea!!y test whether the candidate is c!ear with the basics !i(e asset )a!ue, im act ana!ysis etc) 14) ,hat is the difference between technica! contro!s and rocedura! contro!s? '&i)e 1 e"am !e of each) 15) -" !ain hi&h !e)e! ste s for initiatin& and im !ementin& IS@27EE1# Category V: Strategic / Scenario &ase' (uestions 1) <!ease comment3 ,hich one wou!d be more secure!y bui!t? @ en Source software or 4ommercia!><ro rietary software? 2) ,hom do you &et ins ired from in the fie!d of Information Security? 3) .ow many ac(ets wou!d tra)e! from a !a to if a user initiates a traceroute to faceboo(#com? 4) 4onsider a scenario, the networ( has become e"treme!y s!ow, there are many esca!ations comin& to ser)ice des(, what wou!d you do a as security rofessiona!? ;o you see a ossibi!ity of any security threat in this? .ow wou!d you face this situation? 5) Su ose business team wants to !aunch an a !ication or ur&ent basis, but you (now its )u!nerab!e to some critica! attac(s, what wou!d you do in such case? Shou!d business re1uirement be &i)en riority or security shou!d be the riority? 6) ,hat are the !atest trends in Information Security? 7) Is Internet 0an(in& rea!!y safe and secure? ,hat are your )iews on this? :) ,here do you see yourse!f 'in which ro!e> osition) after 3$4 years? C) Shou!d socia! networ(in& websites '!i(e faceboo() be a!!owed or b!oc(ed? Lustify with ro er reason# 1E) /nonymous hac(ers are hac(in& into some critica! infrastructure around the wor!d# 4an you comment on how wou!d they be doin& this? 11) .a)e you heard about stu"net? -" !ain your )iews on it and how cou!d it ha)e been re)ented? Category VI: Co$puter %orensics/)aws 1) ,hat do you mean by chec(sum? ,hat are the o u!ar a!&orithms for ca!cu!atin& chec(sums? ,hat is its si&nificance in com uter forensics? 2) ;escribe ste&ano&ra hy, its ty es and how to detect it? 3) ,hat do you mean by fi!e car)in&? 4) ,hat is meant by bit stream ima&e? ,hy it is im ortant in forensics? 5) ,hat is swa s ace? ,hat is its re!e)ance in forensics? ,hat is a&e fi!e? 6) -" !ain hi&h !e)e! ste s for seiGin& a !i)e com uter system# 7) ,hat are the main cha!!en&es in com uter forensics? :) ,hat is fi!e shreddin&? C) 4an data be reco)ered after shreddin& is erformed? 1E) ,hat are the famous too!s used in com uter forensics? 11) ,hat hardware is necessary for erformin& com uter forensics?
12
12) ,hat care shou!d be ta(en whi!e ac(a&in& the seiGed e)idence? 13) ,hat is s!ac( s ace? 14) 7ist few situations wherein !ost data cannot be reco)ered# 15) .ow wou!d you traced a s oofed emai! sent from s oofed I< address?
13