1. What is the difference between TCP and UDP?
2. What are the TCP Flags/where do we find TCP Flags?
3. What are the layers of the OSI model?
4. Describe the 3-way handshake process?
5. What is the role of a sequence number in a 3-way handshake?
6. Describe the functions of the TCP flags?
7. What is a TCP window size? And what does it do?
8. What is DNS and what port does it use?
9. What is DNS over TCP used for?
10. What is ICMP and what port does it use?
11. Explain the use of tracert/traceroute?
12. What is a host file in terms of DNS?
13. What is a loopback address and what is a non-routable address
14. What is the difference between a local account and a Domain account
15. What is ARP and what is an ARP table?
16. How can ARP be manipulated by an attacker?
17. How can ARP poisoning occur in technical terms?
18. What is SNMP?
19. Can you tell me a DOS technique?
20. What services and protocols are used to carry out DOS attacks?
21. What is the difference between a DOS and a DDOS attack?
22. What is a SQL injection attack?
23. How can you identify a SQL injection attack?
24. What are some of the technique's organizations can use to prevent SQL injection?
25. What is the difference between a persistence and reflective cross site scripting attack?
26. What is a buffer overflow and how can a buffer overflow be detected on the network? It is a Software coding error or vulnerability that can be exploited by hackers to gain access to the organization network. We can detect it using a NGF , Or HIDS .
27. What is the difference between a stack overflow and a heap overflow?
28. What are some defenses against buffer overflow? Input validation
29. What is the difference between encryption, Encoding and hashing?
30. What is a network service that uses encryption?
31. What method can be used to get a plain text from a hash?
32. What is the difference between asymmetric and symmetric encryption?
33. What is the Diffie Herman key exchange?
34. How does a port scan work?
35. How does a port scan identify open ports?
36. What is port scanning?
37. How to identify port scanning:
38. How to prevent port scanning:
39. How can tools like NMAP identify specific versions of the operating system running on a targeted host?
40. What is the difference between an IDS and an IPS?
41. Can you give me a recent significant vulnerability?
42. What is an APT?
43. What differentiates an APT from other threat actors?
44. Explain what you know about cloud technology
45. How do organizations defend zero-day attacks if there is no patch available for that vulnerability?
46. What is the CIA triad?
47. What do you know about PKI and how does it work?
48. What is the cyber kill chain?
49. What is the MITRE Framework?
50. What is Splunk and how does it work?
51. What experience do you have in Splunk?
52. What does SPL stand for?
53. What function will you use ton lay out data in a table format in Splunk?
54. How will you filter out a stream of network traffic inside Wireshark?
55. What is NMAP and what will you use it for?
56. What is NESSUS used for and how does it work?
57. What is a rainbow table?

SCENARIO BASED QUESTIONS

1. How would you triage a suspicious outbound DNS request?
2. Why would you get an alert from a previously blocked domain on the same device? And what level of the cyber kill chain will this attack fall under?
3. You identified an alert is at the Command-and-Control stage how do you identify what malware was installed?
4. Is there a recent investigation that you have done that you can work me through?
5. How do you test the functionality of a network device?
6. What are the ports and protocols engaged when you run a command ping? How does ping work on the network layer?
7. How will an administrator block the ping command at the network layer?
8. Could you tell me about an interesting incident you took part in? What was the incident? What was your role, and how was it resolved? I was thinking of using my network scenario here
9. You receive an alert for a server communicating with an IP with a malicious reputation. How do you approach the problem?
10. You mentioned that as a Cybersecurity Analyst part of your job was providing mitigation strategies. Could you give me an example of some of the strategies that you have recommended or implemented?
11. You receive an alert for a potentially malicious URL click made by a user. How would you investigate this? What steps would you take?
12. What is your incident response experience? Can I give the 6 incidence response step here and an explanation
13. What is your ticket handling experience?
14. What is your malware analysis experience?
15. What is your experience with Raw Logs?
16. What is your experience with Threat Intelligence?
17. What was the most difficult alert you responded to and how did you respond to it? Can I use the SCenario of the client refusing to block the IP but after doing more research and involving the manager the IP was blocked
18. What are some of the different security events you have responded to?

1. What is your security tuning experience, if any? explain if you have
2. What is your engineering experience, if any?
3. Have you done PCAP analysis? If so, explain
4. What are you most proud of in your career so far?
5. How have you used Splunk in your environment? Give a detailed overview because this are most used tool in my company