Infosec Interview Q&A, Info
About
This is a collection of Infosec questions and information that helped me. This can also be used to refresh your knowledge or learn new concepts at your current position.
Why make this?
- I had a lot of notes and this helped me organize them - might as well give back to the community
- This may help someone prepare for an interview or refresh their knowledge
This is available in web form here for now. I will make this a dedicated site later on. https://iloveicedgreentea.github.io/infosec-info-and-interview-questions/
This is meant to be comprehensive so feel free to contribute anything related to infosec. This includes good devops practices such as securing IAM, CD pipelines, etc. Good devops is security.
Features
- PR and Issue Templates
- Link checks via awesome_bot
TODO: Serve from /docs, add to domain TODO: GH Actions for style guide, spell check
Contributing
Table Of Contents
General Information
Interview tips, news sources, how to get info, general concepts, etc. Any misc info goes here.
Cloud Security
Cloud security
OSI
Basics of the OSI layers with examples
OS
Operating system facts and basics
Containers
Containers facts and basics
Shell
Bash, shell scripting, simple shell tools
Networking
Networking basics, ports, network security, http, and anything else relating to networks
IAM
IAM and related concepts - SSO
Compliance
PCI-DSS, HIPAA, SOX, etc. Anything GRC related goes here.
SIEMs
All SIEM related content - Splunk, ES
Cryptography
AES, SHA, ECDHE, Cryptanalysis, TLS, HTTP, all the acronyms you need to know
Generic Attacks
Buffer Overflows, MITM, the basics of attacks you should know. Anything specific will be in another section e.g AD attacks will be in the Active Directory page.
Social Engineering
Active Directory
AD basics, red team concepts for AD
License
This project is licensed under the CC BY-NC-SA 4.0 license. https://creativecommons.org/licenses/by-nc-sa/4.0/
Here are the basic concepts in plain english.
Permitted items:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material
Required items:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
Forbidden items:
- NonCommercial — You may not use the material for commercial purposes.
Why this license?
I want to make this freely available but I don’t want non-contributing entities to profit from it. I put a lot of thought into the licensing model and this is the best one I could find for this kind of data.
I see hard work from infosec blogs and guides getting ripped off by “bloggers” and mixed with ads. This is not okay. First of all, all ads are malware, by definition. Secondly, I am not going to profit from this, nor do I want to, so neither should anyone else especially if they did nothing to contribute. This is especially true because very little information is a de facto “new work”. Almost all thoughts, ideas, and creations build upon previous works or knowledge. This principle is the idea behind copyright expiration. For example, a certain highly litigious media company could not have made a movie about a princess and a bunch of dwarfs had the original work not entered the public domain.
TL;DR - Share this repo, contribute, just don’t sell or profit from this.
Sources
Some of these questions are original, some of them are based on or taken from various blogs. If you took any information from a linkable source, it should be listed here. If something isn’t linked, it doesn’t mean it was just taken out of thin air. It’s not really worth linking reddit or wikipedia if you aren’t reproducing content in whole, e.g, an entire comment or paragraph.
https://resources.infosecinstitute.com/top-50-information-security-interview-questions/
https://danielmiessler.com/study/infosec_interview_questions/