Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now
Uncategorised

Interview Questions & Answer for Security and DevSecOps Complete Guide

July 24, 2021 comments off

Table of Contents

Security

What is DevSecOps? What its core principals?

What security techniques are you familiar with? (or what security techniques have you used in the past?)

What the “Zero Trust” concept means? How Organizations deal with it?

Explain Authentication and Authorization

How do you manage sensitive information (like passwords) in different tools and platforms?

Explain what is Single Sign-On

Explain MFA (Multi-Factor Authentication)

Explain RBAC (Role-based Access Control)

Security – Web

What is Nonce?

Security – SSH

What is SSH how does it work?

What is the role of an SSH key?

Security Cryptography

Explain Symmetrical encryption

Explain Asymmetrical encryption

What is “Key Exchange” (or “key establishment”) in cryptography?

True or False? The symmetrical encryption is making use of public and private keys where the private key is used to decrypt the data encrypted with a public key

True or False? The private key can be mathematically computed from a public key

True or False? In the case of SSH, asymmetrical encryption is not used to the entire SSH session

What is Hashing?

How hashes are part of SSH?

Explain the following:

  • Vulnerability
  • Exploits
  • Risk
  • Threat

Are you familiar with “OWASP top 10”?

What is XSS?

What is an SQL injection? How to manage it?

What is Certification Authority?

How do you identify and manage vulnerabilities?

Explain “Privilege Restriction”

How HTTPS is different from HTTP?

What types of firewalls are there?

What is DDoS attack? How do you deal with it?

What is port scanning? When is it used?

What is the difference between asynchronous and synchronous encryption?

Explain Man-in-the-middle attack

Explain CVE and CVSS

What is ARP Poisoning?

Describe how do you secure public repositories

How do cookies work?

What is DNS Spoofing? How to prevent it?

What can you tell me about Stuxnet?

What can you tell me about the BootHole vulnerability?

What can you tell me about Spectre?

Explain OAuth

Explain “Format String Vulnerability”

Explain DMZ

Explain TLS

What is CSRF? How to handle CSRF?

Explain HTTP Header Injection vulnerability

What security sources are you using to keep updated on latest news?

What TCP and UDP vulnerabilities are you familiar with?

Do using VLANs contribute to network security?

What are some examples of security architecture requirements?

What is air-gapped network (or air-gapped environment)? What its advantages and disadvantages?

Explain what is Buffer Overflow

Containers

What security measures are you taking when dealing with containers?

Explain what is Docker Bench

Explain MAC flooding attack

What is port flooding?

What is “Diffie-Hellman key exchange” and how does it work?

Explain “Forward Secrecy”

What is Cache Poisoned Denial of Service?

Security – Threats

Explain “Advanced persistent threat (APT)”

What is a “Backdoor” in information security?

Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)