Top 12 Security Information Analyst Interview Questions
Top 12 Security Information Analyst Interview Questions
Top 12 Security Information Analyst Interview Questions
com/
2) Mention what is data leakage? What are the factors that can cause data leakage?
The separation or departing of IP from its intended place of storage is known as data leakage.
The factors that are responsible for data leakage can be
1/4
https://career.guru99.com/
80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain
local while 20% is routed towards a remote network.
5) Mention what are personal traits you should consider protecting data?
6) Mention what is WEP cracking? What are the types of WEP cracking?
WEP cracking is the method of exploiting security vulnerabilities in wireless networks and
gaining unauthorized access. There are basically two types of cracks
2/4
https://career.guru99.com/
Active cracking: Until the WEP security has been cracked this type of cracking has no
effect on the network traffic.
Passive cracking: It is easy to detect compared to passive cracking. This type of attack
has increased load effect on the network traffic.
Aircrack
WEPCrack
Kismet
WebDecrypt
Phishing is a technique that deceit people to obtain data from users. The social engineer tries
to impersonate genuine website webpage like yahoo or face-book and will ask the user to enter
their password and account ID.
It can be prevented by
The common weakness or vulnerabilities that the web server can take an advantage of are
Default settings
Misconfiguration
Bugs in operating system and web servers
10) List out the techniques used to prevent web server attacks?
Patch Management
Secure installation and configuration of the O.S
Safe installation and configuration of the web server software
Scanning system vulnerability
Anti-virus and firewalls
Remote administration disabling
Removing of unused and default account
3/4
https://career.guru99.com/
12) How can an institute or a company can safeguard himself from SQL injection?
An organization can rely on following methods to guard themselves against SQL injection
Sanitize user input: User input should be never trusted it must be sanitized before it is
used
Stored procedures: These can encapsulate the SQL statements and treat all input as
parameters
Regular expressions: Detecting and dumping harmful code before executing SQL
statements
Database connection user access rights: Only necessary and limited access right
should be given to accounts used to connect to the database
Error messages: Error message should not be specific telling where exactly the error
occurred it should be more generalized.
4/4
Powered by TCPDF (www.tcpdf.org)