Computer Security Interview Questions & Answers

Computer Security Interview Questions

Are you preparing for Computer Security job interview? If yes, then we’ve a solution to win your ideal job. Cybersecurity, computer security or IT security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. If you are expertise at Computer Security then there are several opportunities for the roles like Software Assurance - IT Security Engineer, Cyber Security Analyst, IT Security Consultant, Cyber Security Threat Hunter and many other roles too. Looking for a job can be stressful and tiring, especially if you don’t know how to apply and where to search and how prepare well for the job interviews. To avoid this confusion, we’ve framed Computer Security job interview questions and answers to simplify your interview preparation. For more details you can visit to


Computer Security Interview Questions And Answers

Computer Security Interview Questions
    1. Question 1. How Can I Secure My Client Computers Against My Users?

      Answer :

      One way to make it harder for the local user to do any harm to the system is to have a local PC without any hard disk or floppy disk. To boot, the system will need to talk to a boot server over the network.

    2. Question 2. What Is A Firewall?

      Answer :

      A Firewall is software that blocks unauthorized users from connecting to your computer. All computers at Bank Street are protected by a firewall which is monitored and updated by CIS.

    3. Question 3. What Is Spyware?

      Answer :

      Spyware is software that is installed without your knowledge. The purpose of Spyware is to monitor your computing activities and report this data back to companies for marketing purposes. Besides being an invasion of privacy, this software can cause serious performance issues.

    4. Question 4. How Can I Avoid Computer Viruses?

      Answer :

      Most viruses travel through email or internet downloads. Never open attachments from unknown senders and be very cautious when downloading software from internet sources.

    5. Question 5. What Are Privileges (user Rights)?

      Answer :

      A privilege is used to control access to a service or object more strictly than is normal with discretionary access control.

    6. Question 6. What Is Computer Impersonation?

      Answer :

      Impersonation is the ability of a thread to execute in a security context other than from that of the process that owns the thread. This enables a server to act on behalf of a client to access its own objects.

    7. Question 7. How Can I Protect My Home Computer?

      Answer :

      The best way to protect your personal computer is to install Anti­Virus and Firewall software. CIS does not support home computers however below are some helpful links to information about safeguarding your computer at home.

    8. Question 8. What Is An Acl (access Control List)?

      Answer :

      An ACL is a list of ACEs.

    9. Question 9. What Makes A Strong Password?

      Answer :

      Strong passwords are longer than six characters, contains letters and numbers and even capital letters. Of course a password is useless if you forget it, but remember that using your birth date or name makes you an easy target for hackers.

    10. Question 10. How Can I Avoid Spyware?

      Answer :

      Most Spyware comes from free internet downloads such as screensavers and Peer­to­Peer programs (Kazaa, LimeWire, etc). The only way to avoid Spyware is to not install any of these malicious programs.

    11. Question 11. I Have Been Hearing A Lot About Firewalls, But I Am Not Sure What It Is Or If I Need It. Can You Help?

      Answer :

      A firewall is basically a software program that allows you full access to the Internet and/or your network, while restricting access to your computer system from outside intrusions.

      Internet users are extremely vulnerable to hackers, especially if you have cable or ADSL access to the Internet. You definitely need to protect your computer system.

      Once you install a firewall, you’ll be amazed at how many attempts to access your computer are blocked by your firewall.

      Hackers can directly access your computer system by installing programs such as a key logger that can read every keystroke you make. This information is recorded and sent back to the hacker. Private information such as passwords and credit card numbers can easily be stolen.

      A key logger is a small software program that quietly runs in the background.

      As these programs quite often run in DOS, you will most­likely never realize it’s running. However, you can see if a key logger is running by pressing ‘control’ – ‘alt’ – ‘delete’ on your keyboard. This will launch a window that contains a list of all the programs currently running on your system. Review the list and watch for programs you don’t recognize.

      If you really want to keep your computer safe, I recommend the following:

      1. Purchase a good virus program and keep it updated
      2. Purchase a good firewall program and keep it updated
      3. Purchase a program like Pest Patrol and keep it updated

    12. Question 12. What Is A Sid (security Id)?

      Answer :

      SID stands for Security Identifier and is an internal value used to uniquely identify a user or a group.

      A SID contain:

      • User and group security descriptors
      • 48­bit ID authority
      • Revision level
      • Variable subauthority values

    13. Question 13. Use The Out Put From Any Network Security Scanner, Which Ever Network Security Scanner Is Used By The Interviewer And Ask The Interviewee To Interpret The Results.what Does The Scanner Output Say, How Would They Use The Information, And How Would They Break The Information Down For The System Administrators?

      Answer :

      This lets the interviewer determine how well the interviewee can interpret and voice back the results of a security scan, and how well they can communicate. The interviewer should already have worked with the scanner, its output, and should be able to work with the interviewee to determine the finer points of the data presented.

    14. Question 14. What Is Srm (security Reference Monitor)?

      Answer :

      The Security Reference Monitor is the kernel mode component that does the actual access validation, as well as audit generation.

    15. Question 15. What Is An Ace (access Control Entry)?

      Answer :

      Access­Control Entries that is used to build Access­Control Lists (ACLs).

      Each ACE contains the following information:

      • A SID, that identifies the trustee. A trustee can be a user account, group account, or a logon account for a program such as a Windows NT service.
      • An access mask specifying access rights controlled by the ACE.
      • Flags that indicates the type of ACE and flags that determine whether other objects or containers can inherit the ACE from the primary object to which the ACL is attached.

    16. Question 16. What Is Sam (security Account Manager)?

      Answer :

      SAM stands for Security Account Manager and is the one who maintains the security database, stored in the registry under HKLMSAM. It serves the Local Security Authority (LSA) with SIDs. The SAM maintains the user account database.

    17. Question 17. What Is An Access Token?

      Answer :

      Each process has an associated access token which is used by the system to verify whether the process should be granted access to a particular object or not. The access token consists of a user SID, a list of group SIDs representing the groups the user belongs to, and a list of user rights (privileges) the user is blessed with.

    18. Question 18. Are There Any Known Problems With The Screen Saver / Screen Lock Program?

      Answer :

      Yes. In version 3.5 and 3.51, if the administrator decide to kick a user off, then the admin has a small time window to see the content of the users current screen and desktop.

    19. Question 19. What Is Authenticode?

      Answer :

      Authenticode is a way to ensure users that code they download from the net has not been tampered with and gives the code an etched in ID of the software publisher. Microsoft is pushing this as a new way of getting better security into software distribution over the net

    20. Question 20. Is It Possible To Use Packet Filters On An Nt Machine?

      Answer :

      NT 4 comes with built­in support for packet filtering. It is a simple but still usable filtering function that the administrator can configure to just let some IP packets reach the actual applications running on the system.

      You find configuration panel for the filtering function on “Control Panel­ >Network­>TCP/IP­>Services­>Advanced­>Security”

      Be aware that this simple filtering mechanism is not a substitute for a real firewall since it cannot do advanced stuff like protection against ip­spoofing, etc.

    21. Question 21. Can My Page File Hold Sensitive Data?

      Answer :

      It can. Memory pages are swapped or paged to disk when an application needs physical memory. Even though the page file (see Control Panel­>System­ >Performance­>Virtual Memory) is not accessible while the system is running, it can be accessed by, for example, booting another OS.

      There is a registry key that can be created so that the memory manager clears the page file when the system goes down:

      • HKLMSYSTEMCurrentControlSetControlSession
      • ManagerMemoryManagementClearPageFileAtShutdown: 1

      Note that the clearing of the page file only is done when the system is brought down in a controlled fashion. If the machine is just switched off or brought  down in any other brute way, of course no clearing will be performed.

    22. Question 22. What Is A Null Session?

      Answer :

      A NULL session connection, also known as Anonymous Logon, is a way of letting a not logged on user to retrieve information such as user names and shares over the network. It is used by applications such as explorer.exe to enumerate shares on remote servers. The sad part is that it lets non­authorized users to do more than that. Particularly interesting is remote registry access, where the NULL session user has the same permissions as built­in group Everyone.

      With SP3 for NT4.0 or a fix for NT3.51, a system administrator can restrict the NULL session access, see $$$: Q143474. With this fix, a new well­known SID is defined, named “Authenticated Users”, which is Everyone except NULL session connected users. Replacing Everyone in all ACLs on the machine with this Authenticated User would be a good thing.

      To do this in a controlled fashion, one can use cacls.exe for the file system, but have to rely on some third party product for the registry ACLs. Using explorer.exe/winfile.exe or regedt32.exe will most certainly break the system. The cause for this is that these tools replace the ACL instead of editing it.

    23. Question 23. What Is Shutdown.exe?

      Answer :

      There are a bug in the utility shutdown.exe that are part of the NT Resource Kit. That bug disables the screen saver on a remote machine

    24. Question 24. What Servers Have Tcp Ports Opened On My Nt System? Or: Is Netstat Broken?

      Answer :

      Normally, the netstat program should report information on the status of the networking connections, routing information, etc. With the option ­A or ­a, it should list all TCP and UDP available connections and servers that are accepting connection. On Windows NT, even though the documentation states otherwise, this is not the case.

      There are no simple way to check what services that are running with TCP ports opened to accept connections. Currently the only way to get some information about this is to use a port scanner program and test through each TCP port on the NT machine. This is not a fool proof way of dealing with the problem.

      This is a serious problem if you plan to have NT based computers in the firewall environment. You cannot easily hardened them to become bastion hosts, since you are not confident what types of network services that might be reachable from the outside.

      It is a confirmed bug in Windows NT 3.5, 3.51 and 4.0. I do not expect Microsoft to fix it soon enough.

      Update: netstat.exe is fixed as of NT4 SP3, but it still shows some strange behavior. For example, on a moderately loaded machine, you can find numerous duplicates of open connections. 

    25. Question 25. What Are The Security Issues Related To Odbc Usage?

      Answer :

      There are several security issues related to ODBC usage :

      • Add hooks
      • Tracing ODBC connections

      Any call with indirections, such as calls to ODBC data sources, are possible to intercept by attaching to pre­made hooks. By tracing ODBC connections, which is a completely legitime thing to do during software development, you can get access to sensitive data, such as user name for the connected database.

    26. Question 26. What Is Cryptoapi?

      Answer :

      CryptoAPI is a set of encryption APIs that allow developers to develop applications that work securely over non­secure networks, such as the Internet. CryptoAPI is shipped with NT version 4 and the Internet Explorer 3.0. Version 2.0 of CryptoAPI comes with SP3 for NT4.

    27. Question 27. Are Cgi Scripts Insecure?

      Answer :

      CGI scripts are a major source of security holes. Although the CGI (Common Gateway Interface) protocol is not inherently insecure, CGI scripts must be written with just as much care as the server itself. Unfortunately some scripts fall short of this standard and trusting Web administrators install them at their sites without realizing the problems.

    28. Question 28. What Do You See As Challenges To Successfully Deploying/monitoring Web Intrusion Detection?

      Answer :

      We are attempting to see if the applicant has a wide knowledge of web security monitoring and IDS issues such as:

      • Limitations of NIDS for web monitoring (SSL, semantic issues with understanding HTTP)
      • Proper logging – increasing the verboseness of logging (Mod_Security audit_log)
      • Remote Centralized Logging
      • Alerting Mechanisms
      • Updating Signatures/Policies

    29. Question 29. What Do You See As The Most Critical And Current Threats Affecting Internet Accessible Websites?

      Answer :

      To gauge the applicant’s knowledge of current web related threats. Topics such as Denial of Service, Brute Force, Buffer Overflows, and Input Validation are all relevant topics. Hopefully they will mention information provided by web security organizations such as the Web Application Security Consortium (WASC) or the Open Web Application Security Project (OWASP).

    30. Question 30. What Is The Hfnetchk Security Tool?

      Answer :

      The HFNetChk Security Tool is a tool released by Microsoft that aids system administrators in the task of maintaining security across Windows­based servers; it is a command­line tool that enables the administrator to check the patch status of all the machines in a network from a central location. The HFNetChk Security Tool page on TechNet provides more information and instructions for download.

    31. Question 31. What Is The Urlscan Security Tool?

      Answer :

      Urlscan is a powerful IIS security tool that works in conjunction with the IIS Lockdown Tool to give IIS Web site administrators the ability to restrict certain HTTP requests that the server will process, and thus prevents potentially harmful requests from reaching the server and causing damage. The URLScan Security Tool page on Microsoft TechNet describes its features and usage, provides answers to common questions, and details steps for download and installation.

    32. Question 32. What Are The Most Important Steps You Would Recommend For Securing A New Web Server? Web Application?

      Answer :

      Web Server Security:

      • Update/Patch the web server software
      • Minimize the server functionality – disable extra modules
      • Delete default data/scripts
      • Increase logging verboseness
      • Update Permissions/Ownership of files
      • Web Application Security:
      • Make sure Input Validation is enforced within the code – Security QA testing
      • Configured to display generic error messages
      • Implement a software security policy
      • Remove or protect hidden files and directories

    33. Question 33. What Are Some Examples Of You How You Would Attempt To Gain Access?

      Answer :

      They may attempt default usernames/passwords or attempt SQL Injection queries that provide an SQL true statement (such as – ‘ OR 1=1#). If they provide SQL examples, then offer them the following Error document information and ask them what this indicates.

      ODBC Error Code = 37000 (Syntax error or access violation) 

      [Microsoft][ODBC SQL Server Driver][SQL Server]Line 4: Incorrect syntax near ‘=’.  

      Data Source = “ECommerceTheArchSupport2”

      SQL = “SELECT QuickJump_Items.ItemId FROM QuickJump_Items WHERE

      QuickJump_Items.ItemId <> 0 AND QuickJumpId =”

      The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (1:1) to (1:42) in the template file K:InetPubclientsloginhttpailment.cfm

      The specific sequence of files included or processed is:


      This error message indicates that the target web application if running Microsoft SQL and discloses directory structures

    34. Question 34. What Is The Security Threat Level Today At The Internet Storm Center (isc)?

      Answer :

      For the interviewer the URL is and is usually green. The reason for asking the question is to find out if the candidate is on top of what the internet looks like today. You can substitute the ISS rating one through five which is usually one, but most security folks know about the ISC and will spend time there.

    35. Question 35. Explain About User Security?

      Answer :

      Users are susceptible to a number of attacks, such as dictionary password guessing. In Windows NT, one way to protect against those types of attacks is to set the number of failed logins before disabling the account temporary or until the system manager manually enables it again.

    36. Question 36. How Do I Get My Computer C2 Level Security, Or, What Is C2config?

      Answer :

      On the CD­ROM that is included in the NT Resource Kit, there is a program called c2config that can be used for tighten the security of a NT based computer.

      Be aware, that c2config will not work well on systems with localized environment, e.g. a german NT that uses ACLs in german, not in english.

    37. Question 37. Is Nt Susceptible To Syn Flood Attacks?

      Answer :

      Yes. To my knowledge, all IP based systems are possible victims for the attack.

    38. Question 38. What Are Giant Packets? Or, Is Windows Nt Susceptible To The Ping Attack?

      Answer :

      There are mixed reports whether or not NT is vulnerable to this attack. By using ping to send a large packet to certain systems, they might hang or crash.

      Windows NT 3.51 seem to be vulnerable to this attack. A knowledge base article, Q132470, describes symptoms in Windows NT 3.51, and also include a pointer to a patch for this problem

    39. Question 39. What Should I Think About When Using Snmp?

      Answer :

      In other SNMP­ enabled machines you can configure both an write and a read community name. On a Windows NT system you can only set one. Not having a community name does not disable the service, as one might expect.

    40. Question 40. What Ports Must I Enable To Let Nbt (netbios Over Tcp/ip) Through My Firewall?

      Answer :

      First of all, you should really, really reconsider if this is such a good idea to let NBT traffic through your firewall. Especially if the firewall is between your internal network and Internet. 

      The problem with NBT is that at once you open it up through the firewall, people will have potential access to all NetBios services, not just a selection of them, such as printing.

      The following is a list of the ports used by NBT:

      • netbios­ns 137/tcp NETBIOS Name Service
      • netbios­ns 137/udp NETBIOS Name Service
      • netbios­dgm 138/tcp NETBIOS Datagram Service
      • netbios­dgm 138/udp NETBIOS Datagram Service
      • netbios­ssn 139/tcp NETBIOS Session Service
      • netbios­ssn 139/udp NETBIOS Session Service

    41. Question 41. What Is The Microsoft Baseline Security Analyzer?

      Answer :

      The Microsoft Baseline Security Analyzer (MBSA) is a graphical and commandline interface developed by Microsoft that can perform local or remote scans of Windows systems, assessing any missing hotfixes and vulnerabilities in certain Microsoft products.

    42. Question 42. What Is The Iis Lockdown Tool?

      Answer :

      This tool is part of the IIS Lockdown Wizard and it works by turning off unnecessary features of the IIS server and thereby reducing the attack surface available to an attacker. This tool also works in conjunction with URLscan to provide multiple layers of defense and protection. See the IIS Lockdown Tool page on TechNet describes its features and characteristics as well as provides steps for download and setup.

    43. Question 43. How Do I Secure Windows 2000 And Iis 5.0?

      Answer :

      Security is a huge concern for anyone involved in business processes, management, and administration. A good resource of information on maintaining security in Windows 2000 and IIS is the security section of the Windows 2000 site. Also see Internet Information Services (IIS) on the Microsoft TechNet site, where you can find information on securing IIS servers in addition to resources that will help you maintain a secure system and stay current with any releases, updates, and tools.

    44. Question 44. Are Server ­side Includes Insecure?

      Answer :

      Server side includes, snippets of server directives embedded in HTML documents, are another potential hole. A subset of the directives available in server­side includes instruct the server to execute arbitrary system commands and CGI scripts. Unless the author is aware of the potential problems it’s easy to introduce unintentional side effects. Unfortunately, HTML files containing dangerous server­side includes are seductively easy to write. Some servers, including Apache and NCSA, allow the Web master to selectively disable the types of includes that can execute arbitrary commands.

Popular Interview Questions

All Interview Questions

Computer Security Practice Test

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

Computer Security Tutorial