Fatskills
Practice. Master. Repeat.
Study Guide: All The Useful CISSP Interview Questions & Answers
Source: https://www.fatskills.com/cissp/chapter/all-the-useful-cissp-interview-questions-answers

All The Useful CISSP Interview Questions & Answers

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~14 min read

There are no 'CISSP interviews' in that name. There is not testing. Employers look for CISSP to confirm your years of experience and knowledge of IT security fundamentals. Even if you do not sit for the CISSP exam, but have instead thoroughly gone over CISSP courseware, it helps, a lot.

 

Question 1. What do you plan to do now that you have completed the CISSP certification?
The question is general in nature, but the answer can determine your interest in the field. If you do not continue to improve, the CISSP certification will expire as it requires credit points to remain valid after 3 years. You may plan to join short courses, attend conferences or plan to undergo a CISSP concentration course.  

Question 2. How do audit trails help organizations? 
Audit trails can help organizations in multiple ways. They ensure that the organization remains compliant to various standards. Many standards; e.g. PCI-DSS, have a requirement that audit trails need to be maintained for a specified period of time. They help in the investigation process, in case there is an incident which calls for backtracking of events. Audit trails can be referred to get the details of the events that can be later arranged with respect to the timestamp and get the conclusion. 

Question 3. How many types of fire extinguishers should be there on the floor and why?
The type of fire extinguishers on the floor depends on the industry and the type of work done on the floor. If the fire is expected to involve wood, paper, etc., then type A (water) should be present. If the fire is from oils and flammable liquids then type B (foam) should be used. If a fire occurs from flammable gases then type C should be used. If the fire is expected to be in some place like the server room; where saving other equipment is required, type D should be used. (This question is just to check your knowledge and not what is required on that floor, that can only be told post floor assessment)

Question 4. What is the importance of tools in an organization? What can be done if a tool fails?
An organization should not be dependent on tools fully. Tools are often used for two things- one is to perform a task that cannot be performed manually; e.g. antivirus. The second is to complete a time-dependent task on time; e.g. firewall. The third reason why we need a tool is to speed the tasks. The team should ensure that they have enough understanding of the tools and how they work. Now, if a tool fails we can determine what might have gone wrong. Enough dependency on the tools can be dangerous and alternative methods or back up plans must be in place. If the third party is involved then proper maintenance and audits can be done. Both hardware and software hygiene must be maintained for proper functioning.

Question 5. How do you ensure that employees working from home are securely connected to office network? 
A VPN service can be used by the employees. VPN stands for virtual private network and helps users to set up a tunnel to the office network over an untrusted network. This does not eliminate the need for other security devices like firewalls and access controls. A VPN service must have two-factor authentication to enhance the security architecture. 

Question 6. Tell us something about firewall topologies explaining various security zones?

If we talk on a high level then the architecture has 3 zones- untrusted zone; i.e., the internet, trusted zone; i.e., Office network and DMZ (demilitarized zone). A few standard architectures are: Bastion host, where the host is connected to the internet but has a firewall in between. The second is a screened subnet. A special zone called DMZ is present here; all public services are hosted here and can be accessed by both trusted and untrusted networks. The third and most expensive topology is dual firewall architecture, in this architecture, all three zones have firewalls in between. The untrusted network can access the DMZ with a firewall in between. The trusted network can access the DMZ with another firewall in between. This ensures that, there is another layer in between for the attackers to penetrate if the services of the DMZ get compromised. 

Question 7. How can we ensure connectivity between 10 office sites with the headquarters, in the most optimal way? 
There can be multiple ways in which the offices can be connected. One way is to connect using 10 T1 connections running from different sites to the headquarters. The second way can be to have MPLS connections between the offices. The optimal way is to use MPLS instead of T1 lines because the use of T1 will require 10 different T1 handling circuits at the headquarters, whereas this is not required in case of MPLS. 

Question 8. What is a phishing attack?
A phishing attack is a social engineering attack in which the users are tricked to reveal sensitive information by clicking on malicious email links or attachments. This attack is used to spread malwares and compromise the networks as well. 

Question 9. How will you identify an unauthorized access to the network? 
Proper monitoring of the logs to ensure that there is no trace of unauthorized access. Servers can be configured to generate alerts for successful and unsuccessful login attempts. Proper monitoring will ensure that the unauthorized access gets detected and response measures are taken on time. 

Question 10. How important is internet security for an organization?  
The Internet is the untrusted part of the network and cannot be opened like a freeway. Blocking the internet is a solution but that will hamper the work as most organisations will require internet for their work. The internet should be restricted as per the company policies. Some websites can have restricted access; i.e., blocking the upload functionality to prevent data leakage. Monitoring of the internet logs can be done to ensure that the internet is used under the limits and not for personal benefits; e.g. downloading movies, etc.

Question 11. How many types of firewalls are there, and what is the difference between them? 
From an organisational point of view; there are two types of firewalls, a network firewall and a web application firewall. A network firewall can provide protection against layer 3 attacks; whereas, a web application can filter the layer 7 traffic and protect against web application attacks. 

Question 12. How and who can classify data in an organisation? Why is this necessary? 
Data can be classified depending on the sensitivity of the document. Data can be labelled public, confidential, secret and top secret; or in ways that the organisation may think is appropriate. The document labels can then be used to decide how that can be handled, and who can access them. Data classification is necessary for determining who has access to what and how the critical data is accessed, protected and destroyed. 

Question 13. What is the difference between BCP and DR?
BCP stands for Business Continuity Planning and DR stands for Disaster Recovery. BCP is like an overarched umbrella which ensures that the critical business services are maintained in case of a disaster. DR on the other hand is IT focussed and ensures that the IT related critical services are protected. BCP has other plans under it like COOP, migration plans, etc.  

Question 14. How is a warm site different from a hot site?
A hot site is up and running at all times just like the primary site. A hot site can even serve as a load balancer. A warm site not up and running but is configured in a way that it can be started in little time. The services need to be started, and it is then good to go.  

Question 15. Which one is better, symmetric or asymmetric encryption? And why?
They both have their own pros and cons. Symmetric encryption is faster but key exchange is an issue with this. Asymmetric encryption is safe but not suitable for communication due to its slower encryption and decryption rates. Modern day communication systems rely on hybrid encryption that uses both symmetric and asymmetric encryption techniques. Asymmetric encryption is used to share the keys and then the communication is continued with symmetric encryption. 

Question 16. What is the difference between recovery time objective and recovery point objective? 
Recovery point objective is the maximum time for which the data will be lost and RTO is the maximum time duration the business can survive without the services in case of a disaster/incident. 

Question 17. What will be the approach followed in case of an Incident?
An organisation must have an incident management policy, which will define what has to be done in case of an incident. The cycle for managing an incident can be: Prepare, Detect, Analyse, contain, eradicate, recover and manage. The responsibilities have to be clearly defined for who will be accountable for what. (An example of an incident can be described here to display the practical understanding of an incident response procedure. The example can be a Ransomware attack on an organisation)

Question 18. Tell us something about access management?
Access management can be implemented on the discretion of the senior management but that leads to access leakages as employees leave, get promoted or move to a different role in an organisation. Access can be either rule based or role based: Rule based access will ensure that the rules will be applied to all irrespective of the designation, roles, seniority, etc. Role based access will ensure that the access is granted on the basis of a role in the organisation. A senior manager may have access to files which may not be accessed by the other members of the team. This will ensure that the access is not leaked. 

Question 19. Explain different types of work you expect to manage/head? 
The answer is again left to the discretion of the candidate. The candidate can answer this on the basis of the roles they have played in the previous organisations or something new that they want to try. The management will be keen to listen to the fresh thoughts you have and what you can add on to what they already have. 

Question 20. What is the need for ISC2 code of conduct? 
This is just to ensure that the candidate is aware of the ISC2 code of conduct as that is a must to pass the CISSP. Cramming the questions will not get you through. 

Question 21: What does your home network look like?
This seems like a strange question for an interviewer to ask at first, but it does come up quite often. The aim of this question, from an interviewer’s perspective, is to see how much research and lab testing a candidate likes to do at home. Your answer isn’t likely to directly affect the outcome of the job interview, but the person asking the question will be able to gauge how seriously you take your studying and practice labs. They might post a follow-up question to see how you relate your home security setup to the work environment, so be prepared to go into detail about the technologies you have deployed around the house. Some companies are trying to get a feel for how passionate you are about technology in general, so include as much detail as you can.

Question 22: How would you secure a new server? What steps would you take?
This is a bit of an open ended question, and with good reason. The interviewer is looking to see what questions you will ask in return. Good counter questions for the candidate to ask could be:

Question 23: What operating system will the server be running?
Is this a production server?
What applications will the server be running?
Where on the network will the server be situated?
Will it have Internet access?

Through this question, the interviewer can assess what kinds of security concerns you give priority when implementing a new server. Be sure to mention user permissions and best practices, as well as network share access and permission hierarchies. If you can show proficiency in both Windows and Linux system administration, then you have a better chance of impressing the interviewer. Knowing how to secure a server is important, so be sure to mention all of the fundamental steps you would take when carrying out the commissioning of a new server.

Question 24: In what state do you leave your unused ports in on your firewall?
This is a question that is usually directed at finding out if you prefer to filter their ports or close their ports on a firewall. The idea here is to find out if you understand how NMAP or similar scan tools identify the state of a port, and how a potential intruder might try to gain access to their network. Mentioning details about how different scanning tools probe the state of a port and what alternative methods you would use shows your prospective employer you have a deep understanding of firewalls in general, and how to lock them down with tight security.

Question 25: Do you think that DNS monitoring is important?
The interviewer is trying to see how well you understand the way that DNS works, and if you know how to detect breaches by searching through DNS logs. It is worth mentioning to the interviewer that any irregular DNS entries can be quickly identified if DNS is monitored actively and regularly, especially if there is a DNS-based attack attempt.

Question 26: What port does ping work over?
This is a favorite trick question in interviews, because ping uses ICMP echo request and reply packets, meaning there is no port associated with the action because it is a layer three protocol of the Open Systems Interconnection model (OSI model).

Question 27: What could you do to prevent a man-in-the-middle attack?
You should recommend secure communication between the two parties, such as a VPN or tunnelling, to prevent unauthorized interception of communication. This will prevent the manipulation of data sent between the two parties. The interviewer will look to you to speak about encryption and how to ensure secure communications between two parties.

Question 28: Is there a difference between encoding, encryption and hashing?
This is a straight-forward question that deserves to be answered in detail. The interviewer will appreciate a thoughtful response, so be sure to mention key details. For example, you could mention encoding can be thought of as a type of data preparation, where the information is compiled in such a way so a specific target can receive the data and then run, view or open it. The key thing to take away from this explanation is encoding is not necessarily done as a security measure, so conveying your understanding in this regard is important.

Encryption uses a secret key in order to keep communications between two or more parties private. A cipher and algorithm are used together to create the encryption, creating a virtually unbreakable security lock on the data.

Hashing can be seen as the means by which data integrity is checked and verified, acting as an authentication mechanism.

All three of these methods can be used together depending on the desired implementation of the system in question, so understanding what each individual component is responsible for is important.

Question 29: What would you say is the most secure out of these options: SSL, TLS or HTTPS?
This is another trick question that candidates should be ready for. SSL, TLS and HTTPS all refer to the same technology. TLS is essentially a more up-to-date version of SSL, and HTTPS is just standard HTTP that is tunnelled through an SSL/TLS connection.

Question 30: Would you encrypt and compress data during transmission? Which would you do first, and why?
Compressing data before transmission is important as it reduces bandwidth requirements and speeds up sending of data. Encrypting data prior to sending it is important from a security perspective as it prevents unauthorized access to information contained within the data packets being sent. Encryption is essential, regardless of the type of information being sent. To ensure maximum security, data should be compressed first and then encrypted afterwards. This makes the information stored within the compressed archive even more difficult to decipher if it is intercepted, which adds one more layer of security to your communication.

Question 31: What special considerations should be taken for Cloud computing?
This is a popular topic with hosting companies when they are looking to hire cybersecurity professionals. Cloud service demand is at an all-time high with consumers, and companies that are looking to maintain a secure online presence will be interested in your security skills. The interviewer will look for answers focusing on consistent, reliable security best-practice routines that guarantee maximum uptime for their virtual platforms. Creating and maintaining a segmented network infrastructure is also essential when dealing with Cloud-based security, as threats should not be allowed to contaminate the entire site in the event of an attack or malware infection. Lastly, you will want to mention how a Cloud platform can be centrally managed across the different segments of the network from one point, both client facing and enterprise facing.
 



ADVERTISEMENT