Incident response

Incident Response Interview Questions

Introduction

Incident response people respond to IT issues such as system down time or emergency hardware outages. They also run reports and attend meetings to discuss the issue and what the team can do to prevent future incidents. To be an incident response team member, you need experience and the ability to think quickly to minimize the amount of time the system is down. If you’re looking at jobs in the industry, here are some questions that interviewers might ask.

1. How do you compare files that might have changed since the last time you looked at them?

A: The MD5 hash is one way to identify if a file has changed since the last time you reviewed it. You can also look at the file properties, but these can be edited by viruses or programs.

Learn Incident Response

Get hands-on experience with incident response tools and techniques as you progress through nine courses.

Get Started

2. Name a few types of security breaches.

A: SQL injection runs SQL code on a server. Keyloggers allow hackers to gain access to accounts and then get access to passwords and private information.

3. What is a common method of disrupting enterprise systems?

A: A DoS or denial of service attack floods a network with traffic and overloads servers, routers, and other networking devices. The overload of traffic brings down systems and crashes servers.

4. What are some security software you can use to monitor the network?

A: Intrusion Detection – Snort, Firewall – Checkpoing, Antivirus – Symantec or McAfee. These are just a few applications that help you monitor network traffic and avoid access for unauthorized users.

5. What should you do after you suspect a network was hacked?

A: Read system logs such as firewall and server logs to see what files or resources were accessed. Run malware detection programs to detect if any current threats exist on the servers. Create a resource plan to avoid the issue in the future.

6. How can you encrypt email to secure transmissions about the company?

A: PGP is an encryption software that lets you encrypt email using digital signatures. You use a public-private key pair between the sender and recipient to ensure that only the right people can read the email. This does not defend against a hacker getting the email message, but he won’t be able to decrypt it without the private-public key pair information.

7. What document describes steps to bring up a network that’s had a major outage?

A: A disaster recovery document highlights the procedures you need to take to get the company working after a disaster happens.

8. How can you ensure backups are secure?

A: Most big companies store backups in multiple locations such as multiple data centers or servers that are located on different premises.

9. What is one way to do a cross-script hack?

A: Hackers insert JavaScript inside query string variables or through form posts. The JavaScript renders on the user’s browser and can inject malicious code.

10. How can you avoid cross script hacks?

A: Programmers should escape any JavaScript code sent through a form or querystring variable. IT people can run scripts on the site to test for vulnerabilities.