Top 25 Security+ Interview Questions [Updated 2021]
The CompTIA Security+ certification is a good entry-level certification for infosec professionals. Many jobs, including Department of Defense positions, require the Security+ certification. Below are examples of the technical questions you may be asked as a certified Security+ professional.
Interview questions
1. What is the difference between public key cryptography and a private key for encrypting and signing content?
A sender or recipient publishes his public key. You use the public key to encrypt content and your private key to sign the content. This is the standard form of communication with encryption and signing.
2. What port is for ICMP or pinging?
Ping uses the ICMP protocol, which is a layer three protocol. Ping doesn’t use a port, so you will want to note this is a trick question if asked.
3. Do you prefer Windows or Linux?
This question is more of a preference, but many network security professionals know Linux works well with security. For instance, Linux is better to know when working with routers. Be honest with your answer and give pros and cons that relate to which one you prefer.
4. What should be implemented on a login page?
Whenever you transfer sensitive data, you need to use HTTPS. Ensure you answer this question with HTTPS and possibly how you would implement a conversion of HTTP to HTTPS.
5. How would an HTTP program handle state?
HTTP does not handle state natively. HTTP applications use cookies to handle the state of an application. The developer can also store data in the web server’s session.
6. What is cross-site scripting (XSS)?
Cross-site scripting occurs when an attacker can inject executable code within JavaScript. This is done through a hacked database or poorly scrubbed query string variables.
7. What are the two types of XSS?
Cross-site scripting has two types of attacks: reflected and stored. A stored XSS hack allows the attacker to store malicious code within the database. The database content is served to the user from the database and can be used in private pages behind a secure login to gain access to site private data. The next is reflected, and this comes from the hacker sending the user a link that runs JavaScript code within the pages directly from the query string.
8. What are some ways that the company can defend against XSS?
First, programmers should defend against JavaScript added to a query string. Also, remove JavaScript from any input variables sent through online forms and stored in a database.
9. What can you use to defend against multiple login attempts?
You can create a lockout policy that locks accounts when a user has too many login attempts.
10. How can you defend against phishing attempts?
Phishing is usually done through email, so you can block some SMTP servers and senders, and educate users on phishing attempts.
11. What is an ACL?
An access control list. It is a list used to grant users and processes access to system resources.
12. What is the purpose of a firewall?
It is used to control network traffic by determining what type of packets are allowed to pass through.
13. Describe a proxy
A network service that allows clients to make indirect network connections to other network services.
14. What is HIDS?
A host-based IDS (intrusion detection system) is used to monitor malicious activity. It is placed on an individual host computer instead of a server.
15. What is a good practice for securing network devices?
Disabling unused ports.
16. Describe an IDS (intrusion detection system)
A network- or host-based monitoring system that is used to alert system administrators of suspected intrusions or other unauthorized activity.
17. What are MAC, DAC and RBAC?
Mandatory access control, discretionary access control and role-based access control. MAC uses the operating system to prevent a user from accessing a particular target. DAC restricts access to an object based on a user’s identity or group. RBAC denies or grants access based on a user’s role.
18. How can you ensure the privacy of a VPN connection?
Tunneling.
19. What is a packet sniffer or protocol analyzer?
A software tool used for monitoring and examining the contents of the network traffic.
20. What are the layers in the OSI model?
Physical, data link, network, transport, session, presentation and application.
21. What is port 443?
HTTPS (hypertext transfer protocol secure).
22. What is Wireshark?
A network protocol analyzer used to examine packets sent across a network.
23. What is UTM?
Unified threat management. A network security solution that provides URL filtering, malware or content inspection. It combines the functionality of a firewall with these additional safeguards.
24. Describe a signature-based IDS
It uses known attack patterns to detect an intrusion.
25. Describe rule-based access control
A type of access control model which grants or denies access to resources based on ACL entries.
Preparing for Security+ interview questions
Many positions now require the Security+ certification even if you do not have a true cybersecurity position. If you plan to use the Security+ certification to work your way into a cybersecurity position, make sure you have a good grasp of security concepts. Understand the OSI model and the CIA triad.
Ensure you memorize popular ports and protocols. The interviewer may ask questions about networking devices such as firewalls, hubs, routers and switches. Understand wireless technology and best practices for securing them. If you haven’t already, sign up for some cybersecurity-related newsletters.
Interviewers often ask what materials you use to keep current on trends in cybersecurity. Some interviewers may ask you to describe your home network to see if you maintain security consciousness at home as well. Interviewers for cybersecurity positions want to see candidates who are excited about security at work as well as at home.