Live Chat Now
Give us a call

Send us a text



15 Cyber Security Interview Questions to Prepare For

By DeVry University

June 6, 2023

13 min read


If you’re currently job hunting in the cyber security field, one of the ways you can put your best foot forward is by familiarizing yourself with some potential interview questions. In this article, we’ll ask – and provide some sample answers to – 15 cyber security interview questions to help you prepare for this important step in your job search, build confidence and leave a good impression.


Keep in mind that interview questions for cyber security can be answered in a number of different ways, and questions may not be consistent between employers, industries or job level. 


That being said, let’s begin!

1. How Would You Identify a Compromised System?

For the first of our cyber security interview questions, the possible responses are wide-ranging and involve Advanced Persistent Threats (APTs). APTs prey on our inability to detect and respond to indications that our systems may have been compromised.

Here are 5 signs that a system has been hacked:

    • Suspicious privileged account activity: If a cybercriminal gains access to a user account on your network, it’s likely they will try to elevate the account’s privileges or use it to gain access to another account with higher-level privileges. Out-of-hours account usage, unusual amounts of data accessed and out of character account activity may be signs that a system has been hacked.

    • Anomalous logon failure: Repeated failed attempts to log into an account or attempts to log into an account that no longer exists are clear signs of suspicious activity. The recommended defensive action here is to execute a custom script that can either shut down the server, change the firewall settings or disable a user account after a certain number of failed attempts over a specific amount of time. 

  • Anomalous registry changes: APTs are able to establish themselves and remain undetected in part by making changes to the system registry. It’s important to know what the system registry normally looks like and to be informed in real time of any deviation from its typical state.

    • HTML response sizes and spikes in database activity: SQL injection, where malicious code is injected into a web form, is just one of the many ways hackers can gain access to a database. In this kind of attack, the HTML response size will likely be abnormally large. If an attacker has gained access to a database, they will attempt to download huge amounts of sensitive data, like credit card information, in a very short period of time. 

    • Unusual port usage: In their efforts to navigate around firewalls, hackers will often use obscure port numbers. Cyber security specialists should keep records of port usage, and if a port is used that is not on the whitelist they should be immediately informed and able to automate a response.

2. What is a Firewall and How is It Used?

firewall is a security device that prevents malicious software from infecting computers or networks. Firewalls can be hardware, software or cloud-based and help safeguard computers, networks and sensitive data by filtering traffic and blocking outsiders from gaining access to data systems. 

Network security firewalls can provide different levels of protection and be configured based on system administrators’ traffic management requirements and pre-determined security rules.

3. Explain the Difference Between a Vulnerability Assessment and Penetration Testing.

Penetration testing and vulnerability assessments are different but related, and should always be coupled as part of an overall cyber security strategy. 

Vulnerability assessment discovers and analyzes system vulnerabilities. Penetration testing is the process of exploiting the vulnerabilities that have been uncovered in an effort to strengthen system defenses.

4. What are the Different Response Codes Received from a Web Application?

Indicating whether a specific HTML request has been successfully completed, response codes are grouped into 5 classes:

    • Informational responses (100-199)

    • Successful responses (200-299)

    • Redirection responses (300-399)

    • Client error responses (400-499)

    • Server error responses (500-599)

5. What is SSL Encryption?

SSL, or Secure Sockets Layer, is an encryption-based internet security protocol that was developed as a response to the need for privacy, authentication and data integrity on the web. SSL was updated in 1999 to become TLS (Transport Layer Security), the modern encryption that we use today. 

SSL/TLS encryption works by encrypting data transmitted across the web and initiating an authentication or handshake process, whereby the communicating devices ensure they really are who they claim to be. 

6. How Do You Secure a Server?

Sophisticated and strictly-enforced security policies can protect sensitive data and secure databases, accounts and files. 

Here are a few different ways to protect servers:

    • Use hardware and software firewalls: Defending the perimeter of a network is an effective way to block unauthorized access. Firewalls decide whether to prevent or allow inbound or outbound network connections and can be configured to block all connections except ones that are approved, or whitelisted. 

    • Implement encrypted VPN for remote access: Virtual private networks (VPNs) can be used to keep ports and services private, but still make them remotely accessible when users are on the VPN.

    • Maintain strong password and authentication policies: Since a number of cyberattacks result from user’s passwords being easy to guess, a policy that requires strong passwords is an effective defensive weapon. Using two-factor or multi-factor authentication, which requires a one-time code sent via text or email, is another way of confirming access by verified users.

    • Install SSL certificates: SSL certificates can encrypt traffic data, securing user logins, payment information and other sensitive info on your server. 

    • Incorporate monitoring logs and trace logins: Event logs, advanced error logs and monitoring for failed login attempts can help cyber security professionals gain a better understanding of attacks that may be leveraged against their servers. This information can be used to set up scripts that automatically block IPs that have made failed login attempts.

7. What are Common Attacks?

There are many different kinds of cyberattacks using different methods of intrusion. The following are widely used.


Short for “malicious software,” malware breaches networks through vulnerabilities that are often caused by human error. Once installed, malware can do a number of things to disrupt or damage a network, including:

    • Blocking access to key components of the network. In a ransomware attack for example, access to data is blocked until a ransom is paid.

    • Installing harmful software.

    • Obtaining information by transmitting data from a hard drive. 

    • Disrupting the system in ways that make it inoperable.


In this common type of cyberattack, fraudulent communications are sent in ways that appear to be legitimate, like an email or a text. The goal is to trick you into thinking you’re receiving a message from a trusted source and to take an action, like clicking on a link or opening an innocent-looking attachment. In reality, its aim is to steal sensitive data like login credentials or credit card profiles or install malware or spyware on your computer. Phishing attacks can be broadly distributed to a massive number of users or, in the case of a spear phishing attack, targeted to one particular user.

Identity-Based Attacks

In identity-based cyberattacks, a user’s credentials are compromised and used by a cybercriminal masquerading as that user. Some examples of identity-based cyberattacks include: 

    • Man-in-the-middle attack: The attacker eavesdrops on a conversation between two parties and positions themselves between them with the intent to intercept personal data. The attacker may also convince the victim to take an action, such as changing login credentials or transferring funds.

    • Credential stuffing: These attacks work on the premise that people tend to use the same user ID and password across multiple online accounts. By obtaining the credentials for one account, the attackers may be able to gain access to other accounts held by the same victim.

    • Password spraying: This is when a cybercriminal uses a single common password to gain access to multiple accounts on the same application. The goal here is to go around the lockouts that normally occur after someone tries many passwords on a single account too many times.

8. What are Examples of Data Leakage?

As we pass the halfway point in our list of 15 cyber security interview questions, we come to a topic that addresses the human element of cyber security. When sensitive data is unintentionally exposed to the public, the occurrence is called data leakage and can happen when data is exposed:

    • In transit: Via emails, in chat rooms, calls or other communications.

    • At rest: As the result of misconfigured cloud storage, unattended or lost devices or insecure databases.

    • In use: When it’s processed using printers, USB drives, in screenshots or on clipboards.

9. Describe a Brute Force Attack and How to Prevent It.

In a brute-force attack, a hacker tries to figure out a user’s password by methodically trying every possible combinations of letters, numbers and symbols until they hit upon the one that works. Depending on the password’s length and complexity, this guessing game could take years to complete. 

One preventative measure is locking out accounts after a pre-determined number of incorrect password attempts. This can be problematic however, because it would be fairly easy for a hacker to abuse the lockout safeguard and disable hundreds of user accounts. Another way to slow down these password-guessing attacks is by using device cookies. The idea behind this protocol is to issue a special cookie to every browser while it’s being used to authenticate a user in a system, thereby distinguishing between clients that are known and trusted and those that are not.

10. What is a VPN and Why is It Used?

A VPN, or Virtual Private Network, is a fundamental privacy tool that individuals can use to protect themselves when using Wi-Fi in a public place. A VPN encrypts the data you send and receive on your phone, laptop or tablet, sending it through a secure connection to the VPN provider’s servers, where it is encrypted and then rerouted to the site you’re trying to reach. By browsing, shopping or conducting online banking transactions in a public space without using a VPN, which creates a sort of “tunnel,” individuals risk exposing their private information, browsing habits, links or files to cybercriminals. 

11. What Are the Different Types of Hacking?

Hacking is often thought of as unauthorized access to computer networks for unlawful purposes, but hacking can also be used to problem solve and can be categorized in different ways based on different activities and the hackers themselves. The industry recognizes 3 different types of hackers:

  • Black Hat Hackers: These are the bad guys. These cybercriminals hack into systems with malicious intent, typically to steal data that they can sell to a third party, destroy or hold hostage until a ransom is paid by the victims.

    • White Hat Hackers: These are the “ethical hackers” who hack into systems using tactics similar to cybercriminals, but for the purpose of identifying or fixing vulnerabilities that could otherwise be exploited by the guys with the black hats. 

    • Gray Hat Hackers: Like their name suggests, these hackers in the third category operate in a gray area. They may not necessarily operate with the malicious or criminal intent like Black Hat Hackers, but they do hack into data systems without authorization to uncover vulnerabilities and report them to the system’s administrators. While they do not exploit the weaknesses they find, they will sometimes demand payment in exchange for providing the details of what they’ve uncovered.

12. Explain the OSI Model.

Created by the International Organization for Standardization, the Open Systems Interconnection (OSI) model provides a standard for different computer systems to communicate with each other.

As a universal language for computer networking, the OSI Model is based on the concept of splitting up a communication system into 7 layers, with each one handling a specific job and communicating with the layers above and below itself.

Although the modern internet follows the Internet Protocol (IP) suite, the OSI model helps computer users and operators determine what hardware and software is required to build their networks. It also helps them understand and communicate the process followed by components talking to each other across a network. It’s essential to cyber since it is also used in fixing computer problems, allowing IT troubleshooters to isolate the source of the problem by narrowing it down to a particular layer of the model.

13. Explain ipconfig and ifconfig.

The network configuration commands ipconfig and ifconfig stand for Internet Protocol Configuration and Interface Configuration respectively. Here’s a breakdown of what they are and the systems that support them:

    • Ipconfig can be used in an application that displays all the network configurations of the devices currently connected to a network and can modify their protocols as well as DHCP and DNS settings. The ipconfig command is supported by the Windows, React OS and Mac OS operating systems to control what’s displayed on all currently connected interfaces, whether they are active or not.

    • Ifconfig is a system administrator utility that is used to configure, control and query the TCP/IP network configurations of the system as well as monitor active interfaces. The ifconfig command is supported by Unix-based operating systems. In terms of its functionality, the ifconfig command displays only the enabled – or active – network interfaces connected to the system.

14. List Preventative Measures to Keep Your Computer Secure.

Individuals and families can keep their computers secure and protect their privacy by following several important steps:

    • Keep systems and software up to date. Because they contain important security patches, software and operating system updates should be installed as soon as they become available.

    • Keep devices physically secure. Don’t leave a device unattended in a public place, as it could be stolen or tampered with.

    • Purchase and install antivirus software. This type of protection scans files and incoming email for viruses and deletes anything it determines to be malicious. 

    • Download software only from sites you know and trust. This includes making sure any mobile apps you download come from Apple’s App Store or Google’s Google Play for Android.

    • Configure strong passwords for online accounts. Since hackers use sophisticated programs to guess passwords, use passwords that don’t contain personal information but do use at least 8 digits with a combination of letters, numbers and special characters. You should also avoid using the same password across multiple accounts.

    • Use strong authentication. Take advantage of two-factor authentication (2FA) when offered by the social media, email, shopping and financial platforms you use. This method uses a one-time code sent to your email or mobile device to ensure the person logging in is the authorized account user.

15. What Are Static and Dynamic Testing?

Static and dynamic testing are both categories of software testing, frequently used together to ensure a program’s functional behavior and performance. 

Static testing can be performed without the application running, and will analyze the program’s code, requirements documents and design documents. It essentially gives a basic assessment of the code. 

Dynamic testing, which requires testers to interact with the program while it runs, examines the behavior of software systems such as memory usage and performance, and assesses the feasibility of an application by giving it input and examining the corresponding output. It also attempts to find active bugs and is often more expensive to conduct than static testing.

Interested in a Career in Cyber Security? Get Started at DeVry

If you envision yourself in a cyber security career, we can help you get started. At DeVry, our online Cyber Security Certificate program can help you learn how to become a cyber defender, gaining many of the skills required to defend data systems against cyberattacks. Courses within this curriculum may also prepare you to pursue cyber security certifications, which can come in handy when it’s time to begin your job search. 

100% online learning can help you balance your commitment to education with work, family and other elements of your busy life. 

Classes start soon.

8-Week Class Sessions

Classes Start Every 8 Weeks

Filter Blog Post Category

Related Posts