Scenario-based Cyber Security Interview Questions

A while back, the IT help desk received a number of complaints that one employee's computer was sending out Viagra spam. They checked it out, and the reports were true. A hacker had installed a program on the computer that made it automatically send out tons of spam email without the computer owner's knowledge. How do you think the hacker got into the computer to set this up?

- A hacked password - Out of date patches/updates - No anti-virus software or out of date anti-virus software - Clicking on an unknown link or attachment - Downloading unknown or unsolicited programs on your computer

Someone used their Yahoo account on a lab computer. She made sure her yahoo account was no longer open in the browser before leaving the lab. Someone came in behind her and used the same browser to re-access her account. What do you think might be going on here?

- She probably didn't log out of her account, so the new person could just go to history and access her account. - Another possibility is if she did log out, but didn't clear her web cache.

A staff member subscribes to a number of free online IT magazines. Among the questions she was asked in order to activate her subscriptions, one magazine asked for her month of birth, a second asked for her year of birth, and a third asked for her mother's maiden name. What do you think might be going on here?

All three magazines probably have the same parent company or are distributed through the same service. The parent company or service can combine individual pieces of seemingly harmless information and use it or sell it for identity theft.

Your supervisor is very busy and asks you to log into the HR server using her user-ID and password to retrieve some reports. What should you do? A) It's your boss, so it's okay to do this B) Ignore the request and hope she forgets C) Decline the request and remind your supervisor that it is against corporate policy

C) Decline the request and remind your supervisor that it is against corporate policy User-IDs and passwords should never be shared.

A friend send an electronic e-greeting card to your work email. You need to click on the attachment to see the card. What should you do?

Delete the message. This has 4 big risks: 1. Some attachments contain viruses or other malicious programs. 2. In some cases, just clicking on a malicious link can infect a computer. 3. Email addresses can be faked. 4. Some websites and links look legitimate, but they're actually hoaxes.

The mouse on your computer screen starts to move around on its own and click on things on your desktop. What do you do?

Disconnect your computer from the network and tell your supervisor. If possible, don't turn the computer off.

How should you perform an initial risk assessment?

There are two methods to doing this: qualitative and quantitative. Qualitative does not assign dollar values to components of the risk analysis. A quantitative assessment process involves these three steps: 1. Estimate potential losses - single loss expectancy (SLE) = asset value x exposure factor 2. Conduct a threat analysis - the goal is to estimate the annual rate of occurrence (ARO). This number value represents how many times the event is expected to happen in one year. 3. Determine annual loss expectancy (ALE) - ALE = single loss expectancy (SLE) x annual rate of occurrence (ARO)

You receive the following email from the Help Desk: Dear Email User, Beginning next week, we will be deleting all inactive email accounts in order to create space for more users. You are required to send the following information in order to continue using your email account. If we do not receive this information from you by the end of the week, your email account will be deleted. *Name (first and last) *Email Login *Password *Date of birth *Alternate email What should you do?

This email is an example of phishing. Do not respond to any emails asking for your passwords. If your company has a way to report this email do that.

To perform testing of open ports using a port scanner, you will need Nmap port scanner installed on your system. Although you want to close any unnecessary ports, ports are opened to provide a benefit to users. Enabling Windows Firewall and closing ports will reduce the utility of a system, and many potentially desirable features of a system will no longer function. You must proceed cautiously and test the system to ensure the desirable features are still functional while making sure that you've closed as many ports as you can. What is the procedure for this?

You will implement Windows Firewall and close ports that aren't required for the given requirements of the system. You will then test the system both internally and externally and confirm that you've achieved the desirable results. At the command prompt type "netstat -a -n -o". This command displays all open ports and connections, places them in numeric or alphabetic order and shows the PID that opened the port. By comparing the PID values in the result from the netstat command to the PID values in Task Manager, you can identify which processes opened which ports as well as who launched the process. To take a look at how the system appears from an external system looking at the firewall, use the nmap command "nmap -sS -O <ip address of the system>". This command tells your machine to run a port scan on the system of the IP address, use stealth scan mode, and attempt to identify the operating system. Notice which ports report back as open. If other ports are open identify their sources and determine whether they are desirable or undesirable. If undesirable, the disable the application and services related to these ports and reconfigure the Windows firewall to block these ports correctly.