1. Interviewer: Tell me what is a BootKit?
-A Boot Kit is where Malware injects code into the MBR
2. Interviewer: What is the difference between a Disk Level Encryption and a Block Level Encryption?
3. Interviewer: What is a White List in Malware?
4. Interviewer: What is PII (Personable Identifiable Information) and how that relates to PCI?
5. Tell me how you would run a new project to start a Whitelist of new Malware computer infestation. Describe what you would do from Start to Finish.
6. When would you use Block Level Encryption as opposed to Full Disk Encryption? Tell me on a hard drive.
7. Can you tell me what corporate departments you may use Full Disk Encryption?
Good to K now:
Bit 9 = malware and advanced threats:locks advanced:
-Immediate visibility, detection and protection
-Time based detection and forensics
-Lowest admin effort and user impact
-Proven reliability and scalability
Bit 9 blocks advanced Malware:
-Continous monitors every file that tries to execute
-Monitor all this through a web interface
Symantec Endpoint Encryption:
-encrypts storage devices, desktops, and laptops
-File Integrity Monitor – Monitors File Changes
HP Security Tools:
ArcSight Logger – Collects machine data logs and unifys that data for searching, analyzing, etc. (SIEM=Security Information and Event Management)
Steganography – Embedding a file within a file
Harddrive Encryption – encrypts data stored on a hard drive using sophisticated mathematical functions
-data cannot be read by anyone who does not have access to the appropriate key or password
8. What is a Phishing attack?
A “phishing attack” typically is an e-mail masquerading as a message from a trusted sourceis an e-mail masquerading as a message from a trusted source
9. What’s an example of two factor authentication?
10. What’s an example of three factor authentication?
11. What’s the difference between NTFS and Share permissions?
-It depends on how the file is accessed and it. Logging on locally and accessing the file through the local filesystem in this case the share permissions won’t matter. However if you’re accessing the files (not logged on locally) through a share, then the share permissions apply first, then the NTFS permissions apply, so it’s cumulative.
12. What are GPO Permissions?
13. SQL injection explain this concept
14. Give an example of something you discovered and what did you do to handle it
15. Name a Policy or detailed procedure you implemented and the result of it effectiveness