Category

Interview Question

Togaf Interview Question and Answer

By | Interview Question | No Comments

Are you searching for TOGAF Interview questions? If the answer is yes, then this piece of an article might be helpful to you. We have handpicked some of the most popular yet common TOGAF interview question that will help you to crack your job interview and acquire the dream job of yours.

What is TOGAF?

It stands for The Open Group Architecture Framework which is a high degree design method that helps enterprise in designing enterprise structure. In simple words, it’s a framework to endeavor structural design offering a strategy for making a venture data equipment structural design.

Why should we use TOGAF?

Here are the reasons why TOGAF is very popular amongst its users:

  • TOGAF is accepted and adopted by everyone in the market.
  • It comes under free abstract license.
  • Best Practices are included in it.
  • Users recognize it as the comprehensive general method.
  • One can easily meet the industry needs using TOGAF

What is Enterprise Architecture?

Enterprise Architecture is a collection of information that describes a business, its technology needs. This information contains the business goals, the business process, the business role, information about system and applications.

What is an Enterprise Architecture Roadmap?

The enterprise architecture roadmap stands for company’s goals. You can say, it describes the current target architecture and a plan to reach the target state. For each state, an enterprise architecture roadmap should include business, application, and data. The enterprise architecture roadmap lists all the projects that are needed to achieve the proposed architecture goal.

What is the value of Enterprise Architecture?

Enterprise architecture is the key to understand the current investment in IT and make investment plans for future IT. Moreover, enterprise investment allows you to identify opportunities to improve key Enterprise metrics.

What is the TOGAF framework?

The Open Group Architecture Framework or TOGAF Framework is an enterprise architecture framework. The framework provides a comprehensive approach to the design, planning and implementation in enterprise architecture.

TOGAF divides the enterprise into four sections such as Business, Application, Data, and Technology. It includes a method to define IT in terms of the set of building blocks. It also provides a vocabulary for TOGAF and its compliant tools.

What are the steps involved in Architecture Development Method?

There are total nine steps in architecture development which are as follows:

  1. Choosing the perspectives, apparatus and orientation figures.
  2. Manufacturing baseline product structural design picture.
  3. Assembling the manufacturing structural design information.
  4. Acting on a crack breakdown.
  5. Labeling the nominee roadmap workings.
  6. Determination of collision the infrastructural background.
  7. Prescribing stakeholder analysis.
  8. Confirming the industrial construction.
  9. Planning a structural design description article.

What are the architecture domains of TOGAF?

There are total four architecture domains of TOGAF. Here are those domains:

Data architecture: The main task of this domain is to describe the structure. The structure can be an organization’s logical and physical data possessions as well as company’s related data management resources.

Application architecture: Application architecture domain creates the blueprint for each and every application. The domain helps in communicating between the request structure and the interior dealing systems.

Business architecture: The Business architecture domain helps in identifying the governance term, business strategy and key business process of the organization.

Technical architecture: The technical architecture domain helps in describing the software, hardware and network communication that help the consumption of main interior claims.

What is the Zachman Framework?

The Zachman Framework is an IBM tool that was developed in the 1980s. The Zachman Framework offers a way to define an enterprise on the basis of 6×6 matrix architecture documentation. The columns of this matrix ask some questions such as “why, how, what, who, where, when”. The columns look at these questions from different levels of detail such as contextual, conceptual, logical, physical and detailed. The Zachman Framework provides a view to the planners and designers.

How can you evaluate if a solution conforms to the Enterprise Architecture?

To make sure that the architecture compliance processes are included in the project planning, you have to engage the projects during the initiation phase. Once you are done defining the solution architecture the next step is to perform the compliance assessment. By performing the compliance assessment you make sure that the project conforms to the defined Enterprise Architecture. Also, it is an opportunity to ask the project members for their feedback about the enterprise architecture. The compliance assessment includes a checklist for different project sectors such as applications, security, hardware, software, information and so on. It also offers a document regarding the project architecture.

What is SOA?

In simple words, SOA is a set of design principles. We use the design principal for building a suite of interoperable, flexible and reusable services. The design principal includes a discoverable service contract, loose coupling, service abstraction, service reusability, service autonomy, service statelessness and service composability. By performing a successful SOA implementation can reduce IT costs as it increases the reusability. Its flexibleness also helps in reducing the market time.  It also helps to leverage existing investments since SOC wraps legacy applications in a mesh of reusable services.

What is ITIL?

The ITIL stands for Information Technology Infrastructure Library. In simple words, ITIL is a set of best practices for IT service management. It is also one of the best practice in sectors like IT development and operations.

ITIL offers detailed descriptions for many IT concepts. As well it includes a checklists, tasks, and procedures that can be tailored for any enterprise.

Here are some of the major areas which ITIL covers:

  • ITIL covers the service support.
  • ITIL Helps in service delivery.
  • It also covers the ICT Infrastructure Management.
  • ITIL also provides support for Security Management.
  • ITIL helps in Application Management.
  • It helps in Software Asset Management.

In the support section, the ITIL covers processes like  Service Desk, Incident and Problem Management, Change Management, Release, and Configuration Management.

Talking about the Service Delivery section here ITIL covers processes like Service Level Management, Capacity Management, and Service Continuity management.

What is an Architecture Vision? What information does it contain?

The Architecture Vision comes under the light during the process of project initiation for a project. The main goal of the Architecture vision is to make sure and finalize the desired outcome for the project at the very beginning of the project. It is an elevator pitch to the enterprise architect. The Architecture Vision needs to simply and powerfully convey the benefits of the proposed architecture to the decision-makers. As well the Architecture Vision needs to display a strategy that can support the business goals.

Here are some of the typical contents of an Architecture vision:

  • Problem description
  • Objectives
  • Process descriptions
  • Roles and actors
  • Constraints
  • IT principles
  • Architecture overview
  • Mapping of the proposed architecture to processes and requirements.

How can the principles be applied to the enterprise?  The Principles can be applied to the enterprise by providing a framework to make conscious decisions about IT Establishing. Also, it must provide relevant evaluation criteria driving the definitions for functional requirements of the architecture. Also by providing input to assess existing IS/IT systems and future strategic portfolios. Highlight the value of the architecture specifically through the Rationale statements. It needs to provide an outline of the key tasks, resources, and potential costs specifically through the Implication statements supporting architecture governance. It should also provide a stake to allow interpretation in compliance assessments and support the decision to initiate a dispensation request. Principles need to be related to each other and are applied as a set.  In some cases, one principle will take precedence over another principle to meet certain situations.

 

Top 21 Amazon AWS Interview Questions and answers for 2018

By | Interview Question | No Comments

AWS Certified Solutions Architect wins the classification of top 15 high-wage IT certification trainings, as Forbes reported. AWS Solution Architect position is one of the most sought after amongst IT jobs. After the completion of our AWS training certification course, we want you to crack the interview in any IT firm with ease, and that’s why we are here with the set of top AWS interview questions. Here are top 21 AWS interview questions to test your skills.

Below are the top AWS Amazon web service interview question and answer

1) Explain what is AWS?

AWS stands for Amazon Web Service. It is a platform which provides secure cloud services, database storage, offerings to compute power, content delivery, and other services to help business level and develop. It is a collection of remote computing services also known as cloud computing platform.  This new domain of cloud computing is also known as IaaS or Infrastructure as a Service.

2) Write in brief about S3?

S3 stands for Simple Storage Service. You can use S3 interface to store and retrieve any amount of data, at any time and from anywhere on the web. S3 uses “pay as you go” payment model.  According to Amazon, S3 is storage for the Internet. They define it as a, “simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs”.

3) What are the different layers of cloud computing?

The three layers are:

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)

4) What do you mean by AMI in terms of AWS?

AMI stands for Amazon Machine Image.  It’s a template that gives the information, which is required to launch an instance, which is a copy of the AMI running as a virtual server in the cloud.  You can launch samples from as numerous different AMIs as you need.

5) How is buffer important in AWS?

A buffer is capable of synchronizing different components and makes the arrangement additional elastic to a burst of load or traffic. The components are likely to work in an unstable way of receiving and organizing the requests. The buffer creates the balance by linking various apparatus and crafts them effort at the identical rate to supply more rapid services.

6) What is Redshift?

Redshift is easy, scalable, fully configured, petabyte size data warehouse service. Its features makes it easier and cost-efficient to analyze your entire data with the existing business intelligence tools.

7) Explain few features of Amazon EC2?

Virtual computing environments, known as instances

  • Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known as regions and Availability zones.
  • A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups.
  • Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
  • Metadata, known as tags, that you can create and assign to your Amazon EC2 resources.

8) How can you differentiate between EC2 and Amazon S3?

  • EC2 is a cloud web service used for hosting your application
  • Amazon S3 is a data storage system where any amount of data can be stored
  • EC2 is like a huge computer machine that can run on both Linux and Windows. It is capable of handling applications like PHP, Python, Apache or any databases
  • Amazon S3 has a REST interface and uses secure HMAC-SHA1 authentication keys

9) State the difference between flexibility and scalability.

The flair of any scheme is to intensify the tasks on hand on its present hardware resources to grip inconsistency in direction is known as scalability. The capability of a scheme to augment the in-hand task on its current and supplementary hardware property is recognized as flexibility, hence enabling the industry to convene command devoid of putting in the infrastructure at all.

10) How can you secure your data while carrying in the cloud?

One thing must be ensured that no one should seize the information in the cloud while data is moving from point one to another and also there should not be any leakage with the security concerns from several storerooms associated in the cloud. Collaboration of information from other companies’ information and then encrypting it by means of approved methods is one of the options.

11) What type of network interpretation framework can you expect when you launch instances in your cluster placement group?

The network performance of the cluster placement depends on the instance type and network performance specification, only if it is launched in a placement group, then you can expect up to

  • 10 Gbps in a single-flow,
  • 20 Gbps in multiflow i.e., full duplex
  • Network traffic that you calculate outside the placement group will be limited to 5 Gbps(full duplex).

12) Where do you think AMI fits in designing architecture for solution?

AMIs(Amazon Machine Images) are like templates of virtual machines and an instance is derived from an AMI. AWS offers unique sample AMIs, out of which you can choose the favorable for you, while you are launching an instance. Some AMIs are not free, therefore can be purchased from the AWS Marketplace. You can always choose to create your custom AMI that would help you save space on AWS. For example if you don’t need a set of software on your installation, you can customize your AMI to do that. This makes it cost efficient, since you are removing the unwanted things.

13) What is auto scaling and how does it work?

The feature of AWS like autoscaling enables you to create and automatically provision and spinup new instances, without your intervention. You can do this by setting thresholds and metrics to monitor. Once the thresholds are crossed, you can opt for a new instance of your choice will be spun up, configured, and rolled into the load balancer pool.

14) Is it possible to change the private IP addresses of an EC2 while it is running/stopped in a VPC?

Primary private IP address is attached with the instance throughout its lifetime and cannot be changed, however secondary private addresses can be unassigned, assigned or moved between interfaces or instances at any point.

15) Which AWS services will you use to collect and process e-commerce data for near real-time analysis?

Amazon Dynamo DB and Amazon Red shift are used to process e-commerce data for real time analysis. Dynamo DB is a fully managed No SQL database service. Dynamo DB, therefore can be fed any type of unstructured data, which can be data from e-commerce websites as well, and later, an analysis can be done on them using Amazon Red shift. We are not using Elastic Map Reduce, since a near real time analyses is needed.

16) What happens to my backups and DB Snapshots if I delete my DB Instance?

When you delete a DB instance, you have an option of creating a final DB snapshot, if you do that you can restore your database from that snapshot. RDS retains this user-created DB snapshot along with all other manually created DB snapshots after the instance is deleted, also automated backups are deleted and only manually created DB Snapshots are retained.

17) What automation tools can you use to spinup servers?

Any of the following tools can be used:

  • Roll-your-own scripts, and use the AWS API tools.  Such scripts could be written in bash, perl or other language or your choice.
  • Use a configuration management and provisioning tool like puppet or its successor Opscode Chef.  You can also use a tool like Scalr.
  • Use a managed solution such as Right scale.

18) What are lifecycle hooks used for in Auto Scaling?

Lifecycle hooks are used for putting wait time before any lifecycle action i.e launching or terminating an instance happens. The purpose of this wait time, can be anything from extracting log files before terminating an instance or installing the necessary softwares in an instance before launching it.

19) What is relation between instance and AMI?

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you launch an instance, which is a copy of the AMI running as a virtual server in the cloud.

You can launch different types of instances from a single AMI. An instance type determines the hardware of the host computer used for your instance. Each instance type offers different compute and memory capabilities.

20) How many data centers are deployed for cloud computing? What are they?

There are two data centers in cloud computing:

  • Containerized Data centers
  • Low Density Data centers

21) What happens if my application stops responding to requests in beanstalk?

AWS Beanstalk applications have a system in place for avoiding failures in the underlying infrastructure. If an Amazon EC2 instance fails for any reason, Beanstalk will use Auto Scaling to automatically launch a new instance. Beanstalk can also detect if your application is not responding on the custom link, even though the infrastructure appears healthy, it will be logged as an environmental event( e.g a bad version was deployed) so you can take an appropriate action.

Hope the above AWS cloud interview question and answer will help to get your dream job in aws cloud field

2018Top 15 Devops Interview Question and Answers

By | Interview Question | No Comments

As per Gartner, organizations around the world are increasingly adopting the DevOps culture and by the end of 2016, 25 percent of top global 2000 organizations would have adopted DevOps as a mainstream strategy. DevOps is a philosophy, a cultural shift that merges operations with development and demands a linked toolchain of technologies to facilitate collaborative change.

Here are 2018 Top Devops Interview Question and Answers

1) Explain Devops?

It is a newly emerging term in IT field, which is nothing but a practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals. It focuses on delivering software product faster and lowering the failure rate of releases.

2) How is DevOps different from Agile/SDLC?

Agile is a set of values and principles about how to produce i.e., develop software. Example: If you have some ideas and you want to turn those ideas into working software, you can use the Agile values and principles as a way to do that. But, that software might only be working on a developer’s laptop or in a test environment. You want a way to quickly, easily and repeatedly move that software into production infrastructure, in a safe and simple way. To do that you need DevOps tools and techniques.

You can summarize by saying Agile software development methodology focuses on the development of software but DevOps on the other hand is responsible for development as well as deployment of the software in the safest and most reliable way possible. Here’s a blog that will give you more information on the evolution of DevOps.

Now remember, you have included DevOps tools in your previous answer so be prepared to answer some questions related to that.

3) What are the advantages of DevOps training?

For this answer, you can use your past experience and explain how DevOps helped you in your previous job. If you don’t have any such experience, then you can mention the below advantages.


Technical benefits:

  • Continuous software delivery
  • Less complex problems to fix
  • Faster resolution of problems

Business benefits:

  • Faster delivery of feature
  • More stable operating environments
  • More time available to add value (rather than fix/maintain)

4) What is version control?

This is probably the easiest question you will face in the interview. My suggestion is to first give a definition of Version control. It is a system that records changes to a file or set of files over time so that you can recall specific versions later. Version control systems consist of a central shared repository where teammates can commit changes to a file or set of file. Then you can mention the uses of version control.

Version control allows you to:

  • Revert files back to a previous state.
  • Revert the entire project back to a previous state.
  • Compare changes over time.
  • See who last modified something that might be causing a problem.
  • Who introduced an issue and when.

5) Why are configuration management processes and tools important?

Talk about multiple software builds, releases, revisions, and versions for each software or testware that is being developed. Move on to explain the need for storing and maintaining data, keeping track of development builds and simplified troubleshooting. Don’t forget to mention the key CM tools that can be used to achieve these objectives. Talk about how tools like Puppet, Ansible, and Chef help in automating software deployment and configuration on several servers.

6) What are the core operations in terms of development and infrastructure?

The core operations of DevOps:

  • Application development
  • Code developing
  • Code coverage
  • Unit testing
  • Packaging
  • Deployment With infrastructure
  • Provisioning
  • Configuration
  • Orchestration
  • Deployment

7) Explain the concept of “Infrastructure as Code (IaC) in brief?

It is a good idea to talk about IaC as a concept, which is sometimes referred to as a programmable infrastructure, where infrastructure is perceived in the same way as any other code. Describe how the traditional approach to managing infrastructure is taking a back seat and how manual configurations, obsolete tools, and custom scripts are becoming less reliable. Next, accentuate the benefits of IaC and how changes to IT infrastructure can be implemented in a faster, safer and easier manner using IaC. Include the other benefits of  IaC like  applying regular unit testing and integration testing to infrastructure configurations, and maintaining up-to-date infrastructure documentation.

8) What is the scope of SSH?

SSH is a Secure Shell which provides users with a secure, encrypted mechanism to log into systems and transfer files.

  • To logout a remote machine and work on command line.
  • To secure encrypted communications between two hosts over an insecure network.

9)What are the differences between Linux and Unix operating systems?

Unix:

  • It belongs to the family of multitasking, multiuser operating systems.
  • These are mostly used in internet servers and workstations.
  • It is originally derived from AT&T Unix, developed starting in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others.
  • Both the operating systems are open source but UNIX is relatively similar one as compared to LINUX.

Linux:

  • Linux has probably been home to every programming language known to humankind.
  • These are used for personal computers.
  • The LINUX is based on the kernel of UNIX operating system.

10) Name the types of HTTP requests?

The types of Http requests are

  • GET
  • HEAD
  • PUT
  • POST
  • PATCH
  • DELETE
  • TRACE
  • CONNECT
  • OPTIONS

11) What is the Dogpile effect and how can you prevent its effect?

Dogpile effect is referred to the event when cache expires, and websites are hit by the multiple requests made by the client at the same time. This effect can be prevented by using semaphore lock. In this system when value expires, first process acquires the lock and starts generating new value.

12) Which VCS tool you are comfortable with?

You can just mention the VCS tool that you have worked on like this: “I have worked on Git and one major advantage it has over other VCS tools like SVN is that it is a distributed version control system.”

Distributed VCS tools do not necessarily rely on a central server to store all the versions of a project’s files. Instead, every developer “clones” a copy of a repository and has the full history of the project on their own hard drive.

13) State the difference between Memcache and Memcached.

Memcache: It is an extension that allows you to work through handy object-oriented (OOP’s) and procedural interfaces. It is designed to reduce database load in dynamic web applications.

Memcached: It is an extension that uses libmemcached library to provide API for communicating with Memcached servers. It is used to increase the dynamic web applications by alleviating database load. It is the latest API.

14) Explain how you can update Memcached when data changes?

When data changes you can update Memcached by

  •  Clearing the Cache proactively: Clearing the cache when an insert or update is made
  •  Resetting the Cache: It is similar to the first method but rather than just deleting the keys and waiting for the next request for the data to refresh the cache, reset the values after the insert or update.

15) What is automation testing, enlist few of its benefits?

Automation testing or Test Automation is a process of automating the manual process to test the application/system under test. Automation testing involves use of separate testing tools which lets you create test scripts which can be executed repeatedly and doesn’t require any manual intervention. Few of its advantages are listed as:

  • Supports execution of repeated test cases
  • Aids in testing a large test matrix
  • Enables parallel execution
  • Encourages unattended execution
  • Improves accuracy thereby reducing human generated errors
  • Saves time and money

Hope these devops interview question and answer will help you to get you dream job in Devops field

Top 15 Cyber Security Interview Question and Answers for 2017

By | Interview Question | No Comments

With the ever increasing demand of internet, everyone is connected through internet like never before. Internet is responsible for our easy bill payments and error-free bank transactions. But, with the increase in cyber crimes, how can we completely rely on the connections? Security is our primary concern. So, hiring the security professionals is not only important but is difficult as well. As someone with years of experience in the cybersecurity space, I’ve interviewed hundreds of prospective applicants for roles ranging from network security specialist to senior executive positions for large IT security multinational organizations.

Here are 15 informative cyber security interview questions for job professionals in the field:

1) What’s the one thing that you have found that contributes the most to software security risks?

Budget, lack of buy-in, communication breakdowns between development, IT/security operations, and management come to mind.

2) Which cyber security project you handled on your own or you call it as an achievement?

For some people, this would be the first computer they ever built, or the first time they modified a game console, or the first program they wrote, the list can go on and on. In my case, that would be a project for work that I was working on for years. It started out as an Excel spreadsheet that the Engineering department were using to keep track of their AutoCAD drawings, and ended up evolving through a couple hundred static HTML pages, an Access Database and frontend, and finally to a full on web application running in MySQL and PHP. This simple little thing ended up becoming an entire website with dedicated Engineering, Sales and Quality web apps used by the company globally, which just goes to show you you never know where something might lead.

3) Explain data leakage? Also, mention the factors responsible for it.

The separation or departing of IP from its intended place of storage is known as data leakage.  The factors that are responsible for data leakage can be

  • Copy of the IP to a less secure system or their personal computer
  • Human error
  • Technology mishaps
  • System misconfiguration
  • A system breach from a hacker
  • A home-grown application developed to interface to the public
  • Inadequate security control for shared documents or drives
  • Corrupt hard-drive
  • Back up are stored in an insecure place

4) What are the most challenging aspects of software security impacting businesses today?

Things like getting right the first time, finding the low-hanging fruit promptly before the bad guys/ hackers do, and even the various complexities associated with people/politics.

5) Mention what are personal traits you should consider protecting data?

  • Install anti-virus on your system
  • Ensure that your operating system receives an automatic update
  • By downloading latest security updates and cover vulnerabilities
  • Share the password only to the staff to do their job
  • Encrypt any personal data held electronically that would cause damage if it were stolen or lost
  • On a regular interval take back-ups of the information on your computer and store them in a separate place
  • Before disposing off old computers, remove or save all personal information to a secure drive
  • Install anti-spyware tool

6) What is SSL and why is it not enough when it comes to encryption?

SSL is identity verification, not hard data encryption. It is designed to be able to prove that the person you are talking to on the other end is who they say they are. SSL and its big brother TLS are both used almost everyone online, but the problem is because of this it is a huge target and is mainly attacked via its implementation (The Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are very good ideas.

7) What is XSS?

Cross-site scripting, the nightmare of Javascript. Because Javascript can run pages locally on the client system as opposed to running everything on the server side, this can cause headaches for a programmer if variables can be changed directly on the client’s webpage. There are a number of ways to protect against this, the easiest of which is input validation.

8) Do you know about the 80/20 rule of networking?

80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain local while 20% is routed towards a remote network.

9) Suggest 3 ways to authenticate any person?

Something they know (password), something they have (token), and something they are (biometrics). Two-factor authentication often times uses a password and token setup, although in some cases this can be a PIN and thumbprint.

10) Mention what is WEP cracking? What are the types of WEP cracking?

WEP cracking is the method of exploiting security vulnerabilities in wireless networks and gaining unauthorized access.  There are basically two types of cracks

  • Active cracking: Until the WEP security has been cracked this type of cracking has no effect on the network traffic.
  • Passive cracking: It is easy to detect compared to passive cracking. This type of attack has increased load effect on the network traffic.

11) How would you judge if a remote server is running IIS or Apache?

Error messages oftentimes giveaway what the server is running, and many times if the website administrator has not set up custom error pages for every site, it can give it away as simply as just entering a known bad address. Other times, just using telnet can be enough to see how it responds. Never underestimate the amount of information that can be gained by not getting the right answer but by asking the right questions.

12) How do you protect your home Wireless Access Point?

This is another opinion question – there are a lot of different ways to protect a Wireless Access Point: using WPA2, not broadcasting the SSID, and using MAC address filtering are the most popular among them. There are many other options, but in a typical home environment, those three are the biggest.

13) How can you safeguard a company or an institute from SQL injection?

An organization can rely on following methods to guard themselves against SQL injection

  • Sanitize user input: User input should be never trusted it must be sanitized before it is used
  • Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
  • Regular expressions: Detecting and dumping harmful code before executing SQL statements
  • Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database
  • Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.

14) List out the techniques used to prevent web server attacks?

  • Patch Management
  • Secure installation and configuration of the O.S
  • Safe installation and configuration of the web server software
  • Scanning system vulnerability
  • Anti-virus and firewalls
  • Remote administration disabling
  • Removing of unused and default account
  • Changing of default ports and settings to customs port and settings

15) What is CIA triangle?

Confidentiality, Integrity, Availability. As close to a ‘code’ for Information Security as it is possible to get, it is the boiled down essence of InfoSec. Confidentiality- keeping data secure. Integrity- keeping data intact. Availability- keeping data accessible.

Hope the above cyber security interview question and answer will be helpful to get you dream job

Ethical Hacking Interview question and answers

By | Interview Question | No Comments

Ethical Hacking Interview question and answers

To oppose the malicious activities by ethical hackers, and the rise of IT security raised the need of ethical hackers. Recently, numerous organizations went through the cyber-attacks raised their growing need of having professional ethical hackers who can safeguard their networks. Ethical hacking is the term given to penetration testing and prevention. Your career is based on your hacking skills, but you use them to protect companies against malicious hackers. Before you decide to interview, here are some CEH interview questions and answer you might run into when interviewing for a job.

1) How are the ethical hackers different from non-ethical hackers?

As the name suggests, something legal is associated with it. In many organizations, today computers are hacked for the good purpose of the organization. In any organization, to hack a computer means vulnerability that loopholes in a computer found by them, that they build by firewall. Considering a very simple example here, the windows security an organization upgrade on the daily basis. It is a common practice, to hack and it is mostly observed prior to the release of new softwares to test its ability to with understand such attacks.

However, non ethical hacking is the serious issue. Because every user almost is facing this kind of problem. It means that when people, steal some one data just for their own personal gain. It includes mostly, credit card info, ID theft, and the make perfect sense to me.

2) What is LDAP ( Lightweight Directory Access Protocol ) ?

The Lightweight Directory Access protocol is a protocol used to access the directory listings within Active Directory or from the other directory services.

3) State the difference between IP address and MAC address?

IP address: To every device IP address is assigned, so that device can be located on the network.  In other words IP address is like your postal address, where anyone who knows your postal address can send you a letter.

MAC (Machine Access Control) address: It is a unique arrangement of serial number assigned to every network interface on every device.  Mac address is like your physical mail box, only your postal carrier (network router) can identify it and you can change it by getting a new mailbox (network card) at any time and slapping your name  (IP address) on it.

4) What do you mean by brute force hack?

A brute force hack tries to “guess” a password and username using a dictionary. A brute force attack takes longer but it uses each value in the dictionary attack.

5) What is enumeration?

Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted in an Intranet Environment.

6) Explain in brief about the DoS attack?

A denial of service attack sends massive amounts of traffic to a website in an attempt to crash either the router or the web server. Hackers can use a syn attack, buffer overflow attack, smurf attack or even viruses.

7) Define network sniffing?

Network sniffing reads the data packets sent over a network between a user and the web server. Network sniffing can be combated using SSL or encryption when communication with a web server.

8) What is footprinting in ethical hacking? What is the techniques used for footprinting?

Footprinting refers accumulating and uncovering as much as information about the target network before gaining access into any network. The approach adopted by hackers before hacking

  • Open Source Footprinting : It will look for the contact information of administrators that will be used in guessing the password in Social engineering
  • Network Enumeration : The hacker tries to identify the domain names and the network blocks of the target network
  • Scanning : Once the network is known, the second step is to spy the active IP addresses on the network.  For identifying active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses
  • Stack Fingerprinting : Once the hosts and port have been mapped by scanning the network, the final footprinting step can be performed.  This is called Stack fingerprinting.

9) What is ARP spoofing?

ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and attacks an internet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets.

10) How can you prevent ARP spoofing or ARP poisoning?

ARP poisoning can be prevented by following methods

  • Packet Filtering : Packet filters are capable for filtering out and blocking packets with conflicting source address information
  • Avoid trust relationship : Organization should develop protocol that rely on trust relationship as little as possible
  • Use ARP spoofing detection software : There are programs that inspects and certifies data before it is transmitted and blocks data that is spoofed
  • Use cryptographic network protocols : By using secure communications protocols like TLS, SSH, HTTP secure prevents ARP spoofing attack by encrypting data prior to transmission and authenticating data when it is received.

11) Explain what is Burp Suite, what are the tools it consist of?

Burp suite is an integrated platform used for attacking web applications. It consists of all the Burp tools required for attacking an application.  Burp Suite tool has same approach for attacking web applications like framework for handling HTTP request, upstream proxies, alerting, logging and so on.

The tools that Burp Suite has

  • Proxy
  • Spider
  • Scanner
  • Intruder
  • Repeater
  • Decoder
  • Comparer
  • Sequencer

12) What is CSRF and how can you prevent it?

CSRF or Cross site request forgery is an attack from a malicious website that will send a request to a web application that a user is already authenticated against from a different website. To prevent CSRF you can append unpredictable challenge token to each request and associate them with user’s session.  It will ensure the developer that the request received is from a valid source.

13) Explain how can you stop the hacking of any website?

By adapting following method you can stop your website from getting hacked

  • Sanitizing and Validating users parameters: By Sanitizing and Validating user parameters before submitting them to the database can reduce the chances of being attacked by SQL injection
  • Using Firewall: Firewall can be used to drop traffic from suspicious IP address if attack is a simple DOS
  • Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of the cookies, associating cookies with the client IP address and timing out the cookies after some time
  • Validating and Verifying user input : This approach is ready to prevent form tempering by verifying and validating the user input before processing it
  • Validating and Sanitizing headers :  This techniques is useful against cross site scripting or XSS, this technique includes validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values to reduce XSS attacks

14) Name any tool used for ethical hacking?

WireShark is a software penetration testing tool that lets you sniff network traffic and identify rogue packets for testing and security purposes. 

15) What is pharming and defacement?

Pharming: In this technique the attacker compromises the DNS ( Domain Name System) servers or on the user computer so that traffic is directed to a malicious site

Defacement: In this technique the attacker replaces the organization website with a different page.  It contains the hackers name, images and may even include messages and background music.

Hope CEH Cyber security interview question and answer find helfull to get you in cyber security jobs

Top 10 Salesforce Interview Questions and Answers

By | Interview Question | No Comments

Let’s begin with the basics. What is Salesforce? Well, simply put, Salesforce is currently the best and most effective Customer Relationship Management (CRM) product in the industry. When we say it is effective, it is because it comes with the following benefits.

  • It ensures better and faster sales opportunities
  • Helps in deploying an analytical approach to customer acquisition
  • Helps with automation of repetitive & insignificant and insignificant tasks
  • Improves efficiency of communication

So if you’re conducting an interview to hire someone for Salesforce, here are the most important questions to ask. Don’t worry, we’ll supply the right answers too!. Below are the top interview question and answer for salesforce

#1 Define object relationship overview

Salesforce allows you to link standard and custom object records in a related list. To do that, you need object relationship overview. You will have to create various types of relationships in order to connect specific customers with specific business cases.

#2 What are the benefits of Salesforce SaaS functionality?

Salesforce SaaS comes with many benefits, some of them are –

  • Easy infrastructure management
  • All applications can be accessed via the Internet
  • Integration is simple and easy between applications
  • Provision to access everything via mobile phones
  • Pay-as-you-go model that benefits all customers

#3 How many relationships are present in Salesforce?

Salesforce permits two relationships, namely

  • Lookup relationships
  • Master detail relationship

#4 Explain Force.com platform

The entire infrastructure and codebase where Salesforce exists is referred to as the Force.com platform. Simply put, Salesforce is built on Force.com which in turn is a platform as SaaS. It helps design, develop and deploy cloud-based applications or websites.

#5 What are the types of reports available on Salesforce?

Salesforce supports 4 types of reports, they are –

  • Tabular report – This displays the grand total in a tabular format
  • Joined report: Amalgamation of two or more reports
  • Summary report: A column-based grouping report
  • Matrix report: A detailed report which displays both row-based & column based grouping

#6 Briefly explain the various dashboard components

Here’s a brief explanation of the various dashboard components on Salesforce.

  • Metric: Component used to display single key value. You can simply click the empty text field adjacent to the grand total and add metric labels directly to components. Metric tables placed above and below are explained as follows.
    • Customer S component: The content that is displayed or run on a browser like an Excel file, Java Applet or custom HTML web form.
    • VisualForce page: A page used for creating customer component or displaying information unavailable in any other component type.
    • Table: Component used to report data in a tabular format
  • Chart: Component used for representing data graphically
  • Gauge: Component used for displaying single value within a range of customer values

#7 Explain static resource in Salesforce

Static resource is a tool that allows you to upload content in various forms like .jar, .zip format, JavaScript or StyleSheets etc. Experts recommend using a static resource instead of directly uploading files to a document tab as the former allows you to package a set of files into a directory hierarchy and then upload it. Referencing these files is made easier with a Visualforce page.

#8 Define a junction object and explain its functions

Junction objects allows us to build many-to-many relationships between various objects. It is a custom object that has two master-detail relationship which in turn is the key to creating many-to-many relationships.

Hope you found the salesforce interview question and answer helpfull

Top 10 Interview Questions To Ask While Hiring A Project Manager

By | Interview Question | No Comments

Project Mangers Interview Questions and Answers

For any company, hiring people that are skilled and professional is vital to the company’s success. As far as hirings are concerned, the role of a Project Manager is one of the most well thought out one. That is because that is the one person who will be the overall in-charge of planning and execution of the entire project.  Hire a bad project manager and that project could as well be doomed.

Senior management & HR professionals understand that hiring a good candidate is critical, yet most of them get caught up in the busy schedules of our work life and end up making a bad decision when it comes to hiring.  Such mistakes could be costly.

So if you are on the lookout for a great Project Manager for your company, here is how you can conduct an effective interview to pick the right one.

Begin The Right Way

The first step in hiring a Project Manager begins with sending out advertisements for the opening. This step is more crucial than you think. If you don’t draft a solid job description, countless MBA graduates will apply and you’ll be left with the task of filtering through them.

Here’s what you need to keep in mind while drafting the JD for a Project Manager –

Avoid generic descriptions. Be very critical about your requirements and mention them explicitly.

Good communication is vital. If need be, write down that anyone who isn’t confident about their communication shouldn’t bother applying.

Experience is an important parameter when it comes to hiring. However, it is irrelevant if the experience was in a domain that is not related to the one your company operates in. Look for relevant experience in a similar background.

How To Conduct A Good PMP Interview

Remember, a great project manager is someone who can complete the given task on time and on the right budget. The person should also be capable of staying calm and getting the team to be productive. Keeping all of this in mind, here are 10 project manager interview questions and answer that you should ask any candidate who applied for the position of a project manager.

1. Preliminary screening question set
This isn’t just one question, this is a set of 4-5 questions that you can ask the candidate in the first encounter. It could be via phone as well. All the basics like “where do you see yourself in few years”, “how much of a deadline pusher are you?” etc. These questions will not only help you understand the candidate better, it will also help you find out if the candidate is good at communication. This is a solid way to analyze verbal skills while also forming a basic impression about the person.

2. Tell me about your career path. How did you venture into project management roles?
Expected answer: A brief yet descriptive answer that would summarize his or her industrial experience while revealing why the person holds an interest in this field.

3. Describe your most challenging project. Stress on some vital decisions you had to take.
Expected answer: An honest narrative of what the candidate recognizes as a big challenge. The answer should ideally cover his role in the project in detail.

4. What is your experience in the industry you are applying to?
Expected answer: An honest answer is what we are looking for. The pace at which a person learns is often more valuable than actual domain knowledge in some cases.

5. What metrics do you use to measure the progress of the project you are monitoring?
Expected answer: Attendance, quality, actual cost, the return of investment etc are some of the parameters that should be in the candidate’s answer.

6. How do you typically handle with clients or employees who are low motivated?
What to look for: The candidate should himself be pretty motivated himself. Someone who is low on energy and enthusiasm could easily bring down team morale. Look for someone who is generous about praising a work well done.

7. How do you hold up when there’s a difficult task or a failure?
What to look for: Watch out for blame games. If the candidate tends to blame all of it on one particular employee or reason, it is a bad sign. Look for a team player who hails his team for the work they did and was sad that despite their best efforts, the project was moved to yellow or red status.

8. What do you think is the most important skill required by a PM?
Expected answer: Communication, team management, risk management & negotiation are words to look for.

9. Tell us about some interesting projects you managed and what methods you employed for it.
Expected answer: A brief description of what the candidate perceives as his most interesting project. Would be great if the candidate is aware of styles of management such as agile, waterfall or self-organizing teams etc.

10. Is there someone you look up to as a mentor? What skills did you learn from him?
Expected answer: An honest is what we need. If the person doesn’t have a mentor, it is fine. However if does have a mentor, pay attention to the skills he claims to have picked up.

All The Best!

A good PMP interview must be conversational. Do not tick off questions and reply with “Ok cool”. Listen to the candidate and what he has to say. Remember a bad hire will cost you time, money and a lot of other resources.

It is strongly recommended that you do a bit of research on the person on the Internet. You would be surprised to find how much information is available on the net about people today.

Alright, then. Good luck! We hope you hire the best Project Manager ever!

Hope these Project Manager interview question and answers are helpfull