namishelex01 · August 19, 2024 15:04
diff --git a/Scenario-based Interview Questions b/Scenario-based Interview Questions
 What are the consequences if private keys of a Root CA gets compromised?
 If you have rogue certificates of a well-known company, as an attacker, how can you use it for you own benefit?
 As a security threat analyst, what will be your approach to respond to this incident? Securing Infra, servers and people!
 > https://darknetdiaries.com/transcript/3/

 How would you check the signature of a binary and restrict any unsigned binaries to run on a machine(Win/Linux/Mac)
 > https://docs.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature
 > (Rogue) https://blog.rapid7.com/2019/01/03/santas-elfs-running-linux-executables-without-execve/

 How can I restrict the normal user to run only limited set of commands in Linux?
 > https://access.redhat.com/solutions/65822

 Say your frontend is running on a cloud CDN and the APIs are deployed via cloud Load balancers. The security team saw a 10X spike while monitoring the traffic but nothing went down except the portal faced some latency. As an analyst, give a not-too-brief plan about your approach to triage and respond to this incident which can be presented to the board/management.
 > Different approaches depending upon how deep you can think of.

 You have given a naked cloud platform(AWS/GCP/Azure). Describe your approach to make it secure for the company.

 Interviewer gives you an obfuscated Powershell script and asks details what can you extract from this?
 > https://neodymiumphi.sh/BlueTeamLabs-Malicious-PowerShell-Analysis/
 > https://malware.news/t/deobfuscating-powershell-putting-the-toothpaste-back-in-the-tube
	What are the consequences if private keys of a Root CA gets compromised?
	If you have rogue certificates of a well-known company, as an attacker, how can you use it for you own benefit?
	As a security threat analyst, what will be your approach to respond to this incident? Securing Infra, servers and people!
	> https://darknetdiaries.com/transcript/3/

	How would you check the signature of a binary and restrict any unsigned binaries to run on a machine(Win/Linux/Mac)
	> https://docs.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature
	> (Rogue) https://blog.rapid7.com/2019/01/03/santas-elfs-running-linux-executables-without-execve/

	How can I restrict the normal user to run only limited set of commands in Linux?
	> https://access.redhat.com/solutions/65822

	Say your frontend is running on a cloud CDN and the APIs are deployed via cloud Load balancers. The security team saw a 10X spike while monitoring the traffic but nothing went down except the portal faced some latency. As an analyst, give a not-too-brief plan about your approach to triage and respond to this incident which can be presented to the board/management.
	> Different approaches depending upon how deep you can think of.

	You have given a naked cloud platform(AWS/GCP/Azure). Describe your approach to make it secure for the company.

	Interviewer gives you an obfuscated Powershell script and asks details what can you extract from this?
	> https://neodymiumphi.sh/BlueTeamLabs-Malicious-PowerShell-Analysis/
	> https://malware.news/t/deobfuscating-powershell-putting-the-toothpaste-back-in-the-tube