- what is CSRF attack?
- what is the difference of pen testing and vulnerability assessment?
- what is the security implication of using mobile devices for enterprises?
- what security threats the social networking sites bring to enterprises?
- How do you convince the managers at the client company that they need to adhere to some security standards or best practices?

I am student of Information security. One day when I was preparing for jobs interview I came across your articles. These are very helpful and knowledgeable for some one in this field. Thanks for sharing your experience.
Keep up the good work.

Samarth Sharma

I am student of Information security. One day when I was preparing for jobs interview I came across your articles. These are very helpful and knowledgeable for some one in this field. Thanks for hiring for experience.
Keep up the good work.

Samarth Sharma

1. SYN: The active open is performed by the client sending a SYN to the server. It sets the segment’s sequence number to a random value A.
2. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number (A + 1), and the sequence number that the server chooses for the packet is another random number, B.
3. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A + 1, and the acknowledgement number is set to one more than the received sequence number i.e. B + 1.

At this point, both the client and server have received an acknowledgment of the connection.

I REALLY HAVE A QUESTION) I am going to have an Interview with a COO over the phone with a InfoSec company!!!!!!! I have no idea how the phone interview with a hiring manager would convey my qualification? Can someone help??

I hope someone can answer my question
——————————————————————————————————————————————

@Mark: I found your questions very interesting and I totally agree with you, “Your question covers a broad spectrum in the area of Networking/ Security” I personally would answer it in scenario format.

In my career I’ve interviewed handful of Tire 1 and 2 Desktop Support personnel. What I used and will always ask are

1) Would you please explain what happens when computer user hit the browser and type http://www.google.com”, or
2) would you please explain as much detail as you can what will happen when you hit the Send button on your email”

Adriano

This 3 part question can only be useful if the “OSI Model” question is answered correctly. If not, the interview is pretty much over.

Question 1 of 3:
What’s the difference between vulnerability and mitigation? (sounds simple enough, but it gets better).

Question 2 of 3:
Give me an example of a vulnerability at each layer of the OSI reference model.

Question 3 of 3:
Give me a type of mitigation for each of the vulnerabilities you have just provided.

I have rarely come across an individual who can handle these questions off the top of their head. I’ve been in this industry for over 10 years and I have to sit down and think about them carefully. The point is to observe how the candidate can deduce the correct responses and show their depth across the OSI layers. As each layer delves into various areas of infrastructure and applications, this knowledge really shows someone’s “chops” in the industry.

I never expect someone to knock them out, but obviously the more responses provided the more rounded the candidate is.

Mark