Cybersecurity Interview Questions

Q: Employees of a company are facing lots of bounced email notifications from email addresses they have never sent messages to. Select the options below which are correct for the given scenario.

[ ] Mail boxes of the company users are full, resulting in bounced emails. [*] Company email addresses seem to have been spoofed and used for spamming. [*] An email authentication method like DKIM can be used to prevent such incidents. [ ] SMTP would prevent such incidents as emails can be sent reliably using it. [ ] Having more than one email server would reduce such email bouncing incidents.

Q: Select the methods that can be used to hide your public IP address when making calls to a remote server over the internet.

[*] A Virtual Private Network. [*] A Proxy Server. [ ] Using the HTTPS protocol. [ ] The Transport Layer Security protocol. [ ] Spoofing the device's MAC address.

Q: An office supplies web store wants to improve the security of their website. A developer suggested a number of changes. Which of the changes would improve security?

[*] Everything on the site should use HTTPS instead of HTTP. [ ] When resetting a user's password, send the user a new password instead of a password reset code. [*] Set an HTTP only flag on the session cookie. [*] Show a CAPTCHA after several failed login attempts. [ ] Replace UUIDs in URLs with sequential IDs. [ ] Session tokens should never expire.

Q: A web application for ordering cat food charges users and places an order when an HTTP GET request is issued to the following URL: http://www.catsupplies.com/order?brand=xxxxx&quantity=xxxxx A malicious website could add snippets like this to their site: <img src="http://www.catsupplies.com/order?brand=xxxxx&quantity=xxxxx"> What would help protect against such attacks, considering that the web application has the CORS policy that only allows requests from the same site?

[*] Switch from HTTP GET to HTTP PUT and move the query parameters into the request body. [ ] Add an additional "token" cookie, without the same site attribute, that is unique per user session and checks if it's correct when visiting the page. [ ] Make HTTPS mandatory. [ ] Make sure that the requests to that page contain a valid session identifier. [*] Add an additional "token" HTTP header that is unique per user session and checks if it's correct when visiting the page.

Need to practice your cybersecurity skills for an upcoming job interview? Try solving these cybersecurity interview questions that test knowledge of cybersecurity concepts such as email spoofing, CSRF, authorization, and others. We’ll provide feedback on your answers, and you can use a hint if you get stuck.

These cybersecurity interview questions are examples of real tasks used by employers to screen job candidates such as cybersecurity analysts, system administrators, network administrators, and others that require knowledge of cybersecurity.

1. Email Spoofing

Network Administration Email server Network security Spoofing attack New Public

0-33%
34-67%
68-100%

Easy

Employees of a company are facing lots of bounced email notifications from email addresses they have never sent messages to. Select the options below which are correct for the given scenario.

(Select all acceptable answers.)

Mail boxes of the company users are full, resulting in bounced emails.

Company email addresses seem to have been spoofed and used for spamming.

An email authentication method like DKIM can be used to prevent such incidents.

SMTP would prevent such incidents as emails can be sent reliably using it.

Having more than one email server would reduce such email bouncing incidents.

Report an issue

Solve Question

2. IP Privacy

Network Administration Application layer IP Network security Public

0-33%
34-67%
68-100%

Easy

Select the methods that can be used to hide your public IP address when making calls to a remote server over the internet.

(Select all acceptable answers.)

A Virtual Private Network.

A Proxy Server.

Using the HTTPS protocol.

The Transport Layer Security protocol.

Spoofing the device's MAC address.

Report an issue

Solve Question

3. Office Supplies

Web Application Security Authorization New Public

Easy

An office supplies web store wants to improve the security of their website. A developer suggested a number of changes.

Which of the changes would improve security?

(Select all acceptable answers.)

Everything on the site should use HTTPS instead of HTTP.

When resetting a user's password, send the user a new password instead of a password reset code.

Set an HTTP only flag on the session cookie.

Show a CAPTCHA after several failed login attempts.

Replace UUIDs in URLs with sequential IDs.

Session tokens should never expire.

Report an issue

Solve Question

4. Cat Supplies Store

Web Application Security CSRF New Public

Easy

A web application for ordering cat food charges users and places an order when an HTTP GET request is issued to the following URL:

http://www.catsupplies.com/order?brand=xxxxx&quantity=xxxxx

A malicious website could add snippets like this to their site:

<img src="http://www.catsupplies.com/order?brand=xxxxx&quantity=xxxxx">

What would help protect against such attacks, considering that the web application has the CORS policy that only allows requests from the same site?

(Select all acceptable answers.)

Switch from HTTP GET to HTTP PUT and move the query parameters into the request body.

Add an additional "token" cookie, without the same site attribute, that is unique per user session and checks if it's correct when visiting the page.

Make HTTPS mandatory.

Make sure that the requests to that page contain a valid session identifier.

Add an additional "token" HTTP header that is unique per user session and checks if it's correct when visiting the page.

Report an issue

Solve Question

If you feel ready, take one of our timed public Cybersecurity Interview Questions tests:

Cybersecurity Online Test (Easy)

Not exactly what you are looking for? Go to our For Jobseekers section.

Cybersecurity Interview Questions

Practice for Cybersecurity interviews by solving TestDome questions. Our interview questions are used by more than 7,000 companies and 450,000 individual test takers.

1. Email Spoofing

2. IP Privacy

3. Office Supplies

4. Cat Supplies Store