Cybersecurity Analyst Interview Questions India 2026

Tip: Encryption: reversible transformation using a key (AES, RSA) — for confidentiality. Hashing: one-way function (SHA-256, bcrypt) — for integrity and password storage. You can decrypt; you cannot "unhash." Passwords must be hashed with a salt, never encrypted.

Tip: Current top 5: Broken Access Control, Cryptographic Failures, Injection (SQL, command), Insecure Design, Security Misconfiguration. Know: IDOR under Broken Access Control; SQL injection under Injection. Interviewers expect examples, not just names.

Tip: MITM: attacker intercepts communication between two parties (e.g. on public Wi-Fi). Prevention: HTTPS (TLS encryption + certificate verification), HSTS header (forces HTTPS), certificate pinning (mobile apps), VPN for sensitive corporate traffic.

Tip: Symmetric: same key for encrypt and decrypt (AES) — fast, but key distribution is the problem. Asymmetric: public key encrypts, private key decrypts (RSA) — solves key distribution but is slow. In practice: asymmetric to exchange a symmetric key (TLS handshake), then symmetric for bulk data.

Tip: SQL injection: attacker inserts SQL code into an input field concatenated into a query. Example: `' OR 1=1 --` bypasses a login. Prevention: parameterised queries/prepared statements (not string concatenation), ORM usage, input validation, least privilege on DB accounts.

Tip: Stateless: matches packets against rules independently — fast but easily spoofed. Stateful: tracks connection state (TCP handshake) — allows established connections and blocks unsolicited inbound packets. AWS Security Groups are stateful; Network ACLs are stateless.

Tip: Zero Trust: "never trust, always verify" — no implicit trust based on network location. Every request is authenticated, authorised, and encrypted regardless of origin. Key principles: least privilege, microsegmentation, continuous verification, device health checks.

Tip: Describe: the vulnerability type, how you found it (code review, pen test, bug bounty), severity assessment, and your disclosure process. For internal vulnerabilities: document, assess blast radius, report to security lead, track remediation.

Tip: Identify the attack type: credential stuffing or brute force? Check source IPs — distributed (botnet) or single IP? Immediate mitigation: rate limit the login endpoint, CAPTCHA, temporary IP block. Longer-term: check if any accounts were compromised, force password reset, enable MFA.

Tip: MFA requires a second factor beyond a password: something you have (TOTP app, hardware key) or something you are (biometric). A strong password is still stolen via phishing, keyloggers, or data breaches. MFA means a stolen password alone is not enough.

Tip: Show specific sources: NVD (national vulnerability database), CVE.org, CISA advisories, vendor security bulletins, Dark Reading, Krebs on Security. Mention one recent CVE you found interesting and what you learned.

Tip: Offensive (red team, pen testing): finding vulnerabilities before attackers. Defensive (blue team, SOC, incident response): detecting and responding to attacks. Both require each other's knowledge to be effective. Be honest about your interest; both paths have strong career trajectories in India.