Information Security Consultant – Interview Questions

Recently I appeared in many interviews for Consultant profile. While preparing for the interviews I observed that there is no online resource available to get the questions asked by interviewers for the profile of Information Security Consultant. I am sharing a list of questions asked to me during interviews. Hope this will help others to prepare for interviews in a better manner. I invite everyone to post questions based on their interview experiences in comments.

IBM, TUV Rheinland & KPMG

Application security

  1. What is the difference between XSS and CSRF?
  2. How do you do effort estimation of any application?
  3. What is buffer overflow? How is it exploited in an application? Tell what happens at the server end.
  4. What is the root cause of CSRF?
  5. Tell complete flow of performing CSRF attack any page.
  6. What all options we have to mitigate CSRF?
  7. Can CSRF be prevented using CAPTCHA? If yes, how?
  8. How can we prevent CSRF in .Net based applications?
  9. If a developer is not ready to implement random token in internal pages, what would be the next best suited recommendation?
  10. What is the difference between HTTP & HTTPS?
  11. What is the difference between SQL injection and Blind SQL injection?
  12. How to mitigate SQL injection? What is the best approach?
  13. If a developer is not ready to implement prepared statements & parameterized stored procedures, what would you suggest?
  14. Is input validation sufficient to prevent SQL injection? If yes, how it should be implemented?
  15. How do you perform source code review?
  16. What is LFI?
  17. What is directory traversal?
  18. What is the difference between HTTP1.0 & HTTP 1.1?
  19. How can SQL injection be fixed?
  20. What is XSS? In a practical scenario, how it can be exploited?

Network Security

  1. What is the typical ethernet frame size?
  2. What is the purpose of SYN packet as part of TCP handshake? And while ending TCP connection, which packet is responsible?
  3. Any experience in testing Wireless network, can you name any wireless network standards?
  4. Whats the maximum over the rate(?) speed of 802.11g?
  5. What does ‘-PN’ switch with nmap do?
  6. Let’s say you are connected to a client network with just an ethernet cable, no DHCP server running on network, what would be your approach to figure out the internet network IP-range?
  7. What service runs on TCP port 19?
  8. On what common ports HTTP-proxies run on?
  9. On what ports transparent proxies run on?
  10. When you scan a network and find ports 23 and 80 open on a target device, what type of device that could be mostly?
  11. What are the default SNMP community strings?
  12. How do you enumerate target system for which netbios ports (port 139,445) are restricted by the firewall?
  13. What is WAN optimization?
  14. What is QoS? Why and how is it implemented?
  15. What should be the architecture of data center? Explain each component and different layers of defences?
  16. What is DMZ? How is it configured?
  17. What is MPLS? Why is it considered secure?
  18. Tell the steps of external network PT. What is the difference between black box and gray box testing?
  19. Tell some commands of nmap.
  20. How to use nessus? Tell the steps.
  21. How to use metasploit in network PT?
  22. Suppose in network port scan you found that port 25 is open so what would be your next step in network PT.
  23. Tell me your faviorite finding in network PT.
  24. What happens when a user accesses any website in web browser at network level?
  25. What is the port number of ping?
  26. How traceroute works?
  27. What is the difference between tracert 7 traceroute?
  28. What is -v option in nmap?
  29. Which protocol DNS uses? Tell any scenario when DNS uses TCP in place of UDP?
  30. What is the frame size in ethernet?
  31. What is MTU?
  32. What is ARP?
  33. Suppose you are connected to a server using SSH and suddenly connection got down. Now what will you do to reconnect to the same instance or process?


  1. What is the command to determine currently looged in user?
  2. What is the command to list active processes?
  3. What is the command to change file permissions?
  4. Which utility makes use of regex?
  5. Which utility can be used to connect to SSL enabled prots?


  1. What is the command to determine all open connections?
  2. What is the command to create a new user?
  3. What is the command to change file permissions?
  4. What is the command to list down the accounts?
  5. What is the command to change user password?
  6. What is null session?


  1. What is DOM based XSS? How is can be mitigated?
  2. What is HTTP Response Splitting?
  3. What is CSRF? How it can be mitigated?
  4. If session id is used as random token, will it prevent CSRF?
  5. If random token is included in the cookie, will it prevent CSRF?
  6. Suppose I am the victim currently accessing my email. The email application is vulnerable to CSRF. As an attacker explain how will you exploit CSRF in real time scenario?
  7. What is Local file Inclusion attack? How it works?
  8. What is insecure direct object reference? Explain a scenario where server side source code of a webpage of the application can be downloaded using insecure direct object reference?
  9. Is CSRF a design flaw of implementation flaw? Is it a flaw in browser or application?
  10. What steps you follow during network PT? Tell some ports and attacks against services running on those ports, you would like to test.
  11. What is the difference between TCP SYN scan and TCP Connect scan?
  12. What is session fixation attack? Explain it with the help of an attacker-victim scenario.
  13. What is insecure direct object reference? How to mitigate it?
  14. How many types of SQL injection are there? Tell best 3 mitigation strategies to fix it?
  15. What all test cases will you test on login page?
  16. What is google hacking? Tell some keywords used in google hacking.


  1. What is XSS? Explain different types of XSS and mitigation strategy?
  2. What is the difference between Reflected and DOM based XSS?
  3. What is SQL Injection attack? Suppose you are given a search page which has a search field. Explain how will you check if it is vulnerable to SQL injection?
  4. What payloads will you use for blind SQL injection?
  5. Which is the most reliable method to ensure if blind SQL injection is present in a paramter?
  6. What payloads will you use if ‘<>’ and ‘script’ is blocked in the application?
  7. How SQLMap works? What kind of payloads it uses? What different types of SQL injections it uses?
  8. What ia CSRF attack? How it can be mitigated? Explain how you will exploit it?
  9. If session id is used as random token, will it mitigate CSRF?
  10. If random token is present in cookie, will it mitigate CSRF?
  11. If random token is stored in a HTTP header, will it mitigate CSRF?
  12. What would you implement for output sanitization in PHP?
  13. What all tests will you perform against SSL?
  14. Suppose you got a list of cipher suites supported by a SSL certificate, now how will you validate it manually?
  15. What is the difference between reflected and DOM based XSS?
  16. Is there any possibility of SQL injection even if prepared statement is implemented?

One thought on “Information Security Consultant – Interview Questions

  1. excellent work man, really appreciate your effort

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s