Security Analyst

100+ Security Analyst Interview Questions and Answers

Updated 25 Jul 2025
search-icon
1d ago

Q. How do you test a web application? What is CSRF and SSRF? What is LDAP injection? How does namp work while port scanning? (Result - open/filtered/closed) How does ssl work? Suppose a proxy server(Burpsuite) is...

read more
Ans.

A Security Analyst is responsible for testing web applications, identifying vulnerabilities, and implementing security measures to protect against attacks.

  • Testing a web application involves various techniques such as penetration testing, vulnerability scanning, and code review.

  • CSRF (Cross-Site Request Forgery) is an attack that tricks a victim into performing unwanted actions on a web application.

  • SSRF (Server-Side Request Forgery) is an attack that allows an attacker to make ...read more

Asked in TCS

1d ago

Q. What protocols used by nmap Difference between public and private ip ( mention ip ranges) Command to check connected devices , open and filter port in nmap How firewall works, can we close firewall port ? How p...

read more
Ans.

Answering questions related to nmap, IP addresses, firewall, and ping scan.

  • Nmap uses various protocols such as TCP, UDP, ICMP, and ARP.

  • Public IP addresses are globally unique and routable on the internet, while private IP addresses are used within a private network and not routable on the internet. Private IP ranges include 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

  • To check connected devices and open ports, use the command 'nmap -sP ' and 'nmap -p ', respectively. To fil...read more

Security Analyst Interview Questions and Answers for Freshers

illustration image

Q. 1. Describe your SOC scenario! 2. What kind of report you preparing for daily basis? 3. What is SIEM. 4. What kind of log sources are integrated with your SIEM? 5. SIEM communication port numbers (SIEM internal...

read more
Ans.

A Security Analyst's role involves managing and monitoring a Security Operations Center (SOC), preparing daily reports, integrating various log sources with SIEM, and responding to security alerts.

  • SOC scenario involves monitoring network traffic, analyzing security alerts, and responding to incidents

  • Daily reports include summaries of security events, incident response activities, and trend analysis

  • SIEM (Security Information and Event Management) is a software solution that ag...read more

Asked in TCS

4d ago

Q. what are the major vulnerabilities you've encounterd? how did you encounter them?

Ans.

Major vulnerabilities encountered include SQL injection, phishing attacks, and outdated software.

  • Encountered SQL injection vulnerability in a web application due to lack of input validation

  • Fell victim to a phishing attack where employees unknowingly provided sensitive information

  • Discovered outdated software with known security vulnerabilities that could be exploited

Are these interview questions helpful?
4d ago

Q. What is the difference between encryption and encoding? Provide examples and implementation use cases.

Ans.

Encryption and encoding are both methods of transforming data, but encryption is more secure and reversible.

  • Encryption is the process of converting data into a secret code to protect its confidentiality, integrity, and authenticity.

  • Encoding is the process of converting data into a different format for transmission or storage purposes.

  • Encryption uses a key to scramble the data, while encoding does not.

  • Examples of encryption include AES, RSA, and Blowfish.

  • Examples of encoding i...read more

Asked in Rainfotech

1d ago

Q. What is SQL injection and what are its types?

Ans.

SQL injection is a code injection technique that attackers use to exploit vulnerabilities in a web application's database layer.

  • SQL injection occurs when an attacker inserts malicious SQL code into a query, allowing them to manipulate the database.

  • Types of SQL injection include: 1) Classic SQL injection, 2) Blind SQL injection, 3) Time-based blind SQL injection, 4) Union-based SQL injection, 5) Error-based SQL injection, 6) Boolean-based blind SQL injection.

  • Example: An attack...read more

Security Analyst Jobs

G4S logo
Security Analyst 2-5 years
G4S
3.9
Mumbai
G4S Corporate Services (India) Pvt. Ltd. logo
Security Analyst 5-10 years
G4S Corporate Services (India) Pvt. Ltd.
3.9
Mumbai
IBM India Pvt. Limited logo
Security Analyst - SIEM IR 2-7 years
IBM India Pvt. Limited
3.9
Bangalore / Bengaluru

Q. What is vapt ? , Port numbers , tools , Linux version, commands etc,

Ans.

VAPT stands for Vulnerability Assessment and Penetration Testing. It involves identifying vulnerabilities in a system and testing them.

  • Vulnerability Assessment involves identifying vulnerabilities in a system through various tools and techniques.

  • Penetration Testing involves simulating an attack on the system to identify vulnerabilities and test the security measures in place.

  • Some common tools used for VAPT include Nmap, Nessus, Metasploit, and Wireshark.

  • Port numbers are used ...read more

3d ago

Q. What is the OSI model, and what are its layers?

Ans.

The OSI model is a conceptual framework used to understand network communication in seven layers.

  • Layer 1: Physical - Deals with the physical connection (e.g., cables, switches).

  • Layer 2: Data Link - Manages node-to-node data transfer (e.g., Ethernet).

  • Layer 3: Network - Handles routing of data (e.g., IP addresses).

  • Layer 4: Transport - Ensures complete data transfer (e.g., TCP, UDP).

  • Layer 5: Session - Manages sessions between applications (e.g., API calls).

  • Layer 6: Presentation ...read more

Share interview questions and help millions of jobseekers 🌟

man-with-laptop

Asked in ACL Digital

3d ago

Q. How can you verify the login is successful, what are the steps to secure an Account

Ans.

To verify a successful login, monitor login logs and check for any anomalies. To secure an account, enable multi-factor authentication, use strong passwords, regularly update security settings, and monitor account activity.

  • Monitor login logs for successful login attempts

  • Check for any anomalies in login patterns or locations

  • Enable multi-factor authentication for an added layer of security

  • Use strong, unique passwords for each account

  • Regularly update security settings and softwa...read more

Asked in Accenture

3d ago

Q. Tell about packet flow in HTTP, DNS, TCP etc. Tell about daily work Questions on specific products you are working on Understanding of VPNs and Load balancers.

Ans.

Packet flow in HTTP, DNS, TCP, daily work, specific products, VPNs, and Load balancers.

  • HTTP packets contain request and response headers and data

  • DNS packets contain queries and responses for domain name resolution

  • TCP packets establish and maintain connections between hosts

  • Daily work involves monitoring network traffic and identifying security threats

  • Specific products may include firewalls, intrusion detection systems, and antivirus software

  • VPNs provide secure remote access to...read more

Asked in Rainfotech

4d ago

Q. Explain about CSRF and XSS. Difference betwn both?

Ans.

CSRF and XSS are both web security vulnerabilities. CSRF allows attackers to perform unwanted actions on behalf of a user, while XSS allows attackers to inject malicious scripts into web pages.

  • CSRF (Cross-Site Request Forgery) is an attack that tricks the victim into performing unwanted actions on a website without their knowledge or consent.

  • XSS (Cross-Site Scripting) is an attack that allows attackers to inject malicious scripts into web pages viewed by other users.

  • CSRF expl...read more

1d ago

Q. Different types of XSS and SQLi and difference between them.

Ans.

XSS and SQLi are common web application vulnerabilities. XSS allows attackers to inject malicious scripts, while SQLi allows them to manipulate database queries.

  • XSS (Cross-Site Scripting) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

  • There are three types of XSS: Stored XSS, Reflected XSS, and DOM-based XSS.

  • Stored XSS occurs when the malicious script is permanently stored on the target server and served to users.

  • Refl...read more

Asked in Capgemini

5d ago

Q. Explain about SIEM TOOL and which SIEM tool you have used ?

Ans.

SIEM (Security Information and Event Management) tool is a software solution that aggregates and analyzes security data from various sources.

  • SIEM tools help in detecting and responding to security incidents in real-time.

  • They provide centralized visibility into an organization's security posture.

  • Examples of SIEM tools include Splunk, IBM QRadar, and ArcSight.

  • I have experience using Splunk for log management and security analytics.

5d ago

Q. OSI model in networking? Ethical hacking and its types? ICMP protocol? what is footprinting?

Ans.

The interview questions cover OSI model, ethical hacking types, ICMP protocol, and footprinting.

  • OSI model is a conceptual model that describes how data is transmitted over a network.

  • Ethical hacking involves using hacking techniques to identify vulnerabilities in a system with the owner's permission.

  • Types of ethical hacking include network penetration testing, web application testing, and social engineering testing.

  • ICMP protocol is used for error reporting and diagnostic purpo...read more

Asked in Mobikwik

2d ago

Q. How do you exploit or test for vulnerabilities?

Ans.

To exploit/test for vulnerabilities, use penetration testing tools and techniques to simulate attacks and identify weaknesses.

  • Use vulnerability scanners to identify potential vulnerabilities

  • Conduct penetration testing to simulate attacks and identify weaknesses

  • Perform social engineering tests to assess human vulnerabilities

  • Use fuzzing techniques to identify software vulnerabilities

  • Conduct code reviews to identify potential vulnerabilities

  • Test for security misconfigurations

  • Use...read more

Asked in HCLTech

1d ago

Q. what is firewall in a network diagram, what is OSI networks,

Ans.

Firewall is a security system that monitors and controls incoming and outgoing network traffic. OSI is a model for network communication.

  • Firewall is a hardware or software-based security system that filters network traffic based on predefined rules.

  • It acts as a barrier between a trusted internal network and an untrusted external network.

  • OSI (Open Systems Interconnection) is a model for network communication that defines a seven-layered approach to data transmission.

  • Each layer...read more

Q. How do you respond to a security incident or data breach?

Ans.

A structured response to security incidents involves identification, containment, eradication, recovery, and lessons learned.

  • Identify the incident: Assess the nature and scope of the breach, e.g., unauthorized access to sensitive data.

  • Contain the breach: Isolate affected systems to prevent further damage, such as disconnecting compromised servers from the network.

  • Eradicate the threat: Remove malware or vulnerabilities that led to the breach, e.g., applying patches or changing...read more

Q. What tools and techniques do you use for threat detection and prevention?

Ans.

I utilize various tools and techniques for effective threat detection and prevention in cybersecurity.

  • Intrusion Detection Systems (IDS) like Snort for monitoring network traffic.

  • Security Information and Event Management (SIEM) tools such as Splunk for real-time analysis.

  • Endpoint Detection and Response (EDR) solutions like CrowdStrike for endpoint security.

  • Firewalls and Next-Generation Firewalls (NGFW) for traffic filtering and threat prevention.

  • Vulnerability scanners like Nes...read more

Asked in Augur Cyberx

6d ago

Q. What is interactive login and non-interactive login?

Ans.

Interactive login requires user input for authentication, while non-interactive login does not require user interaction.

  • Interactive login involves user interaction such as entering a password or providing biometric data.

  • Non-interactive login can be automated and does not require user input.

  • Examples of interactive login include logging into a computer system with a username and password, while non-interactive login can be seen in automated scripts accessing a server without us...read more

6d ago

Q. What is a SIEM? Can you explain how it helps in Threat Detection

Ans.

A SIEM (Security Information and Event Management) system aggregates and analyzes security data for threat detection and response.

  • Centralizes log data from various sources like firewalls, servers, and applications for comprehensive analysis.

  • Utilizes correlation rules to identify patterns indicative of potential threats, such as multiple failed login attempts.

  • Provides real-time alerts to security teams, enabling swift response to incidents, like detecting malware activity.

  • Faci...read more

Asked in UnoBridge

6d ago

Q. What will you do if you encounter errors during application integration?

Ans.

I would systematically diagnose the integration errors, analyze logs, and collaborate with teams to resolve issues efficiently.

  • Identify the error: Check logs and error messages to pinpoint the issue.

  • Reproduce the error: Attempt to replicate the error in a controlled environment to understand its cause.

  • Check integration points: Verify that APIs, data formats, and protocols are correctly implemented.

  • Collaborate with teams: Work with development and operations teams to gather in...read more

Asked in Jio

5d ago

Q. How many alarms are you able to manage in one minute?

Ans.

I can manage multiple alarms effectively, prioritizing based on severity and context.

  • Prioritization: I assess alarms based on their severity; critical alarms are addressed immediately.

  • Automation: Utilizing SIEM tools can help filter and categorize alarms, allowing me to focus on high-priority issues.

  • Experience: In previous roles, I managed up to 20 alarms per minute during peak incidents by streamlining processes.

  • Collaboration: Working with team members allows for quicker res...read more

Asked in Jio

2d ago

Q. What is the meaning of a global scene change event, and when are they generated?

Ans.

A global scene change event indicates a significant alteration in the visual context of a scene, often triggering system responses.

  • Generated when there is a major change in the visual environment, such as a new object entering the frame.

  • Common in video surveillance systems to detect unusual activities.

  • Used in computer vision applications to identify scene transitions in video streams.

  • Example: A camera detects a person walking into a previously empty room, triggering an alert.

Asked in Cisco

3d ago

Q. How do you approach a problem?

Ans.

I approach a problem by analyzing the root cause, brainstorming solutions, and implementing a strategic plan.

  • Identify the root cause of the problem

  • Brainstorm potential solutions

  • Develop a strategic plan to address the problem

  • Implement the plan and monitor progress

  • Adjust the plan as needed based on feedback and results

Asked in WPP

2d ago

Q. What is a false positive, and how can it be identified?

Ans.

A false positive occurs when a test incorrectly indicates a condition is present, leading to potential misdiagnosis or unnecessary actions.

  • In cybersecurity, a false positive might occur when an antivirus software flags a legitimate file as malware.

  • Example: A network intrusion detection system alerts on normal traffic patterns due to overly sensitive settings.

  • False positives can lead to wasted resources, such as time spent investigating non-issues.

  • Identifying false positives i...read more

2d ago

Q. Testing methodology and approach for black box assessment.

Ans.

Black box testing involves testing an application without knowledge of its internal workings.

  • Identify inputs and expected outputs

  • Test for boundary conditions and error handling

  • Use techniques like equivalence partitioning and decision tables

  • Focus on user interface and user experience

  • Use automated tools for efficiency

1d ago

Q. Tools used for testing? Difference between IP and MAC address?

Ans.

Tools used for testing and difference between IP and MAC address

  • Tools used for testing include vulnerability scanners, penetration testing tools, network analyzers, and forensic tools

  • IP address is a unique identifier assigned to a device on a network, while MAC address is a unique identifier assigned to the network interface controller of a device

  • IP address is used for routing traffic on the internet, while MAC address is used for communication within a local network

  • IP addres...read more

Q. How would you troubleshoot log data that stopped being received from a device on UDP port 514?

Ans.

To troubleshoot logs stopped from a device on port 514 UDP, check firewall settings, network connectivity, and device configurations.

  • Check firewall settings to ensure port 514 UDP is allowed for logging traffic

  • Verify network connectivity between the device and the logging server

  • Review device configurations to ensure logging is properly configured and enabled

Asked in Novo Nordisk

2d ago

Q. How will you remediate malware on a critical server?

Ans.

I will isolate the server, identify the malware, remove it, and restore the server from a clean backup.

  • Isolate the server from the network to prevent further spread of the malware

  • Identify the malware using antivirus software or malware analysis tools

  • Remove the malware using appropriate removal tools or manual removal techniques

  • Restore the server from a clean backup to ensure all traces of the malware are removed

  • Implement additional security measures to prevent future malware ...read more

Asked in BT Group

1d ago

Q. Why do we need 5GHz when we already have 2.4 GHz?

Ans.

5GHz offers faster speeds, less interference, and more channels compared to 2.4GHz.

  • 5GHz provides faster data transfer speeds compared to 2.4GHz, making it ideal for high-bandwidth activities like streaming HD video or online gaming.

  • 5GHz has less interference from other devices like microwaves and cordless phones that operate on the 2.4GHz frequency.

  • 5GHz offers more available channels, reducing the likelihood of congestion and improving overall network performance.

  • Devices that...read more

1
2
3
4
5
6
Next

Interview Experiences of Popular Companies

TCS Logo
3.6
 • 11.2k Interviews
Accenture Logo
3.7
 • 8.7k Interviews
Wipro Logo
3.7
 • 6.1k Interviews
Capgemini Logo
3.7
 • 5.1k Interviews
Tech Mahindra Logo
3.5
 • 4.2k Interviews
View all
Interview Tips & Stories
Interview Tips & Stories
Ace your next interview with expert advice and inspiring stories
Security Analyst Interview Questions
Share an Interview
Stay ahead in your career. Get AmbitionBox app
play-icon
play-icon
qr-code
Trusted by over 1.5 Crore job seekers to find their right fit company
80 L+

Reviews

10L+

Interviews

4 Cr+

Salaries

1.5 Cr+

Users

Contribute to help millions

Made with ❤️ in India. Trademarks belong to their respective owners. All rights reserved © 2025 Info Edge (India) Ltd.

Follow Us
  • Youtube
  • Instagram
  • LinkedIn
  • Facebook
  • Twitter
Profile Image
Hello, Guest
AmbitionBox Employee Choice Awards 2025
Winners announced!
awards-icon
Contribute to help millions!
Write a review
Write a review
Share interview
Share interview
Contribute salary
Contribute salary
Add office photos
Add office photos
Add office benefits
Add office benefits