Cyber Security Analyst Interview Questions for Freshers are designed to test a candidate’s basic knowledge of cybersecurity concepts, tools, and practices. They focus on areas like network security, encryption, threat detection, incident response, and common attack methods, helping freshers demonstrate their readiness for entry-level roles in a Security Operations Center (SOC) or related positions

Que 1. What is the difference between a vulnerability, a threat, and a risk?

Answer:

Vulnerability: A weakness in a system (e.g., unpatched software).

Threat: Anything that can exploit a vulnerability (e.g., malware, hacker).

Risk: The potential impact when a threat exploits a vulnerability.

Que 2. What is the difference between symmetric and asymmetric encryption?

Answer:

Symmetric Encryption: Uses the same key for encryption and decryption (e.g., AES).

Asymmetric Encryption: Uses a pair of keys – public and private (e.g., RSA).

Que 3. Explain the difference between IDS and IPS.

Answer:

IDS (Intrusion Detection System): Detects suspicious activity and alerts.

IPS (Intrusion Prevention System): Detects and also blocks the malicious activity in real time.

Que 4. What are the different layers of security in a network?

Answer:

Perimeter Security – Firewalls, IDS/IPS

Network Security – VLANs, segmentation

Endpoint Security – Antivirus, EDR solutions

Application Security – Secure coding, WAF

Data Security – Encryption, DLP

Que 5. What is the difference between hashing and encryption?

Answer:

Hashing: One-way function, converts data into fixed-length hash (e.g., SHA-256). Cannot be reversed.

Encryption: Two-way function, data can be encrypted and decrypted using keys.

Que 6. What are some common types of cyber attacks?

Answer:

Phishing

Ransomware

DDoS attacks

SQL Injection

Man-in-the-Middle (MITM)

Zero-day exploits

Que 7. Explain the CIA triad.

Answer:

Confidentiality: Protecting data from unauthorized access.

Integrity: Ensuring data is accurate and unaltered.

Availability: Ensuring resources are accessible when needed.

Que 8. What is the difference between a firewall and an antivirus?

Answer:

Firewall: Protects network traffic by filtering based on rules.

Antivirus: Detects and removes malicious software on endpoints.

Que 9. Explain phishing and how to identify it.

Answer: Phishing is a social engineering attack where attackers impersonate trusted sources to steal sensitive information. Signs include:

Suspicious sender addresses

Urgent or threatening language

Mismatched links or fake domains

Unexpected attachments

Que 10. What is the difference between TCP and UDP in terms of security?

Answer:

TCP: Connection-oriented, reliable, better for secure communication.

UDP: Connectionless, faster but less reliable, often exploited in DDoS attacks.

Que 11. What are honeypots and why are they used?

Answer: A honeypot is a decoy system designed to lure attackers. It helps in:

Detecting attack patterns

Studying malicious techniques

Distracting attackers from real assets

Que 12. What is two-factor authentication (2FA) and why is it important?

Answer: 2FA adds an extra layer of security by requiring two credentials:

Something you know (password)

Something you have (OTP, token) or are (biometrics)

This reduces the chances of account compromise.

Que 13. Explain port scanning and why attackers use it.

Answer: Port scanning is a technique to identify open ports and running services on a system. Attackers use it to find entry points, while defenders use it for vulnerability assessments.

Que 14. What are SIEM tools and their role in SOC?

Answer: SIEM (Security Information and Event Management) tools collect, analyze, and correlate logs from different devices. They help in:

Detecting security incidents

Real-time monitoring

Incident response Examples: Splunk, QRadar, ArcSight

Que 15. What is the difference between black-hat, white-hat, and grey-hat hackers?

Answer:

Black-hat: Malicious hackers

White-hat: Ethical hackers working for security

Grey-hat: Hackers with mixed motives

Que 16. How would you respond to a ransomware attack in an organization?

Answer:

Isolate affected systems

Notify incident response team

Identify ransomware type

Restore from backups if possible

Avoid paying ransom

Strengthen security to prevent reoccurrence

Que 17. Explain the difference between vulnerability assessment and penetration testing.

Answer:

Vulnerability Assessment: Identifies security weaknesses in systems.

Penetration Testing: Actively exploits vulnerabilities to test defenses.

Que 18. What is the difference between HTTPS and HTTP?

Answer:

HTTP: Transfers data in plain text, vulnerable to MITM attacks.

HTTPS: Uses SSL/TLS encryption, ensuring secure communication.

Que 19. What are the common log sources you would monitor in a SOC?

Answer:

Firewall logs

IDS/IPS logs

Server logs (Windows/Linux)

Application logs

Authentication logs

Endpoint security logs

Que 20. How would you detect and prevent a brute-force attack?

Answer:

Monitor login attempts in SIEM

Use account lockout policies

Enable CAPTCHA

Implement MFA

Use anomaly-based detection systems

Que 21. What is the difference between blacklisting and whitelisting in cybersecurity?

Answer:

Blacklisting: Blocks known malicious files, IPs, or domains.

Whitelisting: Allows only trusted applications or IPs to run, blocking everything else.

Que 22. Explain the difference between SSL and TLS.

Answer:

SSL: Older protocol for encrypting web traffic.

TLS: Successor to SSL, more secure and widely used today.

Que 23. What are zero-day vulnerabilities?

Answer: A zero-day vulnerability is a security flaw unknown to vendors and without a patch. Attackers exploit it before it’s discovered and fixed, making it highly dangerous.

Que 24. Explain the difference between vulnerability scanning tools like Nessus and penetration testing tools like Metasploit.

Answer:

Nessus: Identifies system weaknesses through automated scans.

Metasploit: Exploits identified vulnerabilities to test actual risks.

Que 25. How would you investigate a suspicious network traffic spike?

Answer:

Review firewall and IDS/IPS logs

Identify source/destination IPs

Check for abnormal ports or protocols

Look for malware or DDoS signs

Use packet capture tools (Wireshark)

Contain and block malicious traffic

You can also Download the PDF from here:

Cyber Security Analyst Interview Questions and Answers

Read More: Cyber Security Analyst Interview Questions and Answers | livepositively