Crack the ISO 27001 Interview: Top Questions and Expert Answers for Success

Before going for an interview especially when you are looking for a career change, you need to know how important that job role really is across industries. That’s the only way to know how much you can benefit from that in the future.

In this way, you can understand how much you will be worth in the future. 

So, how much is an ISO 27001 Lead Auditor worth? Well, for starters, In US, an entry-level ISO 27001 Lead Auditor with less than 1-year experience earns an average total compensation (includes tips, bonus, and overtime pay) of $55,000. An early career ISO Lead Auditor with 1-4 years of experience earns an average total compensation of $51,780. A mid-career ISO Lead Auditor with 5-9 years of experience earns an average total compensation of $63,790. An experienced ISO Lead Auditor with 10-19 years of experience earns an average total compensation of $79,705. In their late-career (20 years and higher), employees earn an average total compensation of $83,055. Huge. Right?

Now the next question is how tough your interview is going to be. As you know, ISO 27001 is nothing but a specification of the ISMS framework. ISMS framework is a set of processes and procedure which accelerates the risk management system of any organization. So when organizations are looking forward to hiring someone to work with the ISO 27001, they will make sure the person can deal well with cybercrime, data vandalism, errors related to integration with unprotected partnership and warehouses, Internal data theft, loss of data due to misuse, misuse of information, network breaches through third-party connectivity, personal data breaches, terrorist attacks, theft, and viral attacks. And to know how to handle them well, you need to know the ISO 27001 framework’s every aspect well. Hence, your ISO 27001 Lead Auditor interview is completely going to depend on your knowledge. Wonder how the questions might be? We have picked 20 most popular ISO 27001 Lead Auditor interview questions for you, that’s going to help you prepare well.

1. How would traceroute help you find out where a breakdown in communication is?

Ans: With the help of tracert or traceroute, you can see what routers you touch as you move along the chain of connections to your final destination. However, if you end up with a problem where you can’t connect or can’t ping your final destination, a tracert can help in that regard in locating where the chain of connections stops. With this information, you can contact your own firewall, your ISP, your destination’s ISP or somewhere in the middle.

2. Why would you want to use SSH from a Windows PC?

Ans: SSH (TCP port 22) is a secure connection used on many different systems and dedicated appliances. Routers, Switches, SFTP servers and insecure programs being tunneled through this port all can be used to help in hardening a connection against eavesdropping.

Even though most of the times when you hear about somebody ‘SSHing’ into a box it involves Linux, the SSH protocol itself is actually implemented on a wide variety of systems. Programs like PuTTY, Filezilla and others have Windows ports available, which allow Windows users the same ease-of-use connectivity to these devices as do Linux users.

3. What’s the difference between Symmetric and Asymmetric encryption?

Ans: Symmetric encryption uses the same key to encrypt and decrypt, which is much faster but difficult to implement most times because you would have to transfer the key over an unencrypted channel. 

On the other hand, asymmetric uses different keys for encryption and decryption. 

4. What is SSL and why is it not enough when it comes to encryption?

Ans: SSL is identity verification, not hard data encryption. It is designed to be able to prove the other end’s person’s identity who you are having a conversation with.

 SSL and its big TLS are used by almost everyone, but the problem is because the visibility is maximum, it is a huge target and is mainly attacked via its implementation (The Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are needed to be prepared.

5. What does a POST code mean?

Ans: POST is one of the best tools available when a system will not boot. Normally through the use of display LEDs in more modern systems or traditionally through audio tones, these specific codes can tell you what the system doesn’t like about its current setup. Because of the rare nature of this, unless you are on a tech bench day in and day out, reference materials such as the Motherboard manual and your search engine of choice can be tremendous assets. Few pointers to remember about this are:

• Access to the minimum required components to boot
• Access to all of your connections on the correct pins. 

6. What is the difference between a Black Hat and a White Hat?

Ans: A black hat hacker is a hacker who violates computer security for personal gain or maliciousness. Black hat hackers are the stereotypical illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".

Black hat hackers break into secure networks to destroy, modify, or steal data, or to make the networks unusable for authorized network users.

On the other hand, White hat hackers refer to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies that ensure the security of an organization's information systems. Ethical hacking is a term meant to imply a broader category than just penetration testing.

7. You need to reset a password-protected BIOS configuration. What do you do?

Ans: While BIOS itself has been superseded by UEFI, most systems still follow the same configuration for how they keep the settings in storage. Being a pre-boot system, BIOS has its own storage mechanism for its settings and preferences. In the classic scenario, simply popping out the CMOS (complementary metal-oxide-semiconductor) battery will be enough to have the memory storing these settings lose its power supply, and as a result, it will lose its settings. 

As an alternative, you can use a jumper or a physical switch on the motherboard. This time you need to actually remove the memory itself from the device and reprogram it. The simplest way is,  if the BIOS has come from the factory with a default password enabled, try ‘password’.

8. What is XSS?

Ans: XSS is a Cross-site scripting that is often called the nightmare of Javascript. Because Javascript can run pages locally on the client system as opposed to running everything on the server side, this can cause headaches for a programmer if variables can be changed directly on the client’s webpage. 

9. How would you log in to Active Directory from a Linux or Mac box?

Ans:  Active Directory uses an implementation of the SMB protocol, which can be accessed from a Linux or Mac system by using the Samba program. Depending on the version, this can allow share access, printing, and even Active Directory membership.

10. What are salted hashes?

Ans: Salt is basically random data. When a properly protected password system receives a new password, it will create a hashed value for that password, create a new random salt value, and then store that combined value in its database. This helps you defend against dictionary attacks and known hash attacks.

11. What are the three ways to authenticate a person?

Ans: The 3 ways of authenticating a person are as follows:

• Something they know (password)
• Something they have (token)
• Something they are (biometrics). 

12. How would you judge if a remote server is running IIS or Apache?

Ans: Error messages sometimes give away what the server is running.  If the website administrator has not set up custom error pages for every site, it too can give it. Also, just using telnet can be enough to see how it responds. Never underestimate the amount of information that can be gained by not getting the right answer but by asking the right questions.

13. What is data protection in transit vs data protection at rest?

Ans: When data is protected in the database or on its hard drive, it can be considered at rest. On the other hand, while it is going from server to client it is in transit. 

14. You see a user logging in as root to perform basic functions. Is this a problem?

Ans: A Linux admin account (root) has many powers that are not permitted for standard users. It is not always necessary to log all the way off and log back in as root in order to do these tasks. For example, if you have ever used the ‘run as admin’ command in Windows, then you will know the basic concept behind ‘sudo’ or ‘superuser (root) do’ for whatever it is you want it to do. It’s a very simple and elegant method for reducing the amount of time you need to be logged in as a privileged user. The more time a user spends with enhanced permissions, the more likely it is that something is going to go wrong – whether accidentally or intentionally.

15. How do you protect your home Wireless Access Point?

Ans: There are 3 ways to protect the home wireless access point:

• Using WPA2
• Not broadcasting the SSID
• Using MAC address filtering 

16. On a Windows network, why is it easier to break into a local account than an AD account?

Ans: Windows local accounts have a great deal of baggage tied to them, running back a long long way to keep compatibility for user accounts. If you have a password longer than 13 characters, you may have seen the message referring to this fact. However, Active Directory accounts have a great deal of security tied onto them, not the least of which is that the system actually doing the authenticating is not the one you are usually sitting at when you are a regular user. Hence, it’s not easy to break into them.

17. What is the CIA triangle?

Ans: CIA triangle is made of 3 following components:

• Confidentiality
• Integrity
• Availability. 

18. What is the difference between a vulnerability and an exploit?

Ans: In cybersecurity, vulnerability is a weakness that can be exploited by a cyber attack to gain unauthorized access to or perform unauthorized actions on a computer system. Vulnerabilities can allow attackers to run code, access a system's memory, install malware, and steal, destroy or modify sensitive data.

On the other hand, An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack.

 19. What is worse in Firewall Detection, a false negative or a false positive? And why?

Ans: A false positive is annoying, but it can be easily dealt with by calling a legitimate piece of traffic bad. A false negative however is a piece of malicious traffic being let through without incident. Hence, for obvious reasons, a false negative is worse.

20. What’s the difference between a White Box test and a Black Box test?

Ans: A White Box test is one where the pen testing team is given as much information as possible regarding the environment.

On the other hand, no information are provided in a  Black Box test. 

Conclusion:

Apart from the above questions, there can be a few circumstantial and personal questions as well, like “How does your daily news check look like?” “What do you think of social media networks?” “What’s your  favorite project executed by you till date?” When these questions come up, don’t get nervous. Just follow your intuition and your passion for ISMS will lead you to the answers. And if you need help from experts to understand ISMS well and grab a certification too, we are always there for you! Apply for our ISO 27001 Lead Auditor training and certification course and get acknowledged worldwide!

Topic Related Post