Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,710 --> 00:00:05,390 In this video, we will talk about roles and responsibilities and same questions. 2 00:00:05,390 --> 00:00:11,450 So whenever you are going for an interview, then definitely the interview interview is going to ask 3 00:00:11,450 --> 00:00:14,120 the questions related to your roles and responsibilities. 4 00:00:14,120 --> 00:00:17,600 And this is 100% chances, right? 5 00:00:17,780 --> 00:00:23,000 So it's very rare cases that the interviewer is not going to ask the roles and responsibilities and 6 00:00:23,000 --> 00:00:23,930 same questions. 7 00:00:23,930 --> 00:00:30,290 Well, whatever, whatever I have seen and whatever my seniors, my juniors I have seen and collected 8 00:00:30,290 --> 00:00:38,360 all those these data and I have seen the roles and responsibilities was the main you can say main question 9 00:00:38,360 --> 00:00:41,540 that was included in all those 50 samples. 10 00:00:42,670 --> 00:00:43,660 So let's meet. 11 00:00:43,930 --> 00:00:46,150 Let me start with what is sim? 12 00:00:47,060 --> 00:00:50,810 So you, you are already are already working on that same right. 13 00:00:50,990 --> 00:00:58,700 What exactly it is security information and even management we can see this is this is this is using 14 00:00:58,700 --> 00:01:00,140 for the real time analysis. 15 00:01:00,140 --> 00:01:04,040 Right and security alert generated by application and network network hardware. 16 00:01:04,100 --> 00:01:08,690 So that's what SIM and we seem you were using in your organization. 17 00:01:08,690 --> 00:01:14,090 This is one of the question and what was the source is from where same collection the logs so sources 18 00:01:14,090 --> 00:01:21,860 what what actually the interviewee is asking here that from where your sim were getting the logs so 19 00:01:21,860 --> 00:01:28,130 definitely it was an idea such ideas maybe the routers, virtual machines servers was different different 20 00:01:28,130 --> 00:01:28,520 places. 21 00:01:28,520 --> 00:01:35,840 So but you should know your organization architecture that exactly from where your sim was collecting 22 00:01:35,840 --> 00:01:36,260 the 23 00:01:38,930 --> 00:01:40,910 sorry collecting the logs. 24 00:01:40,910 --> 00:01:41,390 Right. 25 00:01:43,090 --> 00:01:46,180 Now what is clearer is they both are same. 26 00:01:46,870 --> 00:01:49,150 You can search on more on these things. 27 00:01:49,660 --> 00:01:51,910 What is the architecture of these architecture? 28 00:01:52,090 --> 00:01:52,450 Radar. 29 00:01:52,450 --> 00:01:58,510 And definitely they will ask about these things so you can directly go these two links I have shared. 30 00:01:58,840 --> 00:02:01,060 You can go and you can read these things. 31 00:02:01,950 --> 00:02:04,260 What are the components of radar is Splunk. 32 00:02:04,260 --> 00:02:08,450 So whatever they did, I don't know whether you are using Q Radar or Splunk, right? 33 00:02:08,460 --> 00:02:12,990 So if you are using Q radar, maybe, let's say example, even data, dataflow data. 34 00:02:12,990 --> 00:02:15,350 So just go for that components. 35 00:02:15,360 --> 00:02:22,410 What actually the login analysis dashboard, there are a lot of things, components in that and Splunk 36 00:02:22,980 --> 00:02:26,400 for Splunk, let's example, search hard for forwarder indexer. 37 00:02:27,450 --> 00:02:31,350 You can go through this link and you will get a lot of data. 38 00:02:32,220 --> 00:02:34,140 Now brief us about your carrier. 39 00:02:34,140 --> 00:02:34,830 So. 40 00:02:35,990 --> 00:02:38,630 Your career so far from where you have started. 41 00:02:38,630 --> 00:02:41,300 So you have to start from your academics, right? 42 00:02:41,420 --> 00:02:41,690 Right. 43 00:02:41,690 --> 00:02:42,560 From the academics. 44 00:02:42,560 --> 00:02:43,250 And. 45 00:02:45,710 --> 00:02:47,510 And including your graduation. 46 00:02:47,510 --> 00:02:49,040 Then after your first job. 47 00:02:49,040 --> 00:02:55,100 Second job, and then what do you have to do you have done apart from your roles and responsibilities? 48 00:02:55,100 --> 00:02:58,520 You can also mention these things in your career. 49 00:02:59,510 --> 00:03:03,080 Please explain your roles and responsibilities to your previous organisation. 50 00:03:03,080 --> 00:03:06,500 So directly is asking about the roles and responsibilities you can tell. 51 00:03:06,530 --> 00:03:06,950 What? 52 00:03:06,950 --> 00:03:13,140 What was the roles and responsibilities and what are the other parts you are doing apart from that? 53 00:03:13,150 --> 00:03:14,180 Roles and responsibilities. 54 00:03:14,180 --> 00:03:15,430 So you can mention those. 55 00:03:15,440 --> 00:03:18,890 It will give a good you can say impression on the interviewer. 56 00:03:19,640 --> 00:03:25,340 So have you underlined any sorry handle any big incident phishing email case in your career? 57 00:03:25,340 --> 00:03:31,880 So let's say if you have investigated on any malware, if you investigate it on any big phishing email. 58 00:03:31,880 --> 00:03:34,130 So you can mention those things here. 59 00:03:36,200 --> 00:03:36,710 Right. 60 00:03:36,980 --> 00:03:40,690 So let's say example candidate handle emotet malware campaigns, right? 61 00:03:40,700 --> 00:03:48,320 So you will explain each and everything that how I detected, how he investigated step by step and how 62 00:03:48,320 --> 00:03:50,030 and how he mitigated it. 63 00:03:50,030 --> 00:03:50,290 Right. 64 00:03:51,920 --> 00:03:52,640 Next question. 65 00:03:52,640 --> 00:03:55,250 We have explained this incident in the form of cyber kill chain. 66 00:03:55,330 --> 00:03:55,480 Okay. 67 00:03:55,520 --> 00:03:57,090 We already have discussed this one. 68 00:03:57,110 --> 00:03:57,740 Correct. 69 00:03:58,490 --> 00:04:02,030 And in the cyber kill chain video, we have already discussed it. 70 00:04:02,120 --> 00:04:05,360 What are the stages of incident management process? 71 00:04:05,360 --> 00:04:06,620 So that is very simple. 72 00:04:06,620 --> 00:04:09,800 You are doing this process in your daily routine. 73 00:04:09,980 --> 00:04:15,680 That is incident identification, logging and categorization, incident notification and escalation 74 00:04:15,830 --> 00:04:20,480 investigation, resolution, recovery, and then incident incident closer. 75 00:04:22,910 --> 00:04:25,940 Next question, how you handle any alert. 76 00:04:25,970 --> 00:04:31,580 So he's directly talking about that, the alert you are getting from SIM. 77 00:04:31,910 --> 00:04:33,500 So please explain the process. 78 00:04:33,500 --> 00:04:38,690 So you have to explain a whole process that how actually you handle and how actually you were working 79 00:04:38,690 --> 00:04:40,340 on those incidents. 80 00:04:41,090 --> 00:04:43,880 What is the event code for success and failure login. 81 00:04:43,880 --> 00:04:49,190 So it's 46244, log in and 4625 is successful. 82 00:04:49,190 --> 00:04:51,910 Log in 4462446254 fail along. 83 00:04:51,950 --> 00:04:55,760 So you can you can check all all those event codes. 84 00:04:56,120 --> 00:05:03,620 Maybe they will they will ask you different different codes regarding such as audit policy. 85 00:05:04,190 --> 00:05:08,900 These are the things they can ask with certification you have done. 86 00:05:08,900 --> 00:05:11,900 Let's say you if you have done the CE certification. 87 00:05:11,900 --> 00:05:12,440 Right. 88 00:05:12,440 --> 00:05:16,640 So you should know about the C is what exactly in that because they can ask any question. 89 00:05:16,640 --> 00:05:20,880 Let's say they can ask you directly about the Wireshark. 90 00:05:20,930 --> 00:05:25,220 They can ask about a map or different, different tools. 91 00:05:25,490 --> 00:05:27,020 Okay, so what is the map? 92 00:05:27,290 --> 00:05:34,610 So NPP stands for Network Maker Mapper, and we generally used it to scan a system and understand what 93 00:05:34,610 --> 00:05:39,580 weakness exist that a hacker could potentially exploit through the NSA engine. 94 00:05:39,590 --> 00:05:42,740 If you remember, we have used end map, right? 95 00:05:42,740 --> 00:05:48,320 So as the program is open source and free, it is one of the most more common tool use for scanning 96 00:05:48,320 --> 00:05:51,080 network for open ports and other weakness. 97 00:05:51,770 --> 00:05:54,680 95th Question What is the difference between IOC and I? 98 00:05:54,780 --> 00:05:55,940 We have discussed it. 99 00:05:55,940 --> 00:05:57,410 Let's again discuss it. 100 00:05:57,620 --> 00:06:06,440 So I see that is static, but I use that dynamic I which means indicator of attack so I, I can directly 101 00:06:06,440 --> 00:06:13,280 say is for ADR and I use urgently for the malware whatever we are getting on daily routines. 102 00:06:13,280 --> 00:06:13,730 Right. 103 00:06:14,480 --> 00:06:16,160 The known signatures you can say. 104 00:06:17,690 --> 00:06:19,190 What is the spear phishing? 105 00:06:19,190 --> 00:06:27,500 So targeting a single person, targeting a single person in any organization or any anything else and 106 00:06:28,190 --> 00:06:34,400 sending sending one of the phishing emails, doing the social engineering that is called spear phishing. 107 00:06:36,000 --> 00:06:38,640 How you will do the analysis of phishing emails. 108 00:06:38,640 --> 00:06:40,020 So take this course. 109 00:06:40,020 --> 00:06:41,730 This is a free course, right? 110 00:06:42,610 --> 00:06:45,700 And you can learn fishing email investigation from here. 111 00:06:46,270 --> 00:06:48,940 This is totally free as of this video. 112 00:06:49,210 --> 00:06:50,560 I'm making this video. 113 00:06:50,560 --> 00:06:53,530 So as of now, it's free header analysis. 114 00:06:53,530 --> 00:06:55,120 You can also learn from there. 115 00:06:55,450 --> 00:06:56,800 Can you name support number. 116 00:06:56,800 --> 00:07:04,700 So you should remember the important phone number such as 420 538944434 number 80. 117 00:07:04,800 --> 00:07:05,250 Right. 118 00:07:05,260 --> 00:07:06,640 So these are the basics. 119 00:07:06,640 --> 00:07:13,120 But whatever the very on a daily basis, whatever you are, what number you are working on, you should 120 00:07:13,120 --> 00:07:14,830 know those port numbers. 121 00:07:17,220 --> 00:07:18,270 What is the LP? 122 00:07:18,300 --> 00:07:19,770 We already have discussed it. 123 00:07:19,800 --> 00:07:20,400 Right. 124 00:07:20,760 --> 00:07:22,350 So I'm not discussing it. 125 00:07:22,710 --> 00:07:24,660 The mag, SPF and the game. 126 00:07:24,660 --> 00:07:27,600 Well, you can go through that free course. 127 00:07:27,600 --> 00:07:29,100 You will get it. 128 00:07:29,100 --> 00:07:33,990 But let me tell you some some some of the demo that what actually there are some small differences in 129 00:07:33,990 --> 00:07:34,620 these t. 130 00:07:34,620 --> 00:07:39,840 So Dmarc is domain based message authentication, reporting and confirmation is an email authentication 131 00:07:39,840 --> 00:07:43,860 policy and reporting protocol basically dmarc and dmarc. 132 00:07:43,860 --> 00:07:45,960 We have SPF and the DCMS. 133 00:07:45,960 --> 00:07:55,770 So SPF, you know, SPF shows that the IP address, whatever, the domain, the IP addresses. 134 00:07:57,350 --> 00:07:59,060 Related to that domain. 135 00:07:59,060 --> 00:08:01,820 So it authenticated those things. 136 00:08:01,820 --> 00:08:05,150 And Dkim having some domain keys identified, Mel. 137 00:08:05,180 --> 00:08:05,990 It means. 138 00:08:08,220 --> 00:08:15,070 It gives you can say it gives the integrity means that the content of the body is not changed. 139 00:08:15,090 --> 00:08:18,510 So this is done by giving the email a digital signature. 140 00:08:19,050 --> 00:08:20,820 So this is what DCMS do. 141 00:08:20,850 --> 00:08:22,920 SPF means sender policy framework. 142 00:08:23,010 --> 00:08:28,740 For more details, you can directly go jump to this free course and you can see there all those things. 143 00:08:29,280 --> 00:08:33,540 How you will decide that on which alert you have to work first if there is 100. 144 00:08:34,080 --> 00:08:41,370 Obviously, if if there is some some 100 alerts, there will be some some varieties like high critical, 145 00:08:41,370 --> 00:08:42,320 medium low. 146 00:08:42,330 --> 00:08:46,740 So obviously, I will choose a critical one, which is very critical for my network. 147 00:08:46,830 --> 00:08:49,890 So I will choose that one and I will work on it firstly. 148 00:08:52,190 --> 00:08:54,000 Why you want to leave your company. 149 00:08:54,020 --> 00:08:57,780 That's a very you very big question always. 150 00:08:57,800 --> 00:08:59,720 You will get this question always. 151 00:08:59,840 --> 00:09:05,750 So you can tell I mean, you can think your answer your answer could be different from mine. 152 00:09:05,960 --> 00:09:12,950 But what I what I just tell that I've learned a lot of things in my previous conversation. 153 00:09:12,950 --> 00:09:14,780 I explore as much as I can. 154 00:09:15,260 --> 00:09:20,270 So now I feel that I should move for a challenge and for a new responsibility so that I can grow more 155 00:09:20,750 --> 00:09:23,900 and you can add more things, right? 156 00:09:23,900 --> 00:09:29,060 So that so that it can give you a good impression to the interviewer. 157 00:09:29,450 --> 00:09:37,250 What motivated you to come in this organization so you can say you have learned more things about that 158 00:09:37,250 --> 00:09:43,220 organization and there is a learning, there is challenges and there is new responsibilities. 159 00:09:43,400 --> 00:09:45,890 And that matches your profile. 160 00:09:45,890 --> 00:09:50,570 So that's why these things motivated to come in that organization. 161 00:09:50,840 --> 00:09:52,460 You can tell these things. 162 00:09:53,240 --> 00:09:54,840 Do you have any questions to us? 163 00:09:54,870 --> 00:09:55,130 Okay. 164 00:09:55,160 --> 00:09:56,180 This is the last question. 165 00:09:56,180 --> 00:10:04,040 Well, you can ask if you have any any such good question, then you must go with that. 166 00:10:04,370 --> 00:10:09,540 But if you don't have, then I should suggest you don't ask any question if you don't have. 167 00:10:09,580 --> 00:10:10,120 Right. 168 00:10:10,910 --> 00:10:12,260 So that's it, guys. 169 00:10:13,490 --> 00:10:15,290 We have this roles and responsibilities. 170 00:10:15,290 --> 00:10:16,370 That was a very. 171 00:10:18,200 --> 00:10:25,640 You know that the interview always asks these type of questions related to roles and responsibilities. 172 00:10:25,790 --> 00:10:32,960 So these 105 questions is going to be a very is going to be very helpful for you. 173 00:10:33,920 --> 00:10:37,550 As for our sample, we have taken 50 interviews sample. 174 00:10:37,550 --> 00:10:41,840 And these were the repeated questions we were getting. 15786