Interview Tips


  • How can access be controlled on a logical level in an organization?
  • How can you prevent a CSRF attack as a cybersecurity analyst
  • What will you do as an auditor if you find that employees of an airlines are storing customer card details on word or notepad.
  • What is the right approach towards a Risk Assessment, tell me the chronology
  • Telnet should be disabled as it can be vulnerable, but if an organisation has to use it for business requirements then what can you do.
  • What protocols run at the Application Layer.
  • What are the steps in which you as a Digital Forensic expert you will practise at a crime scene where you have gone to investigate.
  • How do you identify the scope of an audit? What makes you conclude what can and what cannot be included in a ISO/PCI audit
  • What are the possible risks if you are going to audit a vendor who is about to set up a data centre. What are the things you will look out for.
  • If IRCTC is collecting your Card Data for making payments, should IRCTC be PCI DSS compliant.
  • What open source softwares can you use to recover deleted data?
  • As an auditor if a client is not using firewalls, so what other mechanisms should be there in place to safeguard them from cyber attacks
  • Is it mandatory for all organizations to be ISO certified?
  • How can you ensure that Segregation of Duties is being implemented in the organization.


  • What is your basic understanding of ‘cloud’?
  • Which jurisdiction would be applicable if you store data on Cloud?
  • Why is ISO 27001:2013 numbered like that?
  • What is a firewall?
  • How do you determine the scope of ISMS with respect to ISO 27001:2013?
  • How do you determine the scope of PIMS with respect to ISO 27701:2019?
  • What is Change Management process? Why is approval required in the change management process before applying the changes?
  • What is patch management? What are different ways through which patch management can be done in an organisation?
  • Why is segregation of duties important in ISMS or PIMS?


  • What is the difference between right to be forgotten and right to erasure?
  • Is US-EU Privacy shield still in place and valid?
  • Difference between personal and sensitive personal data?
  • What is the definition of critical personal data under Indian law?
  • Is right to privacy a vertical or horizontal right under the Indian
  • What is the complaint adjudication system under the present IT Act?
  • Does the data protection authority work I capacity of civil court?
  • Is surveillance guided by the Indian bill?
  • Do you think the Indian bill offers enough protection with respect to child data?
  • Is financial data sensitive data under GDPR?
  • What are consent managers?
  • Difference between anonymization and pseudonymization?
  • Is Facebook a processor or a controller?
  • Is imprisonment a punishment under the Indian bill?
  • Is governing non-personal data under the same bill a good idea?
  • How do other legislations govern non-personal data?