Back to Question Bank
IntermediateTECHNICAL
Explain how you would perform a basic malware triage on a suspicious executable found on a user’s machine, using only the tools typically available to a mid-level analyst (e.g., sandboxing platform, EDR, hash lookups, static analysis utilities). What specific indicators would you extract and how would you use them?
Cybersecurity Analyst
General

Sample Answer

With a suspicious EXE, my first step is to preserve and hash it (MD5/SHA256) and immediately submit the hash to VirusTotal and our internal intel. In one incident, just that step showed 30+ detections and saved us hours. Next, I’d do quick static triage: file type validation, digital signature check, strings, imports, and any embedded URLs or IPs. I’ll pull mutex names, registry keys, and scheduled task names if visible. In parallel, I’ll use our sandbox to observe behavior: network calls, dropped files, process injection, and persistence changes. EDR helps correlate this with what actually happened on the host: execution chain, command-line args, and modifications in the last 24 hours. From all this, I extract IOCs (hashes, domains, IPs, registry paths, filenames, mutexes) and TTPs. Then I feed those into our SIEM and EDR to hunt for additional infections, and I share a short report with IR and IT so they can contain, remediate, and improve detections.

Keywords

Start with hashing and quick reputation checks to avoid redundant deep analysisUse static analysis to pull strings, imports, and potential C2 infrastructureLeverage sandbox and EDR to capture behavioral indicators and persistenceTranslate findings into IOCs and TTPs for hunting and improved detections
Related Questions

Based on your hydrology and irrigation engineering background, explain how you would estimate the irrigation water requirement for a kharif crop in a semi-arid region of Gujarat. Walk me through each step: from reference evapotranspiration estimation, crop coefficient selection, effective rainfall calculation, to arriving at canal discharge for a given command area.

IntermediateTECHNICAL

In your civil engineering studies, what specific design coursework or project work did you complete related to irrigation channels or canals (e.g., design of lined/unlined canals, distributaries, minors)? Describe one such design in detail, including how you determined discharge, permissible velocity, section dimensions, and lining choice for Gujarat-type soil and climate conditions.

IntermediateTECHNICAL

Walk me through a recent multi-channel digital marketing campaign you managed end-to-end. How did you set objectives, choose channels, allocate budget, and measure success?

IntermediateBEHAVIORAL

In your resume you note improving or optimizing [a process, KPI, or metric]. What specific baseline metrics did you start from, what steps did you personally take, and how did you verify that the improvement was due to your changes rather than external factors?

IntermediatePROBLEM_SOLVING

On your resume, you reference working under tight deadlines on [specific deliverable or release]. Describe the constraints you faced, how you prioritized tasks, and any trade‑offs you consciously made in scope, quality, or risk to hit the deadline.

IntermediateBEHAVIORAL
View more questions