10 000 IT Assets Enterprise Environment Cyber Security Engineer Interview

Below are three sample exercises that we would like you to complete. Please use complete sentences and try to include details (feel free to make up assumptions about the system or other characteristics/situations if that helps you write more), but only spend 5-10 minutes on each scenario. If you have any questions, please let us know.

Please provide the following detail for each:

Vulnerabilities – What is wrong with the finding? Why might this be a bad thing? Be sure to include any other components/procedures this vulnerability could effect.

Risk Assessment – Based on the environment at hand, how bad (or not so bad) is this? Please rate the risk as VERY LOW, LOW, MODERATE, HIGH, or VERY HIGH and explain how you came to that decision.

Recommendations – How would you recommend fixing this?

Scenario 1: In an enterprise environment with 10,000 IT assets and Internet connectivity, there is no log aggregation/reporting/visualization system in place. Logging is correctly configured on all individual workstations and servers, but are not forwarded anywhere due to the lack of centralized logging infrastructure.

Scenario 2: In a closed, restricted network with no external connectivity, the sole IT asset is a Windows 10 workstation. This workstation does not use multifactor authentication, but password complexity requirements are enforced as follows: password length – 8 characters and at least one special, uppercase, lowercase, and numeric character. Physical access to the workstation is strictly controlled and behind multiple layers of security. Multifactor authentication is a DoD-mandated requirement.

Scenario 3: A moderately-sized network of 40 users does not have a documented and approved procedure in place for creating/deleting/modifying user accounts and adding/removing/modifying account privileges. This network has Internet connectivity and most users have administrative rights on their local workstations. Based on the on-site review, it seems as though accounts are well-managed through Active Directory and no unauthorized permissions/accounts were found, but there was no documented procedure to ensure they were following relevant guidance.