Questions asked on job interview for application security/penetration testing job

[arian.evans at anachronic.com (Arian J. Evans)]

On Sat, Mar 21, 2009 at 2:43 PM, Matt Parsons <mparsons1980 at gmail.com> wrote:

> I was asked the following questions on a job phone interview and wondered
> what the proper answers were.?? I was told their answers after the
> interview. I was also told that the answers to these questions were one or
> two word words.? In the beginning of next week I will post what they told me
> were the proper answers.?? Any references would be greatly appreciated.

Looks simple enough. Were there tricks to it? Some companies play
games with these type of interviews. (Google)

I empathize with brevity. Usually when people ramble too long in
interviews they don't know what they are talking about (and are extra
nervous because of this).

So what are the word answers?


> 1.? What are the security functions of SSL?

Transport layer security. Asymmetric public key, symmetric private
key, blah blah


> 2.? What is a 0 by 90 bytes error.

Error? 0x90 is NOP. A bunch of them make a good sled.


> 3.? What is a digital signature, Not what it is?

Authentication


> 4.? What is the problem of having a predictable sequence of bits in TCP/IP?

Session Prediction (leads to etc. etc.)


> 5.? What is heap memory?

Pooled memory dynamically allocated, no fixed-life


> 6.? What is a system call?

Software call to underlying OS function ( FileOpen())


> 7.? what is two factor authentication?

Two of something you have, know, or are



-- 
Arian Evans

"Let me issue and control a nation's money, and I care not who writes its laws"

--Mayer Amchel Rothschild