SOC Analyst Interview Questions
See the questions that decide who gets hired for this role.
You're reviewing firewall logs and see outbound traffic from a workstation to port 443 on an external IP. Your junior colleague says "That's just HTTPS, it's fine." But you notice the destination IP has no reverse DNS and the traffic volume is unusually high. What's your thinking process?
Your SIEM alerts on unusual Kerberos activity: a single workstation has requested TGS tickets for 47 different service accounts in the past 10 minutes. The user logged into that workstation is a marketing coordinator. What might be happening, and how would you investigate?
You've contained a malware infection. The user had local admin rights and the malware was active for 2 hours. What is your eradication strategy?
Practice for the SOC Analyst interview
Free account for silent mode. Upgrade for scored voice practice with real feedback.