Skip to contentSkip to footer

Security Operations Manager Interview Questions

Salaries
Interviews

5,037 security operations manager interview questions shared by candidates

1. You are a L2 SOC Analyst, you receive an alert that a user logs in/successfully authenticated from Greece but normally log ins from Texas, how would you investigate this. a. I asked: what type of logs do I have access to? Office 365 b. Am I the first person to investigate or has it been elevated to me? First person c. After investigating the logs, has there been signs multiple login attempts? User1. User01, user_1? No, it was a legit login d. No, but what are those called, what type of attack? Brute force—credential surfing e. How did the user authenticate? RSA f. Is this the first time the user logged in from a different location? Yes g. VPN used? No h. The scenario ended with me with saying “I am stuck and unsure what to do next, I would gather my notes and send it to a teammate for guidance/assistance” 2. You are a L2 SOC Analyst, you received an email from a third party vendor. The vendor software was just installed and it is in detention mode. Why did the email land in your inbox? How would you investigate? a. First, I would look at the details of the email details message id, date time, from, to, spf, dkim, dmarc for further analysis. –All the email details are legit b. Next, I would investigate the IP address to see if it is legit. The IP is legit. c. Does the emails have any attachments? No d. Phone numbers or misspellings? No e. The scenario ended with me with saying “I am stuck and unsure what to do next, I would gather my notes and send it to a teammate for guidance/assistance”
avatar

Security Operations Analyst

Interviewed at NuHarbor Security

2.7
Jul 28, 2022

1. You are a L2 SOC Analyst, you receive an alert that a user logs in/successfully authenticated from Greece but normally log ins from Texas, how would you investigate this. a. I asked: what type of logs do I have access to? Office 365 b. Am I the first person to investigate or has it been elevated to me? First person c. After investigating the logs, has there been signs multiple login attempts? User1. User01, user_1? No, it was a legit login d. No, but what are those called, what type of attack? Brute force—credential surfing e. How did the user authenticate? RSA f. Is this the first time the user logged in from a different location? Yes g. VPN used? No h. The scenario ended with me with saying “I am stuck and unsure what to do next, I would gather my notes and send it to a teammate for guidance/assistance” 2. You are a L2 SOC Analyst, you received an email from a third party vendor. The vendor software was just installed and it is in detention mode. Why did the email land in your inbox? How would you investigate? a. First, I would look at the details of the email details message id, date time, from, to, spf, dkim, dmarc for further analysis. –All the email details are legit b. Next, I would investigate the IP address to see if it is legit. The IP is legit. c. Does the emails have any attachments? No d. Phone numbers or misspellings? No e. The scenario ended with me with saying “I am stuck and unsure what to do next, I would gather my notes and send it to a teammate for guidance/assistance”

Viewing 5001 - 5010 interview questions

See Interview Questions for Similar Jobs

Security Manager

Glassdoor has 5,037 interview questions and reports from Security operations manager interviews. Prepare for your interview. Get hired. Love your job.