Security professional is someone who is handling computer security for a company or client has mastered a standardized body of knowledge. He is a liable person who holds the responsibility of keeping the security of the system software.

Here in this article I am to focus on the various questions and their probable answers. This will definitely provide you help in the interview of the Security Professional.

1. What do you mean by a Policy and Security?
Well, a Policy would be some form of documentation that is created to enforce specific rules or regulations and keep a structure on procedures. Security is simply a policy based around procedures revolving around security.

2. Define the meaning of Authentication.
Authentication is a process of proving the identity of a computer or computer user. For users, it generally involves a user name and password. Computers usually pass a code that identifies that they are part of a network.

3. Explain access control.
Access Control is any mechanism by which a system grants or revokes the right to access some data, or perform some action. Usually, a user must first Login to a system using some Authentication system. Next, the Access Control mechanism controls what operations the user may or may not make by comparing the User ID to an Access Control database.

Access Control systems include:
” File permissions, such as create, read, edit or delete on a file server.
” Program permissions such as the right to execute a program on an application server.
” Data rights, such as the right to retrieve or update information in a database.

4. Describe symmetric key encryption.
Symmetric key encryptions are a class of algorithms for cryptography that use trivially related often identical, cryptographic keys for both decryption and encryption. The encryption key is trivially related to the decryption key, in that they may be identical or there is a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link.

5. Explain digital certificates.
This is an electronic credit card intended for on-line business transactions and authentications on the Internet. This is issued by certification authorities. This typically contains identification information about the holder, including the person’s public key used for encrypting and decrypting messages, along with the authority’s digital signature, so that the recipient can verify with the authority that the certificate is authentic. Web sites may also have digital certificates, to enable a person intending to buy its products to confirm that it is an authenticated e-commerce site.

Now go and crack the interview ahead.