🎯 Interview Questions and Answers
1. What is risk in cybersecurity?
Risk is the possibility that a threat exploits a vulnerability and causes harm to an asset.
2. What are the main components of risk?
Asset, threat, vulnerability, and impact.
3. What is a vulnerability?
A weakness in a system that can be exploited.
4. What is a threat?
Anything that can cause harm to a system or data.
5. What is an asset?
Anything valuable that needs protection.
6. What is inherent risk?
Risk before applying any security controls.
7. What is residual risk?
Risk that remains after applying controls.
8. Can risk be eliminated completely?
No, risk can only be reduced or managed.
9. What is risk management?
The process of identifying, analyzing, and reducing risk.
10. What is qualitative risk assessment?
Risk measured using categories like High, Medium, Low.
11. What is quantitative risk assessment?
Risk measured using numbers and financial values.
12. What is SLE?
Single Loss Expectancy, loss from one incident.
13. What is ARO?
Annual Rate of Occurrence, how often an event happens yearly.
14. What is ALE?
Annual Loss Expectancy, expected yearly loss.
15. What is risk mitigation?
Reducing risk using controls.
16. What is risk avoidance?
Stopping the activity causing risk.
17. What is risk transfer?
Shifting risk to another party, like insurance.
18. What is risk acceptance?
Accepting risk when it is low or unavoidable.
19. Why is risk important in cybersecurity?
Because it helps prioritize what to protect based on impact.
20. How do you explain risk in an interview?
Use a real-world example with asset, threat, vulnerability, and impact.