If you're looking for CA SiteMinder Interview Questions & Answers for Experienced or Freshers, you are at right place. There are lot of opportunities from many reputed companies in the world. According to research CA SiteMinder has a market share of about 2.5%. So, You still have opportunity to move ahead in your career in CA SiteMinder Development. Mindmajix offers Advanced CA SiteMinder Interview Questions 2018 that helps you in cracking your interview & acquire dream career as CA SiteMinder Developer.
Q. What are the basic steps that you will take to stop unauthorized access?
Well, there are certain things that can be done for this. The very first thing is to secure the important files with passwords. The data backup must also be protected through the same approach. It is necessary to enable firewall as it is very helpful in this matter. All the account on a company server that are no longer in use should immediately be suspended. It is also necessary to restrict the access of data to only those who work in a similar department or those who are authorized representative in an organization.
Q. Can you name some parameters that define SSL session connection?
1. Client write Mac Secret
2. Server write Mac secret
3. Sequence numbers
4. Client write keys
5. Server and client Random
6. Initialization vectors.
Q. What do you mean by the term protocols? Is it possible to change them once defined?
Protocols are generally a set of rules that are applicable to a process. When it comes to security and authenticity, it is necessary for users to obey all of them and make sure that the tasks or activities they are engaged in don’t violating them. With protocols, it is almost impossible to ensure network as well as identity management. Yes, it is possible to change the protocols anytime in case the need of same is felt.
Q. Name a few basic methods for effective identity and authenticity management?
Using a user name and a password approach is one of the common and in fact, the best way to manage them. In addition to this, securing user’s personal information is also helpful in this manner. Finger touch sensors are other methods that are quite common in the present scenario.
Q. How you will define an identity? Why it is necessary in an organization?
It is basically a set of information and data that is used to identify a user or a group. With having identity, it is not possible to ensure a secure environment in an organization. In addition to this, there are certain conflicts that can be created and machines often fail to perform their tasks.
Q. What exactly do you know about the Access management and identity management?
Access management assures web access management such as authorizing users to accomplish a task, authentication, avoiding fraud and handling other similar tasks. On the other side identity management help clients to simply manage identity lifecycle of those who work in an organization.
Q. Name some domains that fall under the Identity Management?
There are several domains and a few of them are:
1. Directory management
2. Access Management
3. Identity Management directory
Q. What benefits Access management and Identity management can derive?
Well, there are certain benefits that can simply help organization to keep up the pace. The first, and in fact, the biggest benefit is cost saving. An organization can save a huge sum of money simply by considering this approach. Next big thing that can be assured is operational efficiency. In addition to this, business growth for e-commerce is another leading benefit due to which this technology is widely preferred in the current scenario.
Q. What are the tasks in which identity management and authenticity management matters the most?
There are certain tasks in an organization that are not unveiled to all the employees. They need to be kept secret. However, sometimes employees need to be engaged in them. When they are allowed broader access to the information, it’s necessary to manage the same. There are certain chances while dealing on a special project that information may leak and businesses have to bear huge loss.
Q. What do you mean by the term authentication? Why it is necessary
It is basically a process that seems simple but in actual it is very complex. Any users have to prove his/her identity and have to provide a lot of credentials before access is allowed to the information or data. All such credentials are considered as authentic. It is necessary to make sure that no unauthorized person will gain access to confidential information or any data that can put a business on risk.
Q. What exactly do you know about authorization? Is it different from Authentication?
It decides whether a user is allowed to explore some data or information is not. It is possible for them to make requests to the network administrators or departments’ heads to gain access. It is basically performed through user’s access point as well as its URL. There are certain policies that restrict the access of data. Both authorization and authentication are different approaches. The common thing in both of them is they contribute together to enhance the security of the information in a business.
Q. What do you know about the URL manipulation?
It is an attack basically that hackers consider for manipulating the URL of a website. This is done to get access to the critical information. However, it is possible to stop them from performing this task.
Q. How you will authenticate a person or a user?
The first and in fact, the most common approach is passwords that they have. These are basically the secret piece of information that no one else except the authorization users have. Next approach is biometrics which is becoming more and more common in the present scenario. In addition to this, access cards can be offered to the users for allowing them to enter the restricted areas such as server rooms.
Q. What is remote administration? Can it cause risk to the business data and information
Remote access is a common approach. It is basically a method which enable a user to control a PC without his/her physical presence at the site. The device can be controlled through a remote connection which is based on internet. Remote access is generally given to the internal resources. In case an unauthorized person outside the organization is given such an access, there are certain chances of data and information leakage.
Q. If web server is made to run on default settings, can it cause a security issue?
Yes, there are certain chances for that. Actually web servers on default settings are vulnerable to hackers and attackers. It can even fail secure access management and can create issues such as data loss and leakage in no time. The server settings must be customized based on software and application that are used in an organization for the purpose of protecting the data.
Q. If you want to enter authentication information on a login page which appeared in a pop up window, would you proceed or will not enter the information? Why or why not?
No, I will not enter the authentication information. This is because it can be a virus, a page web page or which is against the security policies. Anyone must avoiding entering confidential or useful information on such pop-up pages.
Q. Name the two methods by which Penetrating tests can be considering?
Black Box Testing and White Box Testing are the two methods. It can also be done through another approach which is known as Grey Box.
Q. Name some attributes of security testing?
Q. If the web servers are down, Will you prefer to share the communication or personal information through your personal e-mail account?
Well, if the information is too sensitive, I wouldn’t go for it. However, if the same need to be conveyed on urgent basis, I will seek the information of top management or security analyst and will proceed after getting the permissions only.
Q. What do you know about phishing on a network? How it can be harmful for an organization
It is basically an approach that hackers and other people use to get information about an organization. Basically, they create fake web pages which appear similar to that of the actual ones. They try to put them on the users screen and wait for them to enter their username and passwords. To avoid this issue, one must make sure that the web address of the URL is same as that of the organization name. Phishing can lead to hacking accounts and unauthorized access to the information that no organization want to share with anyone who is not an employee of them.
Q. What there is always a restriction on one department to access the data of other department in an organization?
Well, obviously, for the security reasons. Let a user name Mr. X is working is purchase department and a user Mr. Y is working in Information Technology department. Both of them don’t need data of each other department. If they show any such intention, may be it’s because they want to share it with anyone. Thus to avoid such a risk, organizations impose such restrictions. It helps them enhance their security up to a great extent.
Q. Name any two strategies that are useful in making web access management more secure?
Installation of anti-spyware software and having latest security updates can help a lot in this matter.
Q. What according to you are the major challenges in the current scenario for web access management systems?
1. Key issues in understanding the HTTP
2. Frequent change in SSL approaches
3. Centralized Remote access to machines
4. System alerting approaches and mechanisms
5. Updating policies
Q. What is Security testing?
It is basically an approach to check if there is any glitch in the security mechanisms of any data. It plays a vital role in securing an application simply. Security analysts can keep themselves up to date with all the major challenges that can affect their work and can detect and remove bugs immediately..
Q. What exactly do you understand by Intrusion detection?
It is basically an approach that is useful in detecting the possible attacks by hackers and intruders and dealing with the same. It includes collecting the information and finding the possible ways to stop the hackers attacks. Sometime auditing the system data can also be a part of this approach.
Q. What do you know about Penetration testing?
It is basically a method to detect several vulnerabilities in a system. It can be done manually or through automated approaches and it aims to evaluate the system security. Just like other approaches, the prime objective of this is to ensure the system stay protected against the attacks. In this approach, if vulnerability is found, the same is used to find others after understanding its behavior and cause.
Q. How you will protect a password file?
Password file access control and second is Hashed passwords. This is because they are not simple to crack and they cannot be judged simply.
Q. Do you think ISO 17799 have any benefit?
Yes, there are certain benefits. It unveils the best practices that can be taken for information security management. All organizations irrespective of their size can go for this approach as there are a lot of useful guidelines that can simply be followed. Also, it provides useful information on securing web access management with some simple policies that can be trusted in the long run.
Q. What do you think can cause vulnerabilities in web access management security?
There are certain factors that can be the reason for this and a few of them are:
1. Password sharing with those who are not authorized to access information
2. Designs errors
3. Human errors
4. Complex software and applications
Q. What do you mean by Host Intrusion Detection System? Name the three classes of intruders?
It is basically a snapshot based mechanism. It takes snapshots of systems and compares them with the previous snapshots. The aim is to detect whether the files have changed or if they are missing. If a problem is there, it immediately sends an alert to the administrator. The three classes of intruders are Clandestine users, Misfeasor and Masquerader
Free Demo for Corporate & Online Trainings.