Technical questions
Explain SQL injection and mitigation. Difference XSS vs CSRF. What is IDOR? How does HTTPS work? What tools for recon? Describe TCP three-way handshake.
Scenario questions
User reports phishing email — what steps? Logs show port scan — response? Developer pushed secrets to GitHub — remediation?
Behavioral
How do you stay updated? Describe a challenging lab. Why cybersecurity over development?
Prepare with labs
After each Cyfotok lab, practice explaining the bug in 60 seconds aloud. Interviewers detect rote answers instantly.