start with your introduction followed by basic questions the real scenario-based questions -port number SMB, LDAP, and other -how you will investigate ransomware -how to create a rule for ransomware- -different types of feeds you have -Mitre attack -difference b/w AV and EDR -what is EDR -what is a false positive and how will you tune FP -most of the quests were scenario-based questions like 80% -based on the given IP how will you find associate services by SPL -Component of Splunk -threat hunting -different types of commands in Splunk -what are data models and how to use it -how to analyze phishing attack and some other term asked regarding mail analysis like dmarc,spf and dkim -have you used Mitre att&k framework in day-to-day activity -ransomware attack falls in which framework mitre or cyber kill chain and which framework you will use. -What is a Cyber kill chain? -In case of management informed us we have been attacked by ransomware how you will cross-check the situation? -what is your day-to-day responsibility? -what is vulnerability and give an example -how you will check whether the mail is phishing or not -different attack vectors -rainbow table and brute force attack -ioa and ioc -about shodan -firewall works on which layer