Accenture · System Security

Accenture System Security interview questions

Practice System Security questions specifically asked in Accenture interviews – ideal for online test preparation, technical rounds and final HR discussions.

Company: AccentureSubject: System Security39 questions in this page

Quick overview

Questions

Tagged for this company + subject

Company

Accenture

View company-wise questions

Subject

System Security

Explore topic-wise practice

Accenture · System Security questions (39)

Go through each question and its explanation. Use this page for targeted revision just before your Accenture System Security round.

Back to Accenture page•View all System Security questions

1. List practical rules for issuing and validating CSRF tokens in SPAs and classic server-rendered apps.

Difficulty: MediumType: SubjectiveTopic: AppSec

Generate strong, unpredictable tokens. Tie them to the user session. Send them in HTML or JSON, not in a cookie for synchronized token patterns. Validate on every state-changing request. Do not put tokens in URLs or logs. Rotate on login and at session renewal. For SPAs, fetch the token via a safe endpoint and attach it as a header. Keep SameSite on cookies for extra defense, but never rely on it alone

Example code

fetch('/csrf').then(t => localStorage.setItem('csrf', t))
// later: xhr.setRequestHeader('X-CSRF-Token', localStorage.getItem('csrf'))

Continue your preparation

For complete preparation, combine this company + subject page with full company-wise practice and subject-wise practice. You can also explore other companies and topics from the links below.

Quick navigation:Accenture company page•System Security subject page•All companies•All subjects

Master Interviews Anywhere, Anytime

Accenture System Security interview questions

Quick overview

1. List practical rules for issuing and validating CSRF tokens in SPAs and classic server-rendered apps.

Continue your preparation

2. Which practice best reduces risk from typosquatting and dependency confusion?

3. For open-source intake, which gate is the most effective baseline?

4. What is the main purpose of the Volatility Framework?

5. What is the primary purpose of a firewall in network security?

6. How do you safely test new firewall rules for a production app?

7. Why is log aggregation and centralisation important in system security?

8. Why is patch management critical in securing systems and how should it be managed?

9. Why enable UEFI Secure Boot on endpoints and servers?

10. How do you tie hardening policies to day-to-day operations so they stay effective?

11. What distinguishes an Indicator of Compromise (IOC) from an Indicator of Attack (IOA)?

12. What does the 3-2-1 backup rule mean?

13. Which mistake leads to Mass Assignment or property-level auth bugs in APIs?

14. Outline a quick triage on a suspicious Linux host before full forensics.

15. During an ongoing incident, how do you structure communication so the response stays efficient and safe?

16. Which statement about Suricata is accurate?

17. How does OpenID Connect relate to OAuth 2.0?

18. Explain single sign-on benefits and risks for enterprise systems.

19. For a browser-based enterprise app needing federation with partners, which is most appropriate?

20. What does Nmap primarily help you do during a network assessment?

21. How do flow logs like NetFlow or VPC Flow Logs help in detection and response?

22. What is the recommended primary defense pattern against CSRF in stateful web sessions?

23. Explain how parameterized queries stop SQL injection and when to add ORM or stored procedure checks.

24. Which is a typical Indicator of Compromise (IOC)?

25. In digital forensics, what is the purpose of chain of custody?

26. How do you build a forensic timeline after an intrusion and what sources do you prefer?

27. Describe a safe containment and recovery plan for a malware outbreak in a mixed Windows and Linux environment.

28. Why do many teams require EC2 Instance Metadata Service v2 (IMDSv2)?

29. What do Kubernetes Network Policies primarily control?

30. Which practice is recommended for Google Cloud service accounts?

31. How would you structure cloud audit logging to speed investigations across many AWS accounts?

32. OWASP S C V S is primarily used to:

33. What is the core role of Burp Suite in web security testing?

34. Outline concrete steps to harden a C I platform against supply chain attacks.

35. How does OpenVAS relate to vulnerability assessment?

36. You need to investigate beaconing and possible data exfiltration. Compare using Zeek, Suricata/Snort, and Wireshark for this job.

37. What is the purpose of Linux auditd in hardening and operations?

38. Design a Windows logging strategy for detection and forensics.

39. What is the key advantage of a stateful firewall over a stateless one?

Master Interviews
Anywhere, Anytime