foreword
It’s the time for the annual school recruitment again. When I think back to the school recruitment in 2018, I can only say bitter tears.
As an undergraduate student of an unknown school, the major of the university is network engineering. Although the school is not too bad, it is still very competitive in front of various 211 and 985 universities. Hind legs a little.
I have been very interested in computers since I was a child (mainly I like playing games). Because I failed a lot in the college entrance examination, before I entered university, I set myself the goal of entering a big factory and decided to work hard and not lose to others. Students from prestigious schools, I want to prove that I am no worse than them.
But looking back now, I was really young and frivolous at the time, and I didn't expect that it would take such a long time to learn computers from zero foundation.
Fortunately, although I took some detours in pursuit of my goal, it went smoothly overall.
Let me share my four years of university study and job hunting experience, methods, and skills. At the end, I will summarize it meticulously.
Daiichi
In fact, my freshman year was more water skiing, and there were too many new things, which made me gradually forget the goal before entering school and the importance of learning, but this should also be a true portrayal of most students. When I first entered school, I joined a lot of clubs. I just played happily with my brothers and sisters every day, and didn't care about my grades at all. But fortunately, I joined a studio that develops websites for schools. The boss assigned me some tasks to learn penetration, so I also learned a little knowledge outside of textbooks last semester, but my grades in professional courses were really mediocre.
Make some plans for yourself and follow the outline to learn
Click to get the high-definition expandable mind map
After returning home during the winter vacation and communicating with friends from prestigious schools, I realized that I had forgotten my previous goals, so I decided to change my mind and work hard. In the communication with my friends, I realized that if you want to learn network security well, it is not enough to just pass the school courses.
So, I bought a few books. In the first winter vacation at the university, I finished learning 150 common Linux commands for network security, common attack methods for websites, web penetration techniques, etc., and more of them were e-books I found online. up.
Self-study was really difficult at the beginning, so I got up at 8 o'clock every morning to study throughout the winter vacation, and continued until night. During that time, I almost stayed behind closed doors, so I felt that the time passed quickly. I don't have any deep memories of this winter vacation, and sometimes I feel depressed until midnight because of a difficulty.
When I first started learning network security, I read the examples in the book once and forgot, and I didn't learn anything after reading it for a long time. So, I followed the book and typed some codes, understood and thoroughly understood every example, carefully completed the after-school exercises, and made some modifications to the examples in the exercises based on my own ideas, trying to make a small webpage by myself, and then attack myself website. The process of learning by myself and achieving results is very cool, without the constraints of textbooks and homework, I gradually became interested in network security, and also planted the seeds for continuous efforts in independent learning in the future.
In the first semester of my freshman year, I first corrected my attitude and began to study the school's professional courses seriously, hoping to get a good grade. In addition to the basic courses taught at the school, I learned more about network security in the website development studio, took the initiative to undertake the task of serving the campus website, and used the technology I learned to record my learning process on the blog.
With the gradual deepening of network security learning, I realized that the computer industry really can't finish learning in this life, and then I started to study harder.
During the period, I just watched videos non-stop. I watched a collection of network security videos at station b, and I also found a lot of videos to watch. Learned a lot of practical skills
At the same time, in this semester, I seized two opportunities. First, I applied for the national college student innovation and entrepreneurship project as the team leader. It is not easy to apply for this project. I was rejected by the teacher several times. I just raised an idea, designed a plan, and finally succeeded in seizing the opportunity. When I was working on the project, it was the busiest time of the course. During that time, just doing the course gave me a headache, but it’s okay Responsibility drives me forward, and by 2-3 o'clock every night, I can also get the project done.
The second opportunity is that I joined the graduate student team of my supervisor to do projects together. The opportunity was won by myself. , although I don't expect to catch up with the brothers, I also don't hold back everyone and make more contributions to the project.
Just by doing projects, I earned tens of thousands of dollars and became financially independent. At the same time, I also accumulated some experience and achieved good results in professional courses.
At that time, it was enough for me to work hard at this pace.
sophomore
In my sophomore year, in addition to serving as the class monitor, I also served as the head of the student union and the club. Therefore, in addition to the study of professional courses, there are many other things to deal with. However, no matter how late other things have to be dealt with, I always insist on setting aside a few hours a day for self-study technology, even if I stay up until three or four in the morning, and then wake up at 8 o'clock the next day for class. When I feel sleepy in class, I will do some relatively mindless work, such as recording some experimental class reports. Then when I go back to the dormitory, lie on the bed, put the computer on the quilt, I will cheer up and start to study independently.
In the first semester of my sophomore year, I spent almost every day in the teaching building, college building or library. In order to consolidate their knowledge base.
In the winter vacation of my sophomore year, I participated in a CTF competition. Fortunately, I found a very good senior who also played CTF. We got the certificate together. During this process, I learned a lot of team skills and learned a lot from my seniors. The senior recruited by the school got an offer from Ali, which also brought me a lot of encouragement.
This winter vacation, in addition to learning knowledge, I read some books on computer networks to supplement my theoretical knowledge. I basically study all day long. I only go out to play board games with my friends at night. I will think about the problems I encountered during the day, and feel pain and happiness.
Until three months before the start of the autumn recruitment, I started to write questions, and there were at least a few hundred questions. Let’s summarize them
The content is a bit too much to write down, I have organized it below, and the friends who need it can get it at the end of the article
Then there was the interview, Qiuzhao locked Tencent
[one side] 60min
1. Briefly describe the process from inputting URL to browser display
2. Why does TCP shake hands three times and wave four times
3. How does TCP guarantee the validity of data packets?
4. The difference between HTTPS and HTTP
5. Symmetric encryption and asymmetric encryption
6. What is the same-origin policy?
7. Linux system commands
Just asked some basic questions
【Two sides】 60min
1. Self-introduction 2. Project introduction: history, time, language 3. Questions first 4. Are you interested in the security and identity authentication capabilities of PKI on the cloud?
5. Tell us about what the ByteDance training camp has done?
6. What are the principles and defense schemes of Sql injection?
7. What is the principle of WAF to prevent SQL injection?
8. In this training camp, how is the division of labor and cooperation? what is your role What is your contribution? Is there any possibility of improving efficiency?
9. Is vulnerability mining a pure tool or some manual work?
10. What functions does the backend API of the WAF management platform have?
11. Is there a large amount of data added, deleted, modified, and checked by WAF?
12. What problem does Redis solve?
13. How to ensure the consistency between redis and db for hot data?
14. How does user login authentication work?
15. How to protect the security of Token?
16. How should the content of Token be designed?
17. How to ensure that the data is not tampered with?
18. What is the idea of SDN vulnerability mining?
19. Has the vulnerability mining found any RCE vulnerabilities?
20. Is there any research on stack overflow and heap overflow?
21. Tell me about the process of the https protocol?
22. How many random numbers are there?
23. What if there was one?
24. Are you familiar with C++ or C?
25. The principle of hash table and conflict resolution? (repeated with one side)
26. Why is Mysql query fast?
27. Four characteristics of transactions, mysql isolation level?
28. Explain optimistic locking and pessimistic locking?
29. Has multi-concurrent programming been involved?
30. Have read-write locks and mutex/exclusive locks been used? What's the difference? Why use it?
31. There is a software copyright, what software do you make?
【Three sides】 60min
1. Small talk
2. Chat project
3. Difficulties and challenges of the project
4. For the SDN vulnerability mining project, can you list a more technical vulnerability? Vulnerability principle and mining process?
5. What is the difference between Python2 and Python3?
6. What do Xrange and range return?
7. What is the function of database index? Changes in mysql index?
8. The database has a weak password, how to elevate the privilege after logging in?
9. When you write your own project, how do you defend against SQL injection?
10. How to conduct CSRF defense?
11. What does Token encrypt?
12. Check what?
13. Why does Token need to be encrypted? Is it okay to use plaintext random numbers?
14. How to prevent replay attacks?
Tencent has no face, and later went to a small company, and the treatment was not bad, so it stabilized
personal feelings
I feel that in the technical stage, it doesn’t really depend on whether you know it well. What’s better is that you have a very detailed understanding of one or two issues, or you have project experience, and you can chat with the interviewer for a long time. You can bring the interviewer to your own point. For example, when the interviewer asks about the URL access process, I will explain it in detail, and leave HTTPS and HTTP at the end, and extend HTTPS to some passwords in reverse engineering. Learning questions or extending to man-in-the-middle attacks often make interviewers shine.
In addition, I feel that it is still prudent to ask the interviewer’s evaluation of yourself or which position you are not doing well. If you perform perfectly, you can ask, otherwise the interviewer will not be able to praise you all the time, and generally will only simply praise you. Take a moment, and then rack your brains to think about which positions you did not do well, which virtually reminded him of your shortcomings.
This full version of the interview questions has been uploaded. If you need it, you can scan the QR code of the CSDN official certification below on WeChat or click the link to get it for free [guaranteed 100% free]
https://mp.weixin.qq.com/s/rB52cfWsdBq57z1eaftQaQ