What is the difference between a SQL Injection (SQLi) attack and a Phishing attack? How would you detect each one in a company’s computer system?

The main difference between these two attacks is that a SQL Injection targets a technical system vulnerability while Phishing targets human psychology. A SQL Injection occurs when an attacker inputs malicious database code into a website form to bypass security and access or delete backend data. In contrast, Phishing is a social engineering attack where hackers send deceptive emails or messages pretending to be a trusted entity to trick employees into revealing sensitive credentials or downloading malware.

To detect a SQL Injection within a company network, security teams monitor Web Application Firewall logs for suspicious characters like single quotes or database commands inside web forms, and they track database activity for unusual spikes in query volumes. To detect Phishing attacks, companies use Email Security Gateways to automatically block emails failing security authentication checks, employ Endpoint Detection and Response tools to spot malicious system behavior right after a link is clicked, and rely on employees utilizing a standard phishing report button to flag suspicious messages.

A client tells you that they have had a security breach and that personal data from their users has been exposed. What steps would you follow according to GDPR rules? What is the legal time limit to report it?

When a data breach occurs, you must execute a swift and structured incident response plan to comply with GDPR regulations. The first step is immediate containment, which involves isolating compromised systems or changing credentials to stop the data leak right away. Next, you must perform a thorough risk assessment to determine exactly what personal data was exposed and whether the breach poses a threat to the rights and freedoms of the affected users. If a risk exists, you are legally required to notify the competent Data Protection Authority, and if that risk is high, you must also notify the affected individuals directly so they can take protective actions like changing passwords

Finally, you must write a comprehensive internal report documenting all the facts, effects, and remedial actions taken, which is mandatory even for minor breaches. Under Article 33 of the GDPR, the strict legal time limit to report this breach to the supervisory authority is within seventy-two hours of becoming aware of the incident, and any delay beyond this window requires a valid written justification.

What basic steps would you take to make a Windows 11 computer more secure in a company? Please give at least 5 specific actions you would take.

To properly secure a Windows 11 computer in a corporate environment, you must implement a defense-in-depth approach starting with user account security. First, you change all employee accounts from local administrators to standard user accounts to enforce the principle of least privilege, while also requiring multi-factor authentication for every login.

Second, you turn on BitLocker full disk encryption integrated with the machine’s internal hardware TPM chip to ensure that data remains unreadable if the physical device is ever lost or stolen.

Third, you configure advanced Microsoft Defender settings to activate features like Core Isolation memory integrity and Credential Guard, which use virtualization to block hackers from stealing passwords directly from the system memory.

Fourth, you establish an automated patch management system using a tool like Microsoft Intune to force the timely installation of operating system updates, firmware patches, and third-party software updates.

Fifth, you minimize the machine’s attack surface by using group policies to disable outdated and insecure network protocols like SMBv1 while configuring the Windows Firewall to block all unnecessary inbound network ports.

You have admin access to a client’s system. During a security check, you find sensitive information that is not part of your task. What do you do?

If you discover highly sensitive data that falls outside the boundaries of your current assignment, you must maintain absolute professional confidentiality and follow a strict ethical protocol. You must immediately stop looking at, browsing, or saving that specific data because accessing information without a business necessity violates the core security principle of need-to-know

Next, you securely report this exposure directly to your project manager or the client’s designated point of contact, framing it strictly as an unauthorized access risk that requires remediation.