The Memoirs of School recruit---millet articles

Source: Internet
Author: User
Tags php source code

2015 session [2014] Xiaomi (Safety engineer) Application experienceThis article by csdn-蚍蜉 Shake Pine "Homepage: HTTP://BLOG.CSDN.NET/HOWEVERPF" original, reprint please indicate the source!

First, the Web application

School Recruit website : Http://hr.xiaomi.com/campus/index

Xiaomi's Web application system allows only one post to be delivered. Among them, the security engineer's post requirements are as follows:


Figure 1 job requirements for security engineers


Ii. written examination (Operation and Maintenance category)

Xiaomi Research and development (seemingly software only) of the written examination of A, b two sets of questions, of which a volume for non-operation and maintenance of the position of children's shoes to use, b volume for the application of operation and maintenance category posts "job list entries in the operation and maintenance department labeled" Children's shoes use. And the security engineer I applied for is the operations department, using the B volume. A volume I probably glanced at, all the programming of the big problem, and B volume is mainly questions and answers.

The scope of volume B mainly involves: Linux application Foundation, computer network, network security (mainly Web infiltration), programming development, database principle and application. The following examples illustrate some of the topics I have written down:

1. Design a shell script xm.sh, create 50 directories under/tmp/test, that is, User1 to User50, and set each directory permission, where the other user rights are read, the file owner permission is read and write, and the permissions of the file owner group are "Reading execution". After executing uptime in the 2.Linux system, the following output will be available: 10:54:44 up 158 days, 20:11, 3 users, load average:0.62, 0.41, 0.31 where does the three values for load average mean? What are the common causes of high load values? 3. The program running on the line/usr/sbin/nginx, it is possible that a special request or bug caused the service to exit abnormally, but can be resumed by re-opening the service. Design a way to monitor program exceptions and automatically turn on when an exception exits. 4.Linux system power down can cause data loss, what is the reason? What are some aspects that can reduce or avoid this problem? 5. There is no user feedback to access the http://www.xiaomi.com, please briefly describe the troubleshooting process and possible reasons. What is the purpose of the 6.ARP protocol? Brief description of its working procedure 7. Describe the Web site load Balancing method you know. What are the commonly used file system formats under 8.Linux? What its characteristics are. 9. What are the security risks if you have the following statements in the PHP source code? and write out its use principle <?$_post[' a '] ($_post[' B '); >10. What are the penetration testing tools you know or use? The principle of the work, and the comparison of the advantages and disadvantages of each. 11. Briefly describe the relationship between threads and processes, and compare the pros and cons of HTTP server multithreading and multi-process implementations 12. Please briefly describe the difference between a linked list and an array: Write a program, merge two ascending arrays, implement in your familiar language, if it is C, the method signature is as follows: int[] Merge_array (int[] A, int[]b) 13. Front-end Web Development a) CSS: List The values of the display and explain their role? b) JavaScript: Please list the basic data types in JS. c) JavaScript: Use JS to hide a DOM element, such as ele as the manipulated DOM element. 14. Database theory a) Talk about your understanding of the index (including structure, impact on DML, impact on query). is the index of a table more or less the better? b) What is a transaction? What are the characteristics? c) What is the bath-cod paradigm (BCNF)? The 15.SQL syntax has the following three tables: Students (school number, name, gender, age, Department number) course (class number, class name, school hours) Elective course (student number, class number, score) a) queryThe name of the student with a failing subject (60 pass) b) query the maximum score of each section, show the class number and the maximum score C) to inquire about less than 30 of the course name 

Three, interview 3.1 side (security engineer)

One side of the telephone interview form, mainly for the content of the resume questions, time-consuming 1h20min around. According to the problem inference, should be to do a more comprehensive preliminary understanding of me. Here are a few of the interview questions I remember:

1. Do a self-introduction 2. Why did you choose information security for this major? What do you think the graduate stage has gained? Do you think the study is worth 3. Talk about the process of BASE64 encoding 4. Familiar with Linux system, Linux command how much? Would you use awk, say I want to read the second line of information for a file, what should I do? 5. Some notes on several project experiences a) what does the project do? Application environment? b) System processing capacity and performance bottleneck C) solve the problem yourself, improve the place


3.2 Two side (safety engineer)

Two side also use the form of telephone interview, ask questions biased to some development details, time consuming about 45min. Based on the problem inference, the goal is to have an accurate understanding of my development capabilities. Here are a few of the interview questions I remember:

1. Some details of several project experiences a) What language is used in the backstage section? PHP or JSP? b) What communication mechanism is used between the backstage and the foreground of the project? Please describe the details C) how the database is designed in the project, please describe the data table structure 2. A common function is designed in C, whose input is n strings, and the function is to find the longest common prefix of these strings and output the prefix as a function. Please tell me how the function prototype is written, how the function is implemented, and how complex is your implementation time? 3. What is your expected salary? 4. Do you have anything to ask?

3.3 My questions and the interviewer's answer

I asked two questions about their team and the situation of renting.

1. If I have the privilege of joining your team, what kind of work do you need? A: Our team is not big, mainly do two aspects of work, one is web security, and the second is the system intrusion detection and traffic monitoring. There are also cloud security, private DNS services, and so on. Traffic monitoring, the main thing is to detect the presence of SQL injection from traffic. Traffic is large, 1000~2000 a G (not know whether to hear the wrong), so it will require the optimization of packet capture technology and improve the efficiency of packet reorganization. We want you to be familiar with Shell scripting. 2. If I am hired, I will go to Beijing to work, do not know how to rent, the party is not convenient? A: Generally we rent the neighborhood of the company, the monthly rent is probably 1000~2000,2000 already can live very comfortable.

Iv. Summary

On the net, Xiaomi's school recruit homepage anchored in the millet official online, feel is relatively humble, use up feeling very inconvenient;

As for the written examination, Millet's operation and maintenance of the post-written examination of a wide range, but also more attention to detail, the depth of the general, but also good to do;

As for the interview, Xiaomi's security engineer position is biased towards the type of safe development, so the interview is not a lot of security technology, the development of things instead of asking more (of course, this may only be for me, because I am also in the direction of security development);

As far as the question is concerned, Xiaomi's security team feels relatively new and there should be more room for growth.



The Memoirs of School recruit---millet articles

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.