0% found this document useful (0 votes)

14 views

Penetration Testing Interview Questions

The document outlines a comprehensive set of interview questions related to penetration testing, covering various topics such as the penetration testing lifecycle, types of assessments, common vulnerabilities, and techniques used in attacks. It includes specific questions about infrastructure, operating systems, web application vulnerabilities, and tools used in penetration testing. Additionally, scenario-based questions are provided to assess practical knowledge and problem-solving skills in real-world situations.

Uploaded by

Mohan Bharambe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

14 views

Penetration Testing Interview Questions

Uploaded by

Mohan Bharambe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 3

Penetration Testing Interview Questions

General

• What are the phases in the penetration testing lifecycle? (recon,scan,..)

• What types of penetration testing assessments are there? (Internal/External Infrastructure

Penetration Testing / Wireless/Web/mobile)

• Difference between active and passive reconnaissance ?

• How are penetration tests classified?

• What types of penetration testing teams are there and what are their responsibilities?

• What are some of the types of attackers? (Script kiddie/ APT/ Malicious insider)

• What are the most common types of malware?

• What are some of the most common vulnerability databases? (NVD/CVE/exploit

db/packetstorm/vulnhub)

• What is the Common Vulnerability Scoring System?

• How would you rate vulnerabilities during a penetration test? (risk matrix)

• At what point of an assessment would you start performing testing?

• What are some of the most common vulnerabilities?

• What is the principle of least privilege?

Infrastructure/Operating Systems

• What is the OSI model and what are its layers?

• What is the difference between TCP and UDP?

• What are some of the most common services and what ports do they run on?

• What is DNS?

• What is ARP?

• What is RDP?

• What is a MAC address?

• What is a firewall and how does it work?

• What is the difference between an IDS and an IPS?

• What are honeypots?

• What is the difference between encoding, hashing and encrypting?

• Name a few type of encoding, hash and encryption

• What is salting and what is it used for

• What is the fastest way to crack hashes?

• Difference between symmetric and asymmetric encryption

• In what format are Windows and Linux hashes stored

• Where are Windows and Linux hashes stored, how can you retrieve them?

• What are cron jobs/scheduled tasks?

• Where are cron jobs stored in Windows and Linux?

• What are the different package managers used in Linux and where are they used?

• Describe the permission system used in Linux file systems

• What are SUID and sudo?

• What is Kerberos and how does it perform authentication?

• What is the difference between WEP, WPA and WPA2

• What is WPS? Why is it insecure?

Common Techniques & Attacks

• How can DNS and ARP be exploited by attackers?

• What is DDoS?

• What is buffer overflow?

• What is packet inspection?

• What is privilege escalation? Provide a few examples

• What is the difference between bruteforce and dictionary attacks?

• What is a golden ticket attack?

• What is a common misconfiguration of FTP and SMB? (anonymous login/ null session)

Web Application Vulnerabilities & Attacks

• what is XSS, what types of XSS are there, what are the consequences of a successful attack
and how do you prevent XSS?

• What is SQL Injection, different types and examples, how to prevent ?

• Secure and HTTPOnly flags

• What is CSRF, what does it entail and how can it be prevented?

• What is IDOR, what are its consequences and how can you prevent it?

• What are LFI and RFI and what are the consequences of these attacks? How can they be
prevented?

• How can you secure data in transit?

Penetration Testing Tools

• What tool would you use to perform a port scan?

• What tools would you use to inspect network packets?

• What tool would you use to bruteforce passwords, online and offline?

• What tool would you use to automate SQL injection attacks?

• What tool would you use to perform an ARP spoofing attack? (Ettercap)

• What tools would you use to perform testing against WiFi networks

• What tool can help generate malicious executables?

• What tools would you use to scan a network for known vulnerabilities?

• What tool would you use to inspect the route between a host and a destination?

Scenario-Based

• How would you remotely access a service that can only be accessed from within an internal
network?

• How would you allow regular users to run bash scripts as root and which way is most
secure? (cron jobs)

• If you were able to obtain an NTLM hash but could not decrypt it, how would you use this
knowledge to obtain access to the target host? (pHT)

• What measures would you put in place to prevent brute forcing?

refrences