top of page
Search content

Frequently asked questions

How to prepare for an Ethical hacking / Penetration testing job?

What is an ethical hacking / penetration testing job?

What is Data protection profession / Privacy profession?

What is Security operations center (SOC) job?

What is GRC / ISO27001 / ITGC career?

What are the various free / open source test platforms to practice ethical hacking / penetration testing?

How to practice Android security testing?

What are the common interview questions in Ethical hacking / Penetration testing job interviews?

What are the tools to learn ethical hacking / Penetration testing?

Where to practice ethical hacking on Cloud setup?

How to practice API testing for free?

How to prepare for an ITGC / ISO27001 / GRC job?

What are the common interview questions in Ethical hacking / Penetration testing job interviews?

Helpful resources

The most important thing to keep in mind before appearing for any interview in Ethical hacking is to make sure that you are well aware of the basics. By basics we mean CIA triad, OWASP Top 10, Common Port numbers, Cryptography concepts like Symmetric and Asymmetric Encryption, hashing, Digital Signatures, Usage of tools like Burp suite, metasploit framework, and nmap. Apart from these there are some common questions that are given below which are usually asked in EH / PT interviews.

 Questions:

  1. What are port numbers for the following(Also remember why the port number is used for)? 

SMB,FTP,SSH,TELNET,DNS,RDP,MSSQL,ORACLE,SNMP,SMTP,POP3,IMAP,NTP,

MONGODB,HTTP,HTTPS,SSL,SFTP,LDAP

  1. What is Cross site scripting and its types along with the mitigation?

  2. What is SQLi and its types along with the mitigation?

  3. What are the different layers in the OSI model along with one example of each layer?

  4. What is OWASP Top 10? Explain all with an example

  5. What is Authentication and Authorization? What's the difference between them?

  6. Explain different HTTP methods: PUT,PATCH,DELETE,POST,GET,TRACE,TRACK,OPTIONS

  7. What are cookie attributes? Explain HTTP-ONLY and HTTP-Secure

  8. What is the approach for testing a web application

  9. What is the approach for testing a network

  10. What is SSL Handshake? Explain the steps involved in it

  11. What is CIA triad? Explain all three

  12. Why are PUT,TRACE and TRACK method disabled?

  13. Why is MD5 algorithm considered insecure?

  14. What is XXE ? Explain its mitigation.

  15. What is CVE and CWE? What are the differences between them?

  16. How to configure Burp suite with your browser?

  17. What are the different tabs in Burp suite?

  18. What's the difference between Intruder and Repeater?

  19. What is an API? Explain with an example

  20. How do you test an API for security vulnerabilities?

  21. Android Testing vs Web application Testing?

  22. What is NMAP? Why is it used?

  23. What is Stealth scan in NMAP, give the command. Also explain why it is called Stealth?

  24. All NMAP commands and why they are used

  25. All NMAP timing templates like T1, T2 etc

  26. What is CSRF attack? What is the mitigation

  27. What are Black,Gray and White Box testing?

  28. Static testing vs Dynamic testing

  29. Explain Grey hat, black hat and White hat hackers.

  30. Test cases for an ecommerce website and Banking website.

  31. Are you aware of any recent Hack/vulnerability? If yes then Explain in detail.

  32. What is the approach for testing a mobile application?

  33. What is File Inclusion and its types?

  34. Explain three way handshake.

  35. How to determine severity of a vulnerability.

  36. What is CVSS? 

  37. Difference between application security testing and Vulnerability assessment

Links
Videos
bottom of page