Search content
Frequently asked questions
What are the common interview questions in Ethical hacking / Penetration testing job interviews?
Helpful resources
The most important thing to keep in mind before appearing for any interview in Ethical hacking is to make sure that you are well aware of the basics. By basics we mean CIA triad, OWASP Top 10, Common Port numbers, Cryptography concepts like Symmetric and Asymmetric Encryption, hashing, Digital Signatures, Usage of tools like Burp suite, metasploit framework, and nmap. Apart from these there are some common questions that are given below which are usually asked in EH / PT interviews.
Questions:
What are port numbers for the following(Also remember why the port number is used for)?
SMB,FTP,SSH,TELNET,DNS,RDP,MSSQL,ORACLE,SNMP,SMTP,POP3,IMAP,NTP,
MONGODB,HTTP,HTTPS,SSL,SFTP,LDAP
What is Cross site scripting and its types along with the mitigation?
What is SQLi and its types along with the mitigation?
What are the different layers in the OSI model along with one example of each layer?
What is OWASP Top 10? Explain all with an example
What is Authentication and Authorization? What's the difference between them?
Explain different HTTP methods: PUT,PATCH,DELETE,POST,GET,TRACE,TRACK,OPTIONS
What are cookie attributes? Explain HTTP-ONLY and HTTP-Secure
What is the approach for testing a web application
What is the approach for testing a network
What is SSL Handshake? Explain the steps involved in it
What is CIA triad? Explain all three
Why are PUT,TRACE and TRACK method disabled?
Why is MD5 algorithm considered insecure?
What is XXE ? Explain its mitigation.
What is CVE and CWE? What are the differences between them?
How to configure Burp suite with your browser?
What are the different tabs in Burp suite?
What's the difference between Intruder and Repeater?
What is an API? Explain with an example
How do you test an API for security vulnerabilities?
Android Testing vs Web application Testing?
What is NMAP? Why is it used?
What is Stealth scan in NMAP, give the command. Also explain why it is called Stealth?
All NMAP commands and why they are used
All NMAP timing templates like T1, T2 etc
What is CSRF attack? What is the mitigation
What are Black,Gray and White Box testing?
Static testing vs Dynamic testing
Explain Grey hat, black hat and White hat hackers.
Test cases for an ecommerce website and Banking website.
Are you aware of any recent Hack/vulnerability? If yes then Explain in detail.
What is the approach for testing a mobile application?
What is File Inclusion and its types?
Explain three way handshake.
How to determine severity of a vulnerability.
What is CVSS?
Difference between application security testing and Vulnerability assessment