General Questions

Question 1

What is penetration testing and why is it important?

Answer 1

A penetration test is an authorized, targeted attack that evaluates an organization’s security posture, systems, and controls to identify and address vulnerabilities that could be exploited by attackers.

Question 2

Explain the term “vulnerability” and how it relates to penetration testing.

Answer 2

A “vulnerability” refers to a weakness or flaw in a system, application, or network that can be exploited by attackers to gain unauthorized access, disrupt operations, or compromise data.

Question 3

What are the 5 different phases of a penetration test?

Answer 3

In general the 5 phases of a pentest include:
1. Planning and Recon
2. Scanning and Enumeration
3. Exploitation
4. Post Exploitation
5. Reporting

Question 4

Describe the concept of “privilege escalation” and how attackers might utilize it.

Answer 4

Privilege escalation refers to the process of gaining higher levels of access or control within a system than initially granted. Attackers exploit vulnerabilities to move laterally or vertically in a network.

Question 5

What is social engineering and how can it be used in a penetration test?

Answer 5

Social engineering is the manipulation of individuals into divulging confidential information or performing actions that compromise security.

Question 6

Explain the difference between a black box, white box, and grey box penetration test

Answer 6

Black box: testing with zero previous knowledge of the environment
Grey box: testing with partial knowledge of the environment
White box: testing with complete prior knowledge of the environment

Question 7

What are 3 common web application vulnerabilities you might look for during a penetration test?

Answer 7

1. SQL Injections
2. Cross Site Scripting
3. Default credentials

Question 8

How would you approach a reconnaissance phase in a penetration test?

Answer 8

The reconnaissance phase of a penetration test is focused on gathering as much information as possible about the target without directly interacting with it using passive and active recon.

Question 9

What is an SQL injection attack and how can you detect it?

Answer 9

SQL Injection (SQLi) is a type of attack that exploits vulnerabilities in a web application’s database query functionality. It is detectable by inputting random characters into search fields, urls, or parameters and looking for output.

Question 10

Explain the concept of a buffer overflow vulnerability.

Answer 10

A buffer overflow vulnerability occurs in an application when more data is written to a block of memory, or “buffer,” than it is allocated to hold. Attackers abuse this flaw to input payloads or shellcode to gain a foothold, or escalate privileges.

Question 11

How do you handle a situation where you discover a critical vulnerability during a penetration test?

Answer 11

If a critical vulnerability is discovered during testing, it should be disclosed to the client immediately so they may start their remediation process. The tester should also discuss whether or not they would like the vulnerability to be exploited as a proof of concept.

Question 12

What tools and techniques do you typically use for vulnerability scanning?

Answer 12

Nessus, OpenVAS, Qualys, Nikto, BurpSuite, Nmap

Question 13

How would you document and report the findings of a penetration test?

Answer 13

Reporting should be taking place throughout testing to ensure it’s as accurate as possible to be beneficial for the client. Screenshots, timestamps, successes and failures, and client alerts should all be included not only to find vulnerabilities but also to help clients validate that their current controls are working as intended.

Question 14

Describe information security.

Answer 14

Information security is how companies protect their systems and information from threats. It can include the processes an organization follows to ensure security, the technology infrastructure and the roles that govern this area.

Question 15

What is the difference between encryption and hashing?

Answer 15

Encryption is the process of converting plaintext data into ciphertext using a cryptographic algorithm and a key.
Hashing is a one way process where data of any size is converted into a fixed-length output (often called a “digest”) using a hash function.

Question 16

What are the two main types of encryption?

Answer 16

Symmetric and asymmetric encryption are the two main types.

Question 17

Describe symmetric encryption and where it is typically used.

Answer 17

Using keys, symmetric encryption means users and information owners can use the same key to encrypt or decrypt information. It is ideal for applications like secure communication, file encryption, database encryption, cloud storage security, and protecting sensitive data within applications.

Question 18

Describe asymmetric encryption and where it is typically used.

Answer 18

Asymetric means there’s a private and public key to increase data protection for more sensitive information. It is typically used in secure web browsing, digital signatures, authentication and VPNs.

Question 19

Name three common Asymmetric encryption types.

Answer 19

RSA, Diffie-Hellman, and ECC

Question 20

Name three common Symmetric encryption types.

Answer 20

AES, DES, Blowfish

Question 21

What is a CVE?

Answer 21

CVE stands for Common Vulnerabilities and Exposures. It’s a publicly accessible database that lists and identifies known cybersecurity vulnerabilities in software, hardware, and other digital systems.

Question 22

What is a CVSS Score?

Answer 22

The Common Vulnerability Scoring System (CVSS) is a standardized system that assigns a numerical value to a software vulnerability to indicate its severity. CVSS scores help cybersecurity professionals prioritize which vulnerabilities to address first.

Question 23

Name 3 types of hashes commonly obtained during a pentest.

Answer 23

1. NTLM
2. NTLMv2
3. Kerberos

Question 24

How do you stay up-to-date with the latest security vulnerabilities and attack techniques?

Answer 24

I use a mixture of passive and active learning to stay updated. Passively I’m on social media sites like LinkedIn, Twitter and YouTube where I follow people who post IT and cybersecurity-focused content. Actively, I regularly utilize training sites like Hack the box and Try Hack Me, while also regularly completing industry certifications.

Question 25

What are your top 3 must-have tools for an AD-centric pentest and why?

Answer 25

My top three tools would be the impacket suite, netexec and Bloodhound.

Question 26

What types of attacks is the Diffie-Hellman (DH) exchange potentially vulnerable to?

Answer 26

If not implemented and configured correctly, the Diffie-Helmman key exchange can be vulnerable to several types of attacks, the most common being a Man-in-the-Middle (MitM) attack, Logjam attack, brute-force attack, and side-channel attacks.

Question 27

What is union-based SQL Injection?

Answer 27

In a Union-based SQL injection attack, an attacker appends a crafted UNION SELECT statement to the original query to force the application to return additional data that was not intended to be disclosed.

Question 28

What is XXE and what can it be used for?

Answer 28

(XML External Entity) Injection is a type of attack that exploits vulnerabilities in applications that parse XML input. The attacker manipulates the XML data to include a reference to an external entity (which could be a file or URL), leading to various malicious outcomes like reading sensitive files, causing denial of service, or even executing remote code