Pentest Interview questions

GimmynoGimmyno Member Posts: 59 ■■□□□□□□□□
Hi Guys,

I have an interview for a job as pentest tomorrow,just wondering if any of you could give me some suggestions on some smart technical questions to ask the interviewers regarding the role.I have worked in IT for many years as Network Engineer so this could be my entry point to Info sec.

Comments

  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    This one i always ask my candidates. I never really focus on technical stuff as there is no real value asking someone if they know how to use sqlmap.

    (1). Describe to me the methodology of how you would pentest an ecommerce site?
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Is the job internal for a company or like a consulting firm? If it is for a consulting firm...ask about client generation as far as do you have to sell the services or are there people who do that and you come in as the SME. You could ask how the tests are structured...for example are you assigned one area (i.e. application testing) and have members for other areas.....or are you expected to perform penetrations on multiple aspects. It isn't a research company is it? That could be leaning more towards exploit R&D.
  • aderonaderon CISSP, CCNA:S, CCNA:R&S, AWS:CSA Assoc, Sec+, Lin+, A+, Net+, Proj+ Member Posts: 404 ■■■■□□□□□□
    So how'd it go? I'm curious what kind of questions they asked. I'd like to move to a pentest role at some point in my career.
    2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)
  • OctalDumpOctalDump Member Posts: 1,722
    (1). Describe to me the methodology of how you would pentest an ecommerce site?

    What are the parameters here? Is it purely technical? Is social engineering allowed? Anything we can't touch? Is it a live site? Does the client's IT know that the test is happening? Are there established methodologies already? Am I overseeing the whole process? Is there a team involved? What can you tell me about the site?

    A real conversation starter that question.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • davefrancodavefranco Member Posts: 12 ■□□□□□□□□□
Sign In or Register to comment.