nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Pentest Interview questions

Gimmyno

Hi Guys,

I have an interview for a job as pentest tomorrow,just wondering if any of you could give me some suggestions on some smart technical questions to ask the interviewers regarding the role.I have worked in IT for many years as Network Engineer so this could be my entry point to Info sec.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

dustervoice

This one i always ask my candidates. I never really focus on technical stuff as there is no real value asking someone if they know how to use sqlmap.

(1). Describe to me the methodology of how you would pentest an ecommerce site?

TechGuru80

Is the job internal for a company or like a consulting firm? If it is for a consulting firm...ask about client generation as far as do you have to sell the services or are there people who do that and you come in as the SME. You could ask how the tests are structured...for example are you assigned one area (i.e. application testing) and have members for other areas.....or are you expected to perform penetrations on multiple aspects. It isn't a research company is it? That could be leaning more towards exploit R&D.

aderon

So how'd it go? I'm curious what kind of questions they asked. I'd like to move to a pentest role at some point in my career.

OctalDump

dustervoice wrote: »

(1). Describe to me the methodology of how you would pentest an ecommerce site?

What are the parameters here? Is it purely technical? Is social engineering allowed? Anything we can't touch? Is it a live site? Does the client's IT know that the test is happening? Are there established methodologies already? Am I overseeing the whole process? Is there a team involved? What can you tell me about the site?

A real conversation starter that question.

davefranco

Gimmyno any update?