1. General Security and Theory

• What is the CIA Triad?
• Explain the difference between symmetric and asymmetric encryption.
• How does public key infrastructure (PKI) work?
• What is the difference between encoding, encryption, and hashing?
• Explain what a man-in-the-middle (MitM) attack is and how to mitigate it.
• Describe what "Defense in Depth" means in security architecture.
• What are OWASP Top 10 vulnerabilities?

2. Penetration Testing

• What is the difference between vulnerability scanning and penetration testing?
• How do you perform a penetration test on a web application?
• Explain the methodology you follow for network penetration testing.
• What tools do you commonly use during a penetration test, and for what purposes? (e.g., Nmap, Burp Suite, Metasploit, etc.)
• How do you escalate privileges on a compromised machine?
• Can you describe a penetration testing engagement you worked on in detail?

3. Web Application Security

• Explain SQL injection and how to detect/prevent it.
• What is cross-site scripting (XSS) and its different types?
• How do you mitigate Cross-Site Request Forgery (CSRF) attacks?