When running an nmap scan, what source port can you specify to scan from to commonly bypass firewall rules? 
What kind of attack is ARP Spoofing considered and how could you leverage it on a penetration test? 
Explain what NBNS poisoning is and how it can be leveraged on a penetration test. 
Answer true or false and explain your answer: two-factor authentication protects against session hijacking. 
Describe the basics of input and output of a stream cipher. 
Describe when you would use a null byte during an application penetration test. 
What is the problem with LM hashes? 
What is the difference between netNTLM and NTLM hashes? 
What is pass the hash? 
What is token impersonation? 
Describe what SQL Injection is and how you would test for it? 
What about Blind SQL Injection and how is it different from other kinds? 
How can SQL Injection lead to remote code execution? 
How can you execute OS command with mssql injection? 
Describe a webshell and how you would upload/use one.
How would you bypass uploader protections?
Describe Remote Command Execution (RCE).
How would you perevent it in PHP?
Describe Cross Site Request Forgery. 
How would you prevent it?
Describe the different types of Cross Site Scripting. 
How would you exploit XSS?
What is the purpose of the same origin policy with relation to the document object model? 
How do you exploit the Shellshock vulnerability and what can an attacker do with it?
Describe what Buffer overflow is and how you would test for it?
What is Active Directory?
What is LDAP?
Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Where is the AD database held? What other folders are related to AD?
What is the SYSVOL folder?
Name the AD NCs and replication issues for each NC
What is non-repudiation (as it applies to IT security)? 
What is the difference between a threat and a vulnerability? 
What is the difference between authentication and authorization?
What is a insecure direct object reference? Why is it a problem?
How do you change your dns settings in linux/windows?
What’s the difference between encoding, encryption, and hashing?
Can you describe rainbow tables?
What is salting, and why is it used?
If you had to both encrypt and compress data during transmission, which would you do first, and why?
What port does ping work over?
Ping uses TCP or UDP?
What is HTTP?
What is an HTTP proxy and how does it work?
What is SMTP? Give the basic scenario of how a mail message is delivered via SMTP.
What is the name and the UID of the administrator user?
How to list all files, including hidden ones, in a directory?
What is the Unix/Linux command to remove a directory and its contents?
Which command will show you free/used memory? Does free memory exist on Linux?
How to search for the string "my konfi is the best" in files of a directory recursively?
How to connect to a remote server or what is SSH?
How to get all environment variables and how can you use them?
I get "command not found" when I run ifconfig -a. What can be wrong?
What happens if I type TAB-TAB?
What command will show the available disk space on the Unix/Linux system?
What commands do you know that can be used to check DNS records?
What Unix/Linux commands will alter a files ownership, files permissions?
What does chmod +x FILENAMEdo?
What does the permission 0750 on a file mean?
What does the permission 0750 on a directory mean?
How to add a new system user without login permissions?
How to add/remove a group from a user?
What is a bash alias?
How do you set the mail address of the root/a user?
What does CTRL-c do?
What is in /etc/services?
How to redirect STDOUT and STDERR in bash? (> /dev/null 2>&1)
What is the difference between UNIX and Linux.
What is the difference between Telnet and SSH?
Explain the three load averages and what do they indicate. What command can be used to view the load averages?
Can you name a lower-case letter that is not a valid option for GNU ls?
What do the following commands do? tee
What do the following commands do ?awk
What do the following commands do ?tr
What do the following commands do ?cut
What do the following commands do ?tac
What do the following commands do ?curl
What do the following commands do ?wget
What do the following commands do ?watch
What do the following commands do ?head
What do the following commands do ?tail
What does an & after a command do?
What does & disown after a command do?
What is a packet filter and how does it work?
What is Virtual Memory?
What is swap and what is it used for?
What is an A record, an NS record, a PTR record, a CNAME record, an MX record?
Are there any other RRs and what are they used for?
What is a Split-Horizon DNS?
What is the sticky bit?
What does the immutable bit do to a file?
What is the difference between hardlinks and symlinks? What happens when you remove the source to a symlink/hardlink?
What is an inode and what fields are stored in an inode?
How to force/trigger a file system check on next reboot?
What is SNMP and what is it used for?
What is a runlevel and how to get the current runlevel?
What is SSH port forwarding?
What is the difference between local and remote port forwarding?
What are the steps to add a user to a system without using useradd/adduser?
What is MAJOR and MINOR numbers of special files?
Describe the mknod command and when you'd use it.
Describe a scenario when you get a "filesystem is full" error, but 'df' shows there is free space.
Describe a scenario when deleting a file, but 'df' not showing the space being freed.
Describe how 'ps' works.
What happens to a child process that dies and has no parent process to wait for it and what’s bad about this?
Explain briefly each one of the process states.
How to know which process listens on a specific port?
What is a zombie process and what could be the cause of it?
You run a bash script and you want to see its output on your terminal and save it to a file at the same time. How could you do it?
Explain what echo "1" > /proc/sys/net/ipv4/ip_forward does.
Describe briefly the steps you need to take in order to create and install a valid certificate for the site https://foo.example.com.
Can you have several HTTPS virtual hosts sharing the same IP?
What is a wildcard certificate?
Which Linux file types do you know?
What is the difference between a process and a thread? And parent and child processes after a fork system call?
What is the difference between exec and fork?
What is "nohup" used for?
What is the difference between these two commands? myvar=hello export myvar=hello
How many NTP servers would you configure in your local ntp.conf?
What does the column 'reach' mean in ntpq -p output?
You need to upgrade kernel at 100-1000 servers, how you would do this?
How can you get Host, Channel, ID, LUN of SCSI disk?
How can you limit process memory usage?
What is bash quick substitution/caret replace(^x^y)?
Do you know of any alternative shells? If so, have you used any?
What is a tarpipe (or, how would you go about copying everything, including hardlinks and special files, from one server to another)?
How can you tell if the httpd package was already installed?
How can you list the contents of a package?
How can you determine which package is better: openssh-server-5.3p1-118.1.el6_8.x86_64 or openssh-server-6.6p1-1.el6.x86_64 ?
What is a tunnel and how you can bypass a http proxy?
What is the difference between IDS and IPS?
What shortcuts do you use on a regular basis?
What is the Linux Standard Base?
What is an atomic operation?
Your freshly configured http server is not running after a restart, what can you do?
What kind of keys are in ~/.ssh/authorized_keys and what it is this file used for?
I've added my public ssh key into authorized_keys but I'm still getting a password prompt, what can be wrong?
Did you ever create RPM's, DEB's or solaris pkg's?
What does :(){ :|:& };: do on your system?
How do you catch a Linux signal on a script?
Can you catch a SIGKILL?
What's happening when the Linux kernel is starting the OOM killer and how does it choose which process to kill first?
Describe the linux boot process with as much detail as possible, starting from when the system is powered on and ending when you get a prompt.
What's a chroot jail?
When trying to umount a directory it says it's busy, how to find out which PID holds the directory?
What's LD_PRELOAD and when it's used?
You ran a binary and nothing happened. How would you debug this?
What are cgroups? Can you specify a scenario where you could use them?
How can you remove/delete a file with file-name consisting of only non-printable/non-type-able characters?
How can you increase or decrease the priority of a process in Linux?
What are run-levels in Linux?
What is localhost and why would ping localhost fail?
What is the similarity between "ping" & "traceroute" ? How is traceroute able to find the hops.
What is the command used to show all open ports and/or socket connections on a machine?
Is 300.168.0.123 a valid IPv4 address?
Which IP ranges/subnets are "private" or "non-routable" (RFC 1918)?
What is a VLAN?
What is ARP and what is it used for?
What is the difference between TCP and UDP?
What is the purpose of a default gateway?
What is command used to show the routing table on a Linux box?
A TCP connection on a network can be uniquely defined by 4 things. What are those things?
When a client running a web browser connects to a web server, what is the source port and what is the destination port of the connection?
How do you add an IPv6 address to a specific interface?
You have added an IPv4 and IPv6 address to interface eth0. A ping to the v4 address is working but a ping to the v6 address gives yout the response sendmsg: operation not permitted. What could be wrong?
What is SNAT and when should it be used?
Explain how could you ssh login into a Linux system that DROPs all new incoming packets using a SSH tunnel.
How do you stop a DDoS attack?
How can you see content of an ip packet?
What is IPoAC (RFC 1149)?
A careless sysadmin executes the following command: chmod 444 /bin/chmod - what do you do to fix this?
I've lost my root password, what can I do?
I've rebooted a remote server but after 10 minutes I'm still not able to ssh into it, what can be wrong?
If you were stuck on a desert island with only 5 command-line utilities, which would you choose?
You come across a random computer and it appears to be a command console for the universe. What is the first thing you type?
Tell me about a creative way that you've used SSH?
You have deleted by error a running script, what could you do to restore it?
What will happen on 19 January 2038?
How to reboot server when reboot command is not responding?
What does a doctype do?
What's the difference between full standards mode, almost standards mode and quirks mode?
What's the difference between HTML and XHTML?
Are there any problems with serving pages as application/xhtml+xml?
How do you serve a page with content in multiple languages?
What kind of things must you be wary of when design or developing for multilingual sites?
What are data- attributes good for?
Consider HTML5 as an open web platform. What are the building blocks of HTML5?
Describe the difference between a cookie, sessionStorage and localStorage.
Describe the difference between <script>, <script async> and <script defer>.
Why is it generally a good idea to position CSS <link>s between <head></head> and JS <script>s just before </body>? Do you know any exceptions?
What is progressive rendering?
Have you used different HTML templating languages before?
Using the OSI model, which layer has the responsibility of making sure that the packet gets where it is supposed to go?
What is the subnet mask, network address and broadcast address for the following address: 123.65.47.62/22?
What command is used to show all open ports and/or socket connections on a machine?
What is NAT? What is it used for?
Which IP ranges/subnets are "private" or "non-routable" (RFC 1918)?
What is a packet filter and how does it work?
What is a proxy and how does it work?
What is ARP and what is it used for?
What is the difference between TCP and UDP?
What command is used to show the route table for a machine?
What is the purpose of a default gateway?
A TCP connection on a network can be uniquely defined by 4 things. What are those things?
When a client running a web browser connects to a web server, what is the source port of the connection?
What is the destination port of the connection?
What is SMTP?
What is an SMTP relay?
Give the basic scenario of how a mail message is delivered via SMTP
What function does DNS play on a network?
What is an A record?
What is an NS record?
What is an MX record?
What is a PTR record?
What is a DNS forwarder?
What command is used to lookup DNS records?
What is meant by "Reverse Lookup"?
What is LDAP and what is it used for?
What is a DN in LDAP?
What is SSH?
What is SSL?
What is IDS?
What is IPS?
What is the difference between IDS and IPS?
What is meant by the term "DOS Attack"?
What is RAID?
What is swap and what is it used for?
What command will show the available disk space on the Unix/Linux system?
How do you determine the public and prive IP addresses, if applicable, of a Unix/Linux system from the command line?
What Unix/Linux command will alter a file's ownership?
What Unix/Linux command will alter a file's permissions?
What Unix/Linux command will show all processes running on a system?
What Unix/Linux command will show the details of a file(permissions, size, timestamp)?
What Unix/Linux command would you use to list all currently loaded kernel modules?
What command would you use to telnet to port 7777 on a machine with IP address 10.10.10.128?
What Unix/Linux command(s) will show a system's current resource allocations?
What is the Unix/Linux command to remove a directory and its contents?
What is the name and location of the system log on a Unix or Linux system?
What would you do to recover a lost the root password to a Unix/Linux system?
What is the difference between hardlink and symlink?
What happens when you remove the source to a symlink?
What are some of the security risks of symlinks?
Explain a hardlink
Where is a filename stored?
What happens when a hardlink is removed
how do you know when a file is removed
How does a switch get a mac address?
What type of packet to discover a router?
How does traceroute work?
Name a music song that contains a programming language or framework