Hack-the-Box: Certified Penetration Testing Specialist Questionnaire

The following self-assessment is required prior to enrollment to determine your preparedness for the content of this course.

Personal and Contact Information

First Name

Middle Name

Last Name

Email Address

Birthdate

Mailing Address

Country

Street

City

Region

Postal Code

This course begins February 10, 2026. Please indicate your interest level:

I am not ready now, but would like to learn more.

I would like to register!

Multiple Choice (20 questions)

1. You receive a browser pop-up on a trusted site saying “Your system is infected - call this number!” What should you do?

A. Call the number immediately

B. Close the browser tab and run your own antivirus scan

C. Click “OK” to dismiss it

D. Reboot your computer without scanning

2. Your friend texts you a one-time code to log into a shared streaming account. That’s an example of:

A. Encryption

B. Multi-factor authentication

C. Phishing

D. Social engineering

3. What is encryption?

A. The process of compressing data to reduce file size

B. The process of protecting data by making it unreadable without a secret key

C. The act of copying data from one system to another

D. A method for scanning networks for vulnerabilities

4. You log into public Wi-Fi at a café. To keep your data safe, you should:

A. Check email only

B. Use a VPN before any login

C. Turn off your device

D. Share your files over the network

5. You’re asked to create a password for a work system. Which is best?

A. “Summer2026!”

B. “I love pizza”

C. “Tr0ub4dor&3” (a random phrase with substitutions)

D. “Password!”

6. An email arrives from your manager with an attachment you weren’t expecting. You should:

A. Open it right away

B. Verify with your manager before opening

C. Forward it to coworkers

D. Delete it immediately

7. What is the purpose of a VPN?

A. Filter malware from traffic

B. Securely tunnel traffic over untrusted networks

C. Scan for open ports

D. Manage user credentials

8. If your computer prompts you to install an update, the best practice is to:

A. Postpone indefinitely

B. Install as soon as you can

C. Ask a friend online if it’s safe

D. Only update when the next device arrives

9. Which authentication factor is “something you have”?

A. Password

B. Biometrics

C. Smart card or token

D. Security question

10. Your company requires you to use a password manager. The main benefit is:

A. It auto-fills social media posts

B. It stores and generates strong, unique passwords securely

C. It replaces your email

D. It backs up your photos

11. You accidentally visit a malicious site. To prevent re-infection in the future, you should:

A. Clear your browser cache and cookies

B. Disable your firewall

C. Bookmark the site for later

D. Turn off antivirus

12. What is a fundamental method to determine if a web page you are visiting is encrypted?

A. Look for a URL that begins with http://

B. Look for a URL that begins with https://

C. View the page source for JavaScript files

D. Check if the website has a login form

13. Your team uses shared cloud storage. To keep files secure, you should:

A. Share links publicly

B. Assign folder permissions only to needed users

C. Use the same password for all accounts

D. Keep files in “Everyone” access

14. During a presentation, you display sensitive info without realizing. Next time, you should:

A. Use a clean virtual desktop without sensitive files

B. Speed through so no one notices

C. Show everything - you trust the audience

D. Skip presentations altogether

15. Your antivirus flags a file as suspicious. You:

A. Delete it immediately without checking

B. Quarantine it and run a full scan

C. Ignore the warning and continue

D. Email it to coworkers

16. You create two accounts: one for work, one for personal use. This is an example of:

A. Segmentation of duties

B. Dual-factor authentication

C. Account compartmentalization

D. Credential reuse

17. Which is an example of an IP address and port combination?

A. 10.10.10.0/24

B. 192.168.1.1/RJ45

C. 10.10.10.33:8080

D. 53:10.10.10.34

18. Which action best illustrates “monitoring”?

A. Watching a livestream of your front door

B. Asking neighbors if they saw anything

C. Turning off all home alarms

D. Deleting your system logs

19. What’s the primary difference between hashing and encryption?

A. Hashing is reversible; encryption is not

B. Encryption is reversible; hashing is not

C. Both are reversible

D. Neither is reversible

20. You’re setting up a new router. Choosing a non-default administrator password is important because:

A. Default passwords are often publicly documented

B. It speeds up your internet

C. It reduces electricity use

D. It improves Wi-Fi range

Open Ended Questions (5)

21. Explain why it’s safer to use different passwords for work and personal accounts.

22. Describe a real-world analogy for encrypting a file before sending it over the internet.

23. Outline three steps you’d take if you suspected your email was hacked.

24. Give an example from daily life that demonstrates why “least privilege” matters.

25. In your own words, why is regularly updating software as important as locking your front door?