Penetration Testing Interview Questions

You're conducting a network pentest against a company that has an IDS/IPS and actively monitors for scanning activity. You need to map their /24 subnet without triggering alerts. How do you approach network discovery, and what trade-offs do you consider between speed and stealth?

You're testing a login form and your basic SQL injection payloads like ' OR 1=1-- are being blocked. The application shows a generic "Invalid input" error. How do you determine if this is actually vulnerable and what's your methodology for bypassing the apparent filtering?

Design a C2 infrastructure for a red team engagement.