web application penetration testing interview questions and answers