It depends on what you want. You mentioned below the fact that a certain question may not let you know if the person knows what they're doing. That makes me think that you want experienced candidates. If so, how about:
"What is your favorite tool (one open source and one commercial)?"
Say... Wikto and WebInspect (now by HP) respectively. If they can't name at least one of each, you have your answer. This question alone can spark a lengthy conversation between you and the candidate to talk about more than just 2 tools, benefits and shortcomings of each, whether they like open source solutions, etc. If no conversation occurs, then that's just more of an answer.
If you want someone with the right 'tude and are willing to teach them what they need to know, then it should cover more things like their desired workplace environment, preferred culture, projects they've started just for fun, ways that they've taken an initiative to better themselves (not just advance their tech skills), etc.
I'll let others respond with some ideas in your quest for 5.
Hope this helps,
CISSP, MCSE, CSTA, Security+ SME