Pentester here. I'll take a crack at it. I'm giving you these answers off the top of my head, based on my practical day-to-day experience. So most likely if you google around you'll find better/ more complete answers

1. Penetration testers test the robustness of technical and non-technical security systems by simulating the activities used by malicious actors

2. Well I guess this will vary for everyone, but for me if there are no projects going on I'm usually doing security research, which just involves looking at different pieces of technology and seeing how they can be subverted (via googling, reading other research publications, fuzzing, disassembling etc). If you're lucky you'll find a technique you can use on the next project. Once a project has started, there's an established and mature penetration testing methodology which you can find pretty much anywhere on the web. Take a look at the write-up on owasp.org:

https://www.owasp.org/index.php/Penetration_testing_methodologies

3. This is a weird one. There was a time where employers just preferred provable experience, but lately I'm seeing preference being given to people holding certifications. I expect different shops will have different opinions, but based on what I'm hearing the offensive security certs seem to be rather well received. Look up Offensive Security Certified Professional - OSCP. College degrees are useful, but they tend to focus on the core academic fundamentals of information security... which is good and important, but once you finish that you should polish up with some more targeted certifications.

4. Staying on top of things (i.e new exploitation techniques) can be a bit tedious. Oh no, actually unsuccessful pentests suck the most. Yea you can give a report talking about possible denial of service attacks, or x number of unpatched servers, or poor incident response... but every time you hand in a report and you don't get root access or access to the domain admin group it - it sucks. Definitely the worst part for me.

5. Absolutely. Laws are getting stricter and stricter specifically in relation to computer misuse. Additionally, many regulators are starting to build in yearly / quarterly penetration tests as part of their requirements. Future looks bright for hackers

6. In my opinion, it's fine to start with, but as you progress in your career you may (or may not) eventually want to focus on the deeper fundamentals of information security - maybe do work on the policy development side, or security consulting.. something softer. Who knows, maybe move up to the c-suite ... more and more companies are looking for CISOs. I guess it's up to your preference. Nothing wrong with being a pentester for 100% of your career, but just for me, personally, I think eventually I'll move away from it.

I'm rambling. So to answer your question - If you enjoy playing with technology, and getting it to do things it was never meant to do... if you feel deep satisfaction from outsmarting controls that software developers put in place... if you think you enjoy that feeling a magician feels when they manage to successfully fool their audience.. or if you just want to make the world a safer cyber-place to live in... then I absolutely would recommend it as a career.

Just a heads-up: don't get discouraged if you can't answer everything. Especially when interviewing for junior positions it's common to ask more than you expect so you find the point where the interviewee doesn't know the answer.