Ethical Hacking MCQs | Cloud Security & ISO Standards

Master your Certified Ethical Hacker (CEH) and OSCP exams with 300+ free penetration testing MCQs and interview questions.

CEH v12 Syllabus Penetration Testing Network Security Bug Bounty Prep
« First 11 12 13 14 Last »
« Previous Page Next Page »

221. What is "ISO 22301" standard?

  • a) Business continuity management
  • b) Network penetration testing
  • c) Malware analysis
  • d) Firewall configuration
Answer: A - Ensures organizations can maintain operations during disruptions.

222. Which attack exploits "AWS IAM Role Chaining"?

  • a) Abusing multiple role assumptions to escalate privileges
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Progressively assumes roles with broader permissions across accounts.

223. What is "ISO 27017" standard?

  • a) Cloud security controls
  • b) Network segmentation
  • c) Malware detection
  • d) Cryptographic protocols
Answer: A - Extends ISO 27002 with cloud-specific guidelines.

224. Which tool performs "Azure Key Vault auditing"?

  • a) MicroBurst
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Identifies excessive permissions on secrets/certificates.

225. What is "ISO 27018" standard?

  • a) Cloud privacy protection for PII
  • b) Network security controls
  • c) Malware analysis
  • d) Physical security
Answer: A - Focuses on protecting personally identifiable information in public clouds.

226. Which attack exploits "GCP Service Account Key rotation gaps"?

  • a) Using stale keys that weren't revoked
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Old keys remain valid if automatic rotation isn't enforced.

227. What is "ISO 27031" standard?

  • a) ICT readiness for business continuity
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Ensures IT systems can recover from cyber incidents.

228. Which tool performs "AWS GuardDuty evasion"?

  • a) Pacu
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Simulates threat actors bypassing AWS's native detection.

229. What is "ISO 27034" standard?

  • a) Application security guidelines
  • b) Network security controls
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Secure development lifecycle for applications.

230. Which attack exploits "Azure AD App Registration flaws"?

  • a) Abusing excessive OAuth permissions
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Over-privileged apps can access sensitive data via Graph API.

231. What is "ISO 27035" standard?

  • a) Incident management
  • b) Network segmentation
  • c) Malware detection
  • d) Physical security
Answer: A - Guidelines for detecting, reporting, and responding to incidents.

232. Which tool performs "GCP Cloud Armor policy testing"?

  • a) GCPBucketBrute
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Tests WAF rule bypasses and geo-based restrictions.

233. What is "ISO 27036" standard?

  • a) Cloud vendor security assessment
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Evaluates third-party cloud provider security postures.

234. Which attack exploits "AWS S3 Batch Operations"?

  • a) Malicious job definitions to exfiltrate data
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Compromised IAM roles can create jobs that copy sensitive objects.

235. What is "ISO 27037" standard?

  • a) Digital evidence collection/preservation
  • b) Network security controls
  • c) Malware analysis
  • d) Cryptographic algorithms
Answer: A - Guidelines for incident responders handling forensic data.

236. Which tool performs "Azure Policy auditing"?

  • a> Stormspotter
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Identifies non-compliant resources and policy bypasses.

237. What is "ISO 27038" standard?

  • a) Digital redaction of sensitive data
  • b) Network segmentation
  • c) Malware detection
  • d> Physical security
Answer: A - Ensures proper sanitization of documents before sharing.

238. Which attack exploits "GCP Organization Policy constraints"?

  • a) Bypassing resource location/VM constraints
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Exploits exceptions in "allowed policies" at folder/project level.

239. What is "ISO 27039" standard?

  • a) Intrusion detection/prevention systems (IDPS)
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Guidelines for deploying and managing IDPS solutions.

240. Which header prevents "Cross-Origin-Embedder-Policy (COEP) bypasses"?

  • a> Cross-Origin-Embedder-Policy
  • b) Content-Security-Policy
  • c) X-Frame-Options
  • d) Strict-Transport-Security
Answer: A - Cross-Origin-Embedder-Policy: require-corp blocks untrusted resource embeds.
« First 11 12 13 14 Last »
« Previous Page Next Page »

Ethical Hacking MCQs - Master Cybersecurity & Penetration Testing | PCBooks

🔐 Preparing for CEH, OSCP, or cybersecurity interviews? Get free practice MCQs covering ethical hacking, penetration testing, network security, and cyber defense. Perfect for:

🛡️ Ethical Hacking Fundamentals MCQs

👉 Footprinting & reconnaissance techniques
👉 Scanning networks (Nmap, Nessus)
👉 System hacking methodologies
👉 Social engineering attacks

💻 Penetration Testing MCQs

🎯 Web application security tests
- SQL injection and XSS vulnerabilities
- CSRF and session hijacking defenses
🎯 Network penetration strategies
- Firewall evasion techniques
- IDS/IPS bypass methods
🎯 Wireless security assessments

🔐 Cryptography & Security MCQs

👉 Symmetric vs asymmetric encryption
👉 SSL/TLS implementation
👉 PKI infrastructure concepts
👉 GDPR compliance requirements

🚀 Start Your Cybersecurity Practice

Ethical Hacking Practice Questions →

🏆 Trusted by 70,000+ cybersecurity aspirants for CEH, CISSP, and OSCP exam success!

ethical hacking multiple choice questions with answers PDF, Top 50 ethical hacking interview questions and answers, CEH v12 MCQ questions and answers, Basic ethical hacking quiz for beginners, OSCP interview questions and answers, Penetration testing MCQ questions, Cybersecurity multiple choice questions for beginners, Top 100 cybersecurity interview questions 2024, CISSP exam questions and answers PDF, Network security MCQ with explanations, Cybersecurity quiz for freshers, Security+ SY0-701 practice questions, Cryptography MCQ questions for interviews, Web application security interview questions, SOC analyst technical interview questions, Bug bounty hunter interview questions, Cloud security MCQ questions and answers, GDPR compliance interview questions, Free ethical hacking practice questions with answers, How to prepare for cybersecurity technical interview, Best websites for cybersecurity MCQs, Scenario-based ethical hacking interview questions, Difference between XSS and CSRF MCQ