Ethical Hacking MCQs | Advanced Cloud & Forensic Security

Master your Certified Ethical Hacker (CEH) and OSCP exams with 300+ free penetration testing MCQs and interview questions.

CEH v12 Syllabus Penetration Testing Network Security Bug Bounty Prep
« First 12 13 14 15 Last »
« Previous Page Next Page »

241. What is "ISO 27040" standard?

  • a) Storage security guidelines
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Covers SAN/NAS, encryption, and data lifecycle management.

242. Which attack exploits "Azure AD Privileged Identity Management (PIM) flaws"?

  • a) Bypassing Just-In-Time activation requirements
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Exploits misconfigured PIM policies to maintain persistent privileged access.

243. What is "ISO 27041" standard?

  • a) Digital investigation assurance
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Ensures reliability of digital evidence collection methods.

244. Which tool performs "AWS Config rule auditing"?

  • a> ScoutSuite
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Identifies non-compliant resources and custom rule bypasses.

245. What is "ISO 27042" standard?

  • a) Digital evidence analysis/interpretation
  • b) Network security controls
  • c) Malware detection
  • d> Physical security
Answer: A - Guidelines for validating forensic analysis techniques.

246. Which attack exploits "GCP VPC Service Controls"?

  • a) Bypassing perimeter security via misconfigured access levels
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Exploits overly permissive "ingress/egress rules" between services.

247. What is "ISO 27043" standard?

  • a) Incident investigation principles
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Standardized methodology for security incident investigations.

248. Which tool performs "Azure Sentinel analytics rule testing"?

  • a> Stormspotter
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Identifies detection gaps in KQL-based alert rules.

249. What is "ISO 27044" standard?

  • a) Security incident monitoring
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Guidelines for SIEM deployment and log analysis.

250. Which attack exploits "AWS CloudTrail logging gaps"?

  • a) Performing unauthorized actions in non-logged regions
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - CloudTrail may not be enabled in all regions by default.

251. What is "ISO 27045" standard?

  • a) Security assessment of IoT systems
  • b) Network security controls
  • c) Malware detection
  • d) Physical security
Answer: A - Risk assessment framework for IoT devices/networks.

252. Which tool performs "GCP Data Loss Prevention (DLP) testing"?

  • a> DLP Scanner
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Tests for sensitive data exposure despite DLP policies.

253. What is "ISO 27050" standard?

  • a) Electronic discovery (eDiscovery)
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Guidelines for handling digital evidence in legal proceedings.

254. Which attack exploits "Azure Resource Graph queries"?

  • a) Harvesting sensitive resource metadata at scale
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Kusto queries can reveal unprotected storage accounts/VMs.

255. What is "ISO 27099" standard?

  • a) PKI implementation for information security
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic algorithms
Answer: A - Best practices for public key infrastructure deployment.

256. Which tool performs "AWS Control Tower guardrail testing"?

  • a> Pacu
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Tests bypasses for SCPs and organizational policies.

257. What is "ISO 27100" standard?

  • a) Threat intelligence framework
  • b) Network security controls
  • c) Malware detection
  • d) Physical security
Answer: A - Guidelines for producing/consuming threat intelligence feeds.

258. Which attack exploits "GCP Confidential Computing gaps"?

  • a) Accessing memory of "confidential VMs" via side channels
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Exploits hardware vulnerabilities in encrypted memory processing.

259. What is "ISO 27101" standard?

  • a) Privacy enhancement for threat intelligence
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Ensures PII protection in threat intelligence sharing.

260. Which header prevents "Cross-Origin-Resource-Policy (CORP) bypasses"?

  • a> Cross-Origin-Resource-Policy
  • b) Content-Security-Policy
  • c) X-Frame-Options
  • d) Strict-Transport-Security
Answer: A - Cross-Origin-Resource-Policy: same-site blocks cross-origin embeds.
« First 12 13 14 15 Last »
« Previous Page Next Page »

Ethical Hacking MCQs - Master Cybersecurity & Penetration Testing | PCBooks

🔐 Preparing for CEH, OSCP, or cybersecurity interviews? Get free practice MCQs covering ethical hacking, penetration testing, network security, and cyber defense. Perfect for:

🛡️ Ethical Hacking Fundamentals MCQs

👉 Footprinting & reconnaissance techniques
👉 Scanning networks (Nmap, Nessus)
👉 System hacking methodologies
👉 Social engineering attacks

💻 Penetration Testing MCQs

🎯 Web application security tests
- SQL injection and XSS vulnerabilities
- CSRF and session hijacking defenses
🎯 Network penetration strategies
- Firewall evasion techniques
- IDS/IPS bypass methods
🎯 Wireless security assessments

🔐 Cryptography & Security MCQs

👉 Symmetric vs asymmetric encryption
👉 SSL/TLS implementation
👉 PKI infrastructure concepts
👉 GDPR compliance requirements

🚀 Start Your Cybersecurity Practice

Ethical Hacking Practice Questions →

🏆 Trusted by 70,000+ cybersecurity aspirants for CEH, CISSP, and OSCP exam success!

ethical hacking multiple choice questions with answers PDF, Top 50 ethical hacking interview questions and answers, CEH v12 MCQ questions and answers, Basic ethical hacking quiz for beginners, OSCP interview questions and answers, Penetration testing MCQ questions, Cybersecurity multiple choice questions for beginners, Top 100 cybersecurity interview questions 2024, CISSP exam questions and answers PDF, Network security MCQ with explanations, Cybersecurity quiz for freshers, Security+ SY0-701 practice questions, Cryptography MCQ questions for interviews, Web application security interview questions, SOC analyst technical interview questions, Bug bounty hunter interview questions, Cloud security MCQ questions and answers, GDPR compliance interview questions, Free ethical hacking practice questions with answers, How to prepare for cybersecurity technical interview, Best websites for cybersecurity MCQs, Scenario-based ethical hacking interview questions, Difference between XSS and CSRF MCQ