Ethical Hacking MCQs | Cloud CI/CD & Supply Chain Security

Master your Certified Ethical Hacker (CEH) and OSCP exams with 300+ free penetration testing MCQs and interview questions.

CEH v12 Syllabus Penetration Testing Network Security Bug Bounty Prep
« First 12 13 14 15 Last »
« Previous Page Next Page »

261. What is "ISO 27102" standard?

  • a) Guidelines for cybersecurity framework implementation
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Provides methodology for adopting ISO 27001/27002 controls.

262. Which attack exploits "AWS Lambda Layer poisoning"?

  • a) Injecting malicious code via shared layers
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Compromised layers execute in all functions using them.

263. What is "ISO 27103" standard?

  • a) Guidelines for cybersecurity measurement
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Metrics for evaluating cybersecurity control effectiveness.

264. Which tool performs "Azure DevOps pipeline testing"?

  • a) Azucar
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Audits CI/CD pipelines for insecure variables/tasks.

265. What is "ISO 27110" standard?

  • a) Cybersecurity framework development guidelines
  • b) Network security controls
  • c) Malware detection
  • d) Physical security
Answer: A - Helps organizations create tailored cybersecurity frameworks.

266. Which attack exploits "GCP Cloud Build impersonation"?

  • a) Abusing service account permissions in build pipelines
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Over-permissive build service accounts can access prod resources.

267. What is "ISO 27552" standard?

  • a) PII protection in ISO 27001 extensions
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Enhances ISO 27001 for privacy management (superseded by ISO 27701).

268. Which tool performs "AWS EKS security testing"?

  • a) kube-hunter
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Scans Kubernetes clusters for misconfigurations.

269. What is "ISO 28000" standard?

  • a) Supply chain security management
  • b) Network security controls
  • c) Malware analysis
  • d> Cryptographic protocols
Answer: A - Secures logistics/supply chains against cyber-physical threats.

270. Which attack exploits "Azure AD External Identities"?

  • a) Compromising B2B/B2C guest accounts
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Over-privileged guest users can access internal resources.

271. What is "ISO 31010" standard?

  • a) Risk assessment techniques
  • b) Network segmentation
  • c) Malware detection
  • d) Physical security
Answer: A - Companion to ISO 31000 with specific risk evaluation methods.

272. Which tool performs "GCP Anthos service mesh testing"?

  • a> Istioctl
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Audits mTLS configurations and ingress/egress policies.

273. What is "ISO 33000" series?

  • a) Process assessment standards
  • b) Network security controls
  • c) Malware analysis
  • d> Cryptographic algorithms
Answer: A - Includes SPICE (ISO 33020) for capability maturity evaluation.

274. Which attack exploits "AWS Fargate task roles"?

  • a) Abusing over-permissive IAM roles in serverless containers
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Task roles with excessive permissions enable lateral movement.

275. What is "ISO 37001" standard?

  • a) Anti-bribery management system
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Mitigates bribery risks in procurement/vendor relationships.

276. Which tool performs "Azure Arc-enabled Kubernetes testing"?

  • a> Azure Arc Hack Toolkit
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Tests hybrid cluster management security.

277. What is "ISO 37301" standard?

  • a) Compliance management system
  • b) Network security controls
  • c) Malware analysis
  • d> Cryptographic protocols
Answer: A - Replaces ISO 19600 for regulatory/legal compliance programs.

278. Which attack exploits "GCP Data Catalog metadata"?

  • a) Harvesting sensitive data locations via catalog entries
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Publicly exposed metadata reveals BigQuery tables/Cloud Storage.

279. What is "ISO 38500" standard?

  • a) IT governance framework
  • b) Network segmentation
  • c) Malware detection
  • d) Physical security
Answer: A - Guides executive decision-making on IT investments/risks.

280. Which header prevents "Cross-Origin-Opener-Policy (COOP) bypasses"?

  • a> Cross-Origin-Opener-Policy
  • b) Content-Security-Policy
  • c) X-Frame-Options
  • d) Strict-Transport-Security
Answer: A - Cross-Origin-Opener-Policy: same-origin isolates browsing contexts.
« First 12 13 14 15 Last »
« Previous Page Next Page »

Ethical Hacking MCQs - Master Cybersecurity & Penetration Testing | PCBooks

🔐 Preparing for CEH, OSCP, or cybersecurity interviews? Get free practice MCQs covering ethical hacking, penetration testing, network security, and cyber defense. Perfect for:

🛡️ Ethical Hacking Fundamentals MCQs

👉 Footprinting & reconnaissance techniques
👉 Scanning networks (Nmap, Nessus)
👉 System hacking methodologies
👉 Social engineering attacks

💻 Penetration Testing MCQs

🎯 Web application security tests
- SQL injection and XSS vulnerabilities
- CSRF and session hijacking defenses
🎯 Network penetration strategies
- Firewall evasion techniques
- IDS/IPS bypass methods
🎯 Wireless security assessments

🔐 Cryptography & Security MCQs

👉 Symmetric vs asymmetric encryption
👉 SSL/TLS implementation
👉 PKI infrastructure concepts
👉 GDPR compliance requirements

🚀 Start Your Cybersecurity Practice

Ethical Hacking Practice Questions →

🏆 Trusted by 70,000+ cybersecurity aspirants for CEH, CISSP, and OSCP exam success!

ethical hacking multiple choice questions with answers PDF, Top 50 ethical hacking interview questions and answers, CEH v12 MCQ questions and answers, Basic ethical hacking quiz for beginners, OSCP interview questions and answers, Penetration testing MCQ questions, Cybersecurity multiple choice questions for beginners, Top 100 cybersecurity interview questions 2024, CISSP exam questions and answers PDF, Network security MCQ with explanations, Cybersecurity quiz for freshers, Security+ SY0-701 practice questions, Cryptography MCQ questions for interviews, Web application security interview questions, SOC analyst technical interview questions, Bug bounty hunter interview questions, Cloud security MCQ questions and answers, GDPR compliance interview questions, Free ethical hacking practice questions with answers, How to prepare for cybersecurity technical interview, Best websites for cybersecurity MCQs, Scenario-based ethical hacking interview questions, Difference between XSS and CSRF MCQ