Ethical Hacking MCQs | Advanced Threats & Defenses

Master your Certified Ethical Hacker (CEH) and OSCP exams with 300+ free penetration testing MCQs and interview questions.

CEH v12 Syllabus Penetration Testing Network Security Bug Bounty Prep
« First 2 3 4 5 Last »
« Previous Page Next Page »

41. What is "social engineering"?

  • a) Manipulating people to divulge confidential information
  • b) Writing secure code
  • c) Scanning networks for vulnerabilities
  • d) Encrypting data transmissions
Answer: A - Social engineering exploits human psychology rather than technical flaws.

42. Which tool is used for brute-forcing passwords?

  • a) Hydra
  • b) Nmap
  • c) Wireshark
  • d) Nessus
Answer: A - Hydra performs rapid password attacks against various services.

43. What is "reverse shell" in hacking?

  • a) A connection initiated from the target to the attacker
  • b) Encrypting shell commands
  • c) A type of firewall
  • d) A secure shell protocol
Answer: A - Reverse shells bypass firewall restrictions by having the target connect back.

44. Which vulnerability allows XML injection?

  • a) XXE (XML External Entity)
  • b) XSS
  • c) CSRF
  • d) SSRF
Answer: A - XXE attacks exploit XML processors to access local files or execute code.

45. What is "OWASP Top 10"?

  • a) A list of critical web application security risks
  • b) A ranking of hacking tools
  • c) A network scanning methodology
  • d) A cryptography standard
Answer: A - OWASP Top 10 documents the most severe web app vulnerabilities (e.g., injection, XSS).

46. Which attack exploits misconfigured CORS headers?

  • a) CSRF
  • b) CORS-based data theft
  • c) DNS rebinding
  • d) Buffer overflow
Answer: B - Improper CORS configurations can leak sensitive data to unauthorized domains.

47. What is "Nessus" primarily used for?

  • a) Vulnerability scanning
  • b) Packet sniffing
  • c) Password cracking
  • d) Social engineering
Answer: A - Nessus identifies vulnerabilities in systems and networks.

48. Which technique hides data in plain sight?

  • a) Steganography
  • b) Encryption
  • c) Tokenization
  • d) Hashing
Answer: A - Steganography embeds data in files (e.g., images) without visible changes.

49. What is "Shodan" often called?

  • a) The search engine for IoT devices
  • b) A password-cracking tool
  • c) A VPN service
  • d) A malware analysis platform
Answer: A - Shodan indexes exposed devices (cameras, servers, etc.) connected to the internet.

50. Which protocol is vulnerable to "FREAK" attack?

  • a) SSL/TLS
  • b) SSH
  • c) HTTP
  • d) FTP
Answer: A - FREAK (Factoring RSA Export Keys) downgrades SSL/TLS to weak encryption.

51. What is "canary" in cybersecurity?

  • a) A decoy value to detect memory corruption
  • b) A type of malware
  • c) A network scanning tool
  • d) A firewall rule
Answer: A - Stack canaries protect against buffer overflow attacks by triggering alerts when modified.

52. Which attack manipulates hardware firmware?

  • a) Rootkit
  • b) BIOS/UEFI attack
  • c) DDoS
  • d) Phishing
Answer: B - Firmware attacks compromise low-level system components (e.g., BIOS/UEFI).

53. What is "SIEM" used for?

  • a) Real-time security event monitoring
  • b) Password management
  • c) Network mapping
  • d) Malware development
Answer: A - SIEM (Security Information and Event Management) aggregates and analyzes logs for threats.

54. Which tool intercepts/modifies HTTP traffic?

  • a) Burp Suite
  • b) Aircrack-ng
  • c) Metasploit
  • d) John the Ripper
Answer: A - Burp Suite’s proxy feature allows manipulation of web requests/responses.

55. What is "PII" in cybersecurity?

  • a) Personally Identifiable Information
  • b) Public Internet Infrastructure
  • c) Protected Internal Interface
  • d) Phishing Intelligence Index
Answer: A - PII includes data like SSNs, emails, or addresses that can identify individuals.

56. Which attack exploits race conditions?

  • a) TOCTOU (Time of Check to Time of Use)
  • b) XSS
  • c) SQLi
  • d) CSRF
Answer: A - TOCTOU attacks alter system states between validation and execution.

57. What is "YubiKey" used for?

  • a) Hardware-based two-factor authentication
  • b) Network scanning
  • c) Password cracking
  • d) Malware analysis
Answer: A - YubiKey provides secure 2FA via USB/NFC devices.

58. Which encryption is quantum-resistant?

  • a) RSA
  • b) ECC
  • c) AES-256
  • d) Lattice-based cryptography
Answer: D - Lattice-based algorithms resist quantum computing attacks.

59. What is "MITRE ATT&CK" framework?

  • a) A knowledge base of adversary tactics/techniques
  • b) A penetration testing tool
  • c) A malware signature database
  • d) A firewall configuration standard
Answer: A - MITRE ATT&CK documents real-world attack patterns for threat modeling.

60. Which header prevents MIME sniffing attacks?

  • a) X-Content-Type-Options
  • b) Content-Security-Policy
  • c) Strict-Transport-Security
  • d) Cache-Control
Answer: A - X-Content-Type-Options: nosniff stops browsers from interpreting files as executable.
« First 2 3 4 5 Last »
« Previous Page Next Page »

Ethical Hacking MCQs - Master Cybersecurity & Penetration Testing | PCBooks

πŸ” Preparing for CEH, OSCP, or cybersecurity interviews? Get free practice MCQs covering ethical hacking, penetration testing, network security, and cyber defense. Perfect for:

πŸ›‘οΈ Ethical Hacking Fundamentals MCQs

πŸ‘‰ Footprinting & reconnaissance techniques
πŸ‘‰ Scanning networks (Nmap, Nessus)
πŸ‘‰ System hacking methodologies
πŸ‘‰ Social engineering attacks

πŸ’» Penetration Testing MCQs

🎯 Web application security tests
- SQL injection and XSS vulnerabilities
- CSRF and session hijacking defenses
🎯 Network penetration strategies
- Firewall evasion techniques
- IDS/IPS bypass methods
🎯 Wireless security assessments

πŸ” Cryptography & Security MCQs

πŸ‘‰ Symmetric vs asymmetric encryption
πŸ‘‰ SSL/TLS implementation
πŸ‘‰ PKI infrastructure concepts
πŸ‘‰ GDPR compliance requirements

πŸš€ Start Your Cybersecurity Practice

Ethical Hacking Practice Questions β†’

πŸ† Trusted by 70,000+ cybersecurity aspirants for CEH, CISSP, and OSCP exam success!

ethical hacking multiple choice questions with answers PDF, Top 50 ethical hacking interview questions and answers, CEH v12 MCQ questions and answers, Basic ethical hacking quiz for beginners, OSCP interview questions and answers, Penetration testing MCQ questions, Cybersecurity multiple choice questions for beginners, Top 100 cybersecurity interview questions 2024, CISSP exam questions and answers PDF, Network security MCQ with explanations, Cybersecurity quiz for freshers, Security+ SY0-701 practice questions, Cryptography MCQ questions for interviews, Web application security interview questions, SOC analyst technical interview questions, Bug bounty hunter interview questions, Cloud security MCQ questions and answers, GDPR compliance interview questions, Free ethical hacking practice questions with answers, How to prepare for cybersecurity technical interview, Best websites for cybersecurity MCQs, Scenario-based ethical hacking interview questions, Difference between XSS and CSRF MCQ