Ethical Hacking MCQs | Cloud Security & ISO Standards

Master your Certified Ethical Hacker (CEH) and OSCP exams with 300+ free penetration testing MCQs and interview questions.

CEH v12 Syllabus Penetration Testing Network Security Bug Bounty Prep
« First 6 7 8 9 Last »
« Previous Page Next Page »

121. What is "credential phishing"?

  • a) Fake login pages to steal usernames/passwords
  • b) Brute-forcing credentials
  • c) Cracking password hashes
  • d) Exploiting password managers
Answer: A - Mimics legitimate sites (e.g., Gmail, Office 365) to harvest credentials.

122. Which attack exploits "HTTP parameter pollution"?

  • a) Injecting duplicate/malicious parameters in requests
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Manipulates how servers process multiple parameters (e.g., ?id=1&id=2).

123. What is "ISO 27035" standard?

  • a) Incident management guidelines
  • b) Network security controls
  • c) Malware analysis framework
  • d) Cryptographic protocols
Answer: A - Provides best practices for detecting, reporting, and responding to incidents.

124. Which tool performs "automated AWS vulnerability scanning"?

  • a) Pacu
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Pacu exploits misconfigured AWS services (S3 buckets, IAM roles).

125. What is "side-channel attack"?

  • a) Exploiting physical leaks (power/timing/EM emissions)
  • b) Brute-forcing encryption
  • c) Network eavesdropping
  • d) Social engineering
Answer: A - Examples: Spectre/Meltdown (CPU cache), power analysis on smart cards.

126. Which vulnerability allows "CSV injection"?

  • a) Embedding formulas in exported CSV files
  • b) SQL injection
  • c) Cross-site scripting
  • d) Buffer overflow
Answer: A - Formulas like =HYPERLINK("malicious") execute when opened in Excel.

127. What is "ISO 31000" standard?

  • a) Risk management principles
  • b) Penetration testing methodology
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Framework for identifying, assessing, and mitigating risks.

128. Which attack exploits "WebRTC leaks"?

  • a) Exposing real IPs despite VPNs
  • b) Corrupting web caches
  • c) Spoofing video streams
  • d) DDoSing browsers
Answer: A - WebRTC STUN requests can reveal internal/LAN IPs.

129. What is "ISO 27018" certification?

  • a) Cloud privacy protection for PII
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic algorithms
Answer: A - Focuses on protecting personally identifiable information in public clouds.

130. Which tool performs "Active Directory privilege escalation"?

  • a) BloodHound
  • b) Wireshark
  • c) Nmap
  • d) Burp Suite
Answer: A - Maps attack paths via misconfigured AD trusts/permissions.

131. What is "ISO 27031" standard?

  • a) ICT readiness for business continuity
  • b) Network security controls
  • c) Malware detection
  • d) Physical security
Answer: A - Ensures IT systems can recover from disruptions.

132. Which attack exploits "SAML misconfigurations"?

  • a) Forging authentication assertions
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Example: Accepting unsigned SAML responses or weak X.509 certificates.

133. What is "ISO 27034" standard?

  • a) Application security guidelines
  • b) Network penetration testing
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Focuses on secure application development lifecycle.

134. Which tool performs "automated Azure penetration testing"?

  • a) Stormspotter
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Maps Azure attack surfaces (RBAC misconfigs, storage accounts).

135. What is "ISO 27037" standard?

  • a) Digital evidence collection/preservation
  • b) Network security controls
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Guidelines for incident responders handling forensic data.

136. Which attack exploits "OAuth token hijacking"?

  • a) Stealing authorization tokens via phishing/misconfigs
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Compromised tokens grant access without credentials.

137. What is "ISO 27038" standard?

  • a) Digital redaction of sensitive data
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic algorithms
Answer: A - Ensures proper sanitization of documents (e.g., PDFs, images).

138. Which tool performs "GCP security assessment"?

  • a) ScoutSuite
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Audits GCP environments for misconfigurations (IAM, storage, networking).

139. What is "ISO 27040" standard?

  • a) Storage security guidelines
  • b) Network penetration testing
  • c) Malware detection
  • d) Cryptographic protocols
Answer: A - Covers SAN/NAS, encryption, and data lifecycle management.

140. Which header prevents "Cross-Origin Embedder Policy" (COEP) bypasses?

  • a) Cross-Origin-Embedder-Policy
  • b) Content-Security-Policy
  • c) X-Frame-Options
  • d) Strict-Transport-Security
Answer: A - Cross-Origin-Embedder-Policy: require-corp blocks untrusted resource embeds.
« First 6 7 8 9 Last »
« Previous Page Next Page »

Ethical Hacking MCQs - Master Cybersecurity & Penetration Testing | PCBooks

🔐 Preparing for CEH, OSCP, or cybersecurity interviews? Get free practice MCQs covering ethical hacking, penetration testing, network security, and cyber defense. Perfect for:

🛡️ Ethical Hacking Fundamentals MCQs

👉 Footprinting & reconnaissance techniques
👉 Scanning networks (Nmap, Nessus)
👉 System hacking methodologies
👉 Social engineering attacks

💻 Penetration Testing MCQs

🎯 Web application security tests
- SQL injection and XSS vulnerabilities
- CSRF and session hijacking defenses
🎯 Network penetration strategies
- Firewall evasion techniques
- IDS/IPS bypass methods
🎯 Wireless security assessments

🔐 Cryptography & Security MCQs

👉 Symmetric vs asymmetric encryption
👉 SSL/TLS implementation
👉 PKI infrastructure concepts
👉 GDPR compliance requirements

🚀 Start Your Cybersecurity Practice

Ethical Hacking Practice Questions →

🏆 Trusted by 70,000+ cybersecurity aspirants for CEH, CISSP, and OSCP exam success!

ethical hacking multiple choice questions with answers PDF, Top 50 ethical hacking interview questions and answers, CEH v12 MCQ questions and answers, Basic ethical hacking quiz for beginners, OSCP interview questions and answers, Penetration testing MCQ questions, Cybersecurity multiple choice questions for beginners, Top 100 cybersecurity interview questions 2024, CISSP exam questions and answers PDF, Network security MCQ with explanations, Cybersecurity quiz for freshers, Security+ SY0-701 practice questions, Cryptography MCQ questions for interviews, Web application security interview questions, SOC analyst technical interview questions, Bug bounty hunter interview questions, Cloud security MCQ questions and answers, GDPR compliance interview questions, Free ethical hacking practice questions with answers, How to prepare for cybersecurity technical interview, Best websites for cybersecurity MCQs, Scenario-based ethical hacking interview questions, Difference between XSS and CSRF MCQ