Ethical Hacking MCQs | Advanced Infrastructure Attacks

Master your Certified Ethical Hacker (CEH) and OSCP exams with 300+ free penetration testing MCQs and interview questions.

CEH v12 Syllabus Penetration Testing Network Security Bug Bounty Prep
« First 7 8 9 10 Last »
« Previous Page Next Page »

141. What is "ISO 27039" standard?

  • a) Intrusion detection/prevention systems (IDPS)
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Guidelines for deploying and managing IDPS solutions.

142. Which attack exploits "NoSQL injection"?

  • a) Manipulating NoSQL queries (e.g., MongoDB, CouchDB)
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Example: {"$gt": ""} bypasses login forms in MongoDB.

143. What is "ISO 27041" standard?

  • a) Digital investigation assurance
  • b) Network security controls
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Ensures reliability of digital evidence collection methods.

144. Which tool performs "Kubernetes penetration testing"?

  • a) kube-hunter
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Scans K8s clusters for misconfigurations (e.g., exposed dashboards).

145. What is "ISO 27042" standard?

  • a) Digital evidence analysis/interpretation
  • b) Network penetration testing
  • c) Malware analysis
  • d) Cryptographic algorithms
Answer: A - Guidelines for validating forensic analysis techniques.

146. Which attack exploits "GraphQL injection"?

  • a) Manipulating GraphQL queries to access unauthorized data
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Example: Over-fetching data via nested queries.

147. What is "ISO 27043" standard?

  • a) Incident investigation principles
  • b) Network security controls
  • c) Malware detection
  • d) Physical security
Answer: A - Standardized methodology for security incident investigations.

148. Which tool performs "Docker container breakout testing"?

  • a) gVisor
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Google's gVisor sandbox tests container isolation vulnerabilities.

149. What is "ISO 27044" standard?

  • a) Security incident monitoring
  • b) Network segmentation
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Guidelines for SIEM deployment and log analysis.

150. Which attack exploits "WebSocket CSRF"?

  • a) Forcing WebSocket connections via malicious sites
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Bypasses SOP to establish unauthorized WebSocket channels.

151. What is "ISO 27045" standard?

  • a) Security assessment of IoT systems
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Risk assessment framework for IoT devices/networks.

152. Which tool performs "Active Directory certificate attacks"?

  • a) Certify
  • b) Wireshark
  • c) Nmap
  • d) Burp Suite
Answer: A - Exploits misconfigured AD Certificate Services for privilege escalation.

153. What is "ISO 27050" standard?

  • a) Electronic discovery (eDiscovery)
  • b) Network security controls
  • c) Malware analysis
  • d) Cryptographic algorithms
Answer: A - Guidelines for handling digital evidence in legal proceedings.

154. Which attack exploits "SMB relay"?

  • a) Intercepting/replaying SMB authentication packets
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Captures NTLM hashes to authenticate to other systems.

155. What is "ISO 27099" standard?

  • a) PKI implementation for information security
  • b) Network segmentation
  • c) Malware detection
  • d) Physical security
Answer: A - Best practices for public key infrastructure deployment.

156. Which tool performs "Azure AD reconnaissance"?

  • a) ROADtools
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Dumps Azure AD objects (users, groups, roles) for attack path mapping.

157. What is "ISO 27100" standard?

  • a) Threat intelligence framework
  • b) Network penetration testing
  • c) Malware analysis
  • d) Firewall configuration
Answer: A - Guidelines for producing/consuming threat intelligence feeds.

158. Which attack exploits "Kerberos delegation"?

  • a) Abusing constrained/unconstrained delegation for lateral movement
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Compromised service accounts can impersonate users across systems.

159. What is "ISO 27101" standard?

  • a) Privacy enhancement for threat intelligence
  • b) Network security controls
  • c) Malware detection
  • d) Cryptographic protocols
Answer: A - Ensures PII protection in threat intelligence sharing.

160. Which header prevents "Cross-Origin Resource Policy" (CORP) bypasses?

  • a) Cross-Origin-Resource-Policy
  • b) Content-Security-Policy
  • c) X-Frame-Options
  • d) Strict-Transport-Security
Answer: A - Cross-Origin-Resource-Policy: same-site blocks cross-origin embeds.
« First 7 8 9 10 Last »
« Previous Page Next Page »

Ethical Hacking MCQs - Master Cybersecurity & Penetration Testing | PCBooks

🔐 Preparing for CEH, OSCP, or cybersecurity interviews? Get free practice MCQs covering ethical hacking, penetration testing, network security, and cyber defense. Perfect for:

🛡️ Ethical Hacking Fundamentals MCQs

👉 Footprinting & reconnaissance techniques
👉 Scanning networks (Nmap, Nessus)
👉 System hacking methodologies
👉 Social engineering attacks

💻 Penetration Testing MCQs

🎯 Web application security tests
- SQL injection and XSS vulnerabilities
- CSRF and session hijacking defenses
🎯 Network penetration strategies
- Firewall evasion techniques
- IDS/IPS bypass methods
🎯 Wireless security assessments

🔐 Cryptography & Security MCQs

👉 Symmetric vs asymmetric encryption
👉 SSL/TLS implementation
👉 PKI infrastructure concepts
👉 GDPR compliance requirements

🚀 Start Your Cybersecurity Practice

Ethical Hacking Practice Questions →

🏆 Trusted by 70,000+ cybersecurity aspirants for CEH, CISSP, and OSCP exam success!

ethical hacking multiple choice questions with answers PDF, Top 50 ethical hacking interview questions and answers, CEH v12 MCQ questions and answers, Basic ethical hacking quiz for beginners, OSCP interview questions and answers, Penetration testing MCQ questions, Cybersecurity multiple choice questions for beginners, Top 100 cybersecurity interview questions 2024, CISSP exam questions and answers PDF, Network security MCQ with explanations, Cybersecurity quiz for freshers, Security+ SY0-701 practice questions, Cryptography MCQ questions for interviews, Web application security interview questions, SOC analyst technical interview questions, Bug bounty hunter interview questions, Cloud security MCQ questions and answers, GDPR compliance interview questions, Free ethical hacking practice questions with answers, How to prepare for cybersecurity technical interview, Best websites for cybersecurity MCQs, Scenario-based ethical hacking interview questions, Difference between XSS and CSRF MCQ