Ethical Hacking MCQs | Enterprise & Cloud Security

Master your Certified Ethical Hacker (CEH) and OSCP exams with 300+ free penetration testing MCQs and interview questions.

CEH v12 Syllabus Penetration Testing Network Security Bug Bounty Prep
« First 8 9 10 11 Last »
« Previous Page Next Page »

161. What is "ISO 27102" standard?

  • a) Guidelines for cybersecurity framework implementation
  • b) Network penetration testing
  • c) Malware analysis
  • d) Firewall configuration
Answer: A - Provides methodology for adopting ISO 27001/27002 controls.

162. Which attack exploits "WebP image vulnerabilities"?

  • a) Memory corruption via malformed WebP files (e.g., CVE-2023-4863)
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Heap buffer overflow in libwebp library allows RCE.

163. What is "ISO 27103" standard?

  • a) Guidelines for cybersecurity measurement
  • b) Network segmentation
  • c) Malware detection
  • d) Cryptographic protocols
Answer: A - Metrics for evaluating cybersecurity control effectiveness.

164. Which tool performs "SAP security testing"?

  • a) SAPvader
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Identifies vulnerabilities in SAP systems (RFC interfaces, ABAP code).

165. What is "ISO 27110" standard?

  • a) Cybersecurity framework development guidelines
  • b) Network security controls
  • c) Malware analysis
  • d) Physical security
Answer: A - Helps organizations create tailored cybersecurity frameworks.

166. Which attack exploits "LLMNR/NBT-NS poisoning"?

  • a) Spoofing name resolution requests to capture NTLM hashes
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS cache poisoning
Answer: A - Responds to LLMNR/mDNS queries to intercept authentication attempts.

167. What is "ISO 27552" standard?

  • a) PII protection in ISO 27001 extensions
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Enhances ISO 27001 for privacy management (superseded by ISO 27701).

168. Which tool performs "SCADA system exploitation"?

  • a) Modbuspal
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Simulates Modbus/TCP attacks on industrial control systems.

169. What is "ISO 28000" standard?

  • a) Supply chain security management
  • b) Network security controls
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Secures logistics/supply chains against cyber-physical threats.

170. Which attack exploits "AD CS enrollment rights"?

  • a) Forging certificates via compromised enrollment agent permissions
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - ESC1/ESC2 vulnerabilities in Active Directory Certificate Services.

171. What is "ISO 31010" standard?

  • a) Risk assessment techniques
  • b) Network segmentation
  • c) Malware detection
  • d) Physical security
Answer: A - Companion to ISO 31000 with specific risk evaluation methods.

172. Which tool performs "Azure AD privilege escalation"?

  • a) MicroBurst
  • b) Nmap
  • c) Wireshark
  • d) Metasploit
Answer: A - Exploits misconfigured Azure roles, service principals, and OAuth apps.

173. What is "ISO 33000" series?

  • a) Process assessment standards
  • b) Network security controls
  • c) Malware analysis
  • d) Cryptographic algorithms
Answer: A - Includes SPICE (ISO 33020) for capability maturity evaluation.

174. Which attack exploits "GCP IAM privilege escalation"?

  • a) Abusing resource hierarchy permissions (e.g., org → project)
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Example: resourcemanager.projects.setIamPolicy misuse.

175. What is "ISO 37001" standard?

  • a) Anti-bribery management system
  • b) Network penetration testing
  • c) Malware detection
  • d) Firewall configuration
Answer: A - Mitigates bribery risks in procurement/vendor relationships.

176. Which tool performs "iOS application pentesting"?

  • a) Objection
  • b) Nmap
  • c) Wireshark
  • d) Burp Suite
Answer: A - Runtime mobile exploration toolkit for jailbroken iOS devices.

177. What is "ISO 37301" standard?

  • a) Compliance management system
  • b) Network security controls
  • c) Malware analysis
  • d) Cryptographic protocols
Answer: A - Replaces ISO 19600 for regulatory/legal compliance programs.

178. Which attack exploits "Azure Storage SAS tokens"?

  • a) Accessing storage blobs/containers via leaked shared access signatures
  • b) SQL injection
  • c) Cross-site scripting
  • d) DNS spoofing
Answer: A - Over-permissive SAS tokens grant unintended data access.

179. What is "ISO 38500" standard?

  • a) IT governance framework
  • b) Network segmentation
  • c) Malware detection
  • d) Physical security
Answer: A - Guides executive decision-making on IT investments/risks.

180. Which header prevents "Cross-Origin-Resource-Sharing (CORS) misconfigurations"?

  • a) Access-Control-Allow-Origin
  • b) Content-Security-Policy
  • c) X-Frame-Options
  • d) Strict-Transport-Security
Answer: A - Restricts origins allowed to access resources (e.g., Access-Control-Allow-Origin: https://trusted.com).
« First 8 9 10 11 Last »
« Previous Page Next Page »

Ethical Hacking MCQs - Master Cybersecurity & Penetration Testing | PCBooks

🔐 Preparing for CEH, OSCP, or cybersecurity interviews? Get free practice MCQs covering ethical hacking, penetration testing, network security, and cyber defense. Perfect for:

🛡️ Ethical Hacking Fundamentals MCQs

👉 Footprinting & reconnaissance techniques
👉 Scanning networks (Nmap, Nessus)
👉 System hacking methodologies
👉 Social engineering attacks

💻 Penetration Testing MCQs

🎯 Web application security tests
- SQL injection and XSS vulnerabilities
- CSRF and session hijacking defenses
🎯 Network penetration strategies
- Firewall evasion techniques
- IDS/IPS bypass methods
🎯 Wireless security assessments

🔐 Cryptography & Security MCQs

👉 Symmetric vs asymmetric encryption
👉 SSL/TLS implementation
👉 PKI infrastructure concepts
👉 GDPR compliance requirements

🚀 Start Your Cybersecurity Practice

Ethical Hacking Practice Questions →

🏆 Trusted by 70,000+ cybersecurity aspirants for CEH, CISSP, and OSCP exam success!

ethical hacking multiple choice questions with answers PDF, Top 50 ethical hacking interview questions and answers, CEH v12 MCQ questions and answers, Basic ethical hacking quiz for beginners, OSCP interview questions and answers, Penetration testing MCQ questions, Cybersecurity multiple choice questions for beginners, Top 100 cybersecurity interview questions 2024, CISSP exam questions and answers PDF, Network security MCQ with explanations, Cybersecurity quiz for freshers, Security+ SY0-701 practice questions, Cryptography MCQ questions for interviews, Web application security interview questions, SOC analyst technical interview questions, Bug bounty hunter interview questions, Cloud security MCQ questions and answers, GDPR compliance interview questions, Free ethical hacking practice questions with answers, How to prepare for cybersecurity technical interview, Best websites for cybersecurity MCQs, Scenario-based ethical hacking interview questions, Difference between XSS and CSRF MCQ