Cloud Computing for Certified Ethical Hacker (CEH)

Sample Practice Questions

1. Question 1

   During your reconnaissance on a public cloud service used by a target company, what is a legitimate and ethical way to gather information about their configuration?
   1. A. Accessing misconfigured storage buckets
   2. B. Reviewing publicly available security policies
   3. C. Attempting to exploit cloud service vulnerabilities
   4. D. Phishing cloud service administrators
   Explanation

   The correct answer is: B. Reviewing publicly available security policies.

   Legitimate and ethical reconnaissance uses only public, authorized sources. Reviewing publicly available security policies (B)--e.g., the provider--s documentation, shared responsibility model, compliance pages, and the target--s published security or privacy policies--gives you information about how the service is configured and used without accessing or attacking anything. Accessing misconfigured storage buckets (A) is unauthorized access to the target--s resources, even if they are misconfigured; it is not --legitimate and ethical-- without explicit permission. Exploiting vulnerabilities (C) and phishing administrators (D) are active attacks and are not ethical recon. For legitimate and ethical gathering of information about a target--s cloud configuration, reviewing publicly available security policies is the correct approach.

2. Question 2

   During a penetration test of a cloud-hosted service, you want to verify if the cloud provider's firewall rules are effectively blocking unauthorized traffic. Which method should you use to test this?
   1. A. Deploy a malformed packet attack to test firewall robustness.
   2. B. Run a traceroute to identify potential network paths.
   3. C. Perform a port scan from outside the cloud environment.
   4. D. Analyze application logs for unauthorized access attempts.
   Explanation

   The correct answer is: C. Perform a port scan from outside the cloud environment..

   To verify that firewall rules are blocking unauthorized traffic, you need to attempt connections to the cloud service from outside the allowed scope and see what is blocked vs. allowed. A port scan from outside the cloud environment (C) does exactly that: you scan from the internet (or another unauthorized segment) and check which ports respond; blocked ports will not respond or will be filtered, so you can confirm the firewall is effective. Malformed packet attack (A) tests resilience to abuse, not --blocking unauthorized traffic-- in the usual sense. Traceroute (B) shows path and latency, not which traffic is blocked. Application logs (D) may show attempts after the fact but do not actively test the firewall. For testing whether the cloud firewall is blocking unauthorized traffic, performing a port scan from outside the cloud environment is the appropriate method.

3. Question 3

   A company's cloud storage buckets are publicly accessible, which might expose sensitive data. What immediate action should you recommend to the company to mitigate this risk?
   1. A. Enable encryption for all data stored in the buckets.
   2. B. Restrict access to the buckets using IAM policies.
   3. C. Implement a data loss prevention (DLP) system.
   4. D. Configure logging to monitor access to the buckets.
   Explanation

   The correct answer is: B. Restrict access to the buckets using IAM policies..

   Publicly accessible buckets mean anyone on the internet can read (or write) data; the immediate fix is to stop public access. Restricting access using IAM policies (B)--e.g., removing public read/write, allowing only authorized principals--directly closes the exposure and is the immediate action to recommend. Encryption (A) protects data at rest but does not stop someone with access from reading it; if the bucket is public, encrypted data can still be downloaded and attacked. DLP (C) and logging (D) are useful for monitoring and policy but do not by themselves remove public access. First stop the exposure by restricting access with IAM policies, then add encryption, logging, and DLP as needed.

4. Question 4

   What is a primary benefit of using a cloud-based Web Application Firewall (WAF)?
   1. A. Increased latency
   2. B. Automated malware removal
   3. C. Protection against SQL injection and XSS attacks
   4. D. Unrestricted access to all users
   Explanation

   The correct answer is: C. Protection against SQL injection and XSS attacks.

   A Web Application Firewall (WAF) inspects HTTP/HTTPS traffic and blocks or mitigates common web attacks, including SQL injection and Cross-Site Scripting (XSS). So a primary benefit of a cloud-based WAF is protection against SQL injection and XSS attacks (C). Increased latency (A) is a possible downside, not a benefit. Automated malware removal (B) is more associated with endpoint or email security, not the main function of a WAF. Unrestricted access (D) is the opposite of what a WAF does. The main benefit of a WAF is application-layer protection (e.g., SQLi, XSS, and other OWASP Top 10--style attacks).

5. Question 5

   While performing a security assessment on a cloud infrastructure, you need to ensure that all data in transit is encrypted. Which method would be most effective?
   1. A. Using VPN tunnels
   2. B. Implementing a firewall
   3. C. Disabling unused ports
   4. D. Enabling multi-factor authentication
   Explanation

   The correct answer is: A. Using VPN tunnels.

   Data in transit is data moving between systems (e.g., client to cloud, cloud to cloud, or between regions). To ensure it is encrypted, you need encryption in transit. VPN tunnels (A) create encrypted channels (e.g., IPsec, TLS) so all traffic inside the tunnel is encrypted; they are a standard way to protect data in transit for cloud and hybrid connectivity. Firewall (B) and disabling unused ports (C) control access and reduce attack surface but do not encrypt traffic. MFA (D) strengthens authentication, not encryption of data in transit. For ensuring all data in transit is encrypted in a cloud assessment, using VPN tunnels (or TLS for application traffic) is the most effective method among the options.

Other Certified Ethical Hacker (CEH) domains

• Cryptography (14 questions)
• Information Security and Ethical Hacking Overview (33 questions)
• Mobile, IOT and OT Hacking (14 questions)
• Network and Perimeter Hacking (47 questions)
• Reconnaissance Techniques (24 questions)
• System Hacking Phases (14 questions)
• Web Application Hacking (44 questions)
• Wireless Network Hacking (27 questions)