Cloud Penetration Testing - Assessing Cloud Security - MCQ Questions

1. What is the primary objective of cloud penetration testing?

A) To break into cloud infrastructure
B) To identify and remediate security weaknesses in cloud environments
C) To disrupt cloud services for testing resilience
D) To evaluate compliance with cloud provider SLAs

✅ Answer: B) To identify and remediate security weaknesses in cloud environments
📖 Explanation: The main goal of cloud penetration testing is to detect vulnerabilities in cloud infrastructure and applications while ensuring compliance with security best practices.

2. Which cloud service model requires the customer to manage the operating system and applications while the provider manages networking and storage?

A) SaaS
B) PaaS
C) IaaS
D) FaaS

✅ Answer: C) IaaS
📖 Explanation: In Infrastructure as a Service (IaaS), the cloud provider manages hardware, storage, and networking, while the customer is responsible for OS, applications, and security.

3. What is a key challenge in cloud penetration testing compared to on-premise testing?

A) Lack of automated tools
B) Limited permission due to cloud provider policies
C) Cloud environments are immune to security vulnerabilities
D) No need for penetration testing in cloud environments

✅ Answer: B) Limited permission due to cloud provider policies
📖 Explanation: Most cloud providers restrict pentesting activities to prevent abuse, requiring organizations to request approval or use approved testing guidelines.

4. Which attack method is commonly used to test cloud storage security?

A) SQL Injection
B) Privilege Escalation
C) Man-in-the-Middle (MITM) Attack
D) Bucket Enumeration

✅ Answer: D) Bucket Enumeration
📖 Explanation: Bucket enumeration helps identify misconfigured cloud storage buckets (e.g., AWS S3, Azure Blob, GCP Storage), exposing sensitive data.

5. What does SSRF (Server-Side Request Forgery) exploit in cloud environments?

A) Client-side application vulnerabilities
B) Unpatched operating system
C) Improper access control to internal services
D) Outdated TLS certificates

✅ Answer: C) Improper access control to internal services
📖 Explanation: SSRF attacks occur when an attacker tricks a vulnerable cloud application into accessing internal metadata services, exposing credentials and secrets.

6. What type of credentials are often targeted in cloud penetration testing?

A) API keys and IAM credentials
B) Usernames and passwords
C) SSH private keys
D) Database passwords

✅ Answer: A) API keys and IAM credentials
📖 Explanation: Cloud IAM (Identity and Access Management) credentials and API keys are primary targets as they grant access to cloud services and infrastructure.

7. Which of the following tools is commonly used for cloud security assessment?

A) Nikto
B) CloudSploit
C) Hydra
D) WPScan

✅ Answer: B) CloudSploit
📖 Explanation: CloudSploit is a security scanning tool that helps identify misconfigurations in AWS, Azure, and GCP environments.

8. In AWS, which service provides security best practices and compliance reports?

A) AWS Config
B) AWS Inspector
C) AWS Shield
D) AWS CloudTrail

✅ Answer: A) AWS Config
📖 Explanation: AWS Config helps assess, audit, and evaluate cloud resource configurations to ensure compliance with security best practices.

9. What security risk is associated with cloud metadata services (e.g., AWS EC2 Metadata Service)?

A) Denial-of-Service (DoS)
B) Data encryption failures
C) SSRF exploitation leading to credential leakage
D) Keylogging

✅ Answer: C) SSRF exploitation leading to credential leakage
📖 Explanation: If an application is vulnerable to SSRF, an attacker can access the cloud instance metadata service, exposing credentials and other sensitive data.

10. What technique can help prevent cloud-based privilege escalation attacks?

A) Disabling multi-factor authentication
B) Using overly permissive IAM roles
C) Implementing the principle of least privilege
D) Enabling public access to cloud instances

✅ Answer: C) Implementing the principle of least privilege
📖 Explanation: Least privilege access ensures that users and services only have the minimum necessary permissions, reducing the risk of privilege escalation.

11. Which cloud penetration testing approach simulates an attacker with internal access to cloud services?

A) Black-box testing
B) White-box testing
C) Grey-box testing
D) Fuzz testing

✅ Answer: C) Grey-box testing
📖 Explanation: Grey-box testing assumes partial knowledge and access, simulating an insider threat or compromised account scenario.

12. What cloud security feature prevents unauthorized cross-region data transfers?

A) Virtual Private Cloud (VPC)
B) Firewall rules
C) Data Loss Prevention (DLP)
D) Cloud Storage Snapshots

✅ Answer: C) Data Loss Prevention (DLP)
📖 Explanation: DLP solutions monitor and restrict sensitive data transfers to prevent unauthorized data exfiltration across regions.

13. What is an effective way to test for misconfigured cloud storage permissions?

A) Running port scans
B) Testing public access permissions on storage buckets
C) Deploying phishing campaigns
D) Brute-forcing SSH passwords

✅ Answer: B) Testing public access permissions on storage buckets
📖 Explanation: Cloud storage misconfigurations can expose sensitive data. Security testers check ACL settings, public access, and anonymous read permissions.

14. What does “cloud provider shared responsibility model” mean?

A) Cloud providers handle all security aspects
B) Customers handle all security configurations
C) Security is shared between the cloud provider and customer
D) Cloud providers guarantee 100% security

✅ Answer: C) Security is shared between the cloud provider and customer
📖 Explanation: Cloud security follows a shared responsibility model, where the provider secures the infrastructure, and customers secure their configurations, data, and access controls.

15. Which method helps detect cloud workload vulnerabilities?

A) Cloud logging & monitoring
B) Installing antivirus
C) Phishing awareness training
D) Disabling firewall rules

✅ Answer: A) Cloud logging & monitoring
📖 Explanation: Continuous monitoring with cloud logging tools (AWS CloudTrail, Azure Sentinel, GCP Cloud Logging) helps detect threats and misconfigurations.

16. What is a common cloud misconfiguration that attackers exploit?

A) Weak encryption algorithms
B) Exposed IAM policies with excessive permissions
C) Secure shell (SSH) access
D) Logging all API requests

✅ Answer: B) Exposed IAM policies with excessive permissions
📖 Explanation: Attackers often exploit overly permissive IAM roles to escalate privileges and access sensitive resources.

17. What penetration testing restriction do cloud providers enforce?

A) No security testing allowed
B) Pentesting is allowed but requires approval
C) All security testing must be manual
D) Only third-party firms can perform testing

✅ Answer: B) Pentesting is allowed but requires approval
📖 Explanation: Major cloud providers require prior approval for pentesting to prevent abuse and avoid service disruptions.

18. Which service provides encryption key management in cloud environments?

A) AWS KMS / Azure Key Vault
B) Cloud Storage Buckets
C) IAM Roles
D) DNS Firewall

✅ Answer: A) AWS KMS / Azure Key Vault
📖 Explanation: Cloud Key Management Services (KMS) help secure sensitive data by managing encryption keys.

19. What is the primary risk associated with misconfigured cloud identity federation?

A) Increased API latency
B) Unauthorized access via SSO (Single Sign-On)
C) Higher cloud storage costs
D) Inability to create new IAM roles

✅ Answer: B) Unauthorized access via SSO (Single Sign-On)
📖 Explanation: Misconfigured identity federation can allow unauthorized users to gain access to cloud resources by exploiting weak authentication policies.

20. Which of the following could lead to an insecure cloud container environment?

A) Enforcing RBAC (Role-Based Access Control)
B) Using outdated container images with known vulnerabilities
C) Encrypting container logs
D) Disabling root user access

✅ Answer: B) Using outdated container images with known vulnerabilities
📖 Explanation: Using outdated or unpatched container images increases the risk of exploitable vulnerabilities in cloud environments.

21. In cloud pentesting, what is the primary purpose of a reconnaissance phase?

A) Exploiting cloud services
B) Gathering information on cloud assets and configurations
C) Deleting cloud logs
D) Establishing persistence in the cloud environment

✅ Answer: B) Gathering information on cloud assets and configurations
📖 Explanation: The reconnaissance phase involves enumerating public cloud resources, scanning for open ports, and identifying misconfigurations before launching attacks.

22. Which security risk is associated with excessive permissions in cloud IAM policies?

A) Increased storage costs
B) Privilege escalation and data exfiltration
C) Slower performance of cloud services
D) Automatic revocation of permissions

✅ Answer: B) Privilege escalation and data exfiltration
📖 Explanation: Overly permissive IAM policies can allow attackers to escalate privileges and gain unauthorized access to sensitive data.

23. What tool is commonly used to check AWS IAM policy misconfigurations?

A) Burp Suite
B) ScoutSuite
C) Wireshark
D) Nmap

✅ Answer: B) ScoutSuite
📖 Explanation: ScoutSuite is an open-source cloud security auditing tool that helps detect misconfigured IAM roles, S3 bucket permissions, and security groups.

24. How can an attacker exploit a misconfigured AWS Lambda function?

A) Using brute-force SSH attacks
B) Injecting malicious payloads via event triggers
C) Disabling IAM authentication
D) Changing firewall rules

✅ Answer: B) Injecting malicious payloads via event triggers
📖 Explanation: Attackers can exploit vulnerable Lambda functions by sending malicious event payloads that execute arbitrary code.

25. What cloud security misconfiguration can lead to unrestricted outbound traffic?

A) Public S3 bucket access
B) Overly permissive security group rules
C) Enabling Multi-Factor Authentication (MFA)
D) Using a Web Application Firewall (WAF)

✅ Answer: B) Overly permissive security group rules
📖 Explanation: Misconfigured security groups allowing unrestricted outbound traffic can lead to data exfiltration.

26. What does an attacker achieve by exploiting an open database instance in the cloud?

A) SQL Injection
B) Unauthorized access and data theft
C) Reduced database performance
D) Automated backups

✅ Answer: B) Unauthorized access and data theft
📖 Explanation: Publicly exposed cloud databases allow attackers to exfiltrate, modify, or delete sensitive data.

27. Which security measure is most effective in preventing privilege escalation in cloud environments?

A) Encrypting API requests
B) Implementing least privilege access control
C) Using cloud auto-scaling
D) Blocking outbound traffic

✅ Answer: B) Implementing least privilege access control
📖 Explanation: Applying least privilege access ensures that users only have necessary permissions, reducing the risk of privilege escalation.

28. What attack technique can exploit misconfigured serverless functions in the cloud?

A) Remote Code Execution (RCE)
B) MAC Address Spoofing
C) SYN Flood Attack
D) Keylogging

✅ Answer: A) Remote Code Execution (RCE)
📖 Explanation: Serverless functions (AWS Lambda, Azure Functions) can be exploited if they process unvalidated inputs, leading to RCE.

29. How can an attacker exploit cloud logging misconfigurations?

A) Gaining persistence
B) Extracting sensitive credentials from logs
C) Launching DoS attacks
D) Generating random API requests

✅ Answer: B) Extracting sensitive credentials from logs
📖 Explanation: Misconfigured cloud logging may store hardcoded API keys, passwords, and tokens, which attackers can extract.

30. What is the best way to secure API endpoints in cloud environments?

A) Disabling authentication
B) Using API Gateways with rate limiting and authentication
C) Exposing all APIs publicly
D) Allowing direct database queries from APIs

✅ Answer: B) Using API Gateways with rate limiting and authentication
📖 Explanation: API Gateways provide authentication, rate limiting, and logging, which helps secure cloud APIs.

31. What is a common misconfiguration that can expose cloud DNS records?

A) Unencrypted S3 buckets
B) Publicly accessible DNS zones
C) Using container orchestration
D) Enabling TLS

✅ Answer: B) Publicly accessible DNS zones
📖 Explanation: Misconfigured DNS zones in AWS Route 53, Azure DNS, or GCP DNS can expose subdomains, internal IPs, and records to attackers.

32. What is an effective way to detect cloud security threats in real-time?

A) Manual security testing
B) Cloud-native SIEM solutions
C) Running port scans every month
D) Disabling logging

✅ Answer: B) Cloud-native SIEM solutions
📖 Explanation: SIEM (Security Information and Event Management) solutions provide real-time threat detection in cloud environments.

33. How do attackers abuse cloud auto-scaling services?

A) Bypassing IAM policies
B) Launching resource exhaustion attacks
C) Disabling encryption
D) Modifying billing accounts

✅ Answer: B) Launching resource exhaustion attacks
📖 Explanation: Attackers can send excessive API requests, triggering auto-scaling, leading to high cloud bills (also known as cryptojacking attacks).

34. What is an effective measure against cloud account takeover attacks?

A) Using Multi-Factor Authentication (MFA)
B) Sharing cloud credentials securely
C) Disabling firewall rules
D) Disabling logging

✅ Answer: A) Using Multi-Factor Authentication (MFA)
📖 Explanation: MFA prevents account takeover even if an attacker steals passwords.

35. Which AWS service helps prevent Distributed Denial-of-Service (DDoS) attacks?

A) AWS Config
B) AWS Shield
C) AWS IAM
D) AWS Lambda

✅ Answer: B) AWS Shield
📖 Explanation: AWS Shield protects against DDoS attacks by mitigating large-scale traffic spikes.

36. What cloud storage misconfiguration leads to ransomware attacks?

A) Publicly writable storage buckets
B) Enabling cloud backups
C) Using encryption
D) Disabling IAM logging

✅ Answer: A) Publicly writable storage buckets
📖 Explanation: Attackers can upload malicious scripts to publicly writable storage, leading to ransomware infections.

37. What security risk arises when cloud instance metadata is exposed to attackers?

A) Data loss prevention failure
B) Leakage of IAM credentials and sensitive configurations
C) Increased cloud compute costs
D) Denial-of-Service (DoS) on API endpoints

✅ Answer: B) Leakage of IAM credentials and sensitive configurations
📖 Explanation: If metadata services (e.g., AWS EC2 metadata service, GCP metadata) are exposed, attackers can extract temporary credentials, tokens, and sensitive settings, leading to privilege escalation.

38. Which of the following is a method used to bypass cloud firewall rules?

A) Social engineering
B) Tunneling through allowed outbound ports
C) Using encrypted S3 storage
D) Enabling multi-factor authentication

✅ Answer: B) Tunneling through allowed outbound ports
📖 Explanation: Attackers bypass cloud firewall restrictions by using SSH tunnels, DNS tunneling, or VPN traffic over allowed ports to establish hidden communication channels.

39. What cloud security risk arises from using default cloud service credentials?

A) Reduced latency for cloud services
B) Increased risk of unauthorized access and privilege escalation
C) Improved data redundancy
D) Automated scaling of cloud resources

✅ Answer: B) Increased risk of unauthorized access and privilege escalation
📖 Explanation: Default credentials are often weak and well-known, allowing attackers to easily gain access and escalate privileges.

40. How can an attacker perform data exfiltration from a compromised cloud instance?

A) Using slow HTTP requests
B) Sending sensitive data via cloud storage, DNS, or covert channels
C) Performing a brute-force attack on IAM users
D) Enumerating cloud bucket permissions

✅ Answer: B) Sending sensitive data via cloud storage, DNS, or covert channels
📖 Explanation: Data exfiltration techniques include uploading stolen data to external storage (S3, Azure Blob, GCP Buckets), abusing DNS exfiltration, or using hidden HTTP requests.

41. What security mechanism ensures that cloud logs are immutable?

A) Encryption at rest
B) Enabling write-once, read-many (WORM) storage
C) Disabling logging for security events
D) Using private IP ranges for cloud logging

✅ Answer: B) Enabling write-once, read-many (WORM) storage
📖 Explanation: WORM storage prevents logs from being deleted or altered, ensuring log integrity for security investigations.

42. How do attackers exploit weak IAM policies in cloud environments?

A) Conducting port scans on cloud instances
B) Gaining unauthorized access via over-permissive IAM roles
C) Sniffing network traffic
D) Exploiting TLS misconfigurations

✅ Answer: B) Gaining unauthorized access via over-permissive IAM roles
📖 Explanation: Weak IAM policies grant attackers excessive permissions, leading to privilege escalation and lateral movement.

43. What tool is commonly used to identify cloud storage bucket misconfigurations?

A) Metasploit
B) TruffleHog
C) GCPBucketBrute
D) John the Ripper

✅ Answer: C) GCPBucketBrute
📖 Explanation: GCPBucketBrute is used to enumerate and identify publicly accessible or misconfigured Google Cloud Storage buckets.

44. What is an effective way to prevent API abuse in cloud environments?

A) Disabling firewall rules
B) Implementing rate limiting and authentication mechanisms
C) Allowing unrestricted access to APIs
D) Using only serverless functions

✅ Answer: B) Implementing rate limiting and authentication mechanisms
📖 Explanation: Rate limiting and authentication prevent excessive API requests, brute-force attacks, and abuse of cloud services.

45. What is a risk of using hardcoded credentials in cloud applications?

A) Improved performance of cloud APIs
B) Increased risk of credentials being exposed in public repositories
C) Faster authentication requests
D) Lower cloud billing costs

✅ Answer: B) Increased risk of credentials being exposed in public repositories
📖 Explanation: Hardcoded credentials can be accidentally exposed in public GitHub repositories, allowing attackers to steal API keys and secrets.

46. What type of attack involves compromising a cloud compute instance to mine cryptocurrency?

A) Web scraping
B) Cryptojacking
C) SQL Injection
D) DNS Spoofing

✅ Answer: B) Cryptojacking
📖 Explanation: Cryptojacking is an attack where compromised cloud instances are used to mine cryptocurrency, leading to high compute costs.

47. Which AWS service helps detect security threats using machine learning?

A) AWS Config
B) AWS Macie
C) AWS Glue
D) AWS Lambda

✅ Answer: B) AWS Macie
📖 Explanation: AWS Macie leverages machine learning to detect sensitive data exposure, data exfiltration, and insider threats.

48. What is a key indicator of a potential cloud privilege escalation attack?

A) Large number of failed authentication attempts
B) High CPU usage on compute instances
C) Increased outbound network traffic
D) Cloud billing alerts for excessive storage usage

✅ Answer: A) Large number of failed authentication attempts
📖 Explanation: Repeated failed login attempts suggest attackers may be brute-forcing IAM roles or API keys to gain elevated access.

49. What security risk arises from public write access on an S3 bucket?

A) Attackers can delete or modify stored data
B) Cloud cost increases due to auto-scaling
C) IAM user password resets
D) Increased latency in accessing objects

✅ Answer: A) Attackers can delete or modify stored data
📖 Explanation: Public write access on S3 allows attackers to upload malicious files, delete existing content, or overwrite critical configurations.

50. How can an attacker bypass cloud-based Web Application Firewalls (WAFs)?

A) Using obfuscated payloads or encoded attack vectors
B) Encrypting database backups
C) Performing internal vulnerability scans
D) Using cloud storage for application logs

✅ Answer: A) Using obfuscated payloads or encoded attack vectors
📖 Explanation: Attackers bypass WAFs by obfuscating attack payloads, using encoding techniques (e.g., Base64, URL encoding), or leveraging zero-day WAF bypass techniques.

Final Thoughts

That’s 50 Cloud Penetration Testing MCQs 🔥 with detailed explanations to help cybersecurity professionals enhance their cloud security knowledge. 🚀

Do you want:

More advanced scenario-based questions?
Hands-on exercises to complement these MCQs?
A structured quiz format for your blog with scoring & leaderboards?

Let me know how you’d like to expand this section! 💡

You said:

Nice, now add more question here from 51-70, don’t repete previous question

ChatGPT said:

Here are MCQs 51-70 for Cloud Penetration Testing – Assessing Cloud Security, ensuring no repetition from previous questions.

51. What is the primary concern when using cloud-based shared resources?

A) Increased latency in application performance
B) Data leakage through multi-tenancy vulnerabilities
C) Higher cost of cloud service subscriptions
D) Slow backup processes

✅ Answer: B) Data leakage through multi-tenancy vulnerabilities
📖 Explanation: Multi-tenancy in cloud computing allows multiple customers to share the same hardware and software, increasing the risk of data leakage if isolation controls fail.

52. Which cloud misconfiguration is most commonly exploited in credential stuffing attacks?

A) Publicly exposed IAM roles
B) Use of default API rate limits
C) Weak password policies and lack of MFA
D) Excessive encryption of cloud data

✅ Answer: C) Weak password policies and lack of MFA
📖 Explanation: Credential stuffing relies on weak password policies and reused credentials. Lack of MFA (Multi-Factor Authentication) makes it easier for attackers to gain unauthorized access.

53. How can an attacker exploit an improperly configured cloud storage CDN?

A) By injecting malicious JavaScript via stored XSS
B) By uploading malware disguised as media files
C) By redirecting legitimate users to phishing sites
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: A misconfigured cloud CDN (Content Delivery Network) can be exploited in multiple ways, including stored XSS injection, malware hosting, and phishing attacks.

54. What type of attack targets weak object storage policies in cloud environments?

A) Directory Traversal
B) Man-in-the-Middle (MITM)
C) Bucket Enumeration
D) ICMP Tunneling

✅ Answer: C) Bucket Enumeration
📖 Explanation: Bucket enumeration is used to identify publicly accessible or weakly protected cloud storage buckets (AWS S3, Azure Blob, GCP Storage).

55. How can an attacker escalate privileges in a cloud Kubernetes environment?

A) Exploiting container escape vulnerabilities
B) Modifying IAM role policies
C) Abusing Kubernetes Role-Based Access Control (RBAC) misconfigurations
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: Privilege escalation in Kubernetes can occur through container escapes, overly permissive IAM roles, or weak RBAC configurations.

56. What cloud logging misconfiguration can help attackers hide their activities?

A) Enabling excessive logging
B) Disabling CloudTrail or Audit Logs
C) Using real-time log analysis
D) Encrypting cloud logs at rest

✅ Answer: B) Disabling CloudTrail or Audit Logs
📖 Explanation: Disabling logging services (AWS CloudTrail, Azure Monitor, GCP Logging) makes it harder to detect and trace attacker activities.

57. What technique can be used to bypass IAM role restrictions in AWS?

A) IAM Role Chaining
B) Using AWS Inspector
C) Enabling CloudFront
D) Logging out of all sessions

✅ Answer: A) IAM Role Chaining
📖 Explanation: IAM Role Chaining allows attackers to jump between multiple IAM roles to escalate privileges and gain unauthorized access.

58. What is a risk of using cloud-managed database services with default configurations?

A) Unpatched database vulnerabilities
B) Public exposure due to misconfigured access control
C) Weak encryption settings
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: Cloud-managed databases (e.g., AWS RDS, Azure SQL, GCP Cloud SQL) can be vulnerable if left with default settings, leading to public exposure, outdated security patches, or weak encryption.

59. How can attackers abuse misconfigured cloud SMTP services?

A) Sending phishing emails using the cloud provider’s email services
B) Hosting malicious DNS entries
C) Running botnet attacks
D) Launching SQL Injection attacks

✅ Answer: A) Sending phishing emails using the cloud provider’s email services
📖 Explanation: Misconfigured SMTP services can allow attackers to send phishing emails that appear legitimate, leading to credential theft and malware distribution.

60. What type of cloud attack involves unauthorized access to an exposed Redis or Memcached instance?

A) Cache Poisoning Attack
B) Cross-Site Request Forgery (CSRF)
C) Remote File Inclusion
D) DNS Spoofing

✅ Answer: A) Cache Poisoning Attack
📖 Explanation: Attackers can manipulate exposed Redis or Memcached instances to inject malicious data or execute unauthorized commands.

61. What is a critical security risk of using serverless functions in cloud environments?

A) Hardcoded credentials in function code
B) Lack of network segmentation
C) Event injection attacks
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: Serverless functions (AWS Lambda, Azure Functions, GCP Cloud Functions) can be exploited via hardcoded secrets, weak networking policies, or event-based injection attacks.

62. Which tool is commonly used to detect cloud misconfigurations?

A) Aircrack-ng
B) Prowler
C) WPScan
D) Snort

✅ Answer: B) Prowler
📖 Explanation: Prowler is an open-source security tool used to audit AWS environments for security misconfigurations.

63. What attack technique can be used against cloud-hosted GraphQL APIs?

A) Query batching attacks
B) NoSQL Injection
C) GraphQL introspection abuse
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: GraphQL APIs can be vulnerable to query batching, introspection abuse, and NoSQL injection, leading to data exfiltration or DoS attacks.

64. How can an attacker exploit misconfigured CORS policies in cloud environments?

A) Injecting malicious JavaScript to steal API responses
B) Running SQL queries
C) Disabling TLS encryption
D) Conducting subdomain enumeration

✅ Answer: A) Injecting malicious JavaScript to steal API responses
📖 Explanation: Misconfigured CORS (Cross-Origin Resource Sharing) policies allow attackers to steal API responses and sensitive data using cross-site attacks.

65. What risk arises from public access to cloud function triggers (e.g., AWS Lambda API Gateway)?

A) Denial-of-Service (DoS) attacks
B) Unauthorized function execution
C) API abuse and exploitation
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: Exposed function triggers can lead to DoS, API abuse, and unauthorized execution of serverless functions.

66. What attack abuses cloud IAM role trust relationships?

A) IAM Privilege Escalation
B) SQL Injection
C) Web Cache Poisoning
D) DNS Rebinding

✅ Answer: A) IAM Privilege Escalation
📖 Explanation: Weak IAM role trust policies can be exploited to escalate privileges and move laterally across cloud accounts.

67. What cloud feature can be abused to perform covert data exfiltration?

A) Cloud DNS Logs
B) Cloud Object Storage
C) Serverless Compute Logs
D) Cloud Billing API

✅ Answer: B) Cloud Object Storage
📖 Explanation: Attackers can exfiltrate sensitive data by hiding files inside cloud object storage (AWS S3, Azure Blob, GCP Storage) and retrieving them remotely.

68. How can attackers gain unauthorized access to cloud Kubernetes clusters?

A) Exploiting Kubernetes API server misconfigurations
B) Compromising container secrets
C) Using RBAC misconfigurations
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: Kubernetes security weaknesses include insecure API endpoints, leaked secrets, and misconfigured RBAC policies, allowing unauthorized access.

69. What is a major risk of cloud function timeouts in serverless applications?

A) Infinite loop execution leading to billing abuse
B) Automatic IAM role revocation
C) TLS encryption failures
D) Brute-force protection bypass

✅ Answer: A) Infinite loop execution leading to billing abuse
📖 Explanation: Attackers can trigger infinite loops in serverless functions, leading to excessive cloud costs.

70. Which cloud security tool can identify public S3 bucket exposures?

A) CloudMapper
B) John the Ripper
C) THC Hydra
D) Burp Suite

✅ Answer: A) CloudMapper
📖 Explanation: CloudMapper helps map AWS environments and detect publicly exposed cloud assets.

71. What is a major risk of using cloud-based Infrastructure as Code (IaC) templates without security reviews?

A) Misconfigured security group rules leading to exposure
B) Increased cloud resource costs
C) Slower deployment speeds
D) Unnecessary multi-factor authentication (MFA) enforcement

✅ Answer: A) Misconfigured security group rules leading to exposure
📖 Explanation: IaC templates (Terraform, CloudFormation) can accidentally deploy misconfigured security groups, IAM roles, or public storage buckets, increasing security risks.

72. How can an attacker abuse publicly exposed Docker container registries in the cloud?

A) Pulling and analyzing sensitive container images
B) Injecting malicious code into images
C) Running unauthorized workloads on the cloud infrastructure
D) All of the above

✅ Answer: D) All of the above
📖 Explanation: Exposed container registries allow attackers to download sensitive images, inject backdoors, and deploy malicious workloads.

73. What cloud security risk arises from not rotating IAM credentials regularly?

A) Credential exposure due to leaks or breaches
B) Increased CPU usage in cloud environments
C) Faster API response times
D) Automated security updates

✅ Answer: A) Credential exposure due to leaks or breaches
📖 Explanation: Long-lived IAM credentials are at higher risk of being leaked or brute-forced, leading to unauthorized access.

74. What is the main purpose of an AWS AssumeRole attack?

A) To escalate privileges by assuming another IAM role
B) To exploit SQL injection vulnerabilities
C) To perform denial-of-service (DoS) attacks
D) To steal SSL/TLS certificates

✅ Answer: A) To escalate privileges by assuming another IAM role
📖 Explanation: AssumeRole attacks exploit weak IAM role trust relationships, allowing attackers to gain elevated permissions.

75. What attack exploits misconfigured Azure Blob storage CORS settings?

A) XML External Entity (XXE) Injection
B) Cross-Origin Resource Sharing (CORS) Exploitation
C) TLS Downgrade Attack
D) HTTP Response Splitting

✅ Answer: B) Cross-Origin Resource Sharing (CORS) Exploitation
📖 Explanation: Weak CORS configurations allow attackers to steal API responses by injecting malicious JavaScript from unauthorized origins.

76. How can attackers compromise an AWS Lambda function with an insecure package dependency?

A) By injecting malicious code into the function’s dependencies
B) By modifying AWS IAM permissions
C) By launching DNS amplification attacks
D) By enabling HTTP Strict Transport Security (HSTS)

✅ Answer: A) By injecting malicious code into the function’s dependencies
📖 Explanation: Serverless functions often rely on third-party dependencies. If an attacker compromises a package, they can inject malicious code.

77. What cloud logging service helps track API activity in Google Cloud?

A) CloudWatch
B) CloudTrail
C) Cloud Audit Logs
D) Cloud Inspector

✅ Answer: C) Cloud Audit Logs
📖 Explanation: Google Cloud Audit Logs capture API activity, security events, and IAM changes, helping with security monitoring.

78. What is a key risk of weak IAM conditions in Google Cloud?

A) Allowing privilege escalation via overly broad IAM conditions
B) Disabling user authentication
C) Preventing cloud function execution
D) Disabling network monitoring

✅ Answer: A) Allowing privilege escalation via overly broad IAM conditions
📖 Explanation: IAM conditions define when a policy is enforced. Weak conditions can allow attackers to bypass access restrictions.

79. Which attack targets improperly configured cloud API Gateways?

A) API Rate Limit Bypass
B) Port Scanning
C) Network Spoofing
D) TLS Key Injection

✅ Answer: A) API Rate Limit Bypass
📖 Explanation: If cloud API rate limits are misconfigured, attackers can send a high number of requests, leading to DoS or data scraping attacks.

80. What is the main security risk of using weak encryption settings for cloud storage?

A) Cloud provider account suspension
B) Data leakage due to insecure cryptographic implementations
C) Increased API latency
D) Unauthorized cloud function execution

✅ Answer: B) Data leakage due to insecure cryptographic implementations
📖 Explanation: Weak encryption settings (e.g., using outdated ciphers or missing encryption keys) can allow attackers to decrypt sensitive cloud data.

81. How can attackers exploit cloud-based IAM role chaining?

A) By assuming multiple roles until reaching privileged access
B) By disabling IAM policies
C) By brute-forcing API keys
D) By sending phishing emails

✅ Answer: A) By assuming multiple roles until reaching privileged access
📖 Explanation: IAM role chaining allows attackers to escalate privileges by moving laterally through multiple assumed roles.

82. What tool can detect public cloud storage bucket exposures?

A) S3Scanner
B) Hashcat
C) Hydra
D) Nikto

✅ Answer: A) S3Scanner
📖 Explanation: S3Scanner is an open-source tool that helps identify public and misconfigured AWS S3 storage buckets.

83. What is a primary risk of using cloud-based Kubernetes clusters with default configurations?

A) Public exposure of the Kubernetes API server
B) Increased cloud costs
C) Enforced multi-factor authentication (MFA)
D) Reduced backup speeds

✅ Answer: A) Public exposure of the Kubernetes API server
📖 Explanation: If the Kubernetes API server is publicly accessible, attackers can attempt unauthorized access or exploit API vulnerabilities.

84. How can attackers perform lateral movement in multi-cloud environments?

A) Exploiting federated identity misconfigurations
B) Performing SQL Injection
C) Disabling encryption settings
D) Blocking DNS queries

✅ Answer: A) Exploiting federated identity misconfigurations
📖 Explanation: Weak identity federation settings allow attackers to move between cloud providers using compromised credentials.

85. What is an effective way to prevent AWS Lambda function abuse?

A) Implementing execution time limits and input validation
B) Disabling TLS encryption
C) Using outdated software libraries
D) Allowing unrestricted API requests

✅ Answer: A) Implementing execution time limits and input validation
📖 Explanation: Restricting execution times and validating input parameters help prevent abuse and resource exhaustion attacks.

86. Which attack can exploit misconfigured cloud message queues (e.g., AWS SQS, Azure Service Bus)?

A) Message Queue Poisoning
B) IP Spoofing
C) SQL Injection
D) Buffer Overflow

✅ Answer: A) Message Queue Poisoning
📖 Explanation: If an attacker gains access to cloud message queues, they can inject malicious messages, leading to queue poisoning attacks.

87. What attack abuses weak security group configurations in cloud environments?

A) Internal Port Scanning
B) Data Deduplication
C) Cloud Resource Scaling
D) Log Rotation

✅ Answer: A) Internal Port Scanning
📖 Explanation: Weak security group rules allow attackers to scan internal cloud networks, identifying vulnerable services.

88. What is a common technique for bypassing IAM permission restrictions in AWS?

A) Exploiting IAM Policy Privilege Escalation
B) Disabling security groups
C) Resetting cloud firewall rules
D) Using TLS downgrade attacks

✅ Answer: A) Exploiting IAM Policy Privilege Escalation
📖 Explanation: Attackers abuse weak IAM policies to gain unauthorized administrative access by leveraging privilege escalation tactics.

89. How can attackers exfiltrate data using misconfigured cloud DNS services?

A) DNS Tunneling
B) HTTP Header Injection
C) Cross-Site Scripting (XSS)
D) IP Spoofing

✅ Answer: A) DNS Tunneling
📖 Explanation: DNS Tunneling allows attackers to bypass network restrictions and exfiltrate data through encoded DNS queries.

90. What is a key risk of exposed cloud admin panels?

A) Unauthorized administrative access
B) Increased API response times
C) Reduced system logging
D) Faster cloud billing calculations

✅ Answer: A) Unauthorized administrative access
📖 Explanation: Exposed cloud admin panels allow attackers to brute-force credentials or exploit vulnerabilities to gain full control over cloud resources.

91. What attack targets cloud storage signed URLs with excessively long expiration times?

A) Persistent URL Hijacking
B) Replay Attacks
C) Insecure Direct Object References (IDOR)
D) DNS Spoofing

✅ Answer: B) Replay Attacks
📖 Explanation: Signed URLs allow temporary access to cloud storage objects. If their expiration time is too long, attackers can replay stolen URLs to gain unauthorized access.

92. How can an attacker abuse cloud serverless computing services for financial gain?

A) Cryptojacking
B) Password Spraying
C) Man-in-the-Middle (MITM) Attack
D) API Rate Limiting

✅ Answer: A) Cryptojacking
📖 Explanation: Cryptojacking involves exploiting cloud functions to mine cryptocurrency, leading to high cloud costs for the victim.

93. What is the primary security risk of overly permissive IAM role assumptions?

A) Unauthorized privilege escalation
B) Increased cloud billing costs
C) Improved API response times
D) Enhanced application performance

✅ Answer: A) Unauthorized privilege escalation
📖 Explanation: Overly permissive IAM roles can allow attackers to assume higher privileges, leading to full account compromise.

94. How can attackers exploit weak outbound network controls in cloud environments?

A) Data exfiltration using DNS tunneling
B) Reducing storage redundancy
C) Enabling multi-factor authentication
D) Slowing down API response times

✅ Answer: A) Data exfiltration using DNS tunneling
📖 Explanation: Weak outbound controls allow attackers to exfiltrate sensitive data using DNS tunneling techniques, bypassing security measures.

95. What is a common way to bypass cloud WAF (Web Application Firewall) protections?

A) Encoding payloads using Base64 or URL encoding
B) Disabling WAF rules manually
C) Modifying SSL/TLS settings
D) Enabling multi-factor authentication

✅ Answer: A) Encoding payloads using Base64 or URL encoding
📖 Explanation: Attackers obfuscate payloads using Base64, hex encoding, or URL encoding to bypass WAF signature-based detection.

96. What risk arises from enabling anonymous access to cloud-hosted Git repositories?

A) Exposure of hardcoded credentials, API keys, and sensitive code
B) Slower repository performance
C) Increased cloud computing costs
D) Automatic encryption of repository data

✅ Answer: A) Exposure of hardcoded credentials, API keys, and sensitive code
📖 Explanation: Publicly accessible Git repositories may contain hardcoded credentials, API keys, and proprietary code, leading to security breaches.

97. How do attackers exploit misconfigured cloud-based Elasticsearch clusters?

A) By injecting malicious search queries to exfiltrate sensitive data
B) By enabling auto-scaling
C) By blocking outgoing traffic
D) By modifying S3 bucket policies

✅ Answer: A) By injecting malicious search queries to exfiltrate sensitive data
📖 Explanation: Misconfigured Elasticsearch clusters with public access allow attackers to execute queries that extract sensitive data.

98. What is a major risk of exposing cloud environment metadata services to external users?

A) Leakage of IAM role credentials and instance details
B) Increased system performance
C) Faster API response times
D) Automatic log rotation

✅ Answer: A) Leakage of IAM role credentials and instance details
📖 Explanation: Cloud metadata services (e.g., AWS EC2 Instance Metadata, GCP Metadata Server) can be exploited via Server-Side Request Forgery (SSRF) to steal IAM credentials.

99. Which attack technique targets misconfigured cloud Object Storage policies?

A) Bucket Takeover Attack
B) Clickjacking
C) Memory Corruption
D) SQL Injection

✅ Answer: A) Bucket Takeover Attack
📖 Explanation: Attackers exploit misconfigured object storage policies (e.g., AWS S3, Azure Blob, GCP Buckets) to gain control over cloud storage resources.

100. How can attackers abuse cloud API misconfigurations?

A) By bypassing authentication using API key leaks
B) By slowing down API responses
C) By reducing cloud billing costs
D) By modifying encryption settings

✅ Answer: A) By bypassing authentication using API key leaks
📖 Explanation: If API keys are leaked, attackers can bypass authentication and directly interact with cloud services.

101. What is the impact of weak network ACL (Access Control List) rules in cloud environments?

A) Unauthorized inbound and outbound traffic exposure
B) Increased cloud cost due to network logging
C) Lower cloud instance performance
D) Improved cloud service availability

✅ Answer: A) Unauthorized inbound and outbound traffic exposure
📖 Explanation: Weak ACL rules can allow unauthorized network traffic, leading to data exfiltration and lateral movement.

102. What cloud security misconfiguration allows attackers to gain persistence?

A) Overly permissive IAM roles with self-modification privileges
B) Enabling multi-factor authentication
C) Encrypting all API requests
D) Reducing storage redundancy

✅ Answer: A) Overly permissive IAM roles with self-modification privileges
📖 Explanation: If an IAM role allows self-modification, attackers can persist in cloud environments by creating new access policies.

103. What is the main security risk of public-facing cloud database instances?

A) Unauthorized access and data breaches
B) Faster API response times
C) Improved scalability
D) Lower storage costs

✅ Answer: A) Unauthorized access and data breaches
📖 Explanation: Publicly exposed cloud databases (e.g., MongoDB, MySQL, PostgreSQL) are at risk of unauthorized access and data exfiltration.

104. How can attackers perform lateral movement in a multi-cloud environment?

A) Exploiting misconfigured federated identity settings
B) Running local privilege escalation scripts
C) Conducting phishing attacks
D) Brute-forcing cloud storage

✅ Answer: A) Exploiting misconfigured federated identity settings
📖 Explanation: Weak federated identity settings allow attackers to move between cloud providers using stolen credentials.

105. What is a major risk of exposing a cloud container registry without authentication?

A) Attackers can download or push malicious container images
B) Increased network latency
C) Slower encryption speeds
D) Cloud billing overuse

✅ Answer: A) Attackers can download or push malicious container images
📖 Explanation: Publicly accessible container registries allow attackers to pull sensitive container images or push malicious ones.

106. How can attackers exploit misconfigured cloud Kubernetes Role-Based Access Control (RBAC)?

A) By escalating privileges within the Kubernetes cluster
B) By modifying firewall rules
C) By deleting IAM roles
D) By disabling TLS encryption

✅ Answer: A) By escalating privileges within the Kubernetes cluster
📖 Explanation: Weak RBAC configurations can allow attackers to gain administrative access to Kubernetes clusters.

107. What cloud security misconfiguration can lead to unauthorized database access?

A) Publicly exposed database endpoints
B) TLS 1.2 enforcement
C) Enabling multi-factor authentication
D) Using infrastructure as code

✅ Answer: A) Publicly exposed database endpoints
📖 Explanation: Publicly exposed cloud databases are a common target for brute-force attacks and unauthorized data access.

108. What is a common way attackers steal API keys in cloud environments?

A) Searching public GitHub repositories for leaked credentials
B) Increasing storage redundancy
C) Disabling IAM role assumptions
D) Enabling data encryption

✅ Answer: A) Searching public GitHub repositories for leaked credentials
📖 Explanation: Attackers scan public repositories for accidentally leaked API keys, cloud credentials, and IAM tokens.

109. What is a major concern when using default cloud security groups?

A) Open inbound/outbound access to cloud resources
B) Reduced cloud costs
C) Increased system latency
D) Faster resource allocation

✅ Answer: A) Open inbound/outbound access to cloud resources
📖 Explanation: Default security groups often allow overly permissive inbound and outbound access, increasing attack risks.

110. What cloud pentesting technique identifies open storage buckets?

A) Bucket Enumeration
B) Cross-Site Request Forgery (CSRF)
C) TCP SYN Flood
D) DNS Poisoning

✅ Answer: A) Bucket Enumeration
📖 Explanation: Bucket enumeration is used to discover publicly accessible or misconfigured cloud storage buckets.

111. What is a key risk of using default VPC (Virtual Private Cloud) configurations in cloud environments?

A) Overly permissive inbound and outbound traffic rules
B) Faster API request processing
C) Reduced cloud storage costs
D) Automatic network isolation

✅ Answer: A) Overly permissive inbound and outbound traffic rules
📖 Explanation: Default VPC configurations often have permissive security group and ACL settings, allowing attackers to exploit open ports and weak network controls.

112. How can attackers exploit cloud-hosted CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI)?

A) Injecting malicious code into build scripts
B) Using excessive cloud storage
C) Increasing API rate limits
D) Blocking IAM policies

✅ Answer: A) Injecting malicious code into build scripts
📖 Explanation: Unsecured CI/CD pipelines can allow attackers to inject backdoors, steal secrets, or compromise production systems.

113. What is the primary impact of a cloud bucket takeover attack?

A) Data theft, modification, or deletion
B) Increased cloud service response times
C) Reduced cloud security group restrictions
D) Slower cloud database performance

✅ Answer: A) Data theft, modification, or deletion
📖 Explanation: Bucket takeover attacks occur when publicly exposed cloud storage buckets are misconfigured, allowing unauthorized users to access or modify data.

114. What type of attack abuses cloud-based message queue services (AWS SQS, Azure Service Bus)?

A) Queue Flooding Attack
B) Slowloris Attack
C) TCP SYN Flood
D) DNS Amplification

✅ Answer: A) Queue Flooding Attack
📖 Explanation: Queue flooding attacks occur when attackers send excessive messages to cloud message queues, leading to service disruption or cost escalation.

115. What is a common security risk of using Infrastructure as Code (IaC) tools without security validation?

A) Deployment of insecure configurations
B) Faster provisioning of cloud resources
C) Improved network segmentation
D) Enhanced cloud resource availability

✅ Answer: A) Deployment of insecure configurations
📖 Explanation: IaC tools (Terraform, CloudFormation, Ansible) can inadvertently deploy misconfigured security groups, public storage, or weak IAM policies if not validated.

116. How can attackers exploit unpatched cloud-hosted virtual machines?

A) By leveraging known vulnerabilities to gain remote access
B) By disabling cloud billing notifications
C) By enabling multi-factor authentication
D) By modifying API response times

✅ Answer: A) By leveraging known vulnerabilities to gain remote access
📖 Explanation: Unpatched virtual machines (EC2, GCE, Azure VM) are susceptible to exploitation using known CVEs (Common Vulnerabilities and Exposures).

117. What is a major risk of misconfigured Kubernetes network policies?

A) Unauthorized lateral movement within the cluster
B) Automatic enforcement of IAM policies
C) Slower container deployments
D) Increased API response times

✅ Answer: A) Unauthorized lateral movement within the cluster
📖 Explanation: Weak Kubernetes network policies can allow attackers to move laterally across pods, escalating privileges and accessing unauthorized workloads.

118. What cloud penetration testing technique is used to discover exposed API endpoints?

A) API Enumeration
B) DNS Spoofing
C) SQL Injection
D) ARP Poisoning

✅ Answer: A) API Enumeration
📖 Explanation: API enumeration involves mapping exposed cloud APIs, checking for misconfigurations, authentication flaws, and rate limit weaknesses.

119. What is the impact of weak session management in cloud applications?

A) Session hijacking and unauthorized account access
B) Reduced API rate limits
C) Faster application performance
D) Increased cloud billing efficiency

✅ Answer: A) Session hijacking and unauthorized account access
📖 Explanation: Weak session management can allow attackers to hijack valid user sessions and gain unauthorized access to cloud applications.

120. What cloud security measure helps prevent brute-force attacks on API endpoints?

A) Implementing API rate limiting and CAPTCHA
B) Disabling firewall rules
C) Encrypting storage volumes
D) Running cloud vulnerability scans

✅ Answer: A) Implementing API rate limiting and CAPTCHA
📖 Explanation: API rate limiting and CAPTCHA challenges prevent automated brute-force attacks on cloud authentication endpoints.

121. What is the primary purpose of cloud penetration testing reconnaissance?

A) Identifying publicly accessible cloud assets
B) Slowing down cloud response times
C) Enforcing IAM role restrictions
D) Reducing cloud storage costs

✅ Answer: A) Identifying publicly accessible cloud assets
📖 Explanation: The reconnaissance phase involves enumerating cloud services, scanning for open ports, and identifying misconfigurations before launching attacks.

122. What attack exploits weak cloud SAML (Security Assertion Markup Language) implementations?

A) SAML Token Hijacking
B) SQL Injection
C) DNS Amplification
D) Man-in-the-Browser

✅ Answer: A) SAML Token Hijacking
📖 Explanation: SAML vulnerabilities can allow attackers to forge authentication tokens, gaining unauthorized access to cloud services.

123. What cloud security feature protects against Distributed Denial-of-Service (DDoS) attacks?

A) Cloud-based WAF (Web Application Firewall)
B) Publicly accessible APIs
C) Weak IAM role policies
D) Open storage bucket permissions

✅ Answer: A) Cloud-based WAF (Web Application Firewall)
📖 Explanation: Cloud WAFs (e.g., AWS Shield, Azure WAF) help detect and mitigate DDoS attacks by filtering malicious traffic.

124. What is a common technique used in cloud enumeration attacks?

A) Searching for open cloud storage buckets
B) Implementing strong IAM policies
C) Disabling firewall rules
D) Encrypting API tokens

✅ Answer: A) Searching for open cloud storage buckets
📖 Explanation: Attackers enumerate cloud resources by scanning for misconfigured storage buckets, APIs, and DNS records.

125. What is a common method used to escalate privileges in cloud environments?

A) Exploiting overly permissive IAM roles
B) Implementing secure encryption algorithms
C) Disabling cloud security logging
D) Running API rate-limiting controls

✅ Answer: A) Exploiting overly permissive IAM roles
📖 Explanation: Attackers escalate privileges by abusing weak IAM policies that grant excessive permissions.

126. What cloud security misconfiguration can allow unauthorized SSH access?

A) Using default security group rules
B) Encrypting SSH keys
C) Implementing API authentication
D) Enabling TLS for cloud applications

✅ Answer: A) Using default security group rules
📖 Explanation: Default security groups may allow unrestricted inbound SSH (port 22) access, making it vulnerable to brute-force attacks.

127. What is an effective countermeasure against insider threats in cloud environments?

A) Implementing strict IAM least privilege access
B) Disabling cloud security monitoring
C) Allowing unrestricted data access
D) Reducing cloud resource availability

✅ Answer: A) Implementing strict IAM least privilege access
📖 Explanation: Least privilege IAM policies ensure that users only have the minimum necessary permissions, reducing insider threat risks.

128. What cloud vulnerability is commonly exploited in SSRF (Server-Side Request Forgery) attacks?

A) Cloud metadata API access
B) DNS cache poisoning
C) Cross-site scripting (XSS)
D) SQL Injection

✅ Answer: A) Cloud metadata API access
📖 Explanation: SSRF vulnerabilities allow attackers to query cloud metadata APIs, leading to credential theft and privilege escalation.

129. What cloud security tool helps identify IAM misconfigurations?

A) Prowler
B) John the Ripper
C) Hydra
D) SQLmap

✅ Answer: A) Prowler
📖 Explanation: Prowler is an AWS security assessment tool used to detect IAM misconfigurations, public S3 buckets, and security risks.

130. What is a common cloud misconfiguration that leads to excessive data exposure?

A) Public access to storage buckets
B) Enabling encryption for cloud logs
C) Enforcing strong IAM role policies
D) Enabling cloud firewall rules

✅ Answer: A) Public access to storage buckets
📖 Explanation: Misconfigured storage buckets (AWS S3, Azure Blob, GCP Storage) allow unauthorized data access, leading to breaches.

131. What is the primary risk of not enforcing MFA (Multi-Factor Authentication) for cloud admin accounts?

A) Increased risk of unauthorized access through credential theft
B) Faster authentication for administrators
C) Reduced cloud storage costs
D) Improved API response times

✅ Answer: A) Increased risk of unauthorized access through credential theft
📖 Explanation: Without MFA, compromised credentials can lead to full account takeover, allowing attackers to manipulate cloud resources.

132. What type of attack targets misconfigured cloud IAM trust relationships between different accounts?

A) Cross-Account Privilege Escalation
B) Man-in-the-Middle Attack
C) Cross-Site Request Forgery (CSRF)
D) DNS Cache Poisoning

✅ Answer: A) Cross-Account Privilege Escalation
📖 Explanation: If IAM trust relationships between accounts are misconfigured, attackers can assume higher privileges across multiple cloud accounts.

133. What cloud security misconfiguration allows attackers to run untrusted container images?

A) Lack of image signature verification
B) Enforced RBAC policies
C) Running containers with read-only access
D) Disabling auto-scaling

✅ Answer: A) Lack of image signature verification
📖 Explanation: Without image verification, attackers can inject malicious container images, leading to supply chain attacks and unauthorized code execution.

134. What type of attack leverages an open cloud database API without authentication?

A) Unauthenticated Data Scraping
B) Cross-Site Scripting (XSS)
C) Command Injection
D) TLS Downgrade Attack

✅ Answer: A) Unauthenticated Data Scraping
📖 Explanation: Publicly accessible cloud databases without authentication allow attackers to query, modify, or delete data.

135. How can an attacker maintain persistence in a cloud environment after initial compromise?

A) Creating unauthorized IAM users with elevated privileges
B) Running API rate-limiting policies
C) Enforcing cloud WAF protection
D) Enabling multi-factor authentication

✅ Answer: A) Creating unauthorized IAM users with elevated privileges
📖 Explanation: Attackers create new IAM users with administrative access to maintain control over cloud environments.

136. Which of the following can be used to detect unauthorized changes to cloud infrastructure?

A) Cloud Security Posture Management (CSPM)
B) Increasing storage size
C) Cloud auto-scaling
D) Disabling logging

✅ Answer: A) Cloud Security Posture Management (CSPM)
📖 Explanation: CSPM tools continuously monitor cloud configurations to detect security misconfigurations and unauthorized modifications.

137. What is a key risk of allowing public read access on cloud object storage (e.g., AWS S3)?

A) Exposure of sensitive files to unauthorized users
B) Slower object retrieval times
C) Reduced storage costs
D) Increased IAM role restrictions

✅ Answer: A) Exposure of sensitive files to unauthorized users
📖 Explanation: Public read access allows attackers to access sensitive data, leading to data breaches and compliance violations.

138. What cloud security tool is commonly used to audit Kubernetes configurations?

A) kube-bench
B) WPScan
C) Aircrack-ng
D) John the Ripper

✅ Answer: A) kube-bench
📖 Explanation: kube-bench checks Kubernetes clusters against CIS benchmarks, identifying misconfigurations and security issues.

139. How can attackers exploit a misconfigured cloud-based Redis instance?

A) By performing Remote Code Execution (RCE) via malicious commands
B) By injecting SQL queries
C) By running a phishing campaign
D) By modifying TLS certificates

✅ Answer: A) By performing Remote Code Execution (RCE) via malicious commands
📖 Explanation: Misconfigured Redis instances with open access allow attackers to execute arbitrary commands, leading to RCE and data theft.

140. What security risk is associated with cloud-based API keys hardcoded in applications?

A) Unauthorized access if API keys are exposed
B) Faster API response times
C) Improved cloud resource allocation
D) Reduced network latency

✅ Answer: A) Unauthorized access if API keys are exposed
📖 Explanation: Hardcoded API keys can be leaked via GitHub or public repositories, leading to unauthorized access to cloud resources.

141. What is a key risk of exposing cloud management interfaces to the public internet?

A) Increased likelihood of brute-force and credential stuffing attacks
B) Faster cloud billing processing
C) Improved network segmentation
D) Automatic security group enforcement

✅ Answer: A) Increased likelihood of brute-force and credential stuffing attacks
📖 Explanation: Publicly accessible management interfaces (e.g., AWS Console, Azure Portal) are prime targets for brute-force attacks.

142. How can attackers exploit an AWS Lambda function with excessive permissions?

A) By using the Lambda function to assume higher IAM roles
B) By disabling storage encryption
C) By running denial-of-service attacks
D) By modifying HTTP headers

✅ Answer: A) By using the Lambda function to assume higher IAM roles
📖 Explanation: If a Lambda function has excessive IAM permissions, attackers can leverage it to assume other roles and escalate privileges.

143. What is a major security risk of using weak cryptographic settings in cloud applications?

A) Data exposure due to weak encryption
B) Increased cloud storage performance
C) Reduced network congestion
D) Improved CPU utilization

✅ Answer: A) Data exposure due to weak encryption
📖 Explanation: Weak encryption (e.g., deprecated ciphers, short key lengths) makes cloud data vulnerable to decryption by attackers.

144. What type of attack targets exposed cloud-based SMTP (email) services?

A) Email Spoofing and Phishing
B) SQL Injection
C) XML External Entity (XXE) Injection
D) Buffer Overflow

✅ Answer: A) Email Spoofing and Phishing
📖 Explanation: Misconfigured cloud email services can be exploited for email spoofing and phishing attacks, leading to identity theft.

145. How do attackers exploit an open cloud-based Elasticsearch database?

A) By querying and extracting sensitive stored data
B) By launching brute-force attacks
C) By enabling TLS encryption
D) By modifying database schemas

✅ Answer: A) By querying and extracting sensitive stored data
📖 Explanation: Publicly accessible Elasticsearch instances can be queried by attackers, leading to data theft and manipulation.

146. What attack targets weak permissions in cloud storage lifecycle policies?

A) Unauthorized Data Retention and Deletion
B) API Key Hijacking
C) Cloud Resource Exhaustion
D) TLS Handshake Injection

✅ Answer: A) Unauthorized Data Retention and Deletion
📖 Explanation: Weak lifecycle policies can allow attackers to modify or delete critical data stored in the cloud.

147. What is a common technique used to bypass cloud-based logging mechanisms?

A) Log Tampering and Suppression
B) TLS Downgrade Attacks
C) Cross-Site Request Forgery (CSRF)
D) ARP Poisoning

✅ Answer: A) Log Tampering and Suppression
📖 Explanation: Attackers modify or disable logging mechanisms to avoid detection, making it harder for security teams to investigate incidents.

148. How can attackers exploit a cloud-based VPN with weak authentication?

A) By performing credential stuffing or brute-force attacks
B) By modifying DNS records
C) By enabling multi-factor authentication
D) By blocking outbound traffic

✅ Answer: A) By performing credential stuffing or brute-force attacks
📖 Explanation: Weak authentication on cloud-based VPNs makes them vulnerable to brute-force and credential stuffing attacks.

149. What cloud misconfiguration can expose internal Kubernetes services?

A) Improperly configured Ingress controllers
B) Enabling cloud firewall rules
C) Running Kubernetes in a private VPC
D) Enforcing API rate limits

✅ Answer: A) Improperly configured Ingress controllers
📖 Explanation: Misconfigured Ingress controllers can expose internal Kubernetes services to external attackers, leading to security risks.

150. How can attackers exploit cloud-based file-sharing services?

A) By uploading malware-infected files
B) By modifying IAM role policies
C) By enabling cloud storage encryption
D) By disabling logging

✅ Answer: A) By uploading malware-infected files
📖 Explanation: Attackers can upload malicious files to cloud-based file-sharing services, which may be executed by unsuspecting users.

151. What is a common security risk associated with misconfigured cloud CDN (Content Delivery Network)?

A) Unauthorized content modification or cache poisoning
B) Faster content delivery
C) Improved SSL/TLS security
D) Lower API response times

✅ Answer: A) Unauthorized content modification or cache poisoning
📖 Explanation: A misconfigured CDN can be abused for cache poisoning attacks, allowing attackers to inject malicious content into cached responses.

152. What cloud security risk arises when an attacker exploits misconfigured OAuth tokens?

A) Unauthorized API access using stolen tokens
B) Increased encryption speed
C) Improved cloud logging efficiency
D) Faster cloud resource provisioning

✅ Answer: A) Unauthorized API access using stolen tokens
📖 Explanation: Misconfigured OAuth tokens with excessive permissions or long expiration times can be stolen and used for unauthorized API access.

153. How can attackers exploit a cloud-based NoSQL database (e.g., MongoDB, CouchDB)?

A) By performing NoSQL Injection to bypass authentication
B) By modifying TLS certificates
C) By reducing API rate limits
D) By enforcing encryption

✅ Answer: A) By performing NoSQL Injection to bypass authentication
📖 Explanation: NoSQL Injection exploits weak query validation to bypass authentication and extract sensitive database information.

154. What is a potential consequence of weak IAM password policies in cloud environments?

A) Brute-force or credential stuffing attacks leading to unauthorized access
B) Lower cloud storage performance
C) Faster encryption algorithms
D) Reduced IAM management overhead

✅ Answer: A) Brute-force or credential stuffing attacks leading to unauthorized access
📖 Explanation: Weak password policies make IAM accounts susceptible to brute-force attacks, compromising cloud security.

155. What is the impact of a cloud misconfiguration that allows unrestricted outbound network traffic?

A) Data exfiltration via unauthorized outbound connections
B) Reduced cloud billing costs
C) Faster cloud instance boot times
D) Improved application performance

✅ Answer: A) Data exfiltration via unauthorized outbound connections
📖 Explanation: Without outbound network restrictions, attackers can establish connections to external servers, leading to data exfiltration.

156. How can an attacker exploit a cloud-based logging service misconfiguration?

A) By modifying or deleting security logs to evade detection
B) By increasing encryption overhead
C) By blocking IAM role assignment
D) By enforcing API rate limits

✅ Answer: A) By modifying or deleting security logs to evade detection
📖 Explanation: Attackers tamper with cloud logging services to erase traces of their activities, making security investigations harder.

157. What is a primary risk of allowing unauthenticated public access to cloud-hosted GraphQL APIs?

A) Data exposure due to unrestricted API queries
B) Faster API response times
C) Reduced encryption complexity
D) Improved cloud storage efficiency

✅ Answer: A) Data exposure due to unrestricted API queries
📖 Explanation: Unprotected GraphQL endpoints can allow attackers to craft malicious queries, leading to data leakage and API abuse.

158. How can attackers compromise cloud-based virtual machines that use default credentials?

A) By performing automated brute-force attacks
B) By modifying security groups
C) By disabling IAM logging
D) By increasing CPU usage

✅ Answer: A) By performing automated brute-force attacks
📖 Explanation: Default credentials make virtual machines vulnerable to brute-force attacks, leading to unauthorized access.

159. What is the primary attack vector for exploiting weak cloud API authentication?

A) API key brute-forcing or token hijacking
B) Running vulnerability scans
C) Enabling multi-factor authentication
D) Implementing strong TLS configurations

✅ Answer: A) API key brute-forcing or token hijacking
📖 Explanation: Weak API authentication makes APIs vulnerable to brute-force attacks and token theft, leading to unauthorized API access.

160. What is a major risk of cloud-based Docker container privilege escalation attacks?

A) Compromising the host system and gaining root access
B) Faster cloud auto-scaling
C) Improved container isolation
D) Reduced logging overhead

✅ Answer: A) Compromising the host system and gaining root access
📖 Explanation: Privilege escalation in Docker containers can allow attackers to break out of containers and gain control of the host system.

161. What cloud security misconfiguration allows attackers to access sensitive data via API calls?

A) Overly permissive API permissions
B) Enforcing IAM least privilege
C) Implementing strict encryption policies
D) Disabling all outbound connections

✅ Answer: A) Overly permissive API permissions
📖 Explanation: Weak API permissions allow unauthorized access to sensitive cloud resources, leading to data breaches.

162. What is a common technique attackers use to bypass cloud IAM restrictions?

A) Creating a new IAM user with administrative access
B) Encrypting cloud traffic
C) Implementing API authentication
D) Reducing API latency

✅ Answer: A) Creating a new IAM user with administrative access
📖 Explanation: Attackers often create a new IAM user to maintain persistence and evade detection in compromised cloud environments.

163. How can attackers exploit an exposed Kubernetes dashboard in the cloud?

A) By gaining administrative access to manage container workloads
B) By reducing cloud billing costs
C) By disabling network monitoring
D) By increasing storage quotas

✅ Answer: A) By gaining administrative access to manage container workloads
📖 Explanation: Exposed Kubernetes dashboards can be accessed by attackers to deploy malicious workloads or escalate privileges.

164. What is the primary goal of a cloud security posture management (CSPM) tool?

A) Detecting and remediating misconfigurations in cloud environments
B) Increasing cloud storage efficiency
C) Encrypting IAM role assignments
D) Reducing cloud compute costs

✅ Answer: A) Detecting and remediating misconfigurations in cloud environments
📖 Explanation: CSPM tools continuously monitor and enforce cloud security best practices to prevent misconfigurations.

165. How do attackers exploit insecure serverless function permissions in the cloud?

A) By executing unauthorized cloud API calls
B) By modifying cloud storage quotas
C) By disabling encryption policies
D) By enforcing IAM MFA

✅ Answer: A) By executing unauthorized cloud API calls
📖 Explanation: Serverless functions with excessive permissions can be abused to execute unauthorized cloud API calls, leading to privilege escalation.

166. What attack technique is used against misconfigured cloud-based DNS services?

A) Subdomain Takeover
B) SQL Injection
C) Cross-Site Request Forgery (CSRF)
D) Buffer Overflow

✅ Answer: A) Subdomain Takeover
📖 Explanation: Subdomain Takeover occurs when DNS records point to decommissioned cloud resources, allowing attackers to hijack domains.

167. What is a key security risk of using outdated cloud security group rules?

A) Exposure of vulnerable cloud services to the internet
B) Improved cloud latency
C) Faster encryption performance
D) Reduced cloud logging

✅ Answer: A) Exposure of vulnerable cloud services to the internet
📖 Explanation: Outdated security group rules may expose unnecessary services, making them targets for cyberattacks.

168. What cloud security control can prevent brute-force attacks on cloud login portals?

A) Account lockout and CAPTCHA enforcement
B) Increasing API rate limits
C) Running frequent vulnerability scans
D) Disabling logging services

✅ Answer: A) Account lockout and CAPTCHA enforcement
📖 Explanation: Account lockout policies and CAPTCHA help mitigate automated brute-force attacks against login portals.

169. How do attackers exploit exposed cloud-based Redis instances?

A) By writing malicious data and executing arbitrary commands
B) By modifying DNS records
C) By increasing cloud storage costs
D) By encrypting cloud API calls

✅ Answer: A) By writing malicious data and executing arbitrary commands
📖 Explanation: Misconfigured Redis instances allow attackers to manipulate stored data and execute commands remotely.

170. What is an effective method to secure cloud-hosted web applications from SQL Injection attacks?

A) Implementing parameterized queries and input validation
B) Disabling cloud WAF
C) Running API rate limits
D) Increasing CPU usage

✅ Answer: A) Implementing parameterized queries and input validation
📖 Explanation: Using parameterized queries prevents attackers from injecting malicious SQL queries, protecting cloud applications.

171. What is a key risk of allowing unrestricted inbound traffic to cloud-hosted SSH services?

A) Increased risk of brute-force attacks and unauthorized access
B) Faster remote server management
C) Improved cloud auto-scaling
D) Enhanced API response times

✅ Answer: A) Increased risk of brute-force attacks and unauthorized access
📖 Explanation: Exposing SSH (port 22) without restrictions makes cloud servers vulnerable to brute-force attacks and unauthorized access.

172. How can an attacker abuse cloud API misconfigurations to escalate privileges?

A) By modifying API request headers to bypass authentication
B) By encrypting all API responses
C) By enforcing MFA for API access
D) By enabling API rate limits

✅ Answer: A) By modifying API request headers to bypass authentication
📖 Explanation: Weak API authentication or poorly enforced authorization checks allow attackers to tamper with headers and escalate privileges.

173. What is the purpose of cloud identity federation?

A) To allow users to authenticate using external identity providers
B) To increase cloud billing costs
C) To disable multi-factor authentication
D) To expose IAM roles to public users

✅ Answer: A) To allow users to authenticate using external identity providers
📖 Explanation: Identity federation enables cloud authentication using third-party identity providers (e.g., Google, Microsoft, Okta, etc.).

174. What cloud attack leverages weak IAM role assumption policies?

A) Cross-Account Role Assumption Attack
B) SQL Injection
C) Buffer Overflow Attack
D) DNS Spoofing

✅ Answer: A) Cross-Account Role Assumption Attack
📖 Explanation: If IAM roles are misconfigured, attackers can assume roles from a different cloud account, leading to privilege escalation.

175. What is a key security risk of not enforcing encryption on cloud storage services?

A) Data exposure if the storage is publicly accessible or compromised
B) Increased data redundancy
C) Faster data access speeds
D) Reduced cloud storage costs

✅ Answer: A) Data exposure if the storage is publicly accessible or compromised
📖 Explanation: Unencrypted cloud storage can lead to data exposure if breached or accessed without authorization.

176. How do attackers exploit exposed AWS Lambda or Azure Function endpoints?

A) By sending malicious payloads to execute unauthorized code
B) By disabling TLS encryption
C) By increasing cloud service quotas
D) By reducing storage costs

✅ Answer: A) By sending malicious payloads to execute unauthorized code
📖 Explanation: If serverless functions (AWS Lambda, Azure Functions) have weak input validation, attackers can execute arbitrary code.

177. What cloud security misconfiguration can lead to unintended privilege escalation?

A) Overly permissive IAM role policies
B) Running vulnerability scans
C) Disabling cloud WAF
D) Increasing cloud storage quota

✅ Answer: A) Overly permissive IAM role policies
📖 Explanation: If IAM roles grant excessive permissions, attackers can gain unauthorized access and escalate privileges.

178. What type of cloud attack targets insecure access keys leaked in public repositories?

A) API Key Hijacking
B) SQL Injection
C) Cross-Site Scripting (XSS)
D) DNS Poisoning

✅ Answer: A) API Key Hijacking
📖 Explanation: Attackers scan public repositories (GitHub, GitLab, Bitbucket) for leaked API keys to gain unauthorized access to cloud resources.

179. What security risk arises from misconfigured Kubernetes secrets in the cloud?

A) Unauthorized access to credentials and sensitive data
B) Improved API rate limits
C) Reduced IAM overhead
D) Faster container scaling

✅ Answer: A) Unauthorized access to credentials and sensitive data
📖 Explanation: If Kubernetes secrets are stored insecurely, attackers can steal sensitive credentials and escalate access.

180. How do attackers exploit a cloud workload with an unpatched vulnerability?

A) By executing remote code via known exploits
B) By reducing cloud service quotas
C) By encrypting all cloud storage
D) By disabling logging services

✅ Answer: A) By executing remote code via known exploits
📖 Explanation: Unpatched cloud workloads are vulnerable to known exploits, allowing attackers to execute arbitrary commands remotely.

181. What is an effective way to prevent cloud-based phishing attacks?

A) Implementing DMARC, SPF, and DKIM for email security
B) Disabling TLS encryption
C) Reducing IAM role assignments
D) Increasing cloud API response times

✅ Answer: A) Implementing DMARC, SPF, and DKIM for email security
📖 Explanation: DMARC, SPF, and DKIM help verify email authenticity, preventing attackers from spoofing cloud-based email services.

182. What is the impact of exposing cloud database backups to the public internet?

A) Data leaks and potential ransomware attacks
B) Improved cloud API performance
C) Increased cloud billing efficiency
D) Reduced IAM policy enforcement

✅ Answer: A) Data leaks and potential ransomware attacks
📖 Explanation: Exposed cloud database backups allow attackers to steal, modify, or encrypt data for ransom.

183. What type of attack can compromise cloud-native CI/CD pipelines?

A) Supply Chain Attack
B) TLS Handshake Attack
C) ICMP Tunneling
D) DHCP Spoofing

✅ Answer: A) Supply Chain Attack
📖 Explanation: Attackers compromise CI/CD pipelines by injecting malicious code into build processes, leading to widespread software compromise.

184. What security risk arises from using shared cloud IAM accounts across multiple users?

A) Lack of accountability and difficulty in tracking activities
B) Faster user authentication
C) Reduced cloud service costs
D) Increased encryption performance

✅ Answer: A) Lack of accountability and difficulty in tracking activities
📖 Explanation: Shared IAM accounts make it difficult to track user activity, increasing the risk of insider threats and privilege misuse.

185. How can attackers exploit weak cloud-based email security policies?

A) By sending phishing emails using cloud email services
B) By modifying cloud database schemas
C) By increasing IAM user privileges
D) By disabling security logs

✅ Answer: A) By sending phishing emails using cloud email services
📖 Explanation: Weak cloud email security policies allow attackers to send phishing emails, leading to credential theft and malware distribution.

186. What is a common misconfiguration in cloud-managed Kubernetes clusters?

A) Exposed Kubernetes API servers with weak authentication
B) Enforcing MFA for IAM users
C) Disabling encryption for cloud backups
D) Increasing API rate limits

✅ Answer: A) Exposed Kubernetes API servers with weak authentication
📖 Explanation: If the Kubernetes API server is misconfigured, attackers can gain control over cluster workloads.

187. What security risk arises from an unprotected cloud message queue?

A) Unauthorized access to sensitive messages and data leakage
B) Reduced encryption strength
C) Faster message processing
D) Improved cloud service availability

✅ Answer: A) Unauthorized access to sensitive messages and data leakage
📖 Explanation: Unprotected message queues (AWS SQS, Azure Service Bus) allow attackers to intercept or modify messages, leading to data leaks.

188. What is a major security concern when using cloud-based database replication?

A) Unauthorized data modification if replication is not encrypted
B) Slower cloud API responses
C) Reduced data redundancy
D) Increased IAM policy restrictions

✅ Answer: A) Unauthorized data modification if replication is not encrypted
📖 Explanation: Unencrypted database replication can be intercepted, allowing attackers to modify or steal sensitive data.

189. What cloud security control helps detect unusual activity in real-time?

A) Cloud-native SIEM (Security Information and Event Management)
B) API rate limiting
C) Increasing storage redundancy
D) Disabling IAM logging

✅ Answer: A) Cloud-native SIEM (Security Information and Event Management)
📖 Explanation: SIEM solutions provide real-time threat detection and response for cloud environments.

190. What attack can exploit an improperly configured AWS IAM AssumeRole policy?

A) Privilege Escalation via IAM Role Chaining
B) Brute-force API Key Attack
C) SQL Injection
D) Clickjacking

✅ Answer: A) Privilege Escalation via IAM Role Chaining
📖 Explanation: Weak IAM AssumeRole policies allow attackers to escalate privileges by chaining multiple IAM roles.

**191. What is a key risk of cloud-based IAM roles that grant wildcard permissions (e.g., `"*"`) to users?**

A) Attackers can escalate privileges and gain full cloud account control
B) Improved cloud API response times
C) Faster cloud billing cycles
D) Reduced network latency

✅ Answer: A) Attackers can escalate privileges and gain full cloud account control
📖 Explanation: Overly permissive IAM roles (e.g., "*") allow attackers to access all cloud resources, escalating privileges and leading to full account compromise.

192. How can attackers exploit misconfigured AWS Cognito authentication?

A) By bypassing authentication using improperly validated tokens
B) By modifying IAM security groups
C) By disabling encryption on user passwords
D) By reducing API latency

✅ Answer: A) By bypassing authentication using improperly validated tokens
📖 Explanation: Weak token validation in AWS Cognito allows attackers to authenticate as other users without valid credentials.

193. What attack targets weak API key restrictions in cloud environments?

A) API Key Leaking and Abuse
B) DNS Poisoning
C) TLS Downgrade Attack
D) ARP Spoofing

✅ Answer: A) API Key Leaking and Abuse
📖 Explanation: Weak API key restrictions allow attackers to steal and abuse API keys, granting unauthorized access to cloud services.

194. What security misconfiguration can lead to unauthorized users modifying cloud firewall rules?

A) Overly permissive IAM policies allowing ec2:ModifySecurityGroup actions
B) Enabling multi-factor authentication (MFA)
C) Enforcing strict TLS policies
D) Reducing cloud API rate limits

✅ Answer: A) Overly permissive IAM policies allowing ec2:ModifySecurityGroup actions
📖 Explanation: Weak IAM policies can allow unauthorized users to modify security groups, exposing cloud resources to attacks.

195. How can attackers exploit a publicly exposed AWS Systems Manager (SSM) Agent?

A) By running unauthorized commands on cloud instances
B) By reducing cloud storage latency
C) By modifying TLS certificates
D) By disabling IAM user authentication

✅ Answer: A) By running unauthorized commands on cloud instances
📖 Explanation: If AWS SSM Agent is misconfigured, attackers can execute commands remotely on cloud instances without authentication.

196. What is a key risk of running outdated cloud container images in production?

A) Exposure to known vulnerabilities that attackers can exploit
B) Reduced API request latency
C) Faster deployment speeds
D) Improved IAM security

✅ Answer: A) Exposure to known vulnerabilities that attackers can exploit
📖 Explanation: Outdated container images may contain unpatched vulnerabilities, which attackers can exploit for remote code execution or privilege escalation.

197. How do attackers exploit exposed Azure Active Directory (AAD) credentials?

A) By performing password spraying and token hijacking attacks
B) By disabling cloud logging
C) By enforcing IAM role restrictions
D) By increasing cloud database response times

✅ Answer: A) By performing password spraying and token hijacking attacks
📖 Explanation: Compromised Azure AD credentials can be used for password spraying, token theft, and unauthorized access.

198. What cloud security risk arises from misconfigured cross-account IAM roles?

A) Unauthorized access to cloud resources from external accounts
B) Faster API authentication
C) Improved cloud billing efficiency
D) Reduced IAM policy complexity

✅ Answer: A) Unauthorized access to cloud resources from external accounts
📖 Explanation: If IAM roles allow cross-account access without restrictions, attackers from external accounts can exploit this to access sensitive data.

199. How can attackers exploit weak cloud Kubernetes authentication settings?

A) By bypassing authentication and taking control of the cluster
B) By disabling network firewalls
C) By increasing cloud auto-scaling speed
D) By reducing Kubernetes logging levels

✅ Answer: A) By bypassing authentication and taking control of the cluster
📖 Explanation: Weak authentication in cloud Kubernetes clusters can allow attackers to bypass login mechanisms and take full control of workloads.

200. What attack targets cloud-based message queue services with excessive permissions?

A) Message Queue Injection Attack
B) SQL Injection
C) Cross-Site Request Forgery (CSRF)
D) DNS Spoofing

✅ Answer: A) Message Queue Injection Attack
📖 Explanation: If cloud-based message queues (AWS SQS, Azure Service Bus) are misconfigured, attackers can inject malicious messages, leading to denial of service or unauthorized command execution.

Cloud Penetration Testing – Assessing Cloud Security – MCQ Questions