CEH v13 Domain 8.1 Practice Test 002

By /

This practice test covers Domain 8 (Cloud Computing) Subdomain 1 (Cloud Computing) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 8.1 Practice Test 002
10 questions • 8 single-answer, 2 multi-select
Question 1
Clark is conducting a cloud penetration test against a target company running workloads on AWS and discovers a web application vulnerable to Server-Side Request Forgery (SSRF). He crafts a malicious request that forces the application server to issue an HTTP GET to http://169.254.169.254/latest/meta-data/iam/security-credentials/ and retrieves temporary AWS access keys assigned to the EC2 instance role. Which cloud attack technique did Clark successfully exploit?
    Question 2
    Kevin is performing a red team engagement and gains initial code execution inside a Docker container running on a Kubernetes node with the --privileged flag enabled. He mounts the host filesystem, writes a cron job to the host's /etc/cron.d directory, and achieves persistent root-level execution on the underlying node outside the container boundary. Which technique did Kevin use to compromise the host system?
      Question 3
      Select all that apply
      Jane is the lead cloud security architect at a financial services firm that recently migrated its core banking platform to a multi-tenant public cloud environment. During a threat modeling session, the security team identifies two attack vectors that are unique to cloud deployments and would not apply to their previous on-premises data center. Which two threats are specific to cloud computing environments? (Choose two)
        Question 4
        An enterprise red team is engaged to test the security posture of a target organization's AWS environment and needs a cloud-native exploitation framework to enumerate IAM roles, S3 buckets, and Lambda functions while simulating attacker post-exploitation actions within the cloud control plane. The team selects a tool purpose-built for AWS post-exploitation that operates through the AWS API using stolen credentials and provides modules similar in structure to Metasploit's framework design. Which tool are they using?
          Question 5
          Elijah discovers that a company's AWS Lambda function processes user-supplied event data from an SNS topic without sanitizing input and directly passes the payload to a shell command for file processing. He crafts a malicious SNS message containing shell metacharacters that, when processed by the Lambda function, executes arbitrary OS commands within the serverless execution environment. Which vulnerability did Elijah exploit?
            Question 6
            A cloud security analyst at a healthcare organization using AWS Infrastructure-as-a-Service discovers that the underlying hypervisor software running their EC2 instances has an unpatched critical vulnerability that was publicly disclosed by the vendor last week. The analyst's manager asks whether the organization or AWS is responsible for patching the hypervisor layer under the cloud shared responsibility model. Which entity is responsible for patching the hypervisor in an IaaS deployment?
              Question 7
              Select all that apply
              A penetration tester conducting a cloud security assessment of an AWS environment discovers that the organization has several critical IAM misconfigurations that could allow privilege escalation or unauthorized resource access. She documents her findings for the remediation report and needs to identify which specific IAM conditions represent exploitable vulnerabilities rather than security controls. Which two IAM conditions represent exploitable misconfigurations in AWS? (Choose two)
                Question 8
                A threat actor obtains valid AWS access keys from a publicly exposed GitHub repository containing a developer's committed .env configuration file and immediately provisions dozens of high-CPU EC2 instances across multiple AWS regions using the stolen credentials. The attacker runs the XMRig mining software on each instance to generate Monero cryptocurrency while the legitimate account holder receives a six-figure unexpected AWS bill at the end of the billing cycle. Which cloud attack does this scenario describe?
                  Question 9
                  Jane is a nation-state-affiliated attacker who has compromised a virtual machine running on a public cloud hypervisor and uses cache-timing analysis to infer cryptographic key material from a co-located virtual machine belonging to a separate tenant on the same physical host. This attack exploits the fundamental multi-tenant architecture of public cloud computing where customers share the same underlying CPU cache and memory bus hardware. Which type of cloud attack is Jane performing?
                    Question 10
                    A security researcher performing OSINT for a bug bounty program discovers that a Fortune 500 company has an Amazon S3 bucket with its ACL configured to allow public read and write access, inadvertently exposing 50,000 customer records including names, email addresses, and payment card data to the open internet. She verifies unauthorized access by navigating to the bucket's public URL and downloading sensitive files without providing any credentials or authentication tokens. Which cloud misconfiguration is responsible for this data exposure?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top